1 /*
2 * Argus Software
3 * Copyright (c) 2000-2016 QoSient, LLC
4 * All rights reserved.
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2, or (at your option)
9 * any later version.
10
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 *
20 */
21
22 /*
23 * Copyright (c) 1988-1990 The Regents of the University of California.
24 * All rights reserved.
25 *
26 * Redistribution and use in source and binary forms, with or without
27 * modification, are permitted provided that: (1) source code distributions
28 * retain the above copyright notice and this paragraph in its entirety, (2)
29 * distributions including binary code include the above copyright notice and
30 * this paragraph in its entirety in the documentation or other materials
31 * provided with the distribution, and (3) all advertising materials mentioning
32 * features or use of this software display the following acknowledgement:
33 * ``This product includes software developed by the University of California,
34 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
35 * the University nor the names of its contributors may be used to endorse
36 * or promote products derived from this software without specific prior
37 * written permission.
38 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
39 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
40 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
41 */
42
43 /*
44 * $Id: //depot/argus/clients/common/argus_util.c#401 $
45 * $DateTime: 2016/08/22 00:42:29 $
46 * $Change: 3177 $
47 */
48
49 #ifdef HAVE_CONFIG_H
50 #include "argus_config.h"
51 #endif
52
53 #define ArgusUtil
54
55 #ifndef _REENTRANT
56 #define _REENTRANT
57 #endif
58
59 #include <unistd.h>
60 #include <stdlib.h>
61 #include <sys/types.h>
62
63 #if defined(__NetBSD__)
64 #include <machine/limits.h>
65 #endif
66
67 #include <syslog.h>
68 #include <stdio.h>
69 #include <errno.h>
70 #include <signal.h>
71 #include <fcntl.h>
72 #include <pwd.h>
73 #include <grp.h>
74
75 #include <argus_compat.h>
76
77 #include <netinet/in.h>
78 #include <netinet/ip6.h>
79 #include <arpa/inet.h>
80
81 #if defined(ARGUS_SOLARIS) || defined(linux)
82 #include <netinet/icmp6.h>
83 #endif
84
85 #include <string.h>
86 #include <sys/stat.h>
87 #include <ctype.h>
88 #include <math.h>
89
90 #include <rpc/types.h>
91 #include <rpc/xdr.h>
92
93 #include <time.h>
94
95 #include <argus_int.h>
96 #include <argus_def.h>
97 #include <argus_out.h>
98
99 #include <argus_util.h>
100 #include <argus_parser.h>
101 #include <argus_filter.h>
102 #include <argus_client.h>
103 #include <argus_main.h>
104 #include <argus_label.h>
105 #include <argus_metric.h>
106 #include <argus_grep.h>
107 #include <argus_ethertype.h>
108 #include <argus_dscodepoints.h>
109 #include <argus_encapsulations.h>
110
111 #include <rapolicy.h>
112
113 #if defined(ARGUS_FLOWTOOLS)
114 #include "ftlib.h"
115 #endif
116
117 #ifndef AF_INET6
118 #define AF_INET6 23
119 #endif
120
121
122 #ifndef INET6_ADDRSTRLEN
123 #define INET6_ADDRSTRLEN 46
124 #endif
125
126 int target_flags = 0;
127 extern void ArgusLog (int, char *, ...);
128 extern void RaParseComplete (int);
129
130 typedef struct {
131 uint64_t high, low;
132 } uint128;
133
134 void sprint128 (char *, char *, uint128 *);
135
136 int ArgusGenerateCanonRecord (struct ArgusRecordStruct *);
137
138 void ArgusPrintEspSpi (struct ArgusParserStruct *, char *, struct ArgusRecordStruct *, int, u_int, int);
139 char *ArgusAbbreviateMetric(struct ArgusParserStruct *, char *, int, double);
140
141 void RaClearConfiguration (struct ArgusParserStruct *);
142
143 #define ARGUS_RCITEMS 74
144
145 #define RA_ARGUS_SERVER 0
146 #define RA_SOURCE_PORT 1
147 #define RA_CISCONETFLOW_PORT 2
148 #define RA_ARGUS_SERVERPORT 3
149 #define RA_INPUT_FILE 4
150 #define RA_NO_OUTPUT 5
151 #define RA_USER_AUTH 6
152 #define RA_AUTH_PASS 7
153 #define RA_OUTPUT_FILE 8
154 #define RA_EXCEPTION_OUTPUT_FILE 9
155 #define RA_TIMERANGE 10
156 #define RA_RUN_TIME 11
157 #define RA_NUMBER 12
158 #define RA_FLOW_MODEL 13
159 #define RA_FIELD_DELIMITER 14
160 #define RA_TIME_FORMAT 15
161 #define RA_TZ 16
162 #define RA_USEC_PRECISION 17
163 #define RA_PRINT_MAN 18
164 #define RA_PRINT_EVENT 19
165 #define RA_PRINT_LABELS 20
166 #define RA_PRINT_SUMMARY 21
167 #define RA_PRINT_NAMES 22
168 #define RA_PRINT_LOCALONLY 23
169 #define RA_PRINT_DOMAINONLY 24
170 #define RA_PRINT_RESPONSE_DATA 25
171 #define RA_PRINT_TCPSTATES 26
172 #define RA_PRINT_TCPFLAGS 27
173 #define RAMON_MODE 28
174 #define RA_DEBUG_LEVEL 29
175 #define RA_USERDATA_ENCODE 30
176 #define RA_FILTER 31
177 #define RA_FIELD_SPECIFIER 32
178 #define RA_MIN_SSF 33
179 #define RA_MAX_SSF 34
180 #define ARGUS_ARCHIVE 35
181 #define RADIUM_DAEMON 36
182 #define RADIUM_MONITOR_ID 37
183 #define RADIUM_MAR_STATUS_INTERVAL 38
184 #define RADIUM_ADJUST_TIME 39
185 #define RADIUM_ACCESS_PORT 40
186 #define RA_CONNECT_TIME 41
187 #define RA_UPDATE_INTERVAL 42
188 #define RA_FIELD_QUOTED 43
189 #define RA_FIELD_WIDTH 44
190 #define RA_SET_PID 45
191 #define RA_PID_PATH 46
192 #define RA_DELEGATED_IP 47
193 #define RA_RELIABLE_CONNECT 48
194 #define RA_DATABASE 49
195 #define RA_DB_USER 50
196 #define RA_DB_PASS 51
197 #define RA_DB_HOST 52
198 #define RA_DB_PORT 53
199 #define RA_DB_TABLE 54
200 #define RA_AIS_CACHE 55
201 #define RA_PRINT_UNIX_TIME 56
202 #define RA_TIMEOUT_INTERVAL 57
203 #define RA_CIDR_ADDRESS_FORMAT 58
204 #define RA_SORT_ALGORITHMS 59
205 #define MYSQL_DB_ENGINE 60
206 #define RA_PRINT_ETHERNET_VENDORS 61
207 #define RA_ETHERNET_VENDORS 62
208 #define RA_LOCAL 63
209 #define RA_LOCAL_DIRECTION 64
210 #define RA_PORT_DIRECTION 65
211 #define RA_SERVICES_SIGNATURES 66
212 #define RA_COLOR_SUPPORT 67
213 #define RA_COLOR_CONFIG 68
214 #define RA_CORRELATE_EVENTS 69
215 #define RA_SEPARATE_ADDR_FROM_PORT_WITH_PERIOD 70
216 #define RA_GENERATE_BIN_MAR_RECORDS 71
217 #define RA_ASN_PRINT_FORMAT 72
218 #define RA_FILTER_TIMEOUT 73
219
220
221 char *ArgusResourceFileStr [] = {
222 "RA_ARGUS_SERVER=",
223 "RA_SOURCE_PORT=",
224 "RA_CISCONETFLOW_PORT=",
225 "RA_ARGUS_SERVERPORT=",
226 "RA_INPUT_FILE=",
227 "RA_NO_OUTPUT=",
228 "RA_USER_AUTH=",
229 "RA_AUTH_PASS=",
230 "RA_OUTPUT_FILE=",
231 "RA_EXCEPTION_OUTPUT_FILE=",
232 "RA_TIMERANGE=",
233 "RA_RUN_TIME=",
234 "RA_NUMBER=",
235 "RA_FLOW_MODEL=",
236 "RA_FIELD_DELIMITER=",
237 "RA_TIME_FORMAT=",
238 "RA_TZ=",
239 "RA_USEC_PRECISION=",
240 "RA_PRINT_MAN_RECORDS=",
241 "RA_PRINT_EVENT_RECORDS=",
242 "RA_PRINT_LABELS=",
243 "RA_PRINT_SUMMARY=",
244 "RA_PRINT_NAMES=",
245 "RA_PRINT_LOCALONLY=",
246 "RA_PRINT_DOMAINONLY=",
247 "RA_PRINT_RESPONSE_DATA=",
248 "RA_PRINT_TCPSTATES=",
249 "RA_PRINT_TCPFLAGS=",
250 "RAMON_MODE=",
251 "RA_DEBUG_LEVEL=",
252 "RA_USERDATA_ENCODE=",
253 "RA_FILTER=",
254 "RA_FIELD_SPECIFIER=",
255 "RA_MIN_SSF=",
256 "RA_MAX_SSF=",
257 "ARGUS_ARCHIVE=",
258 "RADIUM_DAEMON=",
259 "RADIUM_MONITOR_ID=",
260 "RADIUM_MAR_STATUS_INTERVAL=",
261 "RADIUM_ADJUST_TIME=",
262 "RADIUM_ACCESS_PORT=",
263 "RA_CONNECT_TIME=",
264 "RA_UPDATE_INTERVAL=",
265 "RA_FIELD_QUOTED=",
266 "RA_FIELD_WIDTH=",
267 "RA_SET_PID=",
268 "RA_PID_PATH=",
269 "RA_DELEGATED_IP=",
270 "RA_RELIABLE_CONNECT=",
271 "RA_DATABASE=",
272 "RA_DB_USER=",
273 "RA_DB_PASS=",
274 "RA_DB_HOST=",
275 "RA_DB_PORT=",
276 "RA_DB_TABLE=",
277 "RA_AIS_CACHE=",
278 "RA_PRINT_UNIX_TIME=",
279 "RA_TIMEOUT_INTERVAL=",
280 "RA_CIDR_ADDRESS_FORMAT=",
281 "RA_SORT_ALGORITHMS=",
282 "MYSQL_DB_ENGINE=",
283 "RA_PRINT_ETHERNET_VENDORS=",
284 "RA_ETHERNET_VENDORS=",
285 "RA_LOCAL=",
286 "RA_LOCAL_DIRECTION=",
287 "RA_PORT_DIRECTION=",
288 "RA_SERVICES_SIGNATURES=",
289 "RA_COLOR_SUPPORT=",
290 "RA_COLOR_CONFIG=",
291 "RA_CORRELATE_EVENTS=",
292 "RA_SEPARATE_ADDR_FROM_PORT_WITH_PERIOD=",
293 "RA_GENERATE_BIN_MAR_RECORDS=",
294 "RA_ASN_PRINT_FORMAT=",
295 "RA_FILTER_TIMEOUT=",
296 };
297
298 #include <ctype.h>
299
300 const struct tok ethertype_values[] = {
301 { ETHERTYPE_IP, "IPv4" },
302 { ETHERTYPE_MPLS, "MPLS unicast" },
303 { ETHERTYPE_MPLS_MULTI, "MPLS multicast" },
304 { ETHERTYPE_IPV6, "IPv6" },
305 { ETHERTYPE_8021Q, "802.1Q" },
306 { ETHERTYPE_VMAN, "VMAN" },
307 { ETHERTYPE_PUP, "PUP" },
308 { ETHERTYPE_ARP, "ARP"},
309 { ETHERTYPE_REVARP , "Reverse ARP"},
310 { ETHERTYPE_NS, "NS" },
311 { ETHERTYPE_SPRITE, "Sprite" },
312 { ETHERTYPE_TRAIL, "Trail" },
313 { ETHERTYPE_MOPDL, "MOP DL" },
314 { ETHERTYPE_MOPRC, "MOP RC" },
315 { ETHERTYPE_DN, "DN" },
316 { ETHERTYPE_LAT, "LAT" },
317 { ETHERTYPE_SCA, "SCA" },
318 { ETHERTYPE_LANBRIDGE, "Lanbridge" },
319 { ETHERTYPE_DECDNS, "DEC DNS" },
320 { ETHERTYPE_DECDTS, "DEC DTS" },
321 { ETHERTYPE_VEXP, "VEXP" },
322 { ETHERTYPE_VPROD, "VPROD" },
323 { ETHERTYPE_ATALK, "Appletalk" },
324 { ETHERTYPE_AARP, "Appletalk ARP" },
325 { ETHERTYPE_IPX, "IPX" },
326 { ETHERTYPE_PPP, "PPP" },
327 { ETHERTYPE_PPPOED, "PPPoE D" },
328 { ETHERTYPE_PPPOES, "PPPoE S" },
329 { ETHERTYPE_LOOPBACK, "Loopback" },
330 { 0, NULL}
331 };
332
333 struct h6namemem h6nametable[HASHNAMESIZE];
334 struct hnamemem hnametable[HASHNAMESIZE];
335 struct hnamemem tporttable[HASHNAMESIZE];
336 struct hnamemem uporttable[HASHNAMESIZE];
337 struct hnamemem rporttable[HASHNAMESIZE];
338 struct hnamemem eprototable[HASHNAMESIZE];
339 struct hnamemem nnametable[HASHNAMESIZE];
340 struct hnamemem llcsaptable[HASHNAMESIZE];
341 struct evendmem ethervendor[HASHNAMESIZE];
342
343 void setArguspidflag (struct ArgusParserStruct *, int);
344 int getArguspidflag (struct ArgusParserStruct *);
345 const char *tok2str(const struct tok *, const char *, int);
346 char *bittok2str(const struct tok *, const char *, int);
347 int print_unknown_data(const u_char *, const char *, int);
348 void hex_print_with_offset(const u_char *, const u_char *, u_int, u_int);
349 void hex_print(const u_char *, const u_char *, u_int);
350 void relts_print(char *, int);
351
352 #include <dirent.h>
353
354 int RaSortFileList (const void *, const void *);
355 void ArgusSortFileList (struct ArgusInput **);
356
357 #if !defined(HAVE_TIMEGM)
358 time_t timegm (struct tm *);
359 #endif
360
361 void ArgusPrintManagementRecord(struct ArgusParserStruct *, char *, struct ArgusRecordStruct *, int);
362
363 int
RaProcessRecursiveFiles(char * path)364 RaProcessRecursiveFiles (char *path)
365 {
366 int retn = 1;
367 struct stat statbuf;
368
369 if (stat(path, &statbuf) < 0)
370 return(0);
371
372 if ((strlen(path) > 1) && ((path[0] == '.') && (path[1] != '/')))
373 return (0);
374
375 if ((statbuf.st_mode & S_IFMT) == S_IFDIR) {
376 retn = RaDescend (path);
377 } else {
378 if ((statbuf.st_mode & S_IFMT) == S_IFREG) {
379 #ifdef ARGUSDEBUG
380 ArgusDebug (2, "RaProcessRecursiveFiles: adding %s\n", path);
381 #endif
382 if (!(ArgusAddFileList (ArgusParser, path, ARGUS_DATA_SOURCE, -1, -1)))
383 ArgusLog (LOG_ERR, "error: -R file arg %s\n", path);
384 }
385 }
386
387 ArgusSortFileList (&ArgusParser->ArgusInputFileList);
388 return (retn);
389 }
390
391
392 int
RaDescend(char * name)393 RaDescend(char *name)
394 {
395 int retn = 0;
396 DIR *dir;
397 struct dirent *direntry;
398 struct stat statbuf;
399 char buf[MAXSTRLEN];
400
401 if (stat(name, &statbuf) < 0)
402 return(0);
403
404 if ((dir = opendir(name)) != NULL) {
405 while ((direntry = readdir(dir)) != NULL) {
406 if (*direntry->d_name != '.') {
407 snprintf (buf, MAXSTRLEN, "%s/%s", name, direntry->d_name);
408 if (stat(buf, &statbuf) == 0) {
409 if ((statbuf.st_mode & S_IFMT) == S_IFDIR) {
410 retn += RaDescend(buf);
411
412 } else {
413 if ((statbuf.st_mode & S_IFMT) == S_IFREG) {
414 #ifdef ARGUSDEBUG
415 ArgusDebug (2, "RaDescend: adding %s\n", buf);
416 #endif
417 if (!(ArgusAddFileList (ArgusParser, buf, ARGUS_DATA_SOURCE, -1, -1)))
418 ArgusLog (LOG_ERR, "error: -R file arg %s\n", buf);
419
420 retn++;
421 }
422 }
423 }
424 }
425 }
426 closedir(dir);
427
428 }
429
430 return(retn);
431 }
432
433
434
435 int
RaSortFileList(const void * item1,const void * item2)436 RaSortFileList (const void *item1, const void *item2)
437 {
438 struct ArgusInput *input1 = *(struct ArgusInput **) item1;
439 struct ArgusInput *input2 = *(struct ArgusInput **) item2;
440
441 return (strcmp (input1->filename, input2->filename));
442 }
443
444
445 void
ArgusSortFileList(struct ArgusInput ** list)446 ArgusSortFileList (struct ArgusInput **list)
447 {
448 struct ArgusInput *input = NULL;
449 void **array = NULL;
450 int count = 0, i;
451
452 if ((input = *list) != NULL) {
453 while (input != NULL) {
454 count++;
455 input = (struct ArgusInput *)input->qhdr.nxt;
456 }
457
458 if ((array = ArgusCalloc (count, sizeof(input))) == NULL)
459 ArgusLog (LOG_ERR, "ArgusSortFileList: ArgusCalloc %s", strerror(errno));
460
461 for (i = 0, input = *list ; i < count; i++) {
462 array[i] = input;
463 input = (struct ArgusInput *)input->qhdr.nxt;
464 }
465
466 qsort (array, count, sizeof(input), RaSortFileList);
467
468 for (i = 0; i < count; i++) {
469 ((struct ArgusInput *)array[i])->qhdr.nxt = NULL;
470 if (i > 0)
471 ((struct ArgusInput *)array[i - 1])->qhdr.nxt = &((struct ArgusInput *)array[i])->qhdr;
472 }
473
474 *list = array[0];
475 ArgusFree (array);
476 }
477 }
478
479
480 #if defined(ARGUS_THREADS)
481 void * ArgusTimeoutProcess (void *);
482
483 void *
ArgusTimeoutProcess(void * arg)484 ArgusTimeoutProcess (void *arg)
485 {
486 struct ArgusParserStruct *parser = (struct ArgusParserStruct *) arg;
487 struct timespec tsbuf, *ts = &tsbuf;
488 sigset_t blocked_signals;
489
490 sigfillset(&blocked_signals);
491 pthread_sigmask(SIG_BLOCK, &blocked_signals, NULL);
492
493 ts->tv_sec = parser->RaClientTimeout.tv_sec;
494 ts->tv_nsec = parser->RaClientTimeout.tv_usec * 1000;
495
496 #ifdef ARGUSDEBUG
497 ArgusDebug (2, "ArgusTimeoutProcess() starting");
498 #endif
499
500 while (!(ArgusParser->RaParseDone)) {
501 ArgusClientTimeout ();
502 nanosleep(ts, NULL);
503 }
504
505 #ifdef ARGUSDEBUG
506 ArgusDebug (2, "ArgusTimeoutProcess() done!");
507 #endif
508
509 return (NULL);
510 }
511 #endif
512
513
514 void
ArgusHandleSig(int sig)515 ArgusHandleSig (int sig)
516 {
517 int value = 0;
518
519 #ifdef ARGUSDEBUG
520 ArgusDebug (2, "ArgusHandleSig: received signal %d", sig);
521 #endif
522
523 switch (sig) {
524 case SIGUSR1:
525 value = ArgusParser->debugflag;
526 ArgusParser->debugflag = (value == 15) ? 15 : value + 1;
527 break;
528
529 case SIGUSR2:
530 ArgusParser->debugflag = 0;
531 break;
532
533 case SIGTERM:
534 case SIGQUIT:
535 case SIGINT:
536 ArgusParser->RaParseDone++;
537 ArgusShutDown(sig);
538 break;
539
540 default:
541 break;
542 }
543 }
544
545 void
ArgusShutDown(int sig)546 ArgusShutDown (int sig)
547 {
548 #ifdef ARGUSDEBUG
549 ArgusDebug (2, "ArgusShutDown (%d)\n", sig);
550 #endif
551
552 if (!(ArgusParser->RaShutDown++)) {
553 if (ArgusParser->RaPrintOptionIndex > 0) {
554 int x, cnt = ArgusParser->RaPrintOptionIndex;
555 for (x = 0; x < cnt; x++)
556 free(ArgusParser->RaPrintOptionStrings[x]);
557 }
558
559 if (ArgusParser->writeDbstr != NULL) {
560 free(ArgusParser->writeDbstr);
561 ArgusParser->writeDbstr = NULL;
562 }
563 if (ArgusParser->readDbstr != NULL) {
564 free(ArgusParser->readDbstr);
565 ArgusParser->readDbstr = NULL;
566 }
567 if (ArgusParser->dbuserstr != NULL) {
568 free(ArgusParser->dbuserstr);
569 ArgusParser->dbuserstr = NULL;
570 }
571 if (ArgusParser->dbpassstr != NULL) {
572 free(ArgusParser->dbpassstr);
573 ArgusParser->dbpassstr = NULL;
574 }
575 if (ArgusParser->dbhoststr != NULL) {
576 free(ArgusParser->dbhoststr);
577 ArgusParser->dbhoststr = NULL;
578 }
579 if (ArgusParser->dbportstr != NULL) {
580 free(ArgusParser->dbportstr);
581 ArgusParser->dbportstr = NULL;
582 }
583 if (ArgusParser->ais != NULL) {
584 free(ArgusParser->ais);
585 ArgusParser->ais = NULL;
586 }
587
588 ArgusParser->ArgusCurrentInput = NULL;
589
590 if (ArgusParser->ArgusRemoteHosts != NULL) {
591 struct ArgusQueueStruct *queue = ArgusParser->ArgusRemoteHosts;
592 struct ArgusInput *input = NULL;
593
594 while (queue->count > 0) {
595 if ((input = (struct ArgusInput *) ArgusPopQueue(queue, ARGUS_LOCK)) != NULL) {
596 ArgusCloseInput(ArgusParser, input);
597 if (input->hostname != NULL)
598 free (input->hostname);
599 if (input->filename != NULL)
600 free (input->filename);
601 if (input->user != NULL)
602 free (input->user);
603 if (input->pass != NULL)
604 free (input->pass);
605 #if HAVE_GETADDRINFO
606 if (input->host != NULL)
607 freeaddrinfo (input->host);
608 #endif
609 #if defined(ARGUS_THREADS)
610 pthread_mutex_destroy(&input->lock);
611 #endif
612 ArgusFree(input);
613 }
614 }
615 ArgusDeleteQueue(queue);
616 ArgusParser->ArgusRemoteHosts = NULL;
617 }
618
619 if (ArgusParser->ArgusActiveHosts != NULL) {
620 struct ArgusQueueStruct *queue = ArgusParser->ArgusActiveHosts;
621 struct ArgusInput *input = NULL;
622 #if defined(ARGUS_THREADS)
623 void *retn;
624 #endif
625 while ((input = (void *)ArgusPopQueue(queue, ARGUS_LOCK)) != NULL) {
626 ArgusCloseInput(ArgusParser, input);
627 if (input->hostname != NULL)
628 free (input->hostname);
629 if (input->filename != NULL)
630 free (input->filename);
631 if (input->user != NULL)
632 free (input->user);
633 if (input->pass != NULL)
634 free (input->pass);
635 #if HAVE_GETADDRINFO
636 if (input->host != NULL)
637 freeaddrinfo (input->host);
638 #endif
639 #if defined(ARGUS_THREADS)
640 pthread_mutex_destroy(&input->lock);
641 #endif
642 #if defined(ARGUS_THREADS)
643 if (input->tid != (pthread_t) 0)
644 pthread_join(input->tid, &retn);
645 #endif
646
647 ArgusFree(input);
648 }
649
650 ArgusDeleteQueue(queue);
651 ArgusParser->ArgusActiveHosts = NULL;
652 }
653
654 if (sig >= 0)
655 RaParseComplete (0);
656
657 ArgusWindowClose();
658
659 if (ArgusParser->ArgusExitStatus == 0) {
660 if ((ArgusParser->ArgusGrepSource || ArgusParser->ArgusGrepDestination) ||
661 ((ArgusParser->ArgusRemoteFilter != NULL) || (ArgusParser->ArgusLocalFilter != NULL))) {
662 if (!(ArgusParser->ArgusTotalRecords > 1)) {
663 ArgusParser->ArgusExitStatus = 1;
664 }
665 } else {
666 if (ArgusParser->ArgusTotalMarRecords == 0) {
667 ArgusParser->ArgusExitStatus = 1;
668 }
669 }
670 }
671
672 if (ArgusParser->pidflag)
673 if (ArgusParser->ArgusPidFile)
674 ArgusDeletePIDFile (ArgusParser);
675
676 if (ArgusParser->ArgusPrintXml && ArgusParser->RaXMLStarted)
677 printf("</ArgusDataStream>\n");
678
679 #ifdef ARGUSDEBUG
680 ArgusDebug (2, "RaParseComplete(caught signal %d)\n", sig);
681 #endif
682 switch (sig) {
683 case SIGHUP:
684 case SIGINT:
685 case SIGTERM:
686 case SIGPIPE:
687 case SIGQUIT: {
688 struct ArgusWfileStruct *wfile = NULL;
689
690 if (ArgusParser->ArgusWfileList != NULL) {
691 struct ArgusListObjectStruct *lobj = NULL;
692 int i, count = ArgusParser->ArgusWfileList->count;
693
694 if ((lobj = ArgusParser->ArgusWfileList->start) != NULL) {
695 for (i = 0; i < count; i++) {
696 if ((wfile = (struct ArgusWfileStruct *) lobj) != NULL) {
697 if (wfile->fd != NULL) {
698 #ifdef ARGUSDEBUG
699 ArgusDebug (2, "RaParseComplete: closing %s\n", wfile->filename);
700 #endif
701 fflush (wfile->fd);
702 fclose (wfile->fd);
703 wfile->fd = NULL;
704 }
705 }
706 lobj = lobj->nxt;
707 }
708 }
709 }
710 exit (ArgusParser->ArgusExitStatus);
711 break;
712 }
713
714 case -1:
715 exit (ArgusParser->ArgusExitStatus);
716 break;
717 }
718 }
719 }
720
721
722 void
ArgusMainInit(struct ArgusParserStruct * parser,int argc,char ** argv)723 ArgusMainInit (struct ArgusParserStruct *parser, int argc, char **argv)
724 {
725 int i, cc, noconf = 0;
726 time_t tsec;
727
728 char *envstr = NULL;
729 struct stat statbuf;
730 struct timezone tz;
731 static char path[MAXPATHNAMELEN];
732
733 (void) signal (SIGHUP, (void (*)(int)) RaParseComplete);
734 (void) signal (SIGTERM, (void (*)(int)) RaParseComplete);
735 (void) signal (SIGQUIT, (void (*)(int)) RaParseComplete);
736 (void) signal (SIGINT, (void (*)(int)) RaParseComplete);
737 (void) signal (SIGPIPE, SIG_IGN);
738
739 parser->RaPrintOptionStrings[parser->RaPrintOptionIndex++] = "stime";
740 parser->RaPrintOptionStrings[parser->RaPrintOptionIndex++] = "flgs";
741 parser->RaPrintOptionStrings[parser->RaPrintOptionIndex++] = "proto";
742 parser->RaPrintOptionStrings[parser->RaPrintOptionIndex++] = "saddr";
743 parser->RaPrintOptionStrings[parser->RaPrintOptionIndex++] = "sport";
744 parser->RaPrintOptionStrings[parser->RaPrintOptionIndex++] = "dir";
745 parser->RaPrintOptionStrings[parser->RaPrintOptionIndex++] = "daddr";
746 parser->RaPrintOptionStrings[parser->RaPrintOptionIndex++] = "dport";
747 parser->RaPrintOptionStrings[parser->RaPrintOptionIndex++] = "pkts";
748 parser->RaPrintOptionStrings[parser->RaPrintOptionIndex++] = "bytes";
749 parser->RaPrintOptionStrings[parser->RaPrintOptionIndex++] = "state";
750
751 ArgusProcessSOptions(parser);
752
753 for (i = 0; i < parser->RaPrintOptionIndex; i++)
754 if (parser->RaPrintOptionStrings[i] != NULL)
755 parser->RaPrintOptionStrings[i] = NULL;
756
757 parser->RaPrintOptionIndex = 0;
758
759 if (!(strncmp(parser->ArgusProgramName, "radium", 6))) {
760 parser->ArgusReliableConnection = 1;
761 parser->pflag = 6;
762 }
763
764 for (i = 0, cc = 0; i < argc; i++)
765 cc += strlen(argv[i]);
766
767 if (cc > 0) {
768 int len = cc + (argc + 1);
769
770 if ((parser->ArgusProgramArgs = (char *) ArgusCalloc (len, sizeof(char))) != NULL) {
771 for (i = 0, *parser->ArgusProgramArgs = '\0'; i < argc; i++) {
772 strncat (parser->ArgusProgramArgs, argv[i], (1024 - strlen(parser->ArgusProgramArgs)));
773 strncat (parser->ArgusProgramArgs, " ", (1024 - strlen(parser->ArgusProgramArgs)));
774 }
775 } else
776 ArgusLog (LOG_ERR, "ArgusCalloc(%d, %d) failed %s", len, sizeof(char), strerror(errno));
777 }
778
779 if (gettimeofday(&parser->ArgusRealTime, &tz) < 0)
780 ArgusLog (LOG_ERR, "gettimeofday failed %s", strerror(errno));
781
782 parser->ArgusGlobalTime = parser->ArgusRealTime;
783 thiszone = tz.tz_minuteswest * -60;
784
785 tsec = parser->ArgusRealTime.tv_sec;
786 if ((localtime_r (&tsec, &parser->RaTmStruct))) {
787 if (parser->RaTmStruct.tm_isdst)
788 thiszone += 3600;
789
790 } else {
791 ArgusLog (LOG_ERR, "%s: localtime: error %s", *argv, strerror(errno));
792 }
793
794 for (i = 1; i < argc; i++)
795 if (strstr (argv[i], "-X"))
796 noconf++;
797
798 if (!(noconf)) {
799 snprintf (path, MAXPATHNAMELEN - 1, "/usr/local/etc/ra.conf");
800
801 if (stat (path, &statbuf) == 0)
802 ArgusParseResourceFile (parser, path);
803
804 if ((RaHomePath = getenv("ARGUSHOME")) != NULL) {
805 snprintf (path, MAXPATHNAMELEN - 1, "%s/ra.conf", RaHomePath);
806 if (stat (path, &statbuf) == 0) {
807 ArgusParseResourceFile (parser, path);
808 }
809 }
810
811 if ((envstr = getenv("ARGUSPATH")) != NULL) {
812 while ((RaHomePath = strtok(envstr, ":")) != NULL) {
813 snprintf (path, MAXPATHNAMELEN - 1, "%s/.rarc", RaHomePath);
814 if (stat (path, &statbuf) == 0) {
815 ArgusParseResourceFile (parser, path);
816 break;
817 }
818 envstr = NULL;
819 }
820
821 } else {
822 for (i = 0; i < RAENVITEMS; i++) {
823 envstr = RaResourceEnvStr[i];
824 if ((RaHomePath = getenv(envstr)) != NULL) {
825 snprintf (path, MAXPATHNAMELEN, "%s/.rarc", RaHomePath);
826 if (stat (path, &statbuf) == 0) {
827 ArgusParseResourceFile (parser, path);
828 break;
829 }
830 }
831 }
832 }
833 }
834
835 ArgusParseArgs (parser, argc, argv);
836 if (parser->ArgusWfileList == NULL)
837 (void) signal (SIGPIPE, (void (*)(int)) RaParseComplete);
838 }
839
840 void
ArgusParseArgs(struct ArgusParserStruct * parser,int argc,char ** argv)841 ArgusParseArgs (struct ArgusParserStruct *parser, int argc, char **argv)
842 {
843 extern char *optarg;
844 extern int optind, opterr;
845 int op, retn = 0, rcmdline = 0, Scmdline = 0;
846 char *cmdbuf = NULL, *str = NULL;
847 char *getoptStr = NULL;
848 #if HAVE_GETADDRINFO
849 struct addrinfo *host = NULL;
850 #else
851 struct hostent *host = NULL;
852 #endif
853
854 char *filter = NULL;
855 char *tmparg = NULL;
856
857 opterr = 0;
858
859 if ((argv[optind]) != NULL)
860 parser->ArgusProgramOptions = ArgusCopyArgv (&argv[optind]);
861
862 if (!(strncmp(parser->ArgusProgramName, "radium", 6)))
863 getoptStr = "a:A:bB:c:C:dD:E:e:f:F:g:GhH:iJlL:m:M:nN:OpP:qr:R:S:s:t:T:u:U:Vvw:XzZ:";
864 else
865 if (!(strncmp(parser->ArgusProgramName, "rahisto", 6)))
866 getoptStr = "a:AbB:c:C:dD:E:e:f:F:g:GhH:iJlLm:M:nN:OpP:qr:R:S:s:t:T:u:U:Vvw:XzZ:";
867 else
868 getoptStr = "a:AbB:c:C:dD:E:e:f:F:GhHiJlL:m:M:nN:Op:P:qQ:r:R:S:s:t:T:uU:Vvw:XzZ:%";
869
870 while ((op = getopt (argc, argv, getoptStr)) != EOF) {
871 switch (op) {
872 case '%': ++parser->Pctflag; break;
873 case 'a': parser->aflag = atoi (optarg); break;
874 case 'A':
875 if (!(strncmp(parser->ArgusProgramName, "radium", 6))) {
876 setArgusArchive (parser, optarg);
877 } else
878 ++parser->Aflag;
879 break;
880
881 case 'b': ++parser->bflag; break;
882 case 'B': {
883 if (!(strncmp(parser->ArgusProgramName, "radium", 6))) {
884 parser->ArgusBindAddr = strdup(optarg);
885 } else {
886 char *ptr;
887 parser->Bflag = strtod(optarg, (char **)&ptr);
888 if (ptr == optarg)
889 usage ();
890 if (isalpha((int) *ptr)) {
891 switch (*ptr) {
892 case 's': break;
893 case 'm': parser->Bflag *= 60.0; break;
894 case 'h': parser->Bflag *= 60.0 * 60.0; break;
895 case 'd': parser->Bflag *= 60.0 * 60.0 * 24.0; break;
896 case 'w': parser->Bflag *= 60.0 * 60.0 * 24.0 * 7.0; break;
897 case 'M': parser->Bflag *= 60.0 * 60.0 * 24.0 * 7.0 * 4.0; break;
898 case 'y': parser->Bflag *= 60.0 * 60.0 * 24.0 * 7.0 * 4.0 * 12.0; break;
899 }
900 }
901 }
902 break;
903 }
904
905 case 'c':
906 if (!(strncmp(parser->ArgusProgramName, "radium", 6))) {
907 if ((chroot_dir = strdup(optarg)) == NULL)
908 ArgusLog (LOG_ERR, "strdup %s", strerror(errno));
909 } else
910 if (!(strncmp(parser->ArgusProgramName, "ragrep", 6))) {
911 parser->cflag++;
912 } else {
913 parser->cflag++;
914 if (optarg[0] == '\\') {
915 switch (optarg[1]) {
916 case 't': parser->RaFieldDelimiter = '\t'; break;
917 }
918
919 } else
920 parser->RaFieldDelimiter = optarg[0];
921 parser->RaFieldWidth = RA_VARIABLE_WIDTH;
922 }
923 break;
924
925 case 'C':
926 ++parser->Cflag;
927 ++parser->Sflag;
928 if ((!Scmdline++) && (parser->ArgusRemoteHostList != NULL))
929 ArgusDeleteHostList(parser);
930
931 if (!(ArgusAddHostList (parser, optarg, ARGUS_CISCO_DATA_SOURCE, IPPROTO_UDP)))
932 ArgusLog(LOG_ERR, "%s: host %s unknown", *argv, optarg);
933 break;
934
935 case 'D': parser->debugflag = atoi (optarg); break;
936 case 'd': parser->dflag = (parser->dflag) ? 0 : 1; break;
937
938 case 'e': {
939 parser->estr = strdup(optarg);
940
941 if (!(strncmp(parser->ArgusProgramName, "radium", 6))) {
942 if (optarg && (*optarg == '"')) {
943 int slen = strlen(optarg + 1);
944 slen = (slen > 4) ? 4 : slen;
945 parser->ArgusID = 0;
946 bcopy(optarg + 1, (char *)&parser->ArgusID, slen);
947 parser->ArgusIDType = ARGUS_IDIS_STRING;
948 } else
949 if (optarg && isalnum((int)*optarg)) {
950 #if HAVE_GETADDRINFO
951 struct addrinfo *hp = host;
952 if ((retn = getaddrinfo(optarg, NULL, NULL, &host)) == 0) {
953 unsigned int found = 0, addr;
954 while (host && !found) {
955 switch (host->ai_family) {
956 case AF_INET: {
957 struct sockaddr_in *sa = (struct sockaddr_in *) host->ai_addr;
958
959 if (sa != NULL) {
960 bcopy ((char *)&sa->sin_addr, (char *)&addr, 4);
961 parser->ArgusID = (ntohl(addr));
962 parser->ArgusIDType = ARGUS_IDIS_IPV4;
963 found++;
964 } else
965 ArgusLog (LOG_ERR, "Probe ID %s error %s\n", optarg, strerror(errno));
966 break;
967 }
968
969 default:
970 hp = hp->ai_next;
971 break;
972 }
973 }
974 freeaddrinfo(hp);
975 } else
976 #else
977 if ((host = gethostbyname(optarg)) != NULL) {
978 if ((host->h_addrtype == 2) && (host->h_length == 4)) {
979 unsigned int addr;
980 bcopy ((char *) *host->h_addr_list, (char *)&addr, host->h_length);
981 parser->ArgusID = (ntohl(addr));
982 } else
983 ArgusLog (LOG_ERR, "Probe ID %s error %s\n", optarg, strerror(errno));
984
985 parser->ArgusIDType = ARGUS_IDIS_IPV4;
986
987 } else
988 #endif
989 if (optarg && isdigit((int)*optarg)) {
990 parser->ArgusID = atoi (optarg);
991 parser->ArgusIDType = ARGUS_IDIS_INT;
992 } else
993 ArgusLog (LOG_ERR, "Probe ID value %s is not appropriate (%s)\n", optarg, strerror(errno));
994 } else
995 ArgusLog (LOG_ERR, "Probe ID value %s is not appropriate\n", optarg);
996
997 } else {
998 parser->ArgusGrepSource++;
999 parser->ArgusGrepDestination++;
1000
1001 if ((parser->estr[0] == 's') && (parser->estr[1] == ':')) {
1002 parser->ArgusGrepDestination = 0;
1003 parser->estr = &parser->estr[2];
1004 }
1005 if ((parser->estr[0] == 'd') && (parser->estr[1] == ':')) {
1006 parser->ArgusGrepSource = 0;
1007 parser->estr = &parser->estr[2];
1008 }
1009 }
1010
1011 break;
1012 }
1013
1014 case 'E':
1015 parser->exceptfile = strdup(optarg);
1016 setArgusWfile (parser, optarg, NULL);
1017 break;
1018
1019 case 'f': {
1020 if (parser->ArgusFlowModelFile != NULL)
1021 free (parser->ArgusFlowModelFile);
1022 parser->ArgusFlowModelFile = strdup(optarg);
1023 break;
1024 }
1025 case 'F':
1026 if (!(ArgusParseResourceFile (parser, optarg)))
1027 ArgusLog(LOG_ERR, "%s: %s", optarg, strerror(errno));
1028 break;
1029
1030 case 'g': {
1031 if (!(strncmp(parser->ArgusProgramName, "radium", 6))) {
1032 struct group *gr;
1033 if ((gr = getgrnam(optarg)) == NULL)
1034 ArgusLog (LOG_ERR, "unknown group \"%s\"\n", optarg);
1035 new_gid = gr->gr_gid;
1036 endgrent();
1037 } else {
1038 }
1039 break;
1040 }
1041
1042 case 'G': parser->Gflag++; break;
1043 case 'H': {
1044 if ((strncmp(parser->ArgusProgramName, "rahisto", 7)))
1045 parser->Hflag = 1;
1046 else {
1047 char str[1024], Hstr[1024], *Hptr = Hstr;
1048 bzero (str, 1024);
1049 bzero (Hstr, 1024);
1050 do {
1051 if (*optarg == '"') {
1052 if (Hptr[1] != '\0')
1053 snprintf (Hstr, 1024, "%s", (&Hptr[1]));
1054
1055 while ((Hptr = strchr (Hstr, '"')) == NULL) {
1056 if ((optarg = argv[optind]) != NULL) {
1057 strncat (Hstr, optarg, (1024 - strlen(Hstr)));
1058 optind++;
1059 } else
1060 break;
1061 }
1062 optarg = Hstr;
1063 }
1064
1065 snprintf (&str[strlen(str)], (1024 - strlen(str)), "%s ", optarg);
1066
1067 if ((optarg = argv[optind]) != NULL)
1068 if (*optarg != '-')
1069 optind++;
1070 } while (optarg && (*optarg != '-'));
1071
1072 parser->Hstr = strdup(str);
1073 }
1074 break;
1075 }
1076
1077 case 'i': ++parser->iflag; break;
1078 case 'I': ++parser->Iflag; break;
1079 case 'j': ++parser->jflag; break;
1080 case 'J': ++parser->Jflag; break;
1081 case 'l': ++parser->lflag; break;
1082 case 'L':
1083 if (!(strncmp(parser->ArgusProgramName, "ragrep", 6)))
1084 parser->Lflag = 1;
1085 else {
1086 parser->Lflag = atoi(optarg);
1087 switch (parser->Lflag) {
1088 case 0: parser->Lflag = -1; break;
1089 case -1: parser->Lflag = 0; break;
1090 }
1091 }
1092 break;
1093 case 'm':
1094 if (!(strncmp(parser->ArgusProgramName, "ragrep", 6)))
1095 parser->mflag = atoi (optarg);
1096 else {
1097 do {
1098 if (!(ArgusAddMaskList (parser, optarg)))
1099 ArgusLog(LOG_ERR, "%s: error: mask arg %s", *argv, optarg);
1100
1101 if ((optarg = argv[optind]) != NULL)
1102 if (*optarg != '-')
1103 optind++;
1104 } while (optarg && (*optarg != '-'));
1105 }
1106 break;
1107
1108 case 'M': {
1109 char Mstr[1024], *Mptr = Mstr, *tzptr;
1110 bzero (Mstr, 1024);
1111
1112 do {
1113 int ArgusAddMode = 1;
1114 if (*optarg == '"') {
1115 if (Mptr[1] != '\0')
1116 snprintf (Mstr, 1024, "%s", (&Mptr[1]));
1117
1118 while ((Mptr = strchr (Mstr, '"')) == NULL) {
1119 if ((optarg = argv[optind]) != NULL) {
1120 strncat (Mstr, optarg, (1024 - strlen(Mstr)));
1121 optind++;
1122 } else
1123 break;
1124 }
1125 optarg = Mstr;
1126 }
1127 if ((tzptr = strstr (optarg, "printer=")) != NULL) {
1128 char *option = &optarg[8];
1129 if (!(strncasecmp(option, "hex", 3))) {
1130 parser->eflag = ARGUS_HEXDUMP;
1131 ArgusAddMode = 0;
1132 } else
1133 if (!(strncasecmp(option, "ascii", 5))) {
1134 parser->eflag = ARGUS_ENCODE_ASCII;
1135 ArgusAddMode = 0;
1136 } else
1137 if (!(strncasecmp(option, "obfuscate", 2))) {
1138 parser->eflag = ARGUS_ENCODE_OBFUSCATE;
1139 ArgusAddMode = 0;
1140 } else
1141 if (!(strncasecmp(option, "encode64", 8))) {
1142 parser->eflag = ARGUS_ENCODE_64;
1143 ArgusAddMode = 0;
1144 } else
1145 if (!(strncasecmp(option, "encode32", 8))) {
1146 parser->eflag = ARGUS_ENCODE_32;
1147 ArgusAddMode = 0;
1148 }
1149 } else
1150 if ((tzptr = strstr (optarg, "label=")) != NULL) {
1151 parser->ArgusMatchLabel++;
1152 ArgusProcessLabelOptions(parser, &optarg[6]);
1153 } else
1154 if ((tzptr = strstr (optarg, "dsrs=")) != NULL) {
1155 parser->ArgusStripFields++;
1156 ArgusProcessStripOptions(parser, &optarg[5]);
1157 ArgusAddMode = 0;
1158 } else
1159 if ((tzptr = strstr (optarg, "sql=")) != NULL) {
1160 if (parser->ArgusSQLStatement != NULL)
1161 free (parser->ArgusSQLStatement);
1162 parser->ArgusSQLStatement = strdup(&optarg[4]);
1163 } else
1164 if (!(strcmp (optarg, "json"))) {
1165 parser->ArgusPrintJson++;
1166 parser->RaFieldDelimiter = ',';
1167 parser->RaFieldWidth = RA_VARIABLE_WIDTH;
1168 parser->RaFieldQuoted = RA_DOUBLE_QUOTED;
1169 parser->eflag = ARGUS_ENCODE_ASCII;
1170 parser->cflag++;
1171 parser->ArgusPrintJsonEmptyString = ARGUS_PRINT_EMPTY_STRING;
1172 parser->Lflag = 0;
1173 ArgusAddMode = 0;
1174 } else
1175 if (!(strcmp(optarg, "null"))) {
1176 parser->ArgusPrintJsonEmptyString = ARGUS_PRINT_NULL;
1177 ArgusAddMode = 0;
1178 } else
1179 if (!(strcmp(optarg, "empty"))) {
1180 parser->ArgusPrintJsonEmptyString = ARGUS_PRINT_EMPTY_STRING;
1181 ArgusAddMode = 0;
1182 } else
1183 if (!(strcmp(optarg, "omit"))) {
1184 parser->ArgusPrintJsonEmptyString = ARGUS_OMIT_EMPTY_STRING;
1185 ArgusAddMode = 0;
1186 } else
1187 if (!(strcmp (optarg, "xml"))) {
1188 parser->ArgusPrintXml++;
1189 parser->Lflag = 0;
1190 ArgusAddMode = 0;
1191 } else
1192 if (!(strncasecmp (optarg, "rtime", 5)) ||
1193 (!(strncasecmp (optarg, "realtime", 8)))) {
1194 char *ptr = NULL;
1195 if ((ptr = strchr(optarg, ':')) != NULL) {
1196 double value = 0.0;
1197 char *endptr = NULL;
1198 ptr++;
1199 value = strtod(ptr, &endptr);
1200 if (ptr != endptr) {
1201 parser->ProcessRealTime = value;
1202 }
1203 } else
1204 parser->ProcessRealTime = 1.0;
1205 } else
1206 if (!(strcmp (optarg, "disa"))) {
1207 parser->ArgusDSCodePoints = ARGUS_DISA_DSCODES;
1208 RaPrintAlgorithmTable[ARGUSPRINTSRCDSBYTE].length = 8;
1209 RaPrintAlgorithmTable[ARGUSPRINTDSTDSBYTE].length = 8;
1210 } else
1211 if ((tzptr = strstr (optarg, "TZ="))) {
1212 if (parser->RaTimeZone != NULL)
1213 free (parser->RaTimeZone);
1214 parser->RaTimeZone = strdup(optarg);
1215 #if HAVE_SETENV
1216 setenv("TZ", (parser->RaTimeZone + 3), 1);
1217 #else
1218 putenv(parser->RaTimeZone);
1219 #endif
1220 tzset();
1221 } else {
1222 #if defined(ARGUS_SASL)
1223 if ((tzptr = strstr (optarg, "saslmech="))) {
1224 extern char *RaSaslMech;
1225 if (RaSaslMech)
1226 free (RaSaslMech);
1227 RaSaslMech=strdup(&optarg[9]);
1228 }
1229 #endif /* ARGUS_SASL */
1230 }
1231
1232 if (ArgusAddMode)
1233 if (!(ArgusAddModeList (parser, optarg)))
1234 ArgusLog(LOG_ERR, "%s: error: arg %s", *argv, optarg);
1235
1236 if ((optarg = argv[optind]) != NULL)
1237 if (*optarg != '-')
1238 optind++;
1239 } while (optarg && (*optarg != '-'));
1240 break;
1241 }
1242
1243 case 'n': {
1244 if (++parser->nflag > 3)
1245 parser->nflag = 0;
1246 break;
1247 }
1248 case 'N': {
1249 char *ptr = NULL;
1250 int sNflag = 0, eNflag = 0;
1251 int output = 0;
1252
1253 if (optarg[0] == 'o') {
1254 output = 1;
1255 optarg++;
1256 }
1257 if (optarg[0] == 'i') {
1258 output = 0;
1259 optarg++;
1260 }
1261 if ((ptr = strchr (optarg, '-')) != NULL) {
1262 char *eptr = ptr + 1;
1263 sNflag = strtol(optarg, (char **)&ptr, 10);
1264 if (ptr == optarg)
1265 usage ();
1266 eNflag = strtol(eptr, (char **)&ptr, 10);
1267 if (ptr == eptr)
1268 usage ();
1269
1270 } else
1271 if ((ptr = strchr (optarg, '+')) != NULL) {
1272 char *eptr = ptr + 1;
1273 sNflag = strtol(optarg, (char **)&ptr, 10);
1274 if (ptr == optarg)
1275 usage ();
1276 eNflag = strtol(eptr, (char **)&ptr, 10);
1277 if (ptr == eptr)
1278 usage ();
1279 eNflag += sNflag;
1280 } else {
1281 sNflag = 0;
1282 eNflag = strtol(optarg, (char **)&ptr, 10);
1283 if (ptr == optarg)
1284 usage ();
1285 }
1286 if (output) {
1287 parser->sNoflag = sNflag;
1288 parser->eNoflag = eNflag;
1289 } else {
1290 parser->sNflag = sNflag;
1291 parser->eNflag = eNflag;
1292 }
1293 break;
1294 }
1295 case 'O': parser->Oflag = 0; break;
1296 case 'p':
1297 if (!(strncmp(parser->ArgusProgramName, "radium", 6))) {
1298 parser->ArgusReliableConnection = 0;
1299 } else {
1300 parser->pflag = atoi (optarg); break;
1301 }
1302 break;
1303
1304 case 'P':
1305 if (!(strncmp(parser->ArgusProgramName, "radium", 6))) {
1306 parser->ArgusPortNum = atoi (optarg);
1307 } else
1308 if (!(strncmp(parser->ArgusProgramName, "rampcd", 6))) {
1309 parser->ArgusPortNum = atoi (optarg);
1310
1311 } else {
1312 parser->Pflag = 1;
1313 do {
1314 if (parser->RaSortOptionIndex < ARGUS_MAX_S_OPTIONS) {
1315 char *soptstr = strdup(optarg), *sptr;
1316 if ((sptr = soptstr) != NULL) {
1317 char *cptr;
1318 while ((cptr = strtok(sptr, " ,")) != NULL) {
1319 parser->RaSortOptionStrings[parser->RaSortOptionIndex++] = strdup(cptr);
1320 sptr = NULL;
1321 }
1322 }
1323 free (soptstr);
1324 } else
1325 ArgusLog (LOG_ERR, "usage: number of -P options exceeds %d", ARGUS_MAX_S_OPTIONS);
1326
1327 if ((optarg = argv[optind]) != NULL)
1328 if (*optarg != '-')
1329 optind++;
1330 } while (optarg && (*optarg != '-'));
1331 break;
1332 }
1333 break;
1334
1335 case 'q': ++parser->qflag; break;
1336 case 'Q': {
1337 parser->Qflag = atoi (optarg);
1338 break;
1339 }
1340
1341 /* -r [type:]file[::ostart[:ostop]] */
1342
1343 case 'r': {
1344 int type = ARGUS_DATA_SOURCE;
1345
1346 ++parser->rflag;
1347 parser->Sflag = 0;
1348
1349 if (optarg == NULL)
1350 optarg = "-";
1351 else {
1352 if (!(strncmp ("mysql:", optarg, 6))) {
1353 if (parser->readDbstr != NULL)
1354 free(parser->readDbstr);
1355 parser->readDbstr = strdup(optarg);
1356
1357 } else {
1358 if (!(strncmp ("cisco:", optarg, 6))) {
1359 parser->Cflag++;
1360 type = ARGUS_CISCO_DATA_SOURCE;
1361 optarg += 6;
1362 } else
1363 if (!(strncmp ("jflow:", optarg, 6))) {
1364 parser->Cflag++;
1365 type = ARGUS_JFLOW_DATA_SOURCE;
1366 optarg += 6;
1367 } else
1368 if (!(strncmp ("ft:", optarg, 3))) {
1369 type = ARGUS_FLOW_TOOLS_SOURCE;
1370 optarg += 3;
1371 } else
1372 if (!(strncmp ("sflow:", optarg, 6))) {
1373 type = ARGUS_SFLOW_DATA_SOURCE;
1374 optarg += 6;
1375 }
1376 if ((!rcmdline++) && (parser->ArgusInputFileList != NULL))
1377 ArgusDeleteFileList(parser);
1378
1379 do {
1380 long long ostart = -1, ostop = -1;
1381 char *ptr, *eptr;
1382
1383 if ((ptr = strstr(optarg, "::")) != NULL) {
1384 char *endptr;
1385
1386 *ptr++ = '\0';
1387 ptr++;
1388
1389 if ((eptr = strstr(ptr, ":")) != NULL) {
1390 ostart = strtol(ptr, (char **)&endptr, 10);
1391 if (endptr == optarg)
1392 usage ();
1393 ostop = strtol((eptr + 1), (char **)&endptr, 10);
1394 if (endptr == optarg)
1395 usage ();
1396 }
1397 }
1398
1399 if (!(ArgusAddFileList (parser, optarg, type, ostart, ostop)))
1400 ArgusLog(LOG_ERR, "%s: error: file arg %s", *argv, optarg);
1401
1402 if ((optarg = argv[optind]) != NULL)
1403 if (*optarg != '-')
1404 optind++;
1405 } while (optarg && (*optarg != '-'));
1406 }
1407 }
1408 break;
1409 }
1410
1411 case 'R': {
1412 parser->Sflag = 0;
1413 if ((!rcmdline++) && (parser->ArgusInputFileList != NULL))
1414 ArgusDeleteFileList(parser);
1415
1416 do {
1417 RaProcessRecursiveFiles (optarg);
1418 if ((optarg = argv[optind]) != NULL)
1419 if (*optarg != '-')
1420 optind++;
1421 } while (optarg && (*optarg != '-'));
1422
1423 break;
1424 }
1425
1426 case 's':
1427 parser->sflag = 1;
1428 do {
1429 if (parser->RaPrintOptionIndex < ARGUS_MAX_S_OPTIONS) {
1430 char *soptstr = strdup(optarg), *sptr;
1431 if ((sptr = soptstr) != NULL) {
1432 char *cptr;
1433 while ((cptr = strtok(sptr, " ,")) != NULL) {
1434 parser->RaPrintOptionStrings[parser->RaPrintOptionIndex++] = strdup(cptr);
1435 sptr = NULL;
1436 }
1437 }
1438 free (soptstr);
1439 } else
1440 ArgusLog (LOG_ERR, "usage: number of -s options exceeds %d", ARGUS_MAX_S_OPTIONS);
1441
1442 if ((optarg = argv[optind]) != NULL)
1443 if (*optarg != '-')
1444 optind++;
1445 } while (optarg && (*optarg != '-'));
1446 break;
1447
1448 case 'S':
1449 ++parser->Sflag;
1450 if ((!Scmdline++) && (parser->ArgusRemoteHostList != NULL))
1451 ArgusDeleteHostList(parser);
1452
1453 if (!(ArgusAddHostList (parser, optarg, ARGUS_DATA_SOURCE, IPPROTO_TCP)))
1454 ArgusLog(LOG_ERR, "%s: host %s unknown", *argv, optarg);
1455 break;
1456
1457 case 't': {
1458 parser->timearg = strdup(optarg);
1459 if (parser->timearg != NULL) {
1460 if ((retn = ArgusParseTimeArg (&parser->timearg, argv, optind, &parser->RaTmStruct)) < 0) {
1461 usage ();
1462 } else {
1463 parser->tflag++;
1464 optind += retn;
1465 }
1466 }
1467 break;
1468 }
1469
1470 case 'T': {
1471 parser->Tflag = (int)strtol(optarg, (char **)NULL, 10);
1472 break;
1473 }
1474
1475
1476 case 'u': {
1477 if (!(strncmp(parser->ArgusProgramName, "radium", 6))) {
1478 char login[256];
1479 struct passwd *pw;
1480 sprintf (login, "%s", optarg);
1481 if ((pw = getpwnam(login)) == NULL)
1482 ArgusLog (LOG_ERR, "unknown user \"%s\"\n", optarg);
1483 new_uid = pw->pw_uid;
1484 endpwent();
1485 } else {
1486 parser->uflag++;
1487 }
1488 break;
1489 }
1490
1491 case 'U':
1492 if (strstr(parser->ArgusProgramName, "sql") != NULL)
1493 parser->dbuserstr = strdup (optarg);
1494 else
1495 parser->ustr = strdup(optarg);
1496 break;
1497
1498 case 'v': parser->vflag++; break;
1499 case 'V': parser->Vflag++; break;
1500 case 'w':
1501 if ((tmparg = optarg) != NULL) {
1502 if (!(strncmp ("mysql:", tmparg, 6))) {
1503 if (parser->writeDbstr != NULL)
1504 free(parser->writeDbstr);
1505 parser->writeDbstr = strdup(optarg);
1506
1507 } else
1508 if ((*tmparg != '-') || ((*tmparg == '-') &&
1509 (!(strcmp (tmparg, "-"))))) {
1510 if (argc == optind)
1511 filter = NULL;
1512 else {
1513 filter = argv[optind];
1514 if (*filter == '-') {
1515 filter = NULL;
1516 } else
1517 optind++;
1518 }
1519 setArgusWfile (parser, tmparg, filter);
1520 break;
1521 }
1522 }
1523 break;
1524
1525 case 'X': RaClearConfiguration (parser); break;
1526 case 'z': ++parser->zflag; break;
1527 case 'Z': parser->Zflag = *optarg; break;
1528 case 'h':
1529 if (!(strncmp(parser->ArgusProgramName, "ragrep", 6))) {
1530 parser->hflag = 1;
1531 break;
1532 }
1533
1534 default:
1535 usage ();
1536 /* NOTREACHED */
1537 }
1538 }
1539
1540 if (rcmdline)
1541 if (parser->ArgusInputFileList == NULL)
1542 ArgusLog (LOG_ERR, "no input files");
1543
1544 if ((str = argv[optind]) != NULL) {
1545 if ((strcmp(str, "-") == 0) || (strcmp(str, "--") == 0))
1546 optind++;
1547 cmdbuf = ArgusCopyArgv (&argv[optind]);
1548 }
1549
1550 if (cmdbuf) {
1551 if (parser->ArgusLocalFilter != NULL)
1552 free(parser->ArgusLocalFilter);
1553
1554 if (parser->ArgusRemoteFilter != NULL)
1555 free(parser->ArgusRemoteFilter);
1556
1557 if ((str = strstr (cmdbuf, "local ")) != NULL) {
1558 *str = '\0';
1559 parser->ArgusLocalFilter = strdup(&cmdbuf[strlen("local ")]);
1560 } else
1561 if ((str = strstr (cmdbuf, "display ")) != NULL) {
1562 *str = '\0';
1563 parser->ArgusDisplayFilter = strdup(&cmdbuf[strlen("display ")]);
1564 } else
1565 if ((str = strstr (cmdbuf, "remote ")) != NULL) {
1566 *str = '\0';
1567 parser->ArgusRemoteFilter = strdup(&cmdbuf[strlen("remote ")]);
1568 } else
1569 parser->ArgusRemoteFilter = strdup(cmdbuf);
1570
1571 free(cmdbuf);
1572 }
1573
1574 if (parser->RaPrintOptionIndex > 0)
1575 ArgusProcessSOptions(parser);
1576
1577 if (parser->ArgusRemoteFilter != NULL)
1578 if (ArgusFilterCompile (&parser->ArgusFilterCode, parser->ArgusRemoteFilter, parser->Oflag) < 0) {
1579 if (strlen(parser->ArgusRemoteFilter) > 20)
1580 ArgusLog (LOG_ERR, "filter syntax error: '%20.20s ...'", parser->ArgusRemoteFilter);
1581 else
1582 ArgusLog (LOG_ERR, "filter syntax error: '%s'", parser->ArgusRemoteFilter);
1583 }
1584
1585 if (parser->ArgusLocalFilter != NULL) {
1586 if (ArgusFilterCompile (&parser->ArgusFilterCode, parser->ArgusLocalFilter, parser->Oflag) < 0) {
1587 if (strlen(parser->ArgusLocalFilter) > 20)
1588 ArgusLog (LOG_ERR, "filter syntax error: '%20.20s ...'", parser->ArgusLocalFilter);
1589 else
1590 ArgusLog (LOG_ERR, "filter syntax error: '%s'", parser->ArgusLocalFilter);
1591 }
1592 }
1593
1594 if (parser->ArgusDisplayFilter != NULL) {
1595 if (ArgusFilterCompile (&parser->ArgusDisplayCode, parser->ArgusDisplayFilter, parser->Oflag) < 0) {
1596 if (strlen(parser->ArgusDisplayFilter) > 20)
1597 ArgusLog (LOG_ERR, "filter syntax error: '%20.20s ...'", parser->ArgusDisplayFilter);
1598 else
1599 ArgusLog (LOG_ERR, "filter syntax error: %s", parser->ArgusDisplayFilter);
1600 }
1601 }
1602
1603 if (parser->bflag) {
1604 if ((parser->ArgusLocalFilter != NULL) || (parser->ArgusRemoteFilter != NULL)) {
1605 nff_dump(&parser->ArgusFilterCode, parser->bflag);
1606 exit (0);
1607 }
1608 }
1609
1610 if (parser->ArgusGrepSource || parser->ArgusGrepDestination)
1611 ArgusInitializeGrep(parser);
1612
1613 if (parser->uflag) {
1614 RaPrintAlgorithmTable[ARGUSPRINTSTARTDATE].type = ARGUS_PTYPE_DOUBLE;
1615 RaPrintAlgorithmTable[ARGUSPRINTLASTDATE].type = ARGUS_PTYPE_DOUBLE;
1616 RaPrintAlgorithmTable[ARGUSPRINTSRCSTARTDATE].type = ARGUS_PTYPE_DOUBLE;
1617 RaPrintAlgorithmTable[ARGUSPRINTSRCLASTDATE].type = ARGUS_PTYPE_DOUBLE;
1618 RaPrintAlgorithmTable[ARGUSPRINTDSTSTARTDATE].type = ARGUS_PTYPE_DOUBLE;
1619 RaPrintAlgorithmTable[ARGUSPRINTDSTLASTDATE].type = ARGUS_PTYPE_DOUBLE;
1620 }
1621 if (parser->nflag > 1) {
1622 RaPrintAlgorithmTable[ARGUSPRINTSRCPORT].type = ARGUS_PTYPE_INT;
1623 RaPrintAlgorithmTable[ARGUSPRINTDSTPORT].type = ARGUS_PTYPE_INT;
1624 }
1625 if (parser->nflag > 2) {
1626 RaPrintAlgorithmTable[ARGUSPRINTPROTO].type = ARGUS_PTYPE_INT;
1627 }
1628
1629 ArgusProcessSOptions(parser);
1630
1631 if (parser->RaParseDone)
1632 exit (0);
1633 }
1634
1635 int
ArgusParseResourceFile(struct ArgusParserStruct * parser,char * file)1636 ArgusParseResourceFile (struct ArgusParserStruct *parser, char *file)
1637 {
1638 int retn = 0, i, len, Soption = 0, roption = 0, found = 0, lines = 0;
1639 char strbuf[MAXSTRLEN], *str = strbuf, *optarg = NULL, *ptr = NULL;
1640 FILE *fd;
1641
1642 if (file) {
1643 if ((fd = fopen (file, "r")) != NULL) {
1644 retn = 1;
1645 while ((fgets(strbuf, MAXSTRLEN, fd)) != NULL) {
1646 lines++;
1647 str = strbuf;
1648 while (*str && isspace((int)*str))
1649 str++;
1650
1651 if (*str && (*str != '#') && (*str != '\n') && (*str != '!')) {
1652 found = 0;
1653 for (i = 0; i < ARGUS_RCITEMS; i++) {
1654 len = strlen(ArgusResourceFileStr[i]);
1655 if (!(strncmp (str, ArgusResourceFileStr[i], len))) {
1656
1657 optarg = &str[len];
1658
1659 while (optarg[strlen(optarg) - 1] == '\n')
1660 optarg[strlen(optarg) - 1] = '\0';
1661
1662 while (*optarg == '\"')
1663 optarg++;
1664
1665 while (optarg[strlen(optarg) - 1] == '\"')
1666 optarg[strlen(optarg) - 1] = '\0';
1667
1668 if (*optarg == '\0')
1669 optarg = NULL;
1670
1671 if (optarg) {
1672 switch (i) {
1673 case RA_ARGUS_SERVER:
1674 ++parser->Sflag;
1675 if (!Soption++ && (parser->ArgusRemoteHostList != NULL))
1676 ArgusDeleteHostList(parser);
1677
1678 if (!(ArgusAddHostList (parser, optarg, ARGUS_DATA_SOURCE, IPPROTO_TCP))) {
1679 ArgusLog (LOG_ERR, "host %s unknown\n", optarg);
1680 }
1681 break;
1682
1683 case RA_SOURCE_PORT:
1684 parser->ArgusSourcePort = atoi (optarg);
1685 break;
1686
1687 case RA_CISCONETFLOW_PORT:
1688 ++parser->Sflag; ++parser->Cflag;
1689 if (!Soption++ && (parser->ArgusRemoteHostList != NULL))
1690 ArgusDeleteHostList(parser);
1691
1692 if (!(ArgusAddHostList (parser, optarg, ARGUS_CISCO_DATA_SOURCE, IPPROTO_UDP))) {
1693 ArgusLog (LOG_ERR, "host %s unknown\n", optarg);
1694 }
1695 break;
1696
1697 case RA_ARGUS_SERVERPORT:
1698 parser->ArgusPortNum = atoi (optarg);
1699 break;
1700
1701 case RA_INPUT_FILE: {
1702 int type = ARGUS_DATA_SOURCE;
1703 if (!(strncmp ("cisco:", optarg, 6))) {
1704 parser->Cflag++;
1705 optarg += 6;
1706 } else
1707 if (!(strncmp ("jflow:", optarg, 6))) {
1708 type = ARGUS_JFLOW_DATA_SOURCE;
1709 parser->Cflag++;
1710 optarg += 6;
1711 } else
1712 if (!(strncmp ("sflow:", optarg, 6))) {
1713 type = ARGUS_SFLOW_DATA_SOURCE;
1714 optarg += 6;
1715 } else
1716 if (parser->Cflag)
1717 type = ARGUS_CISCO_DATA_SOURCE;
1718
1719 if ((!roption++) && (parser->ArgusInputFileList != NULL))
1720 ArgusDeleteFileList(parser);
1721
1722 if (!(ArgusAddFileList (parser, optarg, type, -1, -1)))
1723 ArgusLog (LOG_ERR, "error: file arg %s\n", optarg);
1724 break;
1725 }
1726
1727 case RA_NO_OUTPUT:
1728 if (!(strncasecmp(optarg, "yes", 3)))
1729 parser->qflag++;
1730 else
1731 parser->qflag = 0;
1732 break;
1733
1734 case RA_USER_AUTH:
1735 if (parser->ustr != NULL)
1736 free(parser->ustr);
1737 parser->ustr = strdup(optarg);
1738 break;
1739
1740 case RA_AUTH_PASS:
1741 if (parser->pstr != NULL)
1742 free(parser->pstr);
1743 parser->pstr = strdup(optarg);
1744 break;
1745
1746 case RA_OUTPUT_FILE: {
1747 char *filter = NULL, *fptr;
1748
1749 if ((filter = strchr (optarg, ' ')) != NULL) {
1750 *filter++ = '\0';
1751
1752 if ((fptr = strchr (filter, '"')) != NULL) {
1753 *fptr++ = '\0';
1754 filter = fptr;
1755 }
1756 }
1757
1758 setArgusWfile(parser, optarg, filter);
1759 break;
1760 }
1761
1762 case RA_EXCEPTION_OUTPUT_FILE:
1763 parser->exceptfile = optarg;
1764 setArgusWfile(parser, optarg, NULL);
1765 break;
1766
1767 case RA_TIMERANGE:
1768 parser->timearg = strdup(optarg);
1769 if ((ArgusParseTimeArg (&parser->timearg, NULL, 0, &parser->RaTmStruct)) < 0)
1770 usage ();
1771 break;
1772
1773 case RA_RUN_TIME:
1774 parser->Tflag = atoi (optarg);
1775 break;
1776
1777 case RA_FIELD_DELIMITER:
1778 ptr = optarg;
1779 if ((ptr = strchr (optarg, '\'')) != NULL) {
1780 ptr++;
1781 if (ptr[0] == '\'')
1782 break;
1783 }
1784
1785 if (ptr[0] == '\\') {
1786 switch (ptr[1]) {
1787 case 'a': parser->RaFieldDelimiter = '\a'; break;
1788 case 'b': parser->RaFieldDelimiter = '\b'; break;
1789 case 't': parser->RaFieldDelimiter = '\t'; break;
1790 case 'n': parser->RaFieldDelimiter = '\n'; break;
1791 case 'v': parser->RaFieldDelimiter = '\v'; break;
1792 case 'f': parser->RaFieldDelimiter = '\f'; break;
1793 case 'r': parser->RaFieldDelimiter = '\r'; break;
1794 case '\\': parser->RaFieldDelimiter = '\\'; break;
1795 }
1796 if (parser->RaFieldDelimiter != '\0')
1797 break;
1798 } else
1799 parser->RaFieldDelimiter = *ptr;
1800
1801 parser->RaFieldWidth = RA_VARIABLE_WIDTH;
1802 break;
1803
1804 case RA_FIELD_QUOTED:
1805 if (!(strncasecmp(optarg, "double", 6)))
1806 parser->RaFieldQuoted = RA_DOUBLE_QUOTED;
1807 if (!(strncasecmp(optarg, "single", 6)))
1808 parser->RaFieldQuoted = RA_SINGLE_QUOTED;
1809 break;
1810
1811 case RA_FIELD_WIDTH: {
1812 if (!(strncasecmp(optarg, "fixed", 5))) {
1813 parser->RaFieldWidth = RA_FIXED_WIDTH;
1814 } else
1815 if (!(strncasecmp(optarg, "variable", 3))) {
1816 parser->RaFieldWidth = RA_VARIABLE_WIDTH;
1817 }
1818 break;
1819 }
1820
1821 case RA_SET_PID: {
1822 if (!(strncasecmp(optarg, "yes", 3)))
1823 setArguspidflag (parser, 1);
1824 else
1825 setArguspidflag (parser, 0);
1826 break;
1827 }
1828
1829 case RA_PID_PATH: {
1830 parser->ArgusPidPath = strdup(optarg);
1831 break;
1832 }
1833
1834 case RA_TIME_FORMAT: {
1835 struct timeval tv, *tvp = &tv;
1836 char tbuf[256];
1837
1838 if (parser->RaTimeFormat != NULL)
1839 free (parser->RaTimeFormat);
1840
1841 parser->RaTimeFormat = strdup(optarg);
1842 if (strstr(parser->RaTimeFormat, ".\%f"))
1843 parser->ArgusFractionalDate = 1;
1844
1845 gettimeofday(tvp, 0L);
1846 bzero(tbuf, sizeof(tbuf));
1847 ArgusPrintTime(parser, tbuf, tvp);
1848
1849 if ((len = strlen(tbuf)) > 0)
1850 if (len > 128)
1851 ArgusLog (LOG_ERR, "ArgusParseResourceFile: date string %s too long", optarg);
1852
1853 RaPrintAlgorithmTable[ARGUSPRINTSTARTDATE].length = len - parser->pflag;
1854 RaPrintAlgorithmTable[ARGUSPRINTLASTDATE].length = len - parser->pflag;
1855 break;
1856 }
1857
1858 case RA_TZ: {
1859 #ifdef ARGUSDEBUG
1860 char *tzvalue = getenv("TZ");
1861 #endif
1862 char tzbuf[128];
1863
1864 snprintf(tzbuf, sizeof(tzbuf), "TZ=%s", optarg);
1865
1866 if (parser->RaTimeZone != NULL)
1867 free(parser->RaTimeZone);
1868 parser->RaTimeZone = strdup(tzbuf);
1869 #if HAVE_SETENV
1870 setenv("TZ", (parser->RaTimeZone + 3), 1);
1871 #else
1872 putenv(parser->RaTimeZone);
1873 #endif
1874 tzset();
1875 #ifdef ARGUSDEBUG
1876 ArgusDebug (2, "ArgusParseResourceFile: TZ changed from \"%s\" to \"%s\"", tzvalue, optarg);
1877 #endif
1878 break;
1879 }
1880
1881 case RA_USEC_PRECISION:
1882 parser->pflag = atoi (optarg);
1883 break;
1884
1885 case RA_PRINT_SUMMARY:
1886 if (!(strncasecmp(optarg, "yes", 3)))
1887 parser->aflag = 1;
1888 else
1889 parser->aflag = 0;
1890 break;
1891
1892 case RA_PRINT_NAMES:
1893 if (!(strncasecmp(optarg, "none", 4)))
1894 parser->nflag = 3;
1895 else if (!(strncasecmp(optarg, "proto", 5)))
1896 parser->nflag = 2;
1897 else if (!(strncasecmp(optarg, "port", 5)))
1898 parser->nflag = 1;
1899 else if (!(strncasecmp(optarg, "all", 5)))
1900 parser->nflag = 0;
1901 break;
1902
1903 case RA_PRINT_DOMAINONLY:
1904 if (!(strncasecmp(optarg, "yes", 3)))
1905 parser->domainonly = 1;
1906 else
1907 parser->domainonly = 0;
1908 break;
1909
1910 case RA_PRINT_LOCALONLY:
1911 if (!(strncasecmp(optarg, "yes", 3)))
1912 ++parser->fflag;
1913 else
1914 parser->fflag = 0;
1915 break;
1916
1917 case RA_CIDR_ADDRESS_FORMAT:
1918 if (!(strncasecmp(optarg, "yes", 3)))
1919 parser->cidrflag = RA_ENABLE_CIDR_ADDRESS_FORMAT;
1920 else
1921 if (!(strncasecmp(optarg, "strict", 3)))
1922 parser->cidrflag = RA_STRICT_CIDR_ADDRESS_FORMAT;
1923 else
1924 parser->cidrflag = 0;
1925 break;
1926
1927 case RA_ASN_PRINT_FORMAT:
1928 if (!(strncasecmp(optarg, "asplain", 7)))
1929 parser->ArgusAsnFormat = ARGUS_ASN_ASPLAIN;
1930 else
1931 if (!(strncasecmp(optarg, "asdot+", 6)))
1932 parser->ArgusAsnFormat = ARGUS_ASN_ASDOTPLUS;
1933 else
1934 if (!(strncasecmp(optarg, "asdot", 6)))
1935 parser->ArgusAsnFormat = ARGUS_ASN_ASDOT;
1936 break;
1937
1938 case RA_FLOW_MODEL:
1939 parser->ArgusFlowModelFile = strdup(optarg);
1940 break;
1941
1942 case RA_GENERATE_BIN_MAR_RECORDS:
1943 if (!(strncasecmp(optarg, "yes", 3)))
1944 parser->ArgusGenerateManRecords++;
1945 else
1946 parser->ArgusGenerateManRecords = 0;
1947 break;
1948
1949 case RA_PRINT_MAN:
1950 if (!(strncasecmp(optarg, "yes", 3)))
1951 parser->ArgusPrintMan++;
1952 else
1953 parser->ArgusPrintMan = 0;
1954 break;
1955
1956 case RA_PRINT_EVENT:
1957 if (!(strncasecmp(optarg, "yes", 3)))
1958 parser->ArgusPrintEvent++;
1959 else
1960 parser->ArgusPrintEvent = 0;
1961 break;
1962
1963 case RA_PRINT_LABELS:
1964 parser->Lflag = atoi(optarg);
1965 switch (parser->Lflag) {
1966 case 0: parser->Lflag = -1; break;
1967 case -1: parser->Lflag = 0; break;
1968 }
1969 break;
1970
1971 case RA_PRINT_UNIX_TIME:
1972 if (!(strncasecmp(optarg, "yes", 3)))
1973 ++parser->uflag;
1974 else
1975 parser->uflag = 0;
1976 break;
1977
1978 case RA_PRINT_TCPSTATES:
1979 if (!(strncasecmp(optarg, "yes", 3)))
1980 parser->zflag++;
1981 else
1982 parser->zflag = 0;
1983 break;
1984
1985 case RA_PRINT_TCPFLAGS:
1986 parser->Zflag = *optarg;
1987 break;
1988
1989 case RAMON_MODE:
1990 parser->Mflag = optarg;
1991 break;
1992
1993 case RA_NUMBER:
1994 parser->sNflag = 0;
1995 parser->eNflag = atoi (optarg);
1996 break;
1997
1998 case RA_DEBUG_LEVEL:
1999 parser->debugflag = (atoi(optarg));
2000 break;
2001
2002 case RA_USERDATA_ENCODE:
2003 if (!(strncasecmp(optarg, "ascii", 5)))
2004 parser->eflag = ARGUS_ENCODE_ASCII;
2005 else
2006 if (!(strncasecmp(optarg, "obfuscate", 3)))
2007 parser->eflag = ARGUS_ENCODE_OBFUSCATE;
2008 else
2009 if (!(strncasecmp(optarg, "hex", 3)))
2010 parser->eflag = ARGUS_HEXDUMP;
2011 else
2012 if (!(strncasecmp(optarg, "encode32", 8)))
2013 parser->eflag = ARGUS_ENCODE_32;
2014 else
2015 parser->eflag = ARGUS_ENCODE_64;
2016 break;
2017
2018 case RA_FILTER: {
2019 char *ptr, *sptr;
2020
2021 if (parser->ArgusRemoteFilter != NULL)
2022 free(parser->ArgusRemoteFilter);
2023
2024 if ((parser->ArgusRemoteFilter = calloc (1, MAXSTRLEN)) != NULL) {
2025 ptr = parser->ArgusRemoteFilter;
2026 str = optarg;
2027 while (*str) {
2028 if ((*str == '\\') && (str[1] == '\n')) {
2029 if ((sptr = fgets(str, MAXSTRLEN, fd)) != NULL) {
2030 lines++;
2031 while (*str && (isspace((int)*str) && (str[1] && isspace((int)str[1]))))
2032 str++;
2033 } else
2034 ArgusLog (LOG_ERR, "format error line %d for filter in client configuration", lines);
2035 }
2036
2037 if ((*str != '\n') && (*str != '"'))
2038 *ptr++ = *str++;
2039 else
2040 str++;
2041 }
2042 }
2043 #ifdef ARGUSDEBUG
2044 ArgusDebug (2, "ArgusParseResourceFile: ArgusFilter \"%s\" \n", parser->ArgusRemoteFilter);
2045 #endif
2046 break;
2047 }
2048
2049 case RA_FILTER_TIMEOUT: {
2050 float value = 0.0;
2051 char *endptr = NULL;
2052
2053 value = strtof(optarg, &endptr);
2054
2055 if (optarg != endptr) {
2056 parser->RaFilterTimeout = value;
2057
2058 } else
2059 ArgusLog (LOG_ERR, "%s: format error for update interval in client configuration (use float)");
2060 break;
2061 }
2062
2063 case RA_FIELD_SPECIFIER: {
2064 char *tok = NULL;
2065
2066 while ((tok = strtok(optarg, " ,")) != NULL) {
2067 parser->RaPrintOptionStrings[parser->RaPrintOptionIndex++] = strdup(tok);
2068 if (parser->RaPrintOptionIndex > ARGUS_MAX_S_OPTIONS)
2069 ArgusLog (LOG_ERR, "usage: number of -s options exceeds %d", ARGUS_MAX_S_OPTIONS);
2070 optarg = NULL;
2071 }
2072
2073 break;
2074 }
2075
2076 case RA_MIN_SSF: {
2077 if (*optarg != '\0') {
2078 #ifdef ARGUS_SASL
2079 ArgusMinSsf = atoi(optarg);
2080 #ifdef ARGUSDEBUG
2081 ArgusDebug (2, "ArgusParseResourceFile: ArgusMinSsf \"%s\" \n", ArgusMinSsf);
2082 #endif
2083 #endif
2084 }
2085 break;
2086 }
2087
2088 case RA_MAX_SSF: {
2089 if (*optarg != '\0') {
2090 #ifdef ARGUS_SASL
2091 ArgusMaxSsf = atoi(optarg);
2092 #ifdef ARGUSDEBUG
2093 ArgusDebug (2, "ArgusParseResourceFile: ArgusMaxSsf \"%s\" \n", ArgusMaxSsf);
2094 #endif
2095 #endif
2096 }
2097 break;
2098 }
2099
2100 case RA_DELEGATED_IP: {
2101 parser->ArgusDelegatedIPFile = strdup(optarg);
2102 break;
2103 }
2104
2105 case RA_RELIABLE_CONNECT: {
2106 if (!(strncasecmp(optarg, "yes", 3)))
2107 parser->ArgusReliableConnection = 1;
2108 else
2109 parser->ArgusReliableConnection = 0;
2110 break;
2111 }
2112
2113
2114 case RADIUM_DAEMON:
2115 case RADIUM_MONITOR_ID:
2116 case RADIUM_MAR_STATUS_INTERVAL:
2117 case RADIUM_ADJUST_TIME:
2118 case RADIUM_ACCESS_PORT:
2119 ArgusLog (LOG_ERR, "%s: radium directive in client configuration (use -f)", file);
2120 break;
2121
2122 case ARGUS_ARCHIVE:
2123 parser->ais = strdup(optarg);
2124 break;
2125
2126 case RA_CONNECT_TIME:
2127 parser->ArgusConnectTime = atoi (optarg);
2128 break;
2129
2130 case RA_UPDATE_INTERVAL: {
2131 double value = 0.0, ivalue, fvalue;
2132 char *endptr = NULL;
2133
2134 value = strtod(optarg, &endptr);
2135
2136 if (optarg != endptr) {
2137 fvalue = modf(value, &ivalue);
2138
2139 parser->ArgusUpdateInterval.tv_sec = (int) ivalue;
2140 parser->ArgusUpdateInterval.tv_usec = (int) (fvalue * 1000000.0);
2141
2142 } else
2143 ArgusLog (LOG_ERR, "%s: format error for update interval in client configuration (use float)");
2144 break;
2145 }
2146
2147 case RA_TIMEOUT_INTERVAL: {
2148 double value = 0.0, ivalue, fvalue;
2149 char *endptr = NULL;
2150
2151 value = strtod(optarg, &endptr);
2152
2153 if (optarg != endptr) {
2154 fvalue = modf(value, &ivalue);
2155
2156 parser->timeout.tv_sec = (int) ivalue;
2157 parser->timeout.tv_usec = (int) (fvalue * 1000000.0);
2158
2159 } else
2160 ArgusLog (LOG_ERR, "%s: format error for timeout interval in client configuration (use float)");
2161 break;
2162 }
2163
2164 case RA_DATABASE:
2165 if (parser->readDbstr != NULL)
2166 free(parser->readDbstr);
2167 parser->readDbstr = strdup(optarg);
2168 break;
2169
2170 case RA_DB_USER:
2171 if (parser->dbuserstr != NULL)
2172 free(parser->dbuserstr);
2173 parser->dbuserstr = strdup(optarg);
2174 break;
2175
2176 case RA_DB_PASS:
2177 if (parser->dbpassstr != NULL)
2178 free(parser->dbpassstr);
2179 parser->dbpassstr = strdup(optarg);
2180 break;
2181
2182 case RA_DB_HOST:
2183 if (parser->dbhoststr != NULL)
2184 free(parser->dbhoststr);
2185 parser->dbhoststr = strdup(optarg);
2186 break;
2187
2188 case RA_DB_PORT:
2189 if (parser->dbportstr != NULL)
2190 free(parser->dbportstr);
2191 parser->dbportstr = strdup(optarg);
2192 break;
2193
2194 case RA_AIS_CACHE:
2195 if (parser->ais != NULL)
2196 free(parser->ais);
2197 parser->ais = strdup(optarg);
2198 break;
2199
2200 case RA_SORT_ALGORITHMS: {
2201 char *tok = NULL;
2202 while ((tok = strtok(optarg, " ,")) != NULL) {
2203 parser->RaSortOptionStrings[parser->RaSortOptionIndex++] = strdup(tok);
2204 if (parser->RaSortOptionIndex > ARGUS_MAX_S_OPTIONS)
2205 ArgusLog (LOG_ERR, "usage: number of -s options exceeds %d", ARGUS_MAX_S_OPTIONS);
2206 optarg = NULL;
2207 }
2208
2209 break;
2210 }
2211
2212 case MYSQL_DB_ENGINE: {
2213 if (parser->MySQLDBEngine != NULL)
2214 free(parser->MySQLDBEngine);
2215 parser->MySQLDBEngine = strdup(optarg);
2216 break;
2217 }
2218
2219 case RA_PRINT_ETHERNET_VENDORS: {
2220 if (!(strncasecmp(optarg, "yes", 3)))
2221 parser->ArgusPrintEthernetVendors = 1;
2222 else
2223 parser->ArgusPrintEthernetVendors = 0;
2224 break;
2225 }
2226
2227 case RA_ETHERNET_VENDORS: {
2228 if (parser->ArgusEthernetVendorFile != NULL)
2229 free (parser->ArgusEthernetVendorFile);
2230
2231 parser->ArgusEthernetVendorFile = strdup(optarg);
2232 break;
2233 }
2234
2235 case RA_PORT_DIRECTION: {
2236 if (strstr(optarg, "services"))
2237 parser->ArgusDirectionFunction |= ARGUS_PORT_SERVICES;
2238 if (strstr(optarg, "wellknown"))
2239 parser->ArgusDirectionFunction |= ARGUS_PORT_WELLKNOWN;
2240 if (strstr(optarg, "registered"))
2241 parser->ArgusDirectionFunction |= ARGUS_PORT_REGISTERED;
2242 break;
2243 }
2244
2245 case RA_LOCAL: {
2246 if ((parser->ArgusLocalLabeler = ArgusNewLabeler(parser, 0L)) == NULL)
2247 ArgusLog (LOG_ERR, "ArgusClientInit: ArgusNewLabeler error");
2248
2249 RaReadAddressConfig (parser, parser->ArgusLocalLabeler, optarg);
2250 break;
2251 }
2252
2253 case RA_LOCAL_DIRECTION: {
2254 if (!(strncasecmp(optarg, "suggest:", 7))) {
2255 if (!(strncasecmp(&optarg[8], "src", 3)))
2256 parser->ArgusDirectionFunction |= ARGUS_SUGGEST_LOCAL_SRC;
2257 else
2258 parser->ArgusDirectionFunction |= ARGUS_SUGGEST_LOCAL_DST;
2259 } else
2260 if (!(strncasecmp(optarg, "force:", 6))) {
2261 if (!(strncasecmp(&optarg[6], "src", 3)))
2262 parser->ArgusDirectionFunction |= ARGUS_FORCE_LOCAL_SRC;
2263 else
2264 parser->ArgusDirectionFunction |= ARGUS_FORCE_LOCAL_DST;
2265 } else
2266 if (!(strncasecmp(optarg, "src", 3)))
2267 parser->ArgusDirectionFunction |= ARGUS_SUGGEST_LOCAL_SRC;
2268 if (!(strncasecmp(optarg, "dst", 3)))
2269 parser->ArgusDirectionFunction |= ARGUS_SUGGEST_LOCAL_DST;
2270 break;
2271 }
2272
2273 case RA_SERVICES_SIGNATURES: {
2274 if (parser->ArgusLabeler == NULL) {
2275 if ((parser->ArgusLabeler = ArgusNewLabeler(parser, 0L)) == NULL)
2276 ArgusLog (LOG_ERR, "ArgusClientInit: ArgusNewLabeler error");
2277
2278 RaReadSrvSignature (parser, parser->ArgusLabeler, optarg);
2279 }
2280 break;
2281 }
2282
2283 case RA_COLOR_SUPPORT: {
2284 if (!(strncasecmp(optarg, "yes", 3)))
2285 parser->ArgusColorSupport = 1;
2286 else
2287 parser->ArgusColorSupport = 0;
2288 break;
2289 }
2290
2291 case RA_COLOR_CONFIG: {
2292 if (parser->ArgusColorConfig)
2293 free (parser->ArgusColorConfig);
2294
2295 parser->ArgusColorConfig = strdup(optarg);
2296 break;
2297 }
2298
2299 case RA_CORRELATE_EVENTS: {
2300 if (!(strncasecmp(optarg, "yes", 3)))
2301 parser->ArgusCorrelateEvents = 1;
2302 else
2303 parser->ArgusCorrelateEvents = 0;
2304 break;
2305 }
2306
2307 case RA_SEPARATE_ADDR_FROM_PORT_WITH_PERIOD: {
2308 if (!(strncasecmp(optarg, "yes", 3)))
2309 parser->RaSeparateAddrPortWithPeriod = 1;
2310 else
2311 parser->RaSeparateAddrPortWithPeriod = 0;
2312 break;
2313 }
2314 }
2315 }
2316 found++;
2317 break;
2318 }
2319 }
2320
2321 if (!found)
2322 ArgusLog (LOG_ERR, "%s: syntax error line %d", file, lines);
2323 }
2324 }
2325
2326 if (parser->RaPrintOptionIndex > 0) {
2327 ArgusProcessSOptions(parser);
2328 for (i = 0; i < parser->RaPrintOptionIndex; i++) {
2329 if (parser->RaPrintOptionStrings[i] != NULL) {
2330 free(parser->RaPrintOptionStrings[i]);
2331 parser->RaPrintOptionStrings[i] = NULL;
2332 }
2333 }
2334
2335 parser->RaPrintOptionIndex = 0;
2336 }
2337
2338 fclose(fd);
2339
2340 } else {
2341 #ifdef ARGUSDEBUG
2342 ArgusDebug (2, "%s: %s\n", file, strerror(errno));
2343 #endif
2344 }
2345 }
2346
2347 #ifdef ARGUSDEBUG
2348 ArgusDebug (2, "ArgusParseResourceFile (%s) returning %d\n", file, retn);
2349 #endif
2350
2351 return (retn);
2352 }
2353
2354
2355
2356
2357 int
ArgusParserWiresharkManufFile(struct ArgusParserStruct * parser,char * file)2358 ArgusParserWiresharkManufFile (struct ArgusParserStruct *parser, char *file)
2359 {
2360 int retn = 0;
2361 struct stat statbuf;
2362 FILE *fd = NULL;
2363
2364 if (stat(file, &statbuf) >= 0) {
2365 if ((fd = fopen(file, "r")) != NULL) {
2366 char strbuf[MAXSTRLEN], *str = strbuf, *optarg = NULL;
2367 int lines = 0;
2368
2369 retn = 1;
2370
2371 while ((fgets(strbuf, MAXSTRLEN, fd)) != NULL) {
2372 lines++;
2373 str = strbuf;
2374 while (*str && isspace((int)*str))
2375 str++;
2376
2377 #define RA_READING_ETHER_PART 0
2378 #define RA_READING_ETHER_VENDOR 1
2379
2380 if (*str && (*str != '#') && (*str != '\n') && (*str != '!')) {
2381 int state = RA_READING_ETHER_PART;
2382 int addr = 0;
2383 while ((optarg = strtok(str, " \t\n")) != NULL) {
2384 switch (state) {
2385 case RA_READING_ETHER_PART: {
2386 int i, result;
2387 for (i = 0; i < 3; i++) {
2388 if (sscanf (optarg, "%x", &result) == 1) {
2389 addr |= result << (8 * (2 - i));
2390 }
2391 optarg +=3;
2392 }
2393 break;
2394 }
2395
2396 case RA_READING_ETHER_VENDOR: {
2397 struct evendmem *p = NULL;
2398 int found = 0;
2399
2400 p = ðervendor[addr % (HASHNAMESIZE-1)];
2401 for (; p->nxt; p = p->nxt) {
2402 if (p->addr == addr) {
2403 found++;
2404 break;
2405 }
2406 }
2407 if (!found) {
2408 p->addr = addr;
2409 p->name = strdup(optarg);
2410 p->nxt = (struct evendmem *)calloc(1, sizeof (*p));
2411 }
2412 break;
2413 }
2414 }
2415 str = NULL;
2416 if (++state > RA_READING_ETHER_VENDOR)
2417 break;
2418 }
2419 }
2420 }
2421 fclose(fd);
2422 }
2423 }
2424
2425 #ifdef ARGUSDEBUG
2426 ArgusDebug (2, "ArgusParserWiresharkManufFile (%p, %s) returning %d\n", parser, file, retn);
2427 #endif
2428
2429 return (retn);
2430 }
2431
2432
2433
2434 void
RaClearConfiguration(struct ArgusParserStruct * parser)2435 RaClearConfiguration (struct ArgusParserStruct *parser)
2436 {
2437 int i;
2438
2439 parser->aflag = 0;
2440 parser->Aflag = 0;
2441 parser->debugflag = 0;
2442 parser->bflag = 0;
2443 parser->Bflag = 0.0;
2444 parser->cflag = 0;
2445 parser->Cflag = 0;
2446 parser->dflag = 0;
2447 parser->Dflag = 0;
2448 parser->eflag = 0;
2449 parser->Eflag = 0;
2450 parser->estr = NULL;
2451 parser->fflag = 0;
2452 parser->Fflag = 0;
2453 parser->gflag = 0;
2454 parser->Gflag = 0;
2455 parser->Hflag = 0;
2456 parser->Hstr = NULL;
2457 parser->idflag = 0;
2458 parser->jflag = 0;
2459 parser->lflag = 0;
2460 parser->Lflag = -1;
2461 parser->mflag = 0;
2462 parser->Mflag = NULL;
2463 parser->Netflag = 0;
2464 parser->nflag = 1;
2465 parser->sNflag = -1;
2466 parser->eNflag = -1;
2467 parser->Normflag = 0;
2468 parser->notNetflag = 0;
2469 parser->Oflag = 0;
2470 parser->pflag = 6;
2471 parser->ArgusReliableConnection = 1;
2472 parser->Pflag = 0;
2473 parser->qflag = 0;
2474 parser->sflag = 0;
2475 parser->tflag = 0;
2476 parser->uflag = 0;
2477 parser->Wflag = 0;
2478
2479 parser->Uflag = 6;
2480 parser->vflag = 0;
2481 parser->Vflag = 0;
2482 parser->iflag = 0;
2483
2484 parser->Iflag = 0;
2485 parser->Tflag = 0;
2486 parser->rflag = 0;
2487 parser->Sflag = 0;
2488 parser->xflag = 0;
2489 parser->Xflag = 1;
2490 parser->XMLflag = 0;
2491
2492 parser->zflag = 0;
2493 parser->Zflag = 0;
2494
2495 parser->ArgusPortNum = 0;
2496
2497 parser->RaCumulativeMerge = 1;
2498
2499 if (parser->ArgusPidFile) {
2500 free (parser->ArgusPidFile);
2501 parser->ArgusPidFile = NULL;
2502 }
2503
2504 if (parser->ArgusPidPath) {
2505 free (parser->ArgusPidPath);
2506 parser->ArgusPidPath = NULL;
2507 }
2508
2509 if (parser->RaFlowModelFile != NULL) {
2510 free (parser->RaFlowModelFile);
2511 parser->RaFlowModelFile = NULL;
2512 }
2513
2514 if (parser->ArgusDelegatedIPFile != NULL) {
2515 free(parser->ArgusDelegatedIPFile);
2516 parser->ArgusDelegatedIPFile = NULL;
2517 }
2518
2519 if (parser->ArgusEthernetVendorFile != NULL) {
2520 free (parser->ArgusEthernetVendorFile);
2521 parser->ArgusEthernetVendorFile = NULL;
2522 }
2523
2524 if (parser->RaTimeFormat) {
2525 free (parser->RaTimeFormat);
2526 parser->RaTimeFormat = strdup("%T.%f");
2527 parser->ArgusFractionalDate = 1;
2528 }
2529
2530 parser->ArgusPrintEthernetVendors = 0;
2531 parser->RaAllocHashTableHeaders = 0;
2532 parser->RaAllocArgusRecord = 0;
2533 parser->ArgusCorrelateEvents = 0;
2534
2535 parser->ArgusMinuteUpdate = 1;
2536 parser->ArgusHourlyUpdate = 1;
2537 parser->RaHistoMetricSeries = 1;
2538 parser->RaSeparateAddrPortWithPeriod = 1;
2539
2540 parser->RaPolicyStatus = ARGUS_POLICY_PERMIT_OTHERS;
2541
2542 parser->RaThisActiveIndex = 0;
2543
2544 parser->ArgusConnectTime = 0;
2545 parser->RaThisFlowNum = 0;
2546 parser->RaThisModelNum = 0;
2547 parser->RaParseError = 0;
2548
2549 clearArgusWfile(parser);
2550
2551 if (parser->readDbstr != NULL)
2552 free (parser->readDbstr);
2553 parser->readDbstr = NULL;
2554
2555 if (parser->writeDbstr != NULL)
2556 free (parser->writeDbstr);
2557 parser->writeDbstr = NULL;
2558
2559 if (parser->dbuserstr != NULL)
2560 free (parser->dbuserstr);
2561 parser->dbuserstr = NULL;
2562
2563 if (parser->dbpassstr != NULL)
2564 free (parser->dbpassstr);
2565 parser->dbpassstr = NULL;
2566
2567 if (parser->ustr != NULL)
2568 free (parser->ustr);
2569 parser->ustr = NULL;
2570
2571 if (parser->pstr != NULL)
2572 free (parser->pstr);
2573 parser->pstr = NULL;
2574
2575 if (parser->timearg != NULL)
2576 free(parser->timearg);
2577 parser->timearg = NULL;
2578
2579 if (parser->ArgusRemoteFilter != NULL)
2580 free (parser->ArgusRemoteFilter);
2581 parser->ArgusRemoteFilter = NULL;
2582
2583 if (parser->ArgusInputFileList != NULL) {
2584 ArgusDeleteFileList(parser);
2585 parser->ArgusInputFileList = NULL;
2586 }
2587
2588 if (parser->ArgusRemoteHostList != NULL) {
2589 ArgusDeleteHostList(parser);
2590 parser->ArgusRemoteHostList = NULL;
2591 }
2592
2593 parser->RaPrintOptionIndex = 0;
2594
2595 parser->RaPrintOptionStrings[parser->RaPrintOptionIndex++] = "stime";
2596 parser->RaPrintOptionStrings[parser->RaPrintOptionIndex++] = "flgs";
2597 parser->RaPrintOptionStrings[parser->RaPrintOptionIndex++] = "proto";
2598 parser->RaPrintOptionStrings[parser->RaPrintOptionIndex++] = "saddr";
2599 parser->RaPrintOptionStrings[parser->RaPrintOptionIndex++] = "sport";
2600 parser->RaPrintOptionStrings[parser->RaPrintOptionIndex++] = "dir";
2601 parser->RaPrintOptionStrings[parser->RaPrintOptionIndex++] = "daddr";
2602 parser->RaPrintOptionStrings[parser->RaPrintOptionIndex++] = "dport";
2603 parser->RaPrintOptionStrings[parser->RaPrintOptionIndex++] = "pkts";
2604 parser->RaPrintOptionStrings[parser->RaPrintOptionIndex++] = "bytes";
2605 parser->RaPrintOptionStrings[parser->RaPrintOptionIndex++] = "state";
2606
2607 ArgusProcessSOptions(parser);
2608
2609 for (i = 0; i < parser->RaPrintOptionIndex; i++)
2610 if (parser->RaPrintOptionStrings[i] != NULL)
2611 parser->RaPrintOptionStrings[i] = NULL;
2612
2613 parser->RaPrintOptionIndex = 0;
2614
2615 #ifdef ARGUSDEBUG
2616 ArgusDebug (2, "clearArgusConfiguration () returning\n");
2617 #endif
2618 }
2619
2620
2621 void RaProcessRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *);
2622 struct ArgusCanonRecord RaThisCanonBuf, *RaThisCanon = &RaThisCanonBuf;
2623
2624 int
RaScheduleRecord(struct ArgusParserStruct * parser,struct ArgusRecordStruct * ns)2625 RaScheduleRecord (struct ArgusParserStruct *parser, struct ArgusRecordStruct *ns)
2626 {
2627 int retn = 0;
2628
2629 switch (ns->hdr.type & 0xF0) {
2630 case ARGUS_MAR:
2631 case ARGUS_EVENT:
2632 break;
2633
2634 case ARGUS_NETFLOW:
2635 case ARGUS_FAR: {
2636 struct timeval dRealTime = {0, 0};
2637 double stime, itime, ftime;
2638 long long thisUsec = 0;
2639 long long lastUsec = 0;
2640
2641 if ((stime = ArgusFetchStartTime(ns)) > 0.0) {
2642 ftime = modf(stime, &itime);
2643 parser->ArgusThisTime.tv_sec = itime;
2644 parser->ArgusThisTime.tv_usec = ftime * 1000000;
2645 }
2646
2647 if (parser->ArgusLastTime.tv_sec == 0) {
2648 parser->ArgusLastTime = parser->ArgusThisTime;
2649 parser->ArgusCurrentTime = parser->ArgusThisTime;
2650 }
2651
2652 if (!((parser->ArgusLastTime.tv_sec > parser->ArgusThisTime.tv_sec) ||
2653 ((parser->ArgusLastTime.tv_sec == parser->ArgusThisTime.tv_sec) &&
2654 (parser->ArgusLastTime.tv_usec > parser->ArgusThisTime.tv_usec)))) {
2655
2656 struct timeval timeoutValue;
2657
2658 timeoutValue = ArgusParser->ArgusRealTime;
2659
2660 timeoutValue.tv_sec += ArgusParser->RaClientTimeout.tv_sec;
2661 timeoutValue.tv_usec += ArgusParser->RaClientTimeout.tv_usec;
2662
2663 while (timeoutValue.tv_usec >= 1000000) {
2664 timeoutValue.tv_sec += 1;
2665 timeoutValue.tv_usec -= 1000000;
2666 }
2667
2668 if (!(parser->Sflag) && (parser->ProcessRealTime != 0)) {
2669 if ((parser->ArgusThisTime.tv_sec > parser->ArgusLastTime.tv_sec) ||
2670 ((parser->ArgusThisTime.tv_sec == parser->ArgusLastTime.tv_sec) &&
2671 (parser->ArgusThisTime.tv_usec > parser->ArgusLastTime.tv_usec))) {
2672 int thisRate;
2673 int deltausec;
2674
2675 /* this record is some period of time after the last record, so
2676 lets calculate the difference, and then sleep to deal with
2677 time that needs to lapse */
2678
2679 RaDiffTime(&parser->ArgusThisTime, &parser->ArgusLastTime, &dRealTime);
2680 thisUsec = ((dRealTime.tv_sec * 1000000) + dRealTime.tv_usec)/parser->ProcessRealTime;
2681
2682 RaDiffTime(&parser->ArgusRealTime, &parser->ArgusLastRealTime, &dRealTime);
2683 lastUsec = ((dRealTime.tv_sec * 1000000) + dRealTime.tv_usec);
2684
2685 while ((deltausec = (thisUsec - lastUsec)) > 0) {
2686 struct timespec ts;
2687
2688 thisRate = (deltausec > 50000) ? 50000 : deltausec;
2689 #if defined(ARGUSDEBUG)
2690 ArgusDebug (6, "ArgusProcessThisRecord () idling needed for %d usecs\n", deltausec);
2691 #endif
2692 ts.tv_sec = 0;
2693 ts.tv_nsec = thisRate * 1000;
2694 nanosleep (&ts, NULL);
2695
2696 gettimeofday(&parser->ArgusRealTime, 0);
2697 ArgusAdjustGlobalTime(parser, NULL);
2698
2699
2700 if ((ArgusParser->ArgusRealTime.tv_sec > timeoutValue.tv_sec) ||
2701 ((ArgusParser->ArgusRealTime.tv_sec == timeoutValue.tv_sec) &&
2702 (ArgusParser->ArgusRealTime.tv_usec > timeoutValue.tv_usec))) {
2703
2704 ArgusClientTimeout ();
2705
2706 if (ArgusParser->Tflag) {
2707 if ((ArgusParser->Tflag - 1) == 0) {
2708 ArgusShutDown(0);
2709 }
2710 ArgusParser->Tflag--;
2711 }
2712
2713 timeoutValue = ArgusParser->ArgusRealTime;
2714 timeoutValue.tv_sec += ArgusParser->RaClientTimeout.tv_sec;
2715 timeoutValue.tv_usec += ArgusParser->RaClientTimeout.tv_usec;
2716
2717 while (timeoutValue.tv_usec >= 1000000) {
2718 timeoutValue.tv_sec += 1;
2719 timeoutValue.tv_usec -= 1000000;
2720 }
2721 }
2722
2723 RaDiffTime(&parser->ArgusRealTime, &parser->ArgusLastRealTime, &dRealTime);
2724 lastUsec = ((dRealTime.tv_sec * 1000000) + dRealTime.tv_usec);
2725 }
2726 }
2727 }
2728
2729 parser->ArgusLastRealTime = parser->ArgusRealTime;
2730 parser->ArgusLastTime = parser->ArgusThisTime;
2731 parser->ArgusCurrentTime = parser->ArgusThisTime;
2732 }
2733 break;
2734 }
2735 }
2736
2737 RaProcessRecord(parser, ns);
2738
2739 #ifdef ARGUSDEBUG
2740 ArgusDebug (6, "RaScheduleRecord (%p, %p) scheduled\n", parser, ns);
2741 #endif
2742 return (retn);
2743 }
2744
2745 int
ArgusHandleRecord(struct ArgusParserStruct * parser,struct ArgusInput * input,struct ArgusRecord * ptr,struct nff_program * filter)2746 ArgusHandleRecord (struct ArgusParserStruct *parser, struct ArgusInput *input, struct ArgusRecord *ptr, struct nff_program *filter)
2747 {
2748 struct ArgusRecordStruct *argus = NULL;
2749 int retn = 0;
2750
2751 if (ptr != NULL) {
2752 int len = ntohs(ptr->hdr.len) * 4;
2753 struct nff_insn *fcode = filter->bf_insns;
2754
2755 if (len < sizeof(input->ArgusOriginalBuffer)) {
2756 bcopy ((char *)ptr, (char *)input->ArgusOriginal, len);
2757 #ifdef _LITTLE_ENDIAN
2758 ArgusNtoH(ptr);
2759 #endif
2760 switch (ptr->hdr.type & 0xF0) {
2761 case ARGUS_MAR:
2762 parser->ArgusTotalMarRecords++;
2763 break;
2764
2765 case ARGUS_EVENT:
2766 parser->ArgusTotalEventRecords++;
2767 break;
2768
2769 case ARGUS_NETFLOW:
2770 case ARGUS_FAR:
2771 parser->ArgusTotalFarRecords++;
2772 break;
2773 }
2774
2775 if ((argus = ArgusGenerateRecordStruct (parser, input, (struct ArgusRecord *) ptr)) != NULL) {
2776
2777 ArgusProcessDirection(parser, argus);
2778
2779 if ((retn = ArgusFilterRecord (fcode, argus)) != 0) {
2780
2781 if (parser->ArgusGrepSource || parser->ArgusGrepDestination)
2782 if (ArgusGrepUserData(parser, argus) == 0)
2783 return (argus->hdr.len * 4);
2784
2785 if (parser->ArgusMatchLabel) {
2786 struct ArgusLabelStruct *label;
2787 if (((label = (void *)argus->dsrs[ARGUS_LABEL_INDEX]) != NULL)) {
2788 if (regexec(&parser->lpreg, label->l_un.label, 0, NULL, 0))
2789 return (argus->hdr.len * 4);
2790 } else
2791 return (argus->hdr.len * 4);
2792 }
2793
2794 if (!(((ptr->hdr.type & 0xF0) == ARGUS_MAR) && (argus->status & ARGUS_INIT_MAR)))
2795 parser->ArgusTotalRecords++;
2796 else {
2797 #ifdef _LITTLE_ENDIAN
2798 ArgusHtoN(ptr);
2799 #endif
2800 }
2801
2802 if (parser->sNflag && (parser->sNflag >= parser->ArgusTotalRecords))
2803 return (argus->hdr.len * 4);
2804
2805 if ((retn = ArgusCheckTime (parser, argus)) != 0) {
2806 if (parser->ArgusWfileList != NULL) {
2807 if (parser->RaWriteOut) {
2808 if (parser->ArgusWfileList != NULL) {
2809 struct ArgusWfileStruct *wfile = NULL;
2810 struct ArgusListObjectStruct *lobj = NULL;
2811 int i, count = parser->ArgusWfileList->count;
2812
2813 if ((lobj = parser->ArgusWfileList->start) != NULL) {
2814 for (i = 0; i < count; i++) {
2815 if ((wfile = (struct ArgusWfileStruct *) lobj->list_obj) != NULL) {
2816 if (wfile->filterstr) {
2817 struct nff_insn *wfcode = wfile->filter.bf_insns;
2818 retn = ArgusFilterRecord (wfcode, argus);
2819 }
2820
2821 if (retn != 0) {
2822 if ((parser->exceptfile == NULL) || strcmp(wfile->filename, parser->exceptfile)) {
2823 if (!(((argus->hdr.type & ARGUS_MAR) && ((argus->hdr.cause & 0xF0) == ARGUS_START)))) {
2824
2825 if (argus->status & RA_MODIFIED) {
2826 struct ArgusRecord *ns = NULL;
2827 char rbuf[ARGUS_MAXRECORDSIZE];
2828
2829 if ((ns = ArgusGenerateRecord (argus, 0L, rbuf)) == NULL)
2830 ArgusLog(LOG_ERR, "RaProcessSQLEvent: ArgusGenerateRecord error %s", strerror(errno));
2831 #ifdef _LITTLE_ENDIAN
2832 ArgusHtoN(ns);
2833 #endif
2834 if (ArgusWriteNewLogfile (parser, input, wfile, ns))
2835 ArgusLog (LOG_ERR, "ArgusWriteNewLogfile failed. %s", strerror(errno));
2836 } else
2837 if (ArgusWriteNewLogfile (parser, input, wfile, input->ArgusOriginal))
2838 ArgusLog (LOG_ERR, "ArgusWriteNewLogfile failed. %s", strerror(errno));
2839 }
2840 }
2841 }
2842 }
2843 lobj = lobj->nxt;
2844 }
2845 }
2846 }
2847
2848 } else
2849 RaScheduleRecord (parser, argus);
2850 } else
2851 RaScheduleRecord (parser, argus);
2852 }
2853
2854 } else {
2855 if (parser->exceptfile) {
2856 struct ArgusWfileStruct *wfile = NULL, *start = NULL;
2857
2858 if ((wfile = (struct ArgusWfileStruct *)ArgusFrontList(parser->ArgusWfileList)) != NULL) {
2859 start = wfile;
2860 do {
2861 if (!(strcmp(wfile->filename, parser->exceptfile))) {
2862 if (!((ptr->hdr.type & ARGUS_MAR) && ((ptr->hdr.cause & 0xF0) == ARGUS_START)))
2863 if (ArgusWriteNewLogfile (parser, input, wfile, input->ArgusOriginal))
2864 ArgusLog (LOG_ERR, "ArgusWriteNewLogfile failed. %s", strerror(errno));
2865 break;
2866 }
2867
2868 ArgusPopFrontList(parser->ArgusWfileList, ARGUS_LOCK);
2869 ArgusPushBackList(parser->ArgusWfileList, (struct ArgusListRecord *)wfile, ARGUS_LOCK);
2870 wfile = (struct ArgusWfileStruct *)ArgusFrontList(parser->ArgusWfileList);
2871
2872 } while (wfile != start);
2873 }
2874 }
2875 }
2876
2877 retn = 0;
2878
2879 if (ptr->hdr.type & ARGUS_MAR) {
2880 switch (ptr->hdr.cause & 0xF0) {
2881 case ARGUS_STOP:
2882 case ARGUS_SHUTDOWN:
2883 case ARGUS_ERROR: {
2884 if (ptr->argus_mar.argusid == input->ArgusID) {
2885 #ifdef ARGUSDEBUG
2886 ArgusDebug (3, "ArgusHandleRecord (%p, %p) received closing Mar\n", ptr, filter);
2887 #endif
2888 if (parser->Sflag)
2889 retn = 1;
2890 }
2891 break;
2892 }
2893 }
2894 }
2895 } else
2896 retn = -1;
2897
2898 if ((parser->eNflag >= 0) && (parser->ArgusTotalRecords > parser->eNflag)) {
2899 parser->eNflag = 0;
2900 retn = -1;
2901 }
2902
2903 if (parser->RaPollMode)
2904 retn = -1;
2905
2906 if (retn != -1)
2907 retn = argus->hdr.len * 4;
2908 }
2909 }
2910
2911 #ifdef ARGUSDEBUG
2912 ArgusDebug (6, "ArgusHandleRecord (%p, %p) returning %d\n", ptr, filter, retn);
2913 #endif
2914
2915 return (retn);
2916 }
2917
2918
2919 int
ArgusHandleRecordStruct(struct ArgusParserStruct * parser,struct ArgusInput * input,struct ArgusRecordStruct * argus,struct nff_program * filter)2920 ArgusHandleRecordStruct (struct ArgusParserStruct *parser, struct ArgusInput *input, struct ArgusRecordStruct *argus, struct nff_program *filter)
2921 {
2922 int retn = 0;
2923
2924 if (argus != NULL) {
2925 struct nff_insn *fcode = filter->bf_insns;
2926 parser->ArgusTotalFarRecords++;
2927
2928 if ((retn = ArgusFilterRecord (fcode, argus)) != 0) {
2929
2930 if (parser->ArgusGrepSource || parser->ArgusGrepDestination)
2931 if (ArgusGrepUserData(parser, argus) == 0)
2932 return (argus->hdr.len * 4);
2933
2934 if (parser->ArgusMatchLabel) {
2935 struct ArgusLabelStruct *label;
2936 if (((label = (void *)argus->dsrs[ARGUS_LABEL_INDEX]) != NULL)) {
2937 if (regexec(&parser->lpreg, label->l_un.label, 0, NULL, 0))
2938 return (argus->hdr.len * 4);
2939 } else
2940 return (argus->hdr.len * 4);
2941 }
2942
2943 parser->ArgusTotalRecords++;
2944
2945 if (parser->sNflag && (parser->sNflag >= parser->ArgusTotalRecords))
2946 return (argus->hdr.len * 4);
2947
2948 if ((retn = ArgusCheckTime (parser, argus)) != 0) {
2949 if (parser->ArgusWfileList != NULL) {
2950 if (parser->RaWriteOut) {
2951 if (parser->ArgusWfileList != NULL) {
2952 struct ArgusWfileStruct *wfile = NULL;
2953 struct ArgusListObjectStruct *lobj = NULL;
2954 int i, count = parser->ArgusWfileList->count;
2955
2956 if ((lobj = parser->ArgusWfileList->start) != NULL) {
2957 for (i = 0; i < count; i++) {
2958 if ((wfile = (struct ArgusWfileStruct *) lobj->list_obj) != NULL) {
2959 if (wfile->filterstr) {
2960 struct nff_insn *wfcode = wfile->filter.bf_insns;
2961 retn = ArgusFilterRecord (wfcode, argus);
2962 }
2963
2964 if (retn != 0) {
2965 if ((parser->exceptfile == NULL) || strcmp(wfile->filename, parser->exceptfile)) {
2966 if (!(((argus->hdr.type & ARGUS_MAR) && ((argus->hdr.cause & 0xF0) == ARGUS_START)))) {
2967
2968 if (argus->status & RA_MODIFIED) {
2969 struct ArgusRecord *ns = NULL;
2970 char rbuf[ARGUS_MAXRECORDSIZE];
2971
2972 if ((ns = ArgusGenerateRecord (argus, 0L, rbuf)) == NULL)
2973 ArgusLog(LOG_ERR, "RaProcessSQLEvent: ArgusGenerateRecord error %s", strerror(errno));
2974 #ifdef _LITTLE_ENDIAN
2975 ArgusHtoN(ns);
2976 #endif
2977 if (ArgusWriteNewLogfile (parser, input, wfile, ns))
2978 ArgusLog (LOG_ERR, "ArgusWriteNewLogfile failed. %s", strerror(errno));
2979 } else
2980 if (ArgusWriteNewLogfile (parser, input, wfile, input->ArgusOriginal))
2981 ArgusLog (LOG_ERR, "ArgusWriteNewLogfile failed. %s", strerror(errno));
2982 }
2983 }
2984 }
2985 }
2986 lobj = lobj->nxt;
2987 }
2988 }
2989 }
2990
2991 } else
2992 RaScheduleRecord (parser, argus);
2993 } else
2994 RaScheduleRecord (parser, argus);
2995 }
2996
2997 } else {
2998 if (parser->exceptfile) {
2999 struct ArgusWfileStruct *wfile = NULL, *start = NULL;
3000
3001 if ((wfile = (struct ArgusWfileStruct *)ArgusFrontList(parser->ArgusWfileList)) != NULL) {
3002 start = wfile;
3003 do {
3004 if (!(strcmp(wfile->filename, parser->exceptfile))) {
3005 if (!((argus->hdr.type & ARGUS_MAR) && ((argus->hdr.cause & 0xF0) == ARGUS_START)))
3006 if (ArgusWriteNewLogfile (parser, input, wfile, input->ArgusOriginal))
3007 ArgusLog (LOG_ERR, "ArgusWriteNewLogfile failed. %s", strerror(errno));
3008 break;
3009 }
3010
3011 ArgusPopFrontList(parser->ArgusWfileList, ARGUS_LOCK);
3012 ArgusPushBackList(parser->ArgusWfileList, (struct ArgusListRecord *)wfile, ARGUS_LOCK);
3013 wfile = (struct ArgusWfileStruct *)ArgusFrontList(parser->ArgusWfileList);
3014
3015 } while (wfile != start);
3016 }
3017 }
3018 }
3019
3020 retn = 0;
3021
3022 if (argus->hdr.type & ARGUS_MAR) {
3023 switch (argus->hdr.cause & 0xF0) {
3024 case ARGUS_STOP:
3025 case ARGUS_SHUTDOWN:
3026 case ARGUS_ERROR: {
3027 struct ArgusTransportStruct *t = (struct ArgusTransportStruct *)argus->dsrs[ARGUS_TRANSPORT_INDEX];
3028 if (t) {
3029 if (t->hdr.subtype & ARGUS_SRCID) {
3030 if (t->srcid.a_un.value == input->ArgusID) {
3031 #ifdef ARGUSDEBUG
3032 ArgusDebug (3, "ArgusHandleRecord (%p, %p) received closing Mar\n", argus, filter);
3033 #endif
3034 if (parser->Sflag)
3035 retn = 1;
3036 }
3037 }
3038 }
3039 break;
3040 }
3041 }
3042 }
3043 } else
3044 retn = -1;
3045
3046 if ((parser->eNflag >= 0) && (parser->ArgusTotalRecords > parser->eNflag)) {
3047 parser->eNflag = 0;
3048 retn = -1;
3049 }
3050
3051 if (parser->RaPollMode)
3052 retn = -1;
3053
3054 if (retn != -1)
3055 retn = argus->hdr.len * 4;
3056
3057 #ifdef ARGUSDEBUG
3058 ArgusDebug (6, "ArgusHandleRecord (%p, %p) returning %d\n", argus, filter, retn);
3059 #endif
3060
3061 return (retn);
3062 }
3063
3064
3065 int
RaProcessAddress(struct ArgusParserStruct * parser,struct ArgusLabelerStruct * labeler,unsigned int * addr,int mask,int type)3066 RaProcessAddress (struct ArgusParserStruct *parser, struct ArgusLabelerStruct *labeler, unsigned int *addr, int mask, int type)
3067 {
3068 struct RaAddressStruct *raddr;
3069 int retn = 0;
3070
3071 if (labeler == NULL)
3072 return (retn);
3073
3074 switch (type) {
3075 case ARGUS_TYPE_IPV4: {
3076 struct RaAddressStruct node;
3077 bzero ((char *)&node, sizeof(node));
3078
3079 node.addr.type = AF_INET;
3080 node.addr.len = 4;
3081 node.addr.addr[0] = *addr;
3082 node.addr.masklen = mask;
3083
3084 if ((raddr = RaFindAddress (parser, labeler->ArgusAddrTree[AF_INET], &node, ARGUS_EXACT_MATCH)) != NULL)
3085 retn = ARGUS_MY_ADDRESS;
3086 else
3087 if ((raddr = RaFindAddress (parser, labeler->ArgusAddrTree[AF_INET], &node, ARGUS_NODE_MATCH)) != NULL)
3088 retn = ARGUS_MY_NETWORK;
3089 break;
3090 }
3091
3092 case ARGUS_TYPE_IPV6:
3093 break;
3094 }
3095
3096 #ifdef ARGUSDEBUG
3097 ArgusDebug (5, "RaProcessAddress (0x%x, 0x%x, 0x%x, %d) returning %d\n", parser, addr, type, retn);
3098 #endif
3099
3100 return (retn);
3101 }
3102
3103 void
ArgusProcessDirection(struct ArgusParserStruct * parser,struct ArgusRecordStruct * ns)3104 ArgusProcessDirection (struct ArgusParserStruct *parser, struct ArgusRecordStruct *ns)
3105 {
3106 if (parser->ArgusDirectionFunction) {
3107 struct ArgusLabelerStruct *labeler = NULL;
3108 int tested = 0, reverse = 0;
3109 char dbuf[16];
3110
3111 if (parser->RaMonMode)
3112 return;
3113
3114 bzero(dbuf, 16);
3115 ArgusPrintDirection(parser, dbuf, ns, 8);
3116
3117 if (strchr(dbuf, '?')) {
3118 switch (ns->hdr.type & 0xF0) {
3119 case ARGUS_NETFLOW:
3120 case ARGUS_FAR: {
3121 struct ArgusFlow *flow = (struct ArgusFlow *) ns->dsrs[ARGUS_FLOW_INDEX];
3122 int src = 0, dst = 0;
3123
3124 if (flow != NULL) {
3125 if (parser->ArgusDirectionFunction & ARGUS_PORT_DIR_MASK) {
3126 u_short sport = flow->ip_flow.sport;
3127 u_short dport = flow->ip_flow.dport;
3128 int ssrv = 0, dsrv = 0;
3129
3130 /*
3131 6633, http, https, domain, 22, ssh, imaps, pops
3132 */
3133
3134 if (parser->ArgusDirectionFunction & ARGUS_PORT_WELLKNOWN) {
3135 if ((sport < 1024) || (dport < 1024)) {
3136 tested++;
3137 if (sport < dport) {
3138 reverse++;
3139 }
3140 }
3141 }
3142
3143 if (!tested && (parser->ArgusDirectionFunction & ARGUS_PORT_SERVICES)) {
3144 extern struct hnamemem tporttable[HASHNAMESIZE];
3145 struct hnamemem *tp;
3146
3147 if (parser->ArgusSrvInit == 0)
3148 ArgusInitServarray(parser);
3149
3150 for (tp = &tporttable[sport % (HASHNAMESIZE-1)]; tp->nxt; tp = tp->nxt) {
3151 if (tp->addr == sport) {
3152 ssrv = sport;
3153 }
3154 }
3155 for (tp = &tporttable[dport % (HASHNAMESIZE-1)]; tp->nxt; tp = tp->nxt) {
3156 if (tp->addr == dport) {
3157 dsrv = dport;
3158 }
3159 }
3160
3161 if (ssrv && dsrv) {
3162 tested++;
3163 if (ssrv < dsrv) {
3164 reverse++;
3165 }
3166 } else {
3167 if (ssrv) {
3168 reverse++;
3169 }
3170 }
3171 }
3172
3173 if (!tested && (parser->ArgusDirectionFunction & ARGUS_PORT_REGISTERED)) {
3174 if (((sport > 1023) && (sport < 49152)) || ((dport > 1023) && (dport < 49152))) {
3175 tested++;
3176 if (sport < dport) {
3177 reverse++;
3178 }
3179 }
3180 }
3181 }
3182
3183 if (!tested && (parser->ArgusDirectionFunction & ARGUS_ADDR_DIR_MASK)) {
3184 switch (flow->hdr.subtype & 0x3F) {
3185 case ARGUS_FLOW_CLASSIC5TUPLE:
3186 case ARGUS_FLOW_LAYER_3_MATRIX: {
3187 switch (flow->hdr.argus_dsrvl8.qual & 0x1F) {
3188 case ARGUS_TYPE_IPV4: {
3189 if ((labeler = parser->ArgusLocalLabeler) != NULL) {
3190 dst = RaProcessAddress (parser, labeler, &flow->ip_flow.ip_dst, flow->ip_flow.dmask, ARGUS_TYPE_IPV4);
3191 src = RaProcessAddress (parser, labeler, &flow->ip_flow.ip_src, flow->ip_flow.smask, ARGUS_TYPE_IPV4);
3192 break;
3193 }
3194 }
3195 }
3196 }
3197 }
3198
3199 switch (parser->ArgusDirectionFunction) {
3200 case ARGUS_SUGGEST_LOCAL_SRC: if ((dst > 0) && (src == 0)) reverse++; break;
3201 case ARGUS_SUGGEST_LOCAL_DST: if ((dst > 0) && (src == 0)) reverse++; break;
3202 case ARGUS_FORCE_LOCAL_SRC: if ((dst > 0) && (src == 0)) reverse++; break;
3203 case ARGUS_FORCE_LOCAL_DST: if ((src > 0) && (dst == 0)) reverse++; break;
3204 }
3205 }
3206 }
3207 }
3208 }
3209 }
3210
3211 if (reverse)
3212 ArgusReverseRecord(ns);
3213 }
3214 }
3215
3216
3217 void
ArgusAdjustGlobalTime(struct ArgusParserStruct * parser,struct timeval * now)3218 ArgusAdjustGlobalTime (struct ArgusParserStruct *parser, struct timeval *now)
3219 {
3220
3221 if (parser->Sflag) {
3222 if (now) {
3223 parser->ArgusGlobalTime = *now;
3224 parser->ArgusTimeDelta.tv_sec = 0;
3225 parser->ArgusTimeDelta.tv_usec = 0;
3226 }
3227
3228 } else {
3229 if (now != NULL) {
3230 parser->ArgusTimeDelta.tv_sec = now->tv_sec - parser->ArgusGlobalTime.tv_sec;
3231 parser->ArgusTimeDelta.tv_usec = now->tv_usec - parser->ArgusGlobalTime.tv_usec;
3232
3233 if (parser->ArgusTimeDelta.tv_usec < 0) {
3234 parser->ArgusTimeDelta.tv_sec--;
3235 parser->ArgusTimeDelta.tv_usec += 1000000;
3236 }
3237
3238 } else {
3239 parser->ArgusGlobalTime.tv_sec = parser->ArgusRealTime.tv_sec - parser->ArgusTimeDelta.tv_sec;
3240 parser->ArgusGlobalTime.tv_usec = parser->ArgusRealTime.tv_usec - parser->ArgusTimeDelta.tv_usec;
3241
3242 if (parser->ArgusGlobalTime.tv_usec < 0) {
3243 parser->ArgusGlobalTime.tv_sec--;
3244 parser->ArgusGlobalTime.tv_usec += 1000000;
3245 } else {
3246 if (parser->ArgusGlobalTime.tv_usec > 1000000) {
3247 parser->ArgusGlobalTime.tv_sec++;
3248 parser->ArgusGlobalTime.tv_usec -= 1000000;
3249 }
3250 }
3251 }
3252 }
3253
3254 #ifdef ARGUSDEBUG
3255 ArgusDebug (9, "ArgusAdjustGlobalTime real %d.%06d global %d.%06d",
3256 parser->ArgusRealTime.tv_sec, parser->ArgusRealTime.tv_usec,
3257 parser->ArgusGlobalTime.tv_sec, parser->ArgusGlobalTime.tv_usec);
3258 #endif
3259 }
3260
3261
3262 void
ArgusZeroRecord(struct ArgusRecordStruct * argus)3263 ArgusZeroRecord (struct ArgusRecordStruct *argus)
3264 {
3265 ArgusZeroRecordWithFlag (argus, 0 /* no flags */);
3266 }
3267
3268 void
ArgusZeroRecordWithFlag(struct ArgusRecordStruct * argus,int flag)3269 ArgusZeroRecordWithFlag (struct ArgusRecordStruct *argus, int flag)
3270 {
3271 int i;
3272
3273 argus->status &= ~ARGUS_RECORD_WRITTEN;
3274
3275 for (i = 0; i < ARGUSMAXDSRTYPE; i++) {
3276 switch (i) {
3277 case ARGUS_FLOW_INDEX:
3278 case ARGUS_MAC_INDEX:
3279 case ARGUS_TRANSPORT_INDEX:
3280 case ARGUS_ENCAPS_INDEX:
3281 case ARGUS_LABEL_INDEX:
3282 case ARGUS_VLAN_INDEX:
3283 case ARGUS_MPLS_INDEX:
3284 case ARGUS_IPATTR_INDEX:
3285 case ARGUS_COCODE_INDEX:
3286 case ARGUS_ASN_INDEX:
3287 break;
3288
3289 case ARGUS_NETWORK_INDEX: {
3290 struct ArgusNetworkStruct *net = (struct ArgusNetworkStruct *)argus->dsrs[ARGUS_NETWORK_INDEX];
3291 if (net != NULL) {
3292 switch (net->hdr.subtype) {
3293 case ARGUS_TCP_INIT:
3294 case ARGUS_TCP_STATUS:
3295 case ARGUS_TCP_PERF: {
3296 struct ArgusTCPObject *tcp = (struct ArgusTCPObject *)&net->net_union.tcp;
3297 bzero ((char *)tcp, sizeof(*tcp));
3298 break;
3299 }
3300 case ARGUS_RTP_FLOW: {
3301 break;
3302 }
3303 case ARGUS_ESP_DSR: {
3304 break;
3305 }
3306 }
3307 }
3308 break;
3309 }
3310
3311 case ARGUS_TIME_INDEX: {
3312 struct ArgusTimeObject *dtime = (void *)argus->dsrs[ARGUS_TIME_INDEX];
3313 if (dtime != NULL) {
3314 dtime->hdr.subtype &= ~( ARGUS_TIME_SRC_START | ARGUS_TIME_SRC_END |
3315 ARGUS_TIME_DST_START | ARGUS_TIME_DST_END);
3316 bzero ((char *)&dtime->src, sizeof(*dtime) - sizeof(dtime->hdr));
3317 dtime->hdr.argus_dsrvl8.qual = 0;
3318 }
3319 break;
3320 }
3321
3322 case ARGUS_METRIC_INDEX: {
3323 struct ArgusMetricStruct *metric = (void *)argus->dsrs[ARGUS_METRIC_INDEX];
3324 if (metric != NULL)
3325 bzero ((char *)metric, sizeof(*metric));
3326 break;
3327 }
3328
3329 case ARGUS_PSIZE_INDEX: {
3330 struct ArgusPacketSizeStruct *psize = (void *)argus->dsrs[ARGUS_PSIZE_INDEX];
3331 if (psize != NULL)
3332 bzero ((char *)psize, sizeof(*psize));
3333 break;
3334 }
3335
3336 case ARGUS_JITTER_INDEX: {
3337 struct ArgusJitterStruct *jitter = (void *)argus->dsrs[ARGUS_JITTER_INDEX];
3338 if (jitter != NULL)
3339 bzero ((char *)jitter, sizeof(*jitter));
3340 break;
3341 }
3342
3343 case ARGUS_AGR_INDEX: {
3344 struct ArgusAgrStruct *agr = (void *)argus->dsrs[ARGUS_AGR_INDEX];
3345 // need to preserve the header for subsequent operations.
3346 if (agr != NULL) {
3347 u_char *cptr = (u_char *)agr + 4;
3348 bzero (cptr, sizeof(*agr) - 4);
3349 }
3350 break;
3351 }
3352 case ARGUS_SRCUSERDATA_INDEX:
3353 case ARGUS_DSTUSERDATA_INDEX: {
3354 if (flag != 0) { /* if have flag, preserve user data */
3355 /* but mark as not used, so won't write out*/
3356 argus->dsrindex &= ~(0x01 << i);
3357 break;
3358 }
3359 }
3360
3361 case ARGUS_ICMP_INDEX: {
3362 struct ArgusIcmpStruct *icmp = (void *)argus->dsrs[ARGUS_ICMP_INDEX];
3363 if (icmp != NULL)
3364 bzero ((char *)icmp, sizeof(*icmp));
3365 break;
3366 }
3367 case ARGUS_COR_INDEX: {
3368 struct ArgusCorStruct *cor = (void *)argus->dsrs[ARGUS_COR_INDEX];
3369 if (cor != NULL)
3370 bzero ((char *)cor, sizeof(*cor));
3371 break;
3372 }
3373 }
3374 }
3375
3376 bzero(&argus->qhdr.lasttime, sizeof(argus->qhdr.lasttime));
3377
3378 if (argus->correlates != NULL) {
3379 int i;
3380 for (i = 0; i < argus->correlates->count; i++)
3381 ArgusDeleteRecordStruct(ArgusParser, argus->correlates->array[i]);
3382
3383 ArgusFree(argus->correlates->array);
3384 argus->correlates->array = NULL;
3385 ArgusFree(argus->correlates);
3386 argus->correlates = NULL;
3387 }
3388
3389 argus->rank = 0;
3390
3391 argus->sload = 0.0;
3392 argus->dload = 0.0;
3393 argus->srate = 0.0;
3394 argus->drate = 0.0;
3395
3396 #ifdef ARGUSDEBUG
3397 ArgusDebug (10, "ArgusZeroRecord (%p)", argus);
3398 #endif
3399 }
3400
3401
3402 void ArgusUniDirectionalRecord (struct ArgusRecordStruct *argus);
3403
3404 void
ArgusUniDirectionalRecord(struct ArgusRecordStruct * argus)3405 ArgusUniDirectionalRecord (struct ArgusRecordStruct *argus)
3406 {
3407 int i;
3408
3409 for (i = 0; i < ARGUSMAXDSRTYPE; i++) {
3410 switch (i) {
3411 case ARGUS_FLOW_INDEX:
3412 case ARGUS_MAC_INDEX:
3413 case ARGUS_TRANSPORT_INDEX:
3414 case ARGUS_ENCAPS_INDEX:
3415 case ARGUS_LABEL_INDEX:
3416 case ARGUS_VLAN_INDEX:
3417 case ARGUS_MPLS_INDEX:
3418 case ARGUS_IPATTR_INDEX:
3419 case ARGUS_COCODE_INDEX:
3420 case ARGUS_ASN_INDEX:
3421 break;
3422
3423 case ARGUS_NETWORK_INDEX: {
3424 struct ArgusNetworkStruct *net = (struct ArgusNetworkStruct *)argus->dsrs[ARGUS_NETWORK_INDEX];
3425 if (net != NULL) {
3426 switch (net->hdr.subtype) {
3427 case ARGUS_TCP_INIT:
3428 case ARGUS_TCP_STATUS:
3429 case ARGUS_TCP_PERF: {
3430 break;
3431 }
3432 case ARGUS_RTP_FLOW: {
3433 break;
3434 }
3435 case ARGUS_ESP_DSR: {
3436 break;
3437 }
3438 }
3439 }
3440 break;
3441 }
3442
3443 case ARGUS_TIME_INDEX: {
3444 struct ArgusTimeObject *dtime = (void *)argus->dsrs[ARGUS_TIME_INDEX];
3445 if (dtime != NULL) {
3446 dtime->hdr.subtype &= ~( ARGUS_TIME_DST_START | ARGUS_TIME_DST_END );
3447 bzero ((char *)&dtime->dst, sizeof(dtime->dst));
3448 }
3449 break;
3450 }
3451
3452 case ARGUS_METRIC_INDEX: {
3453 struct ArgusMetricStruct *metric = (void *)argus->dsrs[ARGUS_METRIC_INDEX];
3454 if (metric != NULL) {
3455 metric->dst.pkts = 0;
3456 metric->dst.bytes = 0;
3457 if (metric->hdr.subtype == ARGUS_METER_PKTS_BYTES_APP) {
3458 metric->dst.appbytes = 0;
3459 }
3460 }
3461 break;
3462 }
3463
3464 case ARGUS_PSIZE_INDEX: {
3465 break;
3466 }
3467
3468 case ARGUS_JITTER_INDEX: {
3469 break;
3470 }
3471
3472 case ARGUS_AGR_INDEX: {
3473 break;
3474 }
3475
3476 case ARGUS_SRCUSERDATA_INDEX:
3477 case ARGUS_DSTUSERDATA_INDEX: {
3478 break;
3479 }
3480
3481 case ARGUS_ICMP_INDEX: {
3482 break;
3483 }
3484 case ARGUS_COR_INDEX: {
3485 break;
3486 }
3487 }
3488 }
3489
3490 argus->dload = 0.0;
3491 argus->drate = 0.0;
3492
3493 #ifdef ARGUSDEBUG
3494 ArgusDebug (10, "ArgusUniDirectionalRecord (%p)", argus);
3495 #endif
3496 }
3497
3498
3499 void
ArgusReverseDataRecord(struct ArgusRecordStruct * argus)3500 ArgusReverseDataRecord (struct ArgusRecordStruct *argus)
3501 {
3502
3503 #ifdef ARGUSDEBUG
3504 ArgusDebug (10, "ArgusReverseDataRecord (%p)", argus);
3505 #endif
3506 }
3507
3508 char ArgusReverseLabelBuf[MAXBUFFERLEN];
3509 char ArgusTmpReverseLabel[MAXBUFFERLEN];
3510
3511 void ArgusReverseLabel(struct ArgusLabelStruct *);
3512
3513 void
ArgusReverseLabel(struct ArgusLabelStruct * l)3514 ArgusReverseLabel(struct ArgusLabelStruct *l)
3515 {
3516 char *lbuf = ArgusTmpReverseLabel;
3517
3518 if (l && (l->l_un.label != NULL)) {
3519 char *ptr, *obj, *sptr, *label;
3520 int len = 0, slen = 0, found = 0, replaced = 0;
3521
3522 slen = strlen(l->l_un.label);
3523
3524 if (slen >= (MAXBUFFERLEN - 16))
3525 slen = MAXBUFFERLEN - 16;
3526 len = slen + 15;
3527
3528 bzero(lbuf, len);
3529 bzero(ArgusReverseLabelBuf, len);
3530 bcopy(l->l_un.label, lbuf, slen);
3531 ptr = lbuf;
3532
3533 while ((obj = strtok(ptr, ":")) != NULL) {
3534 int tlen;
3535 if ((sptr = strchr(obj, '=')) != NULL) {
3536 *sptr = '\0';
3537 label = sptr + 1;
3538 } else {
3539 label = obj;
3540 obj = NULL;
3541 }
3542
3543 tlen = strlen(ArgusReverseLabelBuf);
3544 if (found++) {
3545 sprintf (&ArgusReverseLabelBuf[tlen], ":");
3546 tlen++;
3547 }
3548
3549 if (obj != NULL) {
3550 char replace = '\0';
3551
3552 if (*obj == 's') replace = 'd';
3553 if (*obj == 'd') replace = 's';
3554
3555 if (replace != '\0') {
3556 *obj = replace;
3557 replaced++;
3558 }
3559 snprintf (&ArgusReverseLabelBuf[tlen], MAXBUFFERLEN - tlen, "%s=%s", obj, label);
3560
3561 } else
3562 snprintf (&ArgusReverseLabelBuf[tlen], MAXBUFFERLEN - tlen, "%s", obj);
3563 ptr = NULL;
3564 }
3565
3566 if (replaced)
3567 bcopy(ArgusReverseLabelBuf, l->l_un.label, slen);
3568 }
3569
3570 return;
3571 }
3572
3573
3574 void
ArgusReverseRecordWithFlag(struct ArgusRecordStruct * argus,int flags)3575 ArgusReverseRecordWithFlag (struct ArgusRecordStruct *argus, int flags)
3576 {
3577 struct ArgusRecordHeader *hdr = &argus->hdr;
3578 struct ArgusDSRHeader *dsr = (struct ArgusDSRHeader *) (hdr + 1);
3579 int i, x, ArgusDataDataSwitched = 0;
3580
3581 for (i = 0; i < ARGUSMAXDSRTYPE; i++) {
3582 if ((dsr = argus->dsrs[i]) != NULL) {
3583 switch (i) {
3584 case ARGUS_FLOW_INDEX: {
3585 struct ArgusFlow *flow = (struct ArgusFlow *) dsr;
3586 struct ArgusFlow tbuf, *tflow = &tbuf;
3587 int tlen = flow->hdr.argus_dsrvl8.len * 4;
3588
3589 bzero ((char *)tflow, sizeof(*tflow));
3590 tflow->hdr = flow->hdr;
3591
3592 if (flags || flow->hdr.subtype & ARGUS_REVERSE)
3593 flow->hdr.subtype &= ~ARGUS_REVERSE;
3594 else
3595 flow->hdr.subtype |= ARGUS_REVERSE;
3596
3597 if (flow->hdr.argus_dsrvl8.qual & ARGUS_DIRECTION)
3598 flow->hdr.argus_dsrvl8.qual &= ~ARGUS_DIRECTION;
3599 else
3600 flow->hdr.argus_dsrvl8.qual |= ARGUS_DIRECTION;
3601
3602 switch (flow->hdr.subtype & 0x3F) {
3603 case ARGUS_FLOW_CLASSIC5TUPLE: {
3604 bcopy((char *)flow, (char *)tflow, tlen);
3605 switch ((flow->hdr.argus_dsrvl8.qual & 0x1F)) {
3606 case ARGUS_TYPE_IPV4:
3607 tflow->ip_flow.ip_dst = flow->ip_flow.ip_src;
3608 tflow->ip_flow.ip_src = flow->ip_flow.ip_dst;
3609 switch ((tflow->ip_flow.ip_p = flow->ip_flow.ip_p)) {
3610 case IPPROTO_TCP:
3611 case IPPROTO_UDP:
3612 tflow->ip_flow.sport = flow->ip_flow.dport;
3613 tflow->ip_flow.dport = flow->ip_flow.sport;
3614 break;
3615 }
3616 break;
3617
3618 case ARGUS_TYPE_IPV6: {
3619 for (x = 0; x < 4; x++) {
3620 tflow->ipv6_flow.ip_src[x] = flow->ipv6_flow.ip_dst[x];
3621 tflow->ipv6_flow.ip_dst[x] = flow->ipv6_flow.ip_src[x];
3622 }
3623 switch ((tflow->ipv6_flow.ip_p = flow->ipv6_flow.ip_p)) {
3624 case IPPROTO_TCP:
3625 case IPPROTO_UDP:
3626 flow->ipv6_flow.sport = flow->ipv6_flow.dport;
3627 flow->ipv6_flow.dport = flow->ipv6_flow.sport;
3628 break;
3629 }
3630 break;
3631 }
3632
3633 case ARGUS_TYPE_RARP:
3634 bcopy(&flow->arp_flow.arp_spa,&tflow->arp_flow.arp_tpa, 6);
3635 bcopy(&flow->arp_flow.arp_tpa,&tflow->arp_flow.arp_spa, 6);
3636 break;
3637
3638 case ARGUS_TYPE_ARP:
3639 bcopy ((char *)flow, (char *)tflow, sizeof(*tflow));
3640 tflow->arp_flow.arp_tpa = flow->arp_flow.arp_spa;
3641 tflow->arp_flow.arp_spa = flow->arp_flow.arp_tpa;
3642 break;
3643
3644 case ARGUS_TYPE_ISIS:
3645 default: {
3646 bcopy ((char *)flow, (char *)tflow, sizeof(*tflow));
3647 break;
3648 }
3649
3650 case ARGUS_TYPE_ETHER: {
3651 bcopy ((char *)&flow->mac_flow.mac_union.ether.ehdr.ether_shost, (char *)&tflow->mac_flow.mac_union.ether.ehdr.ether_dhost,
3652 sizeof(tflow->mac_flow.mac_union.ether.ehdr.ether_shost));
3653 bcopy ((char *)&flow->mac_flow.mac_union.ether.ehdr.ether_dhost, (char *)&tflow->mac_flow.mac_union.ether.ehdr.ether_shost,
3654 sizeof(tflow->mac_flow.mac_union.ether.ehdr.ether_shost));
3655 tflow->mac_flow.mac_union.ether.ehdr.ether_type = flow->mac_flow.mac_union.ether.ehdr.ether_type;
3656 tflow->mac_flow.mac_union.ether.dsap = flow->mac_flow.mac_union.ether.ssap;
3657 tflow->mac_flow.mac_union.ether.ssap = flow->mac_flow.mac_union.ether.dsap;
3658 break;
3659 }
3660 }
3661 break;
3662 }
3663 case ARGUS_FLOW_ARP: {
3664 switch ((flow->hdr.argus_dsrvl8.qual & 0x1F)) {
3665 case ARGUS_TYPE_RARP:
3666 bcopy(&flow->arp_flow.arp_spa,&tflow->arp_flow.arp_tpa, 6);
3667 bcopy(&flow->arp_flow.arp_tpa,&tflow->arp_flow.arp_spa, 6);
3668 break;
3669
3670 case ARGUS_TYPE_ARP:
3671 bcopy ((char *)flow, (char *)tflow, tlen);
3672 tflow->arp_flow.arp_tpa = flow->arp_flow.arp_spa;
3673 tflow->arp_flow.arp_spa = flow->arp_flow.arp_tpa;
3674 break;
3675 }
3676 }
3677 }
3678 bcopy ((char *)tflow, (char *)flow, tlen);
3679 break;
3680 }
3681
3682 case ARGUS_IPATTR_INDEX: {
3683 struct ArgusIPAttrStruct *attr = (struct ArgusIPAttrStruct *)argus->dsrs[ARGUS_IPATTR_INDEX];
3684 struct ArgusIPAttrObject objbuf;
3685 char qual;
3686
3687 if (attr != NULL) {
3688 if ((qual = attr->hdr.argus_dsrvl8.qual) != 0) {
3689 attr->hdr.argus_dsrvl8.qual &= ~((ARGUS_IPATTR_SRC | ARGUS_IPATTR_SRC_OPTIONS ) |
3690 (ARGUS_IPATTR_DST | ARGUS_IPATTR_DST_OPTIONS ));
3691
3692 if (qual & ARGUS_IPATTR_SRC) attr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_DST;
3693 if (qual & ARGUS_IPATTR_DST) attr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_SRC;
3694 if (qual & ARGUS_IPATTR_SRC_OPTIONS) attr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_DST_OPTIONS;
3695 if (qual & ARGUS_IPATTR_DST_OPTIONS) attr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_SRC_OPTIONS;
3696
3697 bcopy (&attr->src, &objbuf, sizeof(objbuf));
3698 bcopy (&attr->dst, &attr->src, sizeof(attr->dst));
3699 bcopy (&objbuf, &attr->dst, sizeof(objbuf));
3700 }
3701 }
3702
3703 break;
3704 }
3705
3706 case ARGUS_TRANSPORT_INDEX:
3707 case ARGUS_TIME_ADJ_INDEX:
3708 break;
3709
3710 case ARGUS_AGR_INDEX: {
3711 struct ArgusOutputAgrStruct *agr = (struct ArgusOutputAgrStruct *) dsr;
3712 struct ArgusAggregatorStruct *agg;
3713
3714 if ((agg = ArgusParser->ArgusAggregator) != NULL) {
3715 if (agg->RaMetricFetchAlgorithm == ArgusFetchAppByteRatio) {
3716 agr->act.minval *= -1;
3717 agr->act.meanval *= -1;
3718 agr->act.maxval *= -1;
3719
3720 if ((agr->hdr.argus_dsrvl8.len * 4) >= sizeof(*agr)) {
3721 agr->idle.minval *= -1;
3722 agr->idle.meanval *= -1;
3723 agr->idle.maxval *= -1;
3724 }
3725 }
3726 }
3727
3728 break;
3729 }
3730
3731 case ARGUS_TIME_INDEX: {
3732 struct ArgusTimeObject *time = (struct ArgusTimeObject *) dsr;
3733 unsigned char subtype = time->hdr.subtype;
3734
3735 if (subtype & ARGUS_TIME_MASK) {
3736 struct ArgusTimeStruct srcbuf;
3737
3738 subtype &= ~ARGUS_TIME_MASK;
3739 bcopy (&time->src, &srcbuf, sizeof(srcbuf));
3740 bcopy (&time->dst, &time->src, sizeof(srcbuf));
3741 bcopy (&srcbuf, &time->dst, sizeof(srcbuf));
3742
3743 if (time->hdr.subtype & ARGUS_TIME_SRC_START) subtype |= ARGUS_TIME_DST_START;
3744 if (time->hdr.subtype & ARGUS_TIME_DST_START) subtype |= ARGUS_TIME_SRC_START;
3745 if (time->hdr.subtype & ARGUS_TIME_SRC_END) subtype |= ARGUS_TIME_DST_END;
3746 if (time->hdr.subtype & ARGUS_TIME_DST_END) subtype |= ARGUS_TIME_SRC_END;
3747
3748 time->hdr.subtype = subtype;
3749 }
3750
3751 break;
3752 }
3753
3754 case ARGUS_LABEL_INDEX: {
3755 struct ArgusLabelStruct *label;
3756 if (((label = (void *)argus->dsrs[ARGUS_LABEL_INDEX]) != NULL))
3757 ArgusReverseLabel(label);
3758 break;
3759 }
3760
3761 case ARGUS_ASN_INDEX: {
3762 struct ArgusAsnStruct *asn = (struct ArgusAsnStruct *)dsr;
3763 unsigned int src_as = asn->src_as;
3764 asn->src_as = asn->dst_as;
3765 asn->dst_as = src_as;
3766 break;
3767 }
3768
3769 case ARGUS_NETWORK_INDEX: {
3770 struct ArgusNetworkStruct *net = (struct ArgusNetworkStruct *)dsr;
3771 switch (net->hdr.subtype) {
3772 case ARGUS_TCP_INIT:
3773 case ARGUS_TCP_STATUS:
3774 case ARGUS_TCP_PERF: {
3775 struct ArgusTCPObject *tcp = (struct ArgusTCPObject *)&net->net_union.tcp;
3776 struct ArgusTCPObjectMetrics sbuf;
3777 bcopy ((char *)&tcp->src, (char *)&sbuf, sizeof (sbuf));
3778 bcopy ((char *)&tcp->dst, (char *)&tcp->src, sizeof (sbuf));
3779 bcopy ((char *)&sbuf, (char *)&tcp->dst, sizeof (sbuf));
3780 break;
3781 }
3782 }
3783 break;
3784 }
3785
3786 case ARGUS_METRIC_INDEX: {
3787 struct ArgusMetricStruct *metric = (struct ArgusMetricStruct *)argus->dsrs[ARGUS_METRIC_INDEX];
3788 struct ArgusMetricStruct mbuf, *tmetric = &mbuf;
3789
3790 if ((metric != NULL) && (!flags)) {
3791 bzero ((char *)tmetric, sizeof(*tmetric));
3792
3793 tmetric->hdr = metric->hdr;
3794 tmetric->src.pkts = metric->dst.pkts;
3795 tmetric->src.bytes = metric->dst.bytes;
3796 tmetric->dst.pkts = metric->src.pkts;
3797 tmetric->dst.bytes = metric->src.bytes;
3798 if (metric->hdr.subtype == ARGUS_METER_PKTS_BYTES_APP) {
3799 tmetric->src.appbytes = metric->dst.appbytes;
3800 tmetric->dst.appbytes = metric->src.appbytes;
3801 }
3802
3803 bcopy((char *)tmetric, (char *) metric, sizeof(*tmetric));
3804 }
3805 break;
3806 }
3807
3808 case ARGUS_PSIZE_INDEX: {
3809 struct ArgusPacketSizeStruct *psize = (void *)argus->dsrs[ARGUS_PSIZE_INDEX];
3810 struct ArgusPacketSizeStruct pbuf, *pbptr = &pbuf;
3811 pbptr->hdr = psize->hdr;
3812
3813 switch (psize->hdr.argus_dsrvl8.qual & 0x0F) {
3814 case ARGUS_SRCDST_SHORT:
3815 break;
3816 case ARGUS_SRC_SHORT:
3817 pbptr->hdr.argus_dsrvl8.qual &= ~ARGUS_SRC_SHORT;
3818 pbptr->hdr.argus_dsrvl8.qual |= ARGUS_DST_SHORT;
3819 break;
3820 case ARGUS_DST_SHORT:
3821 pbptr->hdr.argus_dsrvl8.qual &= ~ARGUS_DST_SHORT;
3822 pbptr->hdr.argus_dsrvl8.qual |= ARGUS_SRC_SHORT;
3823 break;
3824 }
3825
3826 bcopy(&psize->src, &pbptr->dst, sizeof(psize->src));
3827 bcopy(&psize->dst, &pbptr->src, sizeof(psize->dst));
3828
3829 bcopy(pbptr, psize, sizeof(*psize));
3830 break;
3831 }
3832
3833 case ARGUS_MAC_INDEX: {
3834 struct ArgusMacStruct *mac = (struct ArgusMacStruct *) argus->dsrs[ARGUS_MAC_INDEX];
3835 struct ArgusMacStruct mbuf, *tmac = &mbuf;
3836 tmac->hdr = mac->hdr;
3837
3838 switch (mac->hdr.subtype & 0x3F) {
3839 default:
3840 case ARGUS_TYPE_ETHER:
3841 bcopy ((char *)&mac->mac.mac_union.ether.ehdr.ether_shost, (char *)&tmac->mac.mac_union.ether.ehdr.ether_dhost, 6);
3842 bcopy ((char *)&mac->mac.mac_union.ether.ehdr.ether_dhost, (char *)&tmac->mac.mac_union.ether.ehdr.ether_shost, 6);
3843
3844 tmac->mac.mac_union.ether.ehdr.ether_type = mac->mac.mac_union.ether.ehdr.ether_type;
3845 tmac->mac.mac_union.ether.dsap = mac->mac.mac_union.ether.ssap;
3846 tmac->mac.mac_union.ether.ssap = mac->mac.mac_union.ether.dsap;
3847 break;
3848 }
3849
3850 bcopy ((char *) tmac, (char *) mac, sizeof(*mac));
3851 break;
3852 }
3853
3854 case ARGUS_VLAN_INDEX: {
3855 struct ArgusVlanStruct *vlan = (struct ArgusVlanStruct *)argus->dsrs[ARGUS_VLAN_INDEX];
3856 unsigned short tsid = vlan->sid;
3857 unsigned char qual = vlan->hdr.argus_dsrvl8.qual & ~(ARGUS_SRC_VLAN | ARGUS_DST_VLAN);
3858
3859 vlan->sid = vlan->did;
3860 vlan->did = tsid;
3861
3862 if (vlan->hdr.argus_dsrvl8.qual & ARGUS_SRC_VLAN)
3863 qual |= ARGUS_DST_VLAN;
3864
3865 if (vlan->hdr.argus_dsrvl8.qual & ARGUS_DST_VLAN)
3866 qual |= ARGUS_SRC_VLAN;
3867
3868 vlan->hdr.argus_dsrvl8.qual = qual;
3869 break;
3870 }
3871
3872 case ARGUS_MPLS_INDEX: {
3873 struct ArgusMplsStruct *mpls = (struct ArgusMplsStruct *)argus->dsrs[ARGUS_MPLS_INDEX];
3874 if (mpls != NULL) {
3875 struct ArgusMplsStruct mbuf, *tmpls = &mbuf;
3876 tmpls->hdr = mpls->hdr;
3877 tmpls->hdr.subtype = 0;
3878 if (mpls->hdr.subtype & ARGUS_MPLS_SRC_LABEL)
3879 tmpls->hdr.subtype |= ARGUS_MPLS_DST_LABEL;
3880 if (mpls->hdr.subtype & ARGUS_MPLS_DST_LABEL)
3881 tmpls->hdr.subtype |= ARGUS_MPLS_SRC_LABEL;
3882
3883 tmpls->dlabel = mpls->slabel;
3884 tmpls->slabel = mpls->dlabel;
3885 bcopy((char *)tmpls, (char *) mpls, sizeof(*tmpls));
3886 }
3887 break;
3888 }
3889
3890 case ARGUS_JITTER_INDEX: {
3891 struct ArgusJitterStruct *jitter = (void *)argus->dsrs[ARGUS_JITTER_INDEX];
3892
3893 if (jitter != NULL) {
3894 struct ArgusJitterStruct tjitbuf, *tjit = &tjitbuf;
3895 bzero((char *)tjit, sizeof(*tjit));
3896
3897 bcopy((char *)&jitter->hdr, (char *)&tjit->hdr, sizeof(tjit->hdr));
3898 tjit->hdr.argus_dsrvl8.qual &= ~(ARGUS_SRC_ACTIVE_JITTER | ARGUS_DST_ACTIVE_JITTER |
3899 ARGUS_SRC_IDLE_JITTER | ARGUS_DST_IDLE_JITTER );
3900
3901 if (jitter->hdr.argus_dsrvl8.qual & ARGUS_SRC_ACTIVE_JITTER) {
3902 tjit->hdr.argus_dsrvl8.qual |= ARGUS_DST_ACTIVE_JITTER;
3903 bcopy((char *)&jitter->src.act, (char *)&tjit->dst.act, sizeof(tjit->dst.act));
3904 }
3905 if (jitter->hdr.argus_dsrvl8.qual & ARGUS_SRC_IDLE_JITTER) {
3906 tjit->hdr.argus_dsrvl8.qual |= ARGUS_DST_IDLE_JITTER;
3907 bcopy((char *)&jitter->src.idle, (char *)&tjit->dst.idle, sizeof(tjit->dst.idle));
3908 }
3909 if (jitter->hdr.argus_dsrvl8.qual & ARGUS_DST_ACTIVE_JITTER) {
3910 tjit->hdr.argus_dsrvl8.qual |= ARGUS_SRC_ACTIVE_JITTER;
3911 bcopy((char *)&jitter->dst.act, (char *)&tjit->src.act, sizeof(tjit->src.act));
3912 }
3913 if (jitter->hdr.argus_dsrvl8.qual & ARGUS_DST_IDLE_JITTER) {
3914 tjit->hdr.argus_dsrvl8.qual |= ARGUS_SRC_IDLE_JITTER;
3915 bcopy((char *)&jitter->dst.idle, (char *)&tjit->src.idle, sizeof(tjit->src.idle));
3916 }
3917
3918 bcopy((char *)tjit, (char *)jitter, sizeof(*jitter));
3919 }
3920 break;
3921 }
3922
3923 case ARGUS_COCODE_INDEX: {
3924 struct ArgusCountryCodeStruct *cocode = (void *)argus->dsrs[ARGUS_COCODE_INDEX];
3925 char ccbuf[4];
3926
3927 if (cocode != NULL) {
3928 bzero(ccbuf, sizeof(ccbuf));
3929 bcopy((char *)&cocode->src, ccbuf, 2);
3930 bcopy((char *)&cocode->dst, (char *)&cocode->src, 2);
3931 bcopy((char *)ccbuf, (char *)&cocode->dst, 2);
3932 }
3933 break;
3934 }
3935
3936 case ARGUS_SRCUSERDATA_INDEX:
3937 case ARGUS_DSTUSERDATA_INDEX: {
3938 if (!ArgusDataDataSwitched && !flags) {
3939 struct ArgusDataStruct *srcuser = (struct ArgusDataStruct *)argus->dsrs[ARGUS_SRCUSERDATA_INDEX];
3940 struct ArgusDataStruct *dstuser = (struct ArgusDataStruct *)argus->dsrs[ARGUS_DSTUSERDATA_INDEX];
3941 if (srcuser) {
3942 argus->dsrs[ARGUS_DSTUSERDATA_INDEX] = (struct ArgusDSRHeader *) srcuser;
3943 srcuser->hdr.subtype &= ~ARGUS_SRC_DATA;
3944 srcuser->hdr.subtype |= ARGUS_DST_DATA;
3945 } else
3946 argus->dsrs[ARGUS_DSTUSERDATA_INDEX] = (struct ArgusDSRHeader *) NULL;
3947 if (dstuser) {
3948 argus->dsrs[ARGUS_SRCUSERDATA_INDEX] = (struct ArgusDSRHeader *) dstuser;
3949 dstuser->hdr.subtype &= ~ARGUS_DST_DATA;
3950 dstuser->hdr.subtype |= ARGUS_SRC_DATA;
3951 } else
3952 argus->dsrs[ARGUS_SRCUSERDATA_INDEX] = (struct ArgusDSRHeader *) NULL;
3953
3954 ArgusDataDataSwitched++;
3955 }
3956 break;
3957 }
3958 }
3959 }
3960 }
3961
3962
3963 #ifdef ARGUSDEBUG
3964 ArgusDebug (10, "ArgusReverseRecord (%p, 0x%x)", argus, flags);
3965 #endif
3966 }
3967
3968 void
ArgusReverseRecord(struct ArgusRecordStruct * argus)3969 ArgusReverseRecord (struct ArgusRecordStruct *argus)
3970 {
3971 ArgusReverseRecordWithFlag (argus,0);
3972 }
3973
3974 u_int
ArgusIndexRecord(struct ArgusRecordStruct * argus)3975 ArgusIndexRecord (struct ArgusRecordStruct *argus)
3976 {
3977 u_int retn = 0;
3978
3979 retn = argus->dsrindex;
3980 #ifdef ARGUSDEBUG
3981 ArgusDebug (10, "ArgusIndexRecord (%p) returns 0x%x", argus, retn);
3982 #endif
3983
3984 return (retn);
3985 }
3986
3987
3988
3989 int
ArgusConvertInitialWriteStruct(struct WriteStruct * ws,struct ArgusRecordStruct * argus)3990 ArgusConvertInitialWriteStruct (struct WriteStruct *ws, struct ArgusRecordStruct *argus)
3991 {
3992 int retn = 0;
3993
3994 #ifdef ARGUSDEBUG
3995 ArgusDebug (10, "ArgusConvertInitialWriteStruct (%p, %p) returning %d", ws, argus, retn);
3996 #endif
3997
3998 return (retn);
3999 }
4000
4001 #include <argus/cons_def.h>
4002
4003 #if defined(__OpenBSD__) || defined(__APPLE__) || defined(linux)
4004 #include <netinet/ip_icmp.h>
4005 #include <netinet/icmp6.h>
4006 #endif
4007
4008 extern int ArgusTotalBytes;
4009 extern int ArgusTotalCount;
4010
4011 int
ArgusConvertWriteStruct(struct WriteStruct * ws,struct ArgusRecordStruct * argus)4012 ArgusConvertWriteStruct (struct WriteStruct *ws, struct ArgusRecordStruct *argus)
4013 {
4014 int retn = 0;
4015
4016 #ifdef ARGUSDEBUG
4017 ArgusDebug (10, "ArgusConvertWriteStruct (%p, %p) returning %d", ws, argus, retn);
4018 #endif
4019
4020 return (retn);
4021 }
4022
4023
4024 void ArgusPrintXmlSortAlgorithms(struct ArgusParserStruct *parser);
4025
4026 void
ArgusPrintXmlSortAlgorithms(struct ArgusParserStruct * parser)4027 ArgusPrintXmlSortAlgorithms(struct ArgusParserStruct *parser)
4028 {
4029 int i, dtime = 0, agg = 0, flow = 0, attr = 0, metrics = 0, trans = 0;
4030 int mac = 0, encaps = 0, label = 0, state = 0, igmp = 0, psize = 0;
4031 int vlan = 0, mpls = 0, cor = 0, user = 0, tcp = 0, sfile = 0;
4032
4033 for (i = 0; i < MAX_PRINT_ALG_TYPES; i++) {
4034 if (parser->RaPrintAlgorithmList[i] != NULL) {
4035 switch (parser->RaPrintAlgorithmList[i]->value) {
4036 case ARGUSPRINTSTARTDATE: dtime++; break;
4037 case ARGUSPRINTLASTDATE: dtime++; break;
4038 case ARGUSPRINTTRANSACTIONS: agg++; break;
4039 case ARGUSPRINTDURATION: dtime++; break;
4040 case ARGUSPRINTMEAN: agg++; break;
4041 case ARGUSPRINTMIN: agg++; break;
4042 case ARGUSPRINTMAX: agg++; break;
4043 case ARGUSPRINTSRCADDR: flow++; break;
4044 case ARGUSPRINTDSTADDR: flow++; break;
4045 case ARGUSPRINTPROTO: flow++; break;
4046 case ARGUSPRINTSRCPORT: flow++; break;
4047 case ARGUSPRINTDSTPORT: flow++; break;
4048 case ARGUSPRINTSRCTOS: attr++; break;
4049 case ARGUSPRINTDSTTOS: attr++; break;
4050 case ARGUSPRINTSRCDSBYTE: attr++; break;
4051 case ARGUSPRINTDSTDSBYTE: attr++; break;
4052 case ARGUSPRINTSRCTTL: attr++; break;
4053 case ARGUSPRINTDSTTTL: attr++; break;
4054 case ARGUSPRINTBYTES: metrics++; break;
4055 case ARGUSPRINTSRCBYTES: metrics++; break;
4056 case ARGUSPRINTDSTBYTES: metrics++; break;
4057 case ARGUSPRINTAPPBYTES: metrics++; break;
4058 case ARGUSPRINTSRCAPPBYTES: metrics++; break;
4059 case ARGUSPRINTDSTAPPBYTES: metrics++; break;
4060 case ARGUSPRINTPACKETS: metrics++; break;
4061 case ARGUSPRINTSRCPACKETS: metrics++; break;
4062 case ARGUSPRINTDSTPACKETS: metrics++; break;
4063 case ARGUSPRINTLOAD: metrics++; break;
4064 case ARGUSPRINTSRCLOAD: metrics++; break;
4065 case ARGUSPRINTDSTLOAD: metrics++; break;
4066 case ARGUSPRINTLOSS: metrics++; break;
4067 case ARGUSPRINTSRCLOSS: metrics++; break;
4068 case ARGUSPRINTDSTLOSS: metrics++; break;
4069 case ARGUSPRINTPERCENTLOSS: metrics++; break;
4070 case ARGUSPRINTSRCPERCENTLOSS: metrics++; break;
4071 case ARGUSPRINTDSTPERCENTLOSS: metrics++; break;
4072 case ARGUSPRINTRATE: metrics++; break;
4073 case ARGUSPRINTSRCRATE: metrics++; break;
4074 case ARGUSPRINTDSTRATE: metrics++; break;
4075 case ARGUSPRINTSOURCEID: trans++; break;
4076 case ARGUSPRINTFLAGS: break;
4077 case ARGUSPRINTSRCMACADDRESS: mac++; break;
4078 case ARGUSPRINTDSTMACADDRESS: mac++; break;
4079 case ARGUSPRINTDIR: flow++; break;
4080 case ARGUSPRINTSRCINTPKT: metrics++; break;
4081 case ARGUSPRINTDSTINTPKT: metrics++; break;
4082 case ARGUSPRINTACTSRCINTPKT: metrics++; break;
4083 case ARGUSPRINTACTDSTINTPKT: metrics++; break;
4084 case ARGUSPRINTIDLESRCINTPKT: metrics++; break;
4085 case ARGUSPRINTIDLEDSTINTPKT: metrics++; break;
4086 case ARGUSPRINTSRCINTPKTMAX: metrics++; break;
4087 case ARGUSPRINTSRCINTPKTMIN: metrics++; break;
4088 case ARGUSPRINTDSTINTPKTMAX: metrics++; break;
4089 case ARGUSPRINTDSTINTPKTMIN: metrics++; break;
4090 case ARGUSPRINTACTSRCINTPKTMAX: metrics++; break;
4091 case ARGUSPRINTACTSRCINTPKTMIN: metrics++; break;
4092 case ARGUSPRINTACTDSTINTPKTMAX: metrics++; break;
4093 case ARGUSPRINTACTDSTINTPKTMIN: metrics++; break;
4094 case ARGUSPRINTIDLESRCINTPKTMAX: metrics++; break;
4095 case ARGUSPRINTIDLESRCINTPKTMIN: metrics++; break;
4096 case ARGUSPRINTIDLEDSTINTPKTMAX: metrics++; break;
4097 case ARGUSPRINTIDLEDSTINTPKTMIN: metrics++; break;
4098 case ARGUSPRINTSPACER: break;
4099 case ARGUSPRINTSRCJITTER: metrics++; break;
4100 case ARGUSPRINTDSTJITTER: metrics++; break;
4101 case ARGUSPRINTACTSRCJITTER: metrics++; break;
4102 case ARGUSPRINTACTDSTJITTER: metrics++; break;
4103 case ARGUSPRINTIDLESRCJITTER: metrics++; break;
4104 case ARGUSPRINTIDLEDSTJITTER: metrics++; break;
4105 case ARGUSPRINTSTATE: state++; break;
4106 case ARGUSPRINTDELTADURATION: cor++; break;
4107 case ARGUSPRINTDELTASTARTTIME: cor++; break;
4108 case ARGUSPRINTDELTALASTTIME: cor++; break;
4109 case ARGUSPRINTDELTASRCPKTS: cor++; break;
4110 case ARGUSPRINTDELTADSTPKTS: cor++; break;
4111 case ARGUSPRINTDELTASRCBYTES: cor++; break;
4112 case ARGUSPRINTDELTADSTBYTES: cor++; break;
4113 case ARGUSPRINTPERCENTDELTASRCPKTS: cor++; break;
4114 case ARGUSPRINTPERCENTDELTADSTPKTS: cor++; break;
4115 case ARGUSPRINTPERCENTDELTASRCBYTES: cor++; break;
4116 case ARGUSPRINTPERCENTDELTADSTBYTES: cor++; break;
4117 case ARGUSPRINTSRCUSERDATA: user++; break;
4118 case ARGUSPRINTDSTUSERDATA: user++; break;
4119 case ARGUSPRINTTCPEXTENSIONS: tcp++; break;
4120 case ARGUSPRINTSRCWINDOW: tcp++; break;
4121 case ARGUSPRINTDSTWINDOW: tcp++; break;
4122 case ARGUSPRINTJOINDELAY: igmp++; break;
4123 case ARGUSPRINTLEAVEDELAY: igmp++; break;
4124 case ARGUSPRINTSEQUENCENUMBER: trans++; break;
4125 case ARGUSPRINTBINS: agg++; break;
4126 case ARGUSPRINTBINNUMBER: agg++; break;
4127 case ARGUSPRINTSRCMPLS: mpls++; break;
4128 case ARGUSPRINTDSTMPLS: mpls++; break;
4129 case ARGUSPRINTSRCVLAN: vlan++; break;
4130 case ARGUSPRINTDSTVLAN: vlan++; break;
4131 case ARGUSPRINTSRCVID: vlan++; break;
4132 case ARGUSPRINTDSTVID: vlan++; break;
4133 case ARGUSPRINTSRCVPRI: vlan++; break;
4134 case ARGUSPRINTDSTVPRI: vlan++; break;
4135 case ARGUSPRINTSRCIPID: attr++; break;
4136 case ARGUSPRINTDSTIPID: attr++; break;
4137 case ARGUSPRINTSTARTRANGE: dtime++; break;
4138 case ARGUSPRINTENDRANGE: dtime++; break;
4139 case ARGUSPRINTTCPSRCBASE: tcp++; break;
4140 case ARGUSPRINTTCPDSTBASE: tcp++; break;
4141 case ARGUSPRINTTCPRTT: tcp++; break;
4142 case ARGUSPRINTINODE: break;
4143 case ARGUSPRINTSTDDEV: agg++; break;
4144 case ARGUSPRINTRELDATE: dtime++; break;
4145 case ARGUSPRINTBYTEOFFSET: sfile++; break;
4146 case ARGUSPRINTSRCNET: flow++; break;
4147 case ARGUSPRINTDSTNET: flow++; break;
4148 case ARGUSPRINTSRCDURATION: dtime++; break;
4149 case ARGUSPRINTDSTDURATION: dtime++; break;
4150 case ARGUSPRINTTCPSRCMAX: tcp++; break;
4151 case ARGUSPRINTTCPDSTMAX: tcp++; break;
4152 case ARGUSPRINTTCPSYNACK: tcp++; break;
4153 case ARGUSPRINTTCPACKDAT: tcp++; break;
4154 case ARGUSPRINTSRCSTARTDATE: dtime++; break;
4155 case ARGUSPRINTSRCLASTDATE: dtime++; break;
4156 case ARGUSPRINTDSTSTARTDATE: dtime++; break;
4157 case ARGUSPRINTDSTLASTDATE: dtime++; break;
4158 case ARGUSPRINTSRCENCAPS: encaps++; break;
4159 case ARGUSPRINTDSTENCAPS: encaps++; break;
4160 case ARGUSPRINTSRCMAXPKTSIZE: metrics++; psize++; break;
4161 case ARGUSPRINTSRCMINPKTSIZE: metrics++; psize++; break;
4162 case ARGUSPRINTDSTMAXPKTSIZE: metrics++; psize++; break;
4163 case ARGUSPRINTDSTMINPKTSIZE: metrics++; psize++; break;
4164 case ARGUSPRINTSRCCOUNTRYCODE: label++; break;
4165 case ARGUSPRINTDSTCOUNTRYCODE: label++; break;
4166 case ARGUSPRINTSRCHOPCOUNT: attr++; break;
4167 case ARGUSPRINTDSTHOPCOUNT: attr++; break;
4168 }
4169 }
4170 }
4171 }
4172
4173 void ArgusPrintRecordHeader (struct ArgusParserStruct *, char *, struct ArgusRecordStruct *, int);
4174 void ArgusPrintRecordCloser (struct ArgusParserStruct *, char *, struct ArgusRecordStruct *, int);
4175
4176 int ArgusParseInited = 0;
4177
4178 #define ARGUS_PRINT_TEMP_BUF_SIZE 0x10000
4179 #define ARGUS_TEMP_BUF_SIZE 0x400
4180 char *ArgusPrintTempBuf = NULL;
4181 char *ArgusTempBuffer = NULL;
4182
4183
4184 void
ArgusPrintRecord(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)4185 ArgusPrintRecord (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
4186 {
4187 struct ArgusInput *input = argus->input;
4188 char *timeFormat = parser->RaTimeFormat, *tmpbuf;
4189 int slen = 0, dlen = len;
4190 extern char version[];
4191
4192 if (ArgusPrintTempBuf == NULL)
4193 if ((ArgusPrintTempBuf = (char *)ArgusMalloc(ARGUS_PRINT_TEMP_BUF_SIZE)) == NULL)
4194 ArgusLog(LOG_ERR, "ArgusCalloc error %s", strerror(errno));
4195
4196 if (ArgusTempBuffer == NULL)
4197 if ((ArgusTempBuffer = (char *)ArgusMalloc(ARGUS_TEMP_BUF_SIZE)) == NULL)
4198 ArgusLog(LOG_ERR, "ArgusCalloc error %s", strerror(errno));
4199
4200 if ((tmpbuf = ArgusPrintTempBuf) != NULL)
4201 *tmpbuf = '\0';
4202
4203 if (!(ArgusParseInited++)) {
4204 if (argus->input)
4205 ArgusInitAddrtoname (parser, argus->input->ArgusLocalNet, argus->input->ArgusNetMask);
4206 else
4207 ArgusInitAddrtoname (parser, 0L, 0L);
4208 }
4209
4210 if (parser->ArgusPrintJson) {
4211 if (timeFormat == NULL)
4212 parser->RaTimeFormat = strdup("%H:%M:%S.%f");
4213 if (parser->RaOutputStarted == 0) {
4214 parser->RaOutputStarted++;
4215 }
4216 ArgusPrintRecordHeader (parser, buf, argus, dlen);
4217
4218 } else
4219 if (parser->ArgusPrintXml) {
4220 parser->RaTimeFormat="%Y-%m-%dT%H:%M:%S.%f";
4221
4222 if (parser->RaXMLStarted == 0) {
4223 struct ArgusRecord *rec = (struct ArgusRecord *) &input->ArgusManStart;
4224 struct ArgusInterfaceStruct *interface = &ArgusInterfaceTypes[0];
4225
4226 char StartDateBuf[64], CurrentDateBuf[64];
4227 char ArgusSourceId[64];
4228 struct timeval tvpbuf, *tvp = &tvpbuf;
4229
4230 bzero(StartDateBuf, sizeof(StartDateBuf));
4231 bzero(CurrentDateBuf, sizeof(CurrentDateBuf));
4232 bzero(ArgusSourceId, sizeof(ArgusSourceId));
4233
4234 tvp->tv_sec = rec->argus_mar.startime.tv_sec;
4235 tvp->tv_usec = rec->argus_mar.startime.tv_usec;
4236
4237 ArgusPrintTime(parser, StartDateBuf, tvp);
4238
4239 gettimeofday(tvp, 0L);
4240 ArgusPrintTime(parser, CurrentDateBuf, tvp);
4241
4242 snprintf(buf, dlen, "<?xml version =\"1.0\" encoding=\"UTF-8\"?>\n");
4243 slen = strlen(buf); dlen = len - slen;
4244
4245 snprintf(&buf[slen], dlen, "<!--Generated by %s(%s) QoSient, LLC-->\n", parser->ArgusProgramName, version);
4246 slen = strlen(buf); dlen = len - slen;
4247
4248 snprintf(&buf[slen], dlen, "<ArgusDataStream");
4249 slen = strlen(buf); dlen = len - slen;
4250
4251 snprintf(&buf[slen], dlen, "\n xmlns:xsi = \"http://www.w3.org/2001/XMLSchema-instance\" ");
4252 slen = strlen(buf); dlen = len - slen;
4253
4254 snprintf(&buf[slen], dlen, "\n xsi:noNamespaceSchemaLocation = \"http://qosient.com/argus/Xml/ArgusRecord.3.0.xsd\"");
4255 slen = strlen(buf); dlen = len - slen;
4256
4257 snprintf(&buf[slen], dlen, "\n BeginDate = \"%s\" CurrentDate = \"%s\"", StartDateBuf, CurrentDateBuf);
4258 slen = strlen(buf); dlen = len - slen;
4259
4260 snprintf(&buf[slen], dlen, "\n MajorVersion = \"%d\" MinorVersion = \"%d\" ", input->major_version, input->minor_version);
4261 slen = strlen(buf); dlen = len - slen;
4262
4263 while (interface->value >= 0) {
4264 if (rec->argus_mar.interfaceType == interface->value)
4265 break;
4266 interface++;
4267 }
4268
4269 snprintf(&buf[slen], dlen, "InterfaceType = \"%s\" InterfaceStatus = \"%s\"\n ", interface->label, "Up");
4270 slen = strlen(buf); dlen = len - slen;
4271
4272 ArgusPrintSourceID (parser, ArgusSourceId, argus, 32);
4273
4274 snprintf(&buf[slen], dlen, " Argus%s ", &ArgusSourceId[1]);
4275 slen = strlen(buf); dlen = len - slen;
4276
4277 snprintf(&buf[slen], dlen, " NetAddr = \"%s\" ", ipaddr_string(&input->ArgusLocalNet));
4278 slen = strlen(buf); dlen = len - slen;
4279
4280 snprintf(&buf[slen], dlen, " NetMask = \"%s\">\n\n", ipaddr_string(&input->ArgusNetMask));
4281 slen = strlen(buf); dlen = len - slen;
4282
4283 ArgusPrintXmlSortAlgorithms(parser);
4284 parser->RaXMLStarted++;
4285 }
4286
4287 ArgusPrintRecordHeader (parser, &buf[slen], argus, dlen);
4288 }
4289
4290 switch (argus->hdr.type & 0xF0) {
4291 case ARGUS_MAR: {
4292 if (parser->ArgusPrintJson) {
4293 ArgusPrintManagementRecord(parser, buf, argus, dlen);
4294 break;
4295 }
4296 }
4297
4298 default: {
4299 #if defined(ARGUS_THREADS)
4300 pthread_mutex_lock(&parser->lock);
4301 #endif
4302 for (parser->RaPrintIndex = 0; parser->RaPrintIndex < MAX_PRINT_ALG_TYPES; parser->RaPrintIndex++) {
4303 char tmpbuf[0x10000];
4304 int tlen = 0;
4305
4306 if ((parser->RaPrintAlgorithm = parser->RaPrintAlgorithmList[parser->RaPrintIndex]) != NULL) {
4307 if (parser->RaPrintAlgorithm->print != NULL) {
4308 int thistype = ARGUS_PTYPE_STRING;
4309 bzero(tmpbuf, 16);
4310
4311 parser->RaPrintAlgorithm->print(parser, tmpbuf, argus, parser->RaPrintAlgorithm->length);
4312
4313 if ((slen = strlen(tmpbuf)) > 0) {
4314 if (parser->RaPrintAlgorithm->type == ARGUS_PTYPE_STRING) {
4315 int ival = 0;
4316 int iret = ((sscanf(tmpbuf, "%d %n", &ival, &tlen) == 1) && !tmpbuf[tlen]);
4317 if (iret) {
4318 thistype = ARGUS_PTYPE_INT;
4319 } else {
4320 float fval = 0.0;
4321 int fret = ((sscanf(tmpbuf, "%f %n", &fval, &tlen) == 1) && !tmpbuf[tlen]);
4322 if (fret) thistype = ARGUS_PTYPE_DOUBLE;
4323 }
4324 }
4325
4326 dlen = sizeof(tmpbuf) - slen;
4327
4328 if (tmpbuf[slen - 1] == ' ') {
4329 tmpbuf[slen - 1] = '\0'; // remove trailing space
4330 slen--;
4331 dlen = sizeof(tmpbuf) - slen;
4332 }
4333
4334 if (parser->ArgusPrintXml) {
4335 if (slen > 0)
4336 if (!(tmpbuf[slen - 1] == '\"'))
4337 sprintf(&tmpbuf[slen], "\"");
4338 } else {
4339 if ((parser->RaPrintIndex > 0) && (parser->RaPrintIndex < ARGUS_MAX_PRINT_ALG)) {
4340 if ((parser->RaFieldDelimiter == '\0') || (parser->RaFieldDelimiter == ' ')) {
4341 int tok = 0, i;
4342
4343 for (i = 0; i < strlen(tmpbuf); i++) {
4344 if (!isspace(tmpbuf[i])) {
4345 tok = 1; break;
4346 }
4347 }
4348 if (parser->RaSeparateAddrPortWithPeriod) {
4349 switch (argus->hdr.type & 0xF0) {
4350 case ARGUS_FAR:
4351 case ARGUS_NETFLOW:
4352 if (tok) {
4353 if (((parser->RaPrintAlgorithmList[parser->RaPrintIndex]->print == ArgusPrintSrcPort) &&
4354 (parser->RaPrintAlgorithmList[parser->RaPrintIndex - 1]->print == ArgusPrintSrcAddr)) ||
4355 ((parser->RaPrintAlgorithmList[parser->RaPrintIndex]->print == ArgusPrintDstPort) &&
4356 (parser->RaPrintAlgorithmList[parser->RaPrintIndex - 1]->print == ArgusPrintDstAddr))) {
4357
4358 if (parser->RaFieldDelimiter == '\0')
4359 if (buf[strlen(buf) - 1] == ' ')
4360 buf[strlen(buf) - 1] = '.';
4361 }
4362 }
4363 break;
4364
4365 default:
4366 break;
4367 }
4368 }
4369 }
4370 }
4371
4372 slen = strlen(tmpbuf); dlen = len - slen;
4373 snprintf(&tmpbuf[slen], dlen, " ");
4374 }
4375
4376 if ((parser->RaFieldDelimiter != ' ') && (parser->RaFieldDelimiter != '\0')) {
4377 if (parser->RaPrintAlgorithm->print != ArgusPrintFlags)
4378 while ((strlen(tmpbuf) > 0) && isspace((int)(tmpbuf[strlen(tmpbuf) - 1])))
4379 tmpbuf[strlen(tmpbuf) - 1] = '\0';
4380
4381 slen = strlen(buf); dlen = len - slen;
4382
4383 if (parser->RaFieldQuoted) {
4384 int tlen, tind = 0, i;
4385
4386 if ((tlen = strlen(tmpbuf)) > 0) {
4387 if (thistype == ARGUS_PTYPE_STRING) {
4388 if (strchr(tmpbuf, parser->RaFieldQuoted)) {
4389 for (i = 0; i < tlen; i++) {
4390 if (tmpbuf[i] == parser->RaFieldQuoted)
4391 ArgusTempBuffer[tind++] = '\\';
4392 ArgusTempBuffer[tind++] = tmpbuf[i];
4393 }
4394 bcopy(ArgusTempBuffer, tmpbuf, tind);
4395 tmpbuf[tind] = '\0';
4396 slen = tind;
4397 dlen = ARGUS_PRINT_TEMP_BUF_SIZE - tind;
4398 }
4399 }
4400
4401 if (parser->ArgusPrintJson) {
4402 if (parser->ArgusPrintD3 && ((parser->RaPrintAlgorithm->print == ArgusPrintStartDate ) ||
4403 (parser->RaPrintAlgorithm->print == ArgusPrintLastDate ))) {
4404 snprintf(&buf[strlen(buf)], dlen, "%c%s%c:%s%c",
4405 parser->RaFieldQuoted, parser->RaPrintAlgorithm->field, parser->RaFieldQuoted,
4406 tmpbuf, parser->RaFieldDelimiter);
4407
4408 } else {
4409 if (thistype == ARGUS_PTYPE_STRING) {
4410 slen = snprintf(&buf[strlen(buf)], dlen, "%c%s%c:%c%s%c%c",
4411 parser->RaFieldQuoted, parser->RaPrintAlgorithm->field, parser->RaFieldQuoted,
4412 parser->RaFieldQuoted, tmpbuf, parser->RaFieldQuoted,
4413 parser->RaFieldDelimiter);
4414 } else {
4415 slen = snprintf(&buf[strlen(buf)], dlen, "%c%s%c:%s%c",
4416 parser->RaFieldQuoted, parser->RaPrintAlgorithm->field, parser->RaFieldQuoted,
4417 tmpbuf, parser->RaFieldDelimiter);
4418 }
4419 }
4420 }
4421 }
4422
4423 } else
4424 snprintf(&buf[slen], dlen, "%s%c", tmpbuf, parser->RaFieldDelimiter);
4425
4426 } else {
4427 slen = strlen(buf); dlen = len - slen;
4428 snprintf(&buf[slen], dlen, "%s", tmpbuf);
4429 }
4430
4431 parser->RaPrintAlgorithm->offset = slen;
4432 }
4433 }
4434 }
4435 }
4436 #if defined(ARGUS_THREADS)
4437 pthread_mutex_unlock(&parser->lock);
4438 #endif
4439 break;
4440 }
4441 }
4442
4443 slen = strlen(buf); dlen = len - slen;
4444
4445 if (!(parser->ArgusPrintXml))
4446 while (isspace((int)(buf[strlen(buf) - 1]))) {
4447 buf[slen - 1] = '\0';
4448 slen--;
4449 }
4450
4451 if ((parser->RaFieldDelimiter != ' ') && (parser->RaFieldDelimiter != '\0')) {
4452 if (buf[slen - 1] == parser->RaFieldDelimiter) {
4453 buf[slen - 1] = '\0';
4454 slen--;
4455 }
4456 }
4457
4458 slen = strlen(buf); dlen = len - slen;
4459
4460 if ((parser->ArgusPrintJson) || (parser->ArgusPrintXml)) {
4461 ArgusPrintRecordCloser (parser, &buf[slen], argus, dlen);
4462 }
4463
4464 parser->RaTimeFormat = timeFormat;
4465
4466 #ifdef ARGUSDEBUG
4467 ArgusDebug (10, "ArgusPrintRecord (%p, %p, %p, %d)", parser, buf, argus, len);
4468 #endif
4469 }
4470
4471
4472 void
ArgusPrintManagementRecord(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)4473 ArgusPrintManagementRecord(struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
4474 {
4475 ArgusPrintManStatus(parser,&buf[strlen(buf)],argus,len);
4476 }
4477
4478 void
ArgusPrintRecordHeader(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)4479 ArgusPrintRecordHeader (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
4480 {
4481 char *ArgusTypeStr = NULL;
4482 char ArgusTypeBuf[32];
4483
4484 switch (argus->hdr.type & 0xF0) {
4485 case ARGUS_MAR: ArgusTypeStr = "management"; break;
4486 case ARGUS_FAR: ArgusTypeStr = "flow"; break;
4487 case ARGUS_NETFLOW: ArgusTypeStr = "netFlow"; break;
4488 case ARGUS_INDEX: ArgusTypeStr = "index"; break;
4489 case ARGUS_DATASUP: ArgusTypeStr = "supplement"; break;
4490 case ARGUS_ARCHIVAL: ArgusTypeStr = "archive"; break;
4491 case ARGUS_EVENT: ArgusTypeStr = "event"; break;
4492 case ARGUS_VFLOW: ArgusTypeStr = "vflow"; break;
4493 default: ArgusTypeStr = "unknown"; break;
4494 }
4495
4496 if (parser->ArgusPrintJson) {
4497 snprintf(buf, len, "{ \"type\":\"%s\",", ArgusTypeStr);
4498 } else
4499 if (parser->ArgusPrintXml) {
4500 snprintf (ArgusTypeBuf, 32, "%s", ArgusTypeStr);
4501 snprintf(&buf[strlen(buf)], len, " <Argus%sRecord ", ArgusTypeStr);
4502 }
4503 }
4504
4505 void
ArgusPrintRecordCloser(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)4506 ArgusPrintRecordCloser (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
4507 {
4508 if (buf != NULL) {
4509 if (parser->ArgusPrintJson) {
4510 sprintf(&buf[strlen(buf)], "}");
4511 } else {
4512 if (parser->ArgusPrintXml) {
4513 char ArgusTypeBuf[32], *ArgusTypeStr = ArgusTypeBuf;
4514
4515 snprintf (ArgusTypeBuf, 32, " ");
4516
4517 switch (argus->hdr.type & 0xF0) {
4518 case ARGUS_MAR: snprintf (ArgusTypeBuf, 32, "Management"); break;
4519 case ARGUS_FAR: snprintf (ArgusTypeBuf, 32, "Flow"); break;
4520 case ARGUS_NETFLOW: snprintf (ArgusTypeBuf, 32, "NetFlow"); break;
4521 case ARGUS_INDEX: snprintf (ArgusTypeBuf, 32, "Index"); break;
4522 case ARGUS_DATASUP: snprintf (ArgusTypeBuf, 32, "Supplement"); break;
4523 case ARGUS_ARCHIVAL: snprintf (ArgusTypeBuf, 32, "Archive"); break;
4524 case ARGUS_EVENT: snprintf (ArgusTypeBuf, 32, "Event"); break;
4525 case ARGUS_VFLOW: snprintf (ArgusTypeBuf, 32, "Vflow"); break;
4526 default: snprintf (ArgusTypeBuf, 32, "Unknown"); break;
4527 }
4528 snprintf(&buf[strlen(buf)], len, "></Argus%sRecord>", ArgusTypeStr);
4529 }
4530 }
4531 }
4532 }
4533
4534
4535 void
ArgusPrintBssid(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)4536 ArgusPrintBssid (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
4537 {
4538 struct ArgusFlow *flow;
4539 int type = 0;
4540
4541 switch (argus->hdr.type & 0xF0) {
4542 case ARGUS_MAR:
4543 case ARGUS_EVENT:
4544 case ARGUS_NETFLOW: {
4545 if (parser->ArgusPrintXml) {
4546 } else {
4547 switch (parser->RaFieldWidth) {
4548 case RA_FIXED_WIDTH:
4549 sprintf (buf, "%*.*s ", len, len, "");
4550 break;
4551 default:
4552 sprintf (buf, "%s ", "");
4553 break;
4554 }
4555 }
4556 break;
4557 }
4558
4559 case ARGUS_FAR: {
4560 char ArgusBssidStr[36];
4561 bzero(ArgusBssidStr, sizeof(ArgusBssidStr));
4562
4563 if (((flow = (void *)argus->dsrs[ARGUS_FLOW_INDEX]) != NULL)) {
4564 switch (flow->hdr.subtype & 0x3F) {
4565 case ARGUS_FLOW_CLASSIC5TUPLE:
4566 case ARGUS_FLOW_LAYER_3_MATRIX: {
4567 switch (type = (flow->hdr.argus_dsrvl8.qual & 0x1F)) {
4568 case ARGUS_TYPE_WLAN: {
4569 char *macstr = etheraddr_string (parser, flow->wlan_flow.bssid);
4570 bcopy(macstr, ArgusBssidStr, strlen(macstr));
4571 break;
4572 }
4573
4574 default:
4575 break;
4576 }
4577 break;
4578 }
4579
4580 default:
4581 break;
4582 }
4583 }
4584
4585 if (parser->ArgusPrintXml) {
4586 if (strlen(ArgusBssidStr))
4587 sprintf (buf, " Bssid = \"%s\"", ArgusBssidStr);
4588 } else {
4589 switch (parser->RaFieldWidth) {
4590 case RA_FIXED_WIDTH: {
4591 sprintf (buf, "%*.*s ", len, len, ArgusBssidStr);
4592 if (strlen(ArgusBssidStr) > len) {
4593 buf[len - 1] = '*';
4594 buf[len] = '\0';
4595 }
4596 break;
4597 }
4598 default:
4599 sprintf (buf, "%s ", ArgusBssidStr);
4600 break;
4601 }
4602 }
4603 break;
4604 }
4605 }
4606
4607 #ifdef ARGUSDEBUG
4608 ArgusDebug (10, "ArgusPrintBssid (%p, %p)", buf, argus);
4609 #endif
4610 }
4611
4612
4613 void
ArgusPrintSsid(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)4614 ArgusPrintSsid (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
4615 {
4616 struct ArgusFlow *flow;
4617 int type = 0;
4618
4619 switch (argus->hdr.type & 0xF0) {
4620 case ARGUS_MAR:
4621 case ARGUS_EVENT:
4622 case ARGUS_NETFLOW: {
4623 if (parser->ArgusPrintXml) {
4624 } else {
4625 switch (parser->RaFieldWidth) {
4626 case RA_FIXED_WIDTH:
4627 sprintf (buf, "%*.*s ", len, len, "");
4628 break;
4629 default:
4630 sprintf (buf, "%s ", "");
4631 break;
4632 }
4633 }
4634 break;
4635 }
4636
4637 case ARGUS_FAR: {
4638 char ArgusSsidStr[36];
4639 bzero(ArgusSsidStr, sizeof(ArgusSsidStr));
4640
4641 if (((flow = (void *)argus->dsrs[ARGUS_FLOW_INDEX]) != NULL)) {
4642 switch (flow->hdr.subtype & 0x3F) {
4643 case ARGUS_FLOW_CLASSIC5TUPLE:
4644 case ARGUS_FLOW_LAYER_3_MATRIX: {
4645 switch (type = (flow->hdr.argus_dsrvl8.qual & 0x1F)) {
4646 case ARGUS_TYPE_WLAN: {
4647 int len = strlen(flow->wlan_flow.ssid);
4648 if (len > 32) len = 32;
4649 bcopy(flow->wlan_flow.ssid, ArgusSsidStr, len);
4650 break;
4651 }
4652
4653 default:
4654 break;
4655 }
4656 break;
4657 }
4658
4659 default:
4660 break;
4661 }
4662 }
4663
4664 if (parser->ArgusPrintXml) {
4665 if (strlen(ArgusSsidStr))
4666 sprintf (buf, " Ssid = \"%s\"", ArgusSsidStr);
4667 } else {
4668 switch (parser->RaFieldWidth) {
4669 case RA_FIXED_WIDTH:
4670 sprintf (buf, "%*.*s ", len, len, ArgusSsidStr);
4671 if (strlen(ArgusSsidStr) > len) {
4672 buf[len - 1] = '*';
4673 buf[len] = '\0';
4674 }
4675 break;
4676 default:
4677 sprintf (buf, "%s ", ArgusSsidStr);
4678 break;
4679 }
4680 }
4681 break;
4682 }
4683 }
4684
4685 #ifdef ARGUSDEBUG
4686 ArgusDebug (10, "ArgusPrintSsid (%p, %p)", buf, argus);
4687 #endif
4688 }
4689
4690 void
ArgusPrintCause(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)4691 ArgusPrintCause (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
4692 {
4693 char *ArgusCauseStr = NULL;
4694
4695 switch (argus->hdr.cause & 0xF0) {
4696 case ARGUS_START: ArgusCauseStr = "Start"; break;
4697 case ARGUS_STATUS: ArgusCauseStr = "Status"; break;
4698 case ARGUS_STOP: ArgusCauseStr = "Stop"; break;
4699 case ARGUS_SHUTDOWN: ArgusCauseStr = "Shutdown"; break;
4700 case ARGUS_TIMEOUT: ArgusCauseStr = "Timeout"; break;
4701 case ARGUS_ERROR: ArgusCauseStr = "Error"; break;
4702 default: ArgusCauseStr = "Unknown"; break;
4703 }
4704
4705 if (parser->ArgusPrintXml) {
4706 sprintf (buf, " Cause = \"%s\"", ArgusCauseStr);
4707 } else {
4708 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
4709 len = strlen(ArgusCauseStr);
4710 else {
4711 if (strlen(ArgusCauseStr) > len) {
4712 ArgusCauseStr[len - 1] = '*';
4713 ArgusCauseStr[len] = '\0';
4714 }
4715 }
4716 sprintf (buf, "%*.*s ", len, len, ArgusCauseStr);
4717 }
4718
4719 #ifdef ARGUSDEBUG
4720 ArgusDebug (10, "ArgusPrintCause (%p, %p, %d)", buf, argus, len);
4721 #endif
4722 }
4723
4724 void
ArgusPrintStartDate(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)4725 ArgusPrintStartDate (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
4726 {
4727 struct timeval tvpbuf, *tvp = &tvpbuf;
4728 char tbuf[256];
4729
4730 switch (argus->hdr.type & 0xF0) {
4731 case ARGUS_MAR: {
4732 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
4733 tvp->tv_sec = rec->argus_mar.now.tv_sec;
4734 tvp->tv_usec = rec->argus_mar.now.tv_usec;
4735 break;
4736 }
4737
4738 case ARGUS_EVENT:
4739 case ARGUS_NETFLOW:
4740 case ARGUS_FAR: {
4741 long long stime = ArgusFetchStartuSecTime(argus);
4742
4743 tvp->tv_sec = stime / 1000000;
4744 tvp->tv_usec = stime % 1000000;
4745 }
4746 }
4747
4748 bzero(tbuf, sizeof(tbuf));
4749 ArgusPrintTime(parser, tbuf, tvp);
4750
4751 if (strchr (tbuf, '.'))
4752 len += parser->pflag;
4753
4754 if (parser->ArgusPrintXml) {
4755 sprintf (buf, " StartTime = \"%s\"", tbuf);
4756 } else {
4757 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
4758 len = strlen(tbuf);
4759 } else {
4760 if (strlen(tbuf) > len) {
4761 tbuf[len - 1] = '*';
4762 tbuf[len] = '\0';
4763 }
4764 }
4765 sprintf (buf, "%*.*s ", len, len, tbuf);
4766 }
4767
4768 #ifdef ARGUSDEBUG
4769 ArgusDebug (10, "ArgusPrintStartDate (%p, %p, %d)", buf, argus, len);
4770 #endif
4771 }
4772
4773 void
ArgusPrintLastDate(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)4774 ArgusPrintLastDate (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
4775 {
4776 struct timeval tvpbuf, *tvp = &tvpbuf;
4777 char tbuf[256];
4778
4779 len += parser->pflag;
4780
4781 switch (argus->hdr.type & 0xF0) {
4782 case ARGUS_MAR: {
4783 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
4784 tvp->tv_sec = rec->argus_mar.startime.tv_sec;
4785 tvp->tv_usec = rec->argus_mar.startime.tv_usec;
4786 break;
4787 }
4788
4789 case ARGUS_EVENT:
4790 case ARGUS_NETFLOW:
4791 case ARGUS_FAR: {
4792 long long stime = ArgusFetchLastuSecTime(argus);
4793
4794 tvp->tv_sec = stime / 1000000;
4795 tvp->tv_usec = stime % 1000000;
4796 }
4797 }
4798
4799 bzero(tbuf, sizeof(tbuf));
4800 ArgusPrintTime(parser, tbuf, tvp);
4801
4802 if (parser->ArgusPrintXml) {
4803 sprintf (buf, " LastTime = \"%s\"", tbuf);
4804 } else {
4805 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
4806 len = strlen(tbuf);
4807 } else {
4808 if (strlen(tbuf) > len) {
4809 tbuf[len - 1] = '*';
4810 tbuf[len] = '\0';
4811 }
4812 }
4813 sprintf (buf, "%*.*s ", len, len, tbuf);
4814 }
4815
4816 #ifdef ARGUSDEBUG
4817 ArgusDebug (10, "ArgusPrintLastDate (%p, %p %d)", buf, argus, len);
4818 #endif
4819 }
4820
4821
4822 void
ArgusPrintSrcStartDate(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)4823 ArgusPrintSrcStartDate (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
4824 {
4825 struct timeval tvpbuf, *tvp = &tvpbuf;
4826 char tbuf[256];
4827
4828 len += parser->pflag;
4829
4830 switch (argus->hdr.type & 0xF0) {
4831 case ARGUS_MAR: {
4832 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
4833 if (rec != NULL) {
4834 tvp->tv_sec = rec->argus_mar.startime.tv_sec;
4835 tvp->tv_usec = rec->argus_mar.startime.tv_usec;
4836 }
4837 break;
4838 }
4839
4840 case ARGUS_EVENT:
4841 case ARGUS_NETFLOW:
4842 case ARGUS_FAR: {
4843 struct ArgusTimeObject *dtime = (struct ArgusTimeObject *)argus->dsrs[ARGUS_TIME_INDEX];
4844 if (dtime != NULL) {
4845 tvp->tv_sec = dtime->src.start.tv_sec;
4846 tvp->tv_usec = dtime->src.start.tv_usec;
4847 }
4848 }
4849 }
4850
4851 bzero(tbuf, sizeof(tbuf));
4852 ArgusPrintTime(parser, tbuf, tvp);
4853
4854 if (parser->ArgusPrintXml) {
4855 sprintf (buf, " SrcStartTime = \"%s\"", tbuf);
4856
4857 } else {
4858 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
4859 len = strlen(tbuf);
4860 } else {
4861 if (strlen(tbuf) > len) {
4862 tbuf[len - 1] = '*';
4863 tbuf[len] = '\0';
4864 }
4865 }
4866 sprintf (buf, "%*.*s ", len, len, tbuf);
4867 }
4868
4869 #ifdef ARGUSDEBUG
4870 ArgusDebug (10, "ArgusPrintSrcStartDate (%p, %p, %d)", buf, argus, len);
4871 #endif
4872 }
4873
4874
4875 void
ArgusPrintSrcLastDate(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)4876 ArgusPrintSrcLastDate (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
4877 {
4878 struct timeval tvpbuf, *tvp = &tvpbuf;
4879 char tbuf[256];
4880
4881 len += parser->pflag;
4882
4883 switch (argus->hdr.type & 0xF0) {
4884 case ARGUS_MAR: {
4885 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
4886 if (rec != NULL) {
4887 tvp->tv_sec = rec->argus_mar.now.tv_sec;
4888 tvp->tv_usec = rec->argus_mar.now.tv_usec;
4889 }
4890 break;
4891 }
4892
4893 case ARGUS_EVENT:
4894 case ARGUS_NETFLOW:
4895 case ARGUS_FAR: {
4896 struct ArgusTimeObject *dtime = (struct ArgusTimeObject *)argus->dsrs[ARGUS_TIME_INDEX];
4897 if (dtime != NULL) {
4898 tvp->tv_sec = dtime->src.end.tv_sec;
4899 tvp->tv_usec = dtime->src.end.tv_usec;
4900 }
4901 }
4902 }
4903
4904 bzero(tbuf, sizeof(tbuf));
4905 ArgusPrintTime(parser, tbuf, tvp);
4906
4907 if (parser->ArgusPrintXml) {
4908 sprintf (buf, " SrcLastTime = \"%s\"", tbuf);
4909 } else {
4910 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
4911 len = strlen(tbuf);
4912 } else {
4913 if (strlen(tbuf) > len) {
4914 tbuf[len - 1] = '*';
4915 tbuf[len] = '\0';
4916 }
4917 }
4918 sprintf (buf, "%*.*s ", len, len, tbuf);
4919 }
4920
4921 #ifdef ARGUSDEBUG
4922 ArgusDebug (10, "ArgusPrintSrcLastDate (%p, %p, %d)", buf, argus, len);
4923 #endif
4924 }
4925
4926
4927 void
ArgusPrintDstStartDate(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)4928 ArgusPrintDstStartDate (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
4929 {
4930 struct timeval tvpbuf, *tvp = &tvpbuf;
4931 char tbuf[256];
4932
4933 len += parser->pflag;
4934 bzero(tvp, sizeof(tvpbuf));
4935
4936 switch (argus->hdr.type & 0xF0) {
4937 case ARGUS_MAR: {
4938 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
4939 if (rec != NULL) {
4940 tvp->tv_sec = rec->argus_mar.startime.tv_sec;
4941 tvp->tv_usec = rec->argus_mar.startime.tv_usec;
4942 }
4943 break;
4944 }
4945
4946 case ARGUS_EVENT:
4947 case ARGUS_NETFLOW:
4948 case ARGUS_FAR: {
4949 struct ArgusTimeObject *dtime = (struct ArgusTimeObject *)argus->dsrs[ARGUS_TIME_INDEX];
4950 if (dtime != NULL) {
4951 tvp->tv_sec = dtime->dst.start.tv_sec;
4952 tvp->tv_usec = dtime->dst.start.tv_usec;
4953 }
4954 }
4955 }
4956
4957 bzero(tbuf, sizeof(tbuf));
4958 ArgusPrintTime(parser, tbuf, tvp);
4959
4960 if (parser->ArgusPrintXml) {
4961 sprintf (buf, " DstStartTime = \"%s\"", tbuf);
4962
4963 } else {
4964 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
4965 len = strlen(tbuf);
4966 } else {
4967 if (strlen(tbuf) > len) {
4968 tbuf[len - 1] = '*';
4969 tbuf[len] = '\0';
4970 }
4971 }
4972 sprintf (buf, "%*.*s ", len, len, tbuf);
4973 }
4974
4975 #ifdef ARGUSDEBUG
4976 ArgusDebug (10, "ArgusPrintDstStartDate (%p, %p, %d)", buf, argus, len);
4977 #endif
4978 }
4979
4980
4981 void
ArgusPrintDstLastDate(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)4982 ArgusPrintDstLastDate (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
4983 {
4984 struct timeval tvpbuf, *tvp = &tvpbuf;
4985 char tbuf[256];
4986
4987 len += parser->pflag;
4988 bzero(tvp, sizeof(tvpbuf));
4989
4990 switch (argus->hdr.type & 0xF0) {
4991 case ARGUS_MAR: {
4992 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
4993 if (rec != NULL) {
4994 tvp->tv_sec = rec->argus_mar.now.tv_sec;
4995 tvp->tv_usec = rec->argus_mar.now.tv_usec;
4996 }
4997 break;
4998 }
4999
5000 case ARGUS_EVENT:
5001 case ARGUS_NETFLOW:
5002 case ARGUS_FAR: {
5003 struct ArgusTimeObject *dtime = (struct ArgusTimeObject *)argus->dsrs[ARGUS_TIME_INDEX];
5004 if (dtime != NULL) {
5005 tvp->tv_sec = dtime->dst.end.tv_sec;
5006 tvp->tv_usec = dtime->dst.end.tv_usec;
5007 }
5008 }
5009 }
5010
5011 bzero(tbuf, sizeof(tbuf));
5012 ArgusPrintTime(parser, tbuf, tvp);
5013
5014 if (parser->ArgusPrintXml) {
5015 sprintf (buf, " DstLastTime = \"%s\"", tbuf);
5016 } else {
5017 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
5018 len = strlen(tbuf);
5019 } else {
5020 if (strlen(tbuf) > len) {
5021 tbuf[len - 1] = '*';
5022 tbuf[len] = '\0';
5023 }
5024 }
5025 sprintf (buf, "%*.*s ", len, len, tbuf);
5026 }
5027
5028 #ifdef ARGUSDEBUG
5029 ArgusDebug (10, "ArgusPrintDstLastDate (%p, %p, %d)", buf, argus, len);
5030 #endif
5031 }
5032
5033
5034
5035 void
ArgusPrintRelativeDate(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)5036 ArgusPrintRelativeDate (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
5037 {
5038 struct timeval tvpbuf, *tvp = &tvpbuf;
5039 char tbuf[256], *ptr;
5040
5041 switch (argus->hdr.type & 0xF0) {
5042 case ARGUS_MAR: {
5043 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
5044 if (rec != NULL) {
5045 tvp->tv_sec = rec->argus_mar.now.tv_sec;
5046 tvp->tv_usec = rec->argus_mar.now.tv_usec;
5047 }
5048 break;
5049 }
5050
5051 case ARGUS_EVENT:
5052 case ARGUS_NETFLOW:
5053 case ARGUS_FAR: {
5054 struct ArgusTimeObject *dtime = (struct ArgusTimeObject *)argus->dsrs[ARGUS_TIME_INDEX];
5055
5056 if (parser->ArgusStartTimeVal.tv_sec == 0) {
5057 parser->ArgusStartTimeVal.tv_sec = dtime->src.start.tv_sec;
5058 parser->ArgusStartTimeVal.tv_usec = dtime->src.start.tv_usec;
5059 }
5060
5061 if (dtime != NULL)
5062 RaDiffTime ((struct timeval *)&dtime->src.start, &parser->ArgusStartTimeVal, tvp);
5063 break;
5064 }
5065 }
5066
5067 bzero(tbuf, sizeof(tbuf));
5068
5069 sprintf (tbuf, "%d", (int) tvp->tv_sec);
5070
5071 if (parser->pflag) {
5072 while (isspace((int)tbuf[strlen(tbuf) - 1]))
5073 tbuf[strlen(tbuf) - 1] = '\0';
5074 ptr = &tbuf[strlen(tbuf)];
5075 sprintf (ptr, ".%06u", (int) tvp->tv_usec);
5076 ptr[parser->pflag] = '\0';
5077 }
5078
5079 if (parser->ArgusPrintXml) {
5080 sprintf (buf, " RelativeDate = \"%s\"", tbuf);
5081 } else {
5082 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
5083 len = strlen(tbuf);
5084 } else {
5085 if (strlen(tbuf) > len) {
5086 tbuf[len - 1] = '*';
5087 tbuf[len] = '\0';
5088 }
5089 }
5090 sprintf (buf, "%*.*s ", len, len, tbuf);
5091 }
5092
5093 #ifdef ARGUSDEBUG
5094 ArgusDebug (10, "ArgusPrintRelativeDate (%p, %p, %d)", buf, argus, len);
5095 #endif
5096 }
5097
5098 void
ArgusPrintByteOffset(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)5099 ArgusPrintByteOffset (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
5100 {
5101 char tbuf[32];
5102
5103 bzero(tbuf, sizeof(tbuf));
5104 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__APPLE_CC__) || defined(__APPLE__) || defined(ARGUS_SOLARIS)
5105 sprintf (tbuf, "%llu", argus->offset);
5106 #else
5107 sprintf (tbuf, "%Lu", argus->offset);
5108 #endif
5109
5110 if (parser->ArgusPrintXml) {
5111 sprintf (buf, " ByteOffset = \"%s\"", tbuf);
5112 } else {
5113 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
5114 len = strlen(tbuf);
5115 } else {
5116 if (strlen(tbuf) > len) {
5117 tbuf[len - 1] = '*';
5118 tbuf[len] = '\0';
5119 }
5120 }
5121 sprintf (buf, "%*.*s ", len, len, tbuf);
5122 }
5123
5124 #ifdef ARGUSDEBUG
5125 ArgusDebug (10, "ArgusPrintByteOffset (%p, %p, %d)", buf, argus, len);
5126 #endif
5127 }
5128
5129 void
ArgusPrintAutoId(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)5130 ArgusPrintAutoId (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
5131 {
5132 char tbuf[32];
5133
5134 bzero(tbuf, sizeof(tbuf));
5135 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__APPLE_CC__) || defined(__APPLE__) || defined(ARGUS_SOLARIS)
5136 sprintf (tbuf, "%d", argus->autoid);
5137 #else
5138 sprintf (tbuf, "%d", argus->autoid);
5139 #endif
5140
5141 if (parser->ArgusPrintXml) {
5142 sprintf (buf, " AutoId = \"%s\"", tbuf);
5143 } else {
5144 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
5145 len = strlen(tbuf);
5146 } else {
5147 if (strlen(tbuf) > len) {
5148 tbuf[len - 1] = '*';
5149 tbuf[len] = '\0';
5150 }
5151 }
5152 sprintf (buf, "%*.*s ", len, len, tbuf);
5153 }
5154
5155 #ifdef ARGUSDEBUG
5156 ArgusDebug (10, "ArgusPrintAutoId (%p, %p, %d)", buf, argus, len);
5157 #endif
5158 }
5159
5160
5161
5162 float
RaGetFloatDuration(struct ArgusRecordStruct * argus)5163 RaGetFloatDuration (struct ArgusRecordStruct *argus)
5164 {
5165 float retn = 0;
5166 int sec = 0, usec = 0;
5167
5168 switch (argus->hdr.type & 0xF0) {
5169 case ARGUS_MAR: {
5170 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
5171 if (rec != NULL) {
5172 sec = rec->argus_mar.now.tv_sec - rec->argus_mar.startime.tv_sec;
5173 usec = rec->argus_mar.now.tv_usec - rec->argus_mar.startime.tv_usec;
5174 }
5175 break;
5176 }
5177
5178 case ARGUS_EVENT:
5179 case ARGUS_NETFLOW:
5180 case ARGUS_FAR: {
5181 struct ArgusTimeObject *dtime = (void *)argus->dsrs[ARGUS_TIME_INDEX];
5182 if (dtime != NULL) {
5183 struct timeval stbuf, *st = &stbuf;
5184 struct timeval ltbuf, *lt = <buf;
5185 struct timeval stimebuf, *stime = &stimebuf;
5186 struct timeval ltimebuf, *ltime = <imebuf;
5187
5188 unsigned char subtype = dtime->hdr.subtype & (ARGUS_TIME_SRC_START | ARGUS_TIME_DST_START |
5189 ARGUS_TIME_SRC_END | ARGUS_TIME_DST_END);
5190 if (subtype) {
5191 switch (subtype) {
5192 case ARGUS_TIME_SRC_START | ARGUS_TIME_DST_START |
5193 ARGUS_TIME_DST_END: {
5194 st->tv_sec = dtime->src.start.tv_sec;
5195 st->tv_usec = dtime->src.start.tv_usec;
5196 lt->tv_sec = dtime->dst.start.tv_sec;
5197 lt->tv_usec = dtime->dst.start.tv_usec;
5198 *stime = *RaMinTime(st, lt);
5199
5200 st->tv_sec = dtime->src.start.tv_sec;
5201 st->tv_usec = dtime->src.start.tv_usec;
5202 lt->tv_sec = dtime->dst.end.tv_sec;
5203 lt->tv_usec = dtime->dst.end.tv_usec;
5204 *ltime = *RaMaxTime(st, lt);
5205 break;
5206 }
5207
5208 case ARGUS_TIME_SRC_START | ARGUS_TIME_DST_START |
5209 ARGUS_TIME_SRC_END: {
5210 st->tv_sec = dtime->src.start.tv_sec;
5211 st->tv_usec = dtime->src.start.tv_usec;
5212 lt->tv_sec = dtime->dst.start.tv_sec;
5213 lt->tv_usec = dtime->dst.start.tv_usec;
5214 *stime = *RaMinTime(st, lt);
5215
5216 st->tv_sec = dtime->dst.start.tv_sec;
5217 st->tv_usec = dtime->dst.start.tv_usec;
5218 lt->tv_sec = dtime->src.end.tv_sec;
5219 lt->tv_usec = dtime->src.end.tv_usec;
5220 *ltime = *RaMaxTime(st, lt);
5221 }
5222
5223 case ARGUS_TIME_SRC_START | ARGUS_TIME_DST_START |
5224 ARGUS_TIME_SRC_END | ARGUS_TIME_DST_END: {
5225 st->tv_sec = dtime->src.start.tv_sec;
5226 st->tv_usec = dtime->src.start.tv_usec;
5227 lt->tv_sec = dtime->dst.start.tv_sec;
5228 lt->tv_usec = dtime->dst.start.tv_usec;
5229 *stime = *RaMinTime(st, lt);
5230
5231 st->tv_sec = dtime->src.end.tv_sec;
5232 st->tv_usec = dtime->src.end.tv_usec;
5233 lt->tv_sec = dtime->dst.end.tv_sec;
5234 lt->tv_usec = dtime->dst.end.tv_usec;
5235 *ltime = *RaMaxTime(st, lt);
5236 break;
5237 }
5238
5239 case ARGUS_TIME_SRC_START: {
5240 st->tv_sec = dtime->src.start.tv_sec;
5241 st->tv_usec = dtime->src.start.tv_usec;
5242
5243 *stime = *st;
5244 *ltime = *st;
5245 break;
5246 }
5247
5248 case ARGUS_TIME_SRC_START | ARGUS_TIME_SRC_END: {
5249 st->tv_sec = dtime->src.start.tv_sec;
5250 st->tv_usec = dtime->src.start.tv_usec;
5251 lt->tv_sec = dtime->src.end.tv_sec;
5252 lt->tv_usec = dtime->src.end.tv_usec;
5253
5254 *stime = *st;
5255 *ltime = *lt;
5256 break;
5257 }
5258
5259 case ARGUS_TIME_DST_START: {
5260 st->tv_sec = dtime->dst.start.tv_sec;
5261 st->tv_usec = dtime->dst.start.tv_usec;
5262
5263 *stime = *st;
5264 *ltime = *st;
5265 break;
5266 }
5267
5268 case ARGUS_TIME_DST_START | ARGUS_TIME_DST_END: {
5269 st->tv_sec = dtime->dst.start.tv_sec;
5270 st->tv_usec = dtime->dst.start.tv_usec;
5271 lt->tv_sec = dtime->dst.end.tv_sec;
5272 lt->tv_usec = dtime->dst.end.tv_usec;
5273
5274 *stime = *st;
5275 *ltime = *lt;
5276 break;
5277 }
5278
5279 case ARGUS_TIME_SRC_START | ARGUS_TIME_DST_END: {
5280 st->tv_sec = dtime->src.start.tv_sec;
5281 st->tv_usec = dtime->src.start.tv_usec;
5282 lt->tv_sec = dtime->dst.end.tv_sec;
5283 lt->tv_usec = dtime->dst.end.tv_usec;
5284
5285 *stime = *st;
5286 *ltime = *lt;
5287 break;
5288 }
5289
5290 case ARGUS_TIME_DST_START | ARGUS_TIME_SRC_END: {
5291 st->tv_sec = dtime->dst.start.tv_sec;
5292 st->tv_usec = dtime->dst.start.tv_usec;
5293 lt->tv_sec = dtime->src.end.tv_sec;
5294 lt->tv_usec = dtime->src.end.tv_usec;
5295
5296 *stime = *st;
5297 *ltime = *lt;
5298 break;
5299 }
5300
5301 case ARGUS_TIME_SRC_START | ARGUS_TIME_DST_START: {
5302 st->tv_sec = dtime->src.start.tv_sec;
5303 st->tv_usec = dtime->src.start.tv_usec;
5304 lt->tv_sec = dtime->dst.start.tv_sec;
5305 lt->tv_usec = dtime->dst.start.tv_usec;
5306 *stime = *RaMinTime(st, lt);
5307 *ltime = *RaMaxTime(st, lt);
5308 break;
5309 }
5310
5311 default:
5312 break;
5313 }
5314
5315 } else {
5316 st->tv_sec = dtime->src.start.tv_sec;
5317 st->tv_usec = dtime->src.start.tv_usec;
5318 lt->tv_sec = dtime->src.end.tv_sec;
5319 lt->tv_usec = dtime->src.end.tv_usec;
5320 stime = st;
5321 ltime = lt;
5322 }
5323
5324
5325 if (stime && ltime) {
5326 sec = ltime->tv_sec - stime->tv_sec;
5327 usec = ltime->tv_usec - stime->tv_usec;
5328 }
5329 }
5330 break;
5331 }
5332 }
5333 retn = (sec * 1.0) + usec/1000000.0;
5334 return (retn);
5335 }
5336
5337
5338 float
RaGetFloatSrcDuration(struct ArgusRecordStruct * argus)5339 RaGetFloatSrcDuration (struct ArgusRecordStruct *argus)
5340 {
5341 float retn = 0;
5342 int sec = 0, usec = 0;
5343
5344 switch (argus->hdr.type & 0xF0) {
5345 case ARGUS_MAR: {
5346 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
5347 if (rec != NULL) {
5348 sec = rec->argus_mar.now.tv_sec - rec->argus_mar.startime.tv_sec;
5349 usec = rec->argus_mar.now.tv_usec - rec->argus_mar.startime.tv_usec;
5350 }
5351 break;
5352 }
5353
5354 case ARGUS_EVENT:
5355 case ARGUS_NETFLOW:
5356 case ARGUS_FAR: {
5357 struct ArgusTimeObject *dtime = (void *)argus->dsrs[ARGUS_TIME_INDEX];
5358 if (dtime != NULL) {
5359 struct timeval *stime = NULL;
5360 struct timeval *ltime = NULL;
5361 struct timeval stbuf, *st = &stbuf;
5362 struct timeval ltbuf, *lt = <buf;
5363
5364 st->tv_sec = dtime->src.start.tv_sec;
5365 st->tv_usec = dtime->src.start.tv_usec;
5366 lt->tv_sec = dtime->src.end.tv_sec;
5367 lt->tv_usec = dtime->src.end.tv_usec;
5368 stime = st;
5369 ltime = lt;
5370
5371 if (stime && ltime) {
5372 sec = ltime->tv_sec - stime->tv_sec;
5373 usec = ltime->tv_usec - stime->tv_usec;
5374 }
5375 }
5376 break;
5377 }
5378 }
5379
5380 if ((sec == 0) && (usec == 0))
5381 retn = 0;
5382 else
5383 retn = (sec * 1.0) + usec/1000000.0;
5384
5385 return (retn);
5386 }
5387
5388
5389 float
RaGetFloatDstDuration(struct ArgusRecordStruct * argus)5390 RaGetFloatDstDuration (struct ArgusRecordStruct *argus)
5391 {
5392 float retn = 0;
5393 int sec = 0, usec = 0;
5394
5395 switch (argus->hdr.type & 0xF0) {
5396 case ARGUS_MAR: {
5397 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
5398 if (rec != NULL) {
5399 sec = rec->argus_mar.now.tv_sec - rec->argus_mar.startime.tv_sec;
5400 usec = rec->argus_mar.now.tv_usec - rec->argus_mar.startime.tv_usec;
5401 }
5402 break;
5403 }
5404
5405 case ARGUS_EVENT:
5406 case ARGUS_NETFLOW:
5407 case ARGUS_FAR: {
5408 struct ArgusTimeObject *dtime;
5409 if ((dtime = (void *)argus->dsrs[ARGUS_TIME_INDEX]) != NULL) {
5410 struct timeval *stime = NULL;
5411 struct timeval *ltime = NULL;
5412 struct timeval stbuf, *st = &stbuf;
5413 struct timeval ltbuf, *lt = <buf;
5414
5415 st->tv_sec = dtime->dst.start.tv_sec;
5416 st->tv_usec = dtime->dst.start.tv_usec;
5417 lt->tv_sec = dtime->dst.end.tv_sec;
5418 lt->tv_usec = dtime->dst.end.tv_usec;
5419 stime = st;
5420 ltime = lt;
5421
5422 if (stime && ltime) {
5423 sec = ltime->tv_sec - stime->tv_sec;
5424 usec = ltime->tv_usec - stime->tv_usec;
5425 }
5426 }
5427 break;
5428 }
5429 }
5430
5431 retn = (sec * 1.0) + usec/1000000.0;
5432 return (retn);
5433 }
5434
5435
5436 float
RaGetFloatMean(struct ArgusRecordStruct * argus)5437 RaGetFloatMean (struct ArgusRecordStruct *argus)
5438 {
5439 float retn = 0.0;
5440
5441 switch (argus->hdr.type & 0xF0) {
5442 case ARGUS_MAR:
5443 break;
5444
5445 case ARGUS_EVENT:
5446 case ARGUS_NETFLOW:
5447 case ARGUS_FAR: {
5448 struct ArgusAgrStruct *agr;
5449 if ((agr = (struct ArgusAgrStruct *) argus->dsrs[ARGUS_AGR_INDEX]) != NULL)
5450 retn = agr->act.meanval;
5451 }
5452 }
5453
5454 return (retn);
5455 }
5456
5457 float
RaGetFloatIdleTime(struct ArgusRecordStruct * argus)5458 RaGetFloatIdleTime (struct ArgusRecordStruct *argus)
5459 {
5460 float retn = 0.0;
5461
5462 switch (argus->hdr.type & 0xF0) {
5463 case ARGUS_MAR:
5464 break;
5465
5466 case ARGUS_EVENT:
5467 case ARGUS_NETFLOW:
5468 case ARGUS_FAR: {
5469 double qtime = 0.0, rtime = 0.0;
5470 double value = 0.0;
5471
5472 rtime = (ArgusParser->ArgusRealTime.tv_sec * 1.0) + (ArgusParser->ArgusRealTime.tv_usec / 1000000.0);
5473 qtime = (argus->qhdr.lasttime.tv_sec * 1.0) + (argus->qhdr.lasttime.tv_usec / 1000000.0);
5474 value = rtime - qtime;
5475 retn = value;
5476
5477 break;
5478 }
5479 }
5480
5481 return (retn);
5482 }
5483
5484 float
RaGetFloatSum(struct ArgusRecordStruct * argus)5485 RaGetFloatSum (struct ArgusRecordStruct *argus)
5486 {
5487 float retn = 0.0;
5488
5489 if (argus->hdr.type & ARGUS_MAR) {
5490 } else {
5491 struct ArgusAgrStruct *agr;
5492 if ((agr = (struct ArgusAgrStruct *) argus->dsrs[ARGUS_AGR_INDEX]) != NULL)
5493 retn = agr->act.meanval * agr->act.n;
5494 }
5495
5496 return (retn);
5497 }
5498
5499 float
RaGetFloatMin(struct ArgusRecordStruct * argus)5500 RaGetFloatMin (struct ArgusRecordStruct *argus)
5501 {
5502 float retn = 0.0;
5503
5504 switch (argus->hdr.type & 0xF0) {
5505 case ARGUS_MAR:
5506 break;
5507
5508 case ARGUS_EVENT:
5509 case ARGUS_NETFLOW:
5510 case ARGUS_FAR: {
5511 struct ArgusAgrStruct *agr;
5512 if ((agr = (struct ArgusAgrStruct *) argus->dsrs[ARGUS_AGR_INDEX]) != NULL)
5513 retn = agr->act.minval;
5514 break;
5515 }
5516 }
5517
5518 return (retn);
5519 }
5520
5521 float
RaGetFloatMax(struct ArgusRecordStruct * argus)5522 RaGetFloatMax (struct ArgusRecordStruct *argus)
5523 {
5524 float retn = 0.0;
5525
5526 switch (argus->hdr.type & 0xF0) {
5527 case ARGUS_MAR:
5528 break;
5529
5530 case ARGUS_EVENT:
5531 case ARGUS_NETFLOW:
5532 case ARGUS_FAR: {
5533 struct ArgusAgrStruct *agr;
5534 if ((agr = (struct ArgusAgrStruct *) argus->dsrs[ARGUS_AGR_INDEX]) != NULL)
5535 retn = agr->act.maxval;
5536 break;
5537 }
5538 }
5539
5540 return (retn);
5541 }
5542
5543
5544
5545 /*
5546 There are two types of addresses to parse, IPv4 and IPv6
5547 addresses. An address is in the form:
5548 dd[.:][:][dd]/n
5549
5550 where n is the number significant bits in the address.
5551 */
5552 int ArgusNumTokens (char *, char);
5553
5554 int
ArgusNumTokens(char * str,char tok)5555 ArgusNumTokens (char *str, char tok)
5556 {
5557 int retn = 0;
5558 if (str != NULL) {
5559 while ((str = strchr(str, tok)) != NULL) {
5560 retn++;
5561 str++;
5562 }
5563 }
5564 return (retn);
5565 }
5566
5567
5568 struct ArgusCIDRAddr *
RaParseCIDRAddr(struct ArgusParserStruct * parser,char * addr)5569 RaParseCIDRAddr (struct ArgusParserStruct *parser, char *addr)
5570 {
5571 struct ArgusCIDRAddr *retn = NULL;
5572 char *ptr = NULL, *mask = NULL, strbuf[128], *str = strbuf;
5573
5574 snprintf (str, sizeof(strbuf), "%s", addr);
5575 if (parser->ArgusCIDRPtr == NULL)
5576 parser->ArgusCIDRPtr = &parser->ArgusCIDRBuffer;
5577
5578 retn = parser->ArgusCIDRPtr;
5579 retn->type = 0;
5580 retn->len = 0;
5581 retn->masklen = 0;
5582 memset(&retn->addr, 0, sizeof(retn->addr));
5583
5584 if ((ptr = strchr(str, '!')) != NULL) {
5585 str = ptr + 1;
5586 }
5587
5588 if ((mask = strchr (str, '/')) != NULL) {
5589 *mask++ = '\0';
5590 retn->masklen = strtol((const char *)mask, (char **)&ptr, 10);
5591 if (ptr == mask) {
5592 #ifdef ARGUSDEBUG
5593 ArgusDebug (2, "RaParseCIDRAddr: format error: mask length incorrect.\n", retn);
5594 #endif
5595 return (NULL);
5596 }
5597 }
5598
5599 if ((ptr = strchr (str, ':')) != NULL)
5600 retn->type = AF_INET6;
5601 else
5602 if ((ptr = strchr (str, '.')) != NULL)
5603 retn->type = AF_INET;
5604
5605 if (!(retn->type))
5606 retn->type = (retn->masklen > 32) ? AF_INET6 : AF_INET;
5607
5608 switch (retn->type) {
5609 case AF_INET: {
5610 int i, len = sizeof(struct in_addr);
5611
5612 retn->len = len;
5613 if (retn->masklen == 0)
5614 retn->masklen = 32;
5615
5616 for (i = 0; (i < len) && str; i++) {
5617 long int tval = strtol(str, (char **)&ptr, 10);
5618 if (ptr != NULL) {
5619 if (strlen(ptr) > 0) {
5620 if (*ptr++ != '.') {
5621 #ifdef ARGUSDEBUG
5622 ArgusDebug (2, "RaParseCIDRAddr: format error: IPv4 addr format.\n");
5623 #endif
5624 return(NULL);
5625 }
5626 } else
5627 ptr = NULL;
5628
5629 retn->addr[0] |= (tval << ((len - (i + 1)) * 8));
5630 }
5631 str = ptr;
5632 }
5633
5634 if (retn->masklen > 0)
5635 retn->mask[0] = 0xFFFFFFFF << (32 - retn->masklen);
5636 break;
5637 }
5638
5639 case AF_INET6: {
5640 unsigned short *val = (unsigned short *)&retn->addr;
5641 int ind = 0, len = sizeof(retn->addr)/sizeof(unsigned short);
5642 int fsecnum = 8, lsecnum = 0, rsecnum = 0, i, masklen;
5643 char *sstr = NULL, *ipv4addr = NULL;
5644
5645 retn->len = sizeof(retn->addr);
5646
5647 if ((sstr = strstr(str, "::")) != NULL) {
5648 *sstr++ = '\0';
5649 *sstr++ = '\0';
5650 if (strlen(str))
5651 fsecnum = ArgusNumTokens(str, ':') + 1;
5652 if (strlen(sstr))
5653 lsecnum = ArgusNumTokens(sstr, ':') + 1;
5654 } else
5655 sstr = str;
5656
5657 if (retn->masklen == 0)
5658 retn->masklen = 128;
5659
5660 if (strchr (sstr, '.')) {
5661 lsecnum += (lsecnum > 0) ? 1 : 2;
5662 if ((ipv4addr = strrchr(sstr, ':')) == NULL) {
5663 ipv4addr = sstr;
5664 sstr = NULL;
5665 } else {
5666 *ipv4addr++ = '\0';
5667 }
5668 }
5669
5670 if (fsecnum + lsecnum) {
5671 rsecnum = 8 - (fsecnum + lsecnum);
5672 if (fsecnum) {
5673 while (str && *str && (ind++ < len)) {
5674 *val++ = htons(strtol(str, (char **)&ptr, 16));
5675
5676 if (ptr != NULL) {
5677 if (strlen(ptr) > 0) {
5678 if (*ptr++ != ':') {
5679 #ifdef ARGUSDEBUG
5680 ArgusDebug (2, "RaParseCIDRAddr: format error: IPv4 addr format.\n");
5681 #endif
5682 return(NULL);
5683 }
5684 } else
5685 ptr = NULL;
5686 }
5687 str = ptr;
5688 }
5689 }
5690
5691 for (i = 0; i < rsecnum; i++)
5692 *val++ = 0;
5693 if (lsecnum) {
5694 if ((str = sstr) != NULL) {
5695 while (str && (ind++ < len)) {
5696 *val++ = htons(strtol(str, (char **)&ptr, 16));
5697
5698 if (ptr != NULL) {
5699 if (strlen(ptr) > 0) {
5700 if (*ptr++ != ':') {
5701 #ifdef ARGUSDEBUG
5702 ArgusDebug (2, "RaParseCIDRAddr: format error: IPv4 addr format.\n");
5703 #endif
5704 return(NULL);
5705 }
5706 } else
5707 ptr = NULL;
5708 }
5709 str = ptr;
5710 }
5711 }
5712 }
5713
5714 if (ipv4addr) {
5715 unsigned char *cval = (unsigned char *)&retn->addr[3];
5716 int ind = 0, len = sizeof(struct in_addr);
5717
5718 while (ipv4addr && (ind++ < len)) {
5719 *cval++ = strtol(ipv4addr, (char **)&ptr, 10);
5720 if (ptr != NULL) {
5721 if (strlen(ptr) > 0) {
5722 if (*ptr++ != '.') {
5723 #ifdef ARGUSDEBUG
5724 ArgusDebug (2, "RaParseCIDRAddr: format error: IPv4 addr format.\n");
5725 #endif
5726 return(NULL);
5727 }
5728 } else
5729 ptr = NULL;
5730 }
5731 ipv4addr = ptr;
5732 }
5733 retn->masklen = 128;
5734 }
5735 }
5736
5737 for (i = 0; i < 4; i++) retn->mask[i] = 0;
5738
5739 if ((masklen = retn->masklen) > 0) {
5740 unsigned int *mask = &retn->mask[0];
5741
5742 while (masklen) {
5743 if (masklen > 32) {
5744 *mask++ = 0xFFFFFFFF;
5745 masklen -= 32;
5746 } else {
5747 *mask = htonl(0xFFFFFFFF << (32 - masklen));
5748 masklen = 0;
5749 }
5750 }
5751 }
5752 break;
5753 }
5754
5755 default:
5756 break;
5757 }
5758
5759 #ifdef ARGUSDEBUG
5760 ArgusDebug (9, "RaParseCIDRAddr: returning %p \n", retn);
5761 #endif
5762 return (retn);
5763 }
5764
5765 void ArgusPrintResponse (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5766 void ArgusPrintIdleTime (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5767 void ArgusPrintSrcRate (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5768 void ArgusPrintDstRate (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5769 void ArgusPrintRate (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5770 void ArgusPrintLoss (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5771 void ArgusPrintSrcLoad (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5772 void ArgusPrintDstLoad (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5773 void ArgusPrintLoad (struct ArgusParserStruct *parser, char *,struct ArgusRecordStruct *, int);
5774 void ArgusPrintSrcTTL (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5775 void ArgusPrintDstTTL (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5776 void ArgusPrintTos (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5777 void ArgusPrintSrcTos (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5778 void ArgusPrintDstTos (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5779 void ArgusPrintDSByte (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5780 void ArgusPrintSrcDSByte (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5781 void ArgusPrintDstDSByte (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5782 void ArgusPrintWindow (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5783 void ArgusPrintDuration (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5784 void ArgusPrintSrcDuration (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5785 void ArgusPrintDstDuration (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5786 void ArgusPrintMean (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5787 void ArgusPrintMin (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5788 void ArgusPrintMax (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5789 void ArgusPrintSum (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5790 void ArgusPrintRunTime (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5791 void ArgusPrintStdDeviation (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5792 void ArgusPrintStartRange (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5793 void ArgusPrintEndRange (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5794 void ArgusPrintTransactions (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5795 void ArgusPrintJoinDelay (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5796 void ArgusPrintLeaveDelay (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5797 void ArgusPrintCor (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
5798
5799
5800 void
ArgusPrintTransactions(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)5801 ArgusPrintTransactions (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
5802 {
5803 struct ArgusAgrStruct *nsagr, *agr;
5804 unsigned int count = 0;
5805 char trans[32];
5806
5807 switch (argus->hdr.type & 0xF0) {
5808 case ARGUS_MAR: {
5809 snprintf(trans, 32, " ");
5810 break;
5811 }
5812
5813 case ARGUS_EVENT:
5814 case ARGUS_NETFLOW:
5815 case ARGUS_FAR: {
5816 if ((agr = (struct ArgusAgrStruct *) argus->dsrs[ARGUS_AGR_INDEX]) != NULL)
5817 count = agr->count;
5818
5819 if (parser->Pctflag && parser->ns) {
5820 nsagr = (struct ArgusAgrStruct *) parser->ns->dsrs[ARGUS_AGR_INDEX];
5821 snprintf(trans, 32, "%3.*f", parser->pflag, (count * 100.0) / (nsagr->count) * 1.0);
5822 } else {
5823 snprintf(trans, 32, "%u", count);
5824 }
5825 break;
5826 }
5827 }
5828
5829 if (parser->ArgusPrintXml) {
5830 sprintf (buf, " Trans = \"%s\"", trans);
5831 } else {
5832 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
5833 len = strlen(trans);
5834 } else {
5835 if (strlen(trans) > len) {
5836 trans[len - 1] = '*';
5837 trans[len] = '\0';
5838 }
5839 }
5840 snprintf(&buf[strlen(buf)], (MAXSTRLEN - strlen(buf)), "%*.*s ", len, len, trans);
5841 }
5842
5843 #ifdef ARGUSDEBUG
5844 ArgusDebug (10, "ArgusPrintTransactions (%p, %p)", buf, argus);
5845 #endif
5846 }
5847
5848
5849 void
ArgusPrintCor(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)5850 ArgusPrintCor (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
5851 {
5852 struct ArgusTransportStruct *trans = (struct ArgusTransportStruct *) argus->dsrs[ARGUS_TRANSPORT_INDEX];
5853 struct ArgusCorrelateStruct *cor;
5854 char cbuf[128];
5855
5856 switch (argus->hdr.type & 0xF0) {
5857 case ARGUS_MAR:
5858 snprintf(cbuf, sizeof(cbuf) - 1, " ");
5859 break;
5860
5861 case ARGUS_EVENT:
5862 case ARGUS_NETFLOW:
5863 case ARGUS_FAR: {
5864 if ((cor = (struct ArgusCorrelateStruct *) argus->dsrs[ARGUS_COR_INDEX]) != NULL) {
5865 struct ArgusCorMetrics *cmets = &cor->metrics;
5866 int len = (cor->hdr.argus_dsrvl8.len - 1) * 4;
5867
5868 while (len > 0) {
5869 struct ArgusAddrStruct *srcid = &cmets->srcid;
5870 char strbuf[64], *value = NULL;
5871
5872 if (trans != NULL) {
5873 switch (trans->hdr.argus_dsrvl8.qual) {
5874 case ARGUS_TYPE_INT: {
5875 snprintf (strbuf, sizeof(strbuf), "%d", srcid->a_un.value);
5876 value = strdup(strbuf);
5877 break;
5878 }
5879 case ARGUS_TYPE_STRING: value = ArgusGetString(parser, (u_char *)&srcid->a_un.str, 4); break;
5880
5881 default:
5882 case ARGUS_TYPE_IPV4: value = strdup(ArgusGetName(parser, (u_char *)&srcid->a_un.ipv4)); break;
5883 /*
5884 case ARGUS_TYPE_IPV6: value = ArgusGetV6Name(parser, (u_char *)&srcid->ipv6); break;
5885 case ARGUS_TYPE_ETHER: value = ArgusGetEtherName(parser, (u_char *)&srcid->ether); break;
5886 */
5887 }
5888 }
5889 sprintf(cbuf, "%s", value);
5890 cmets++;
5891 len -= sizeof(*cmets);
5892
5893 if (value != NULL) free (value);
5894 }
5895 }
5896 break;
5897 }
5898 }
5899
5900 if (parser->ArgusPrintXml) {
5901 sprintf (buf, " Cor = \"%s\"", cbuf);
5902 } else {
5903 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
5904 len = strlen(cbuf);
5905 } else {
5906 if (strlen(cbuf) > len) {
5907 cbuf[len - 1] = '*';
5908 cbuf[len] = '\0';
5909 }
5910 }
5911 snprintf(&buf[strlen(buf)], (MAXSTRLEN - strlen(buf)), "%*.*s ", len, len, cbuf);
5912 }
5913
5914 #ifdef ARGUSDEBUG
5915 ArgusDebug (10, "ArgusPrintCor (%p, %p)", buf, argus);
5916 #endif
5917 }
5918
5919
5920 void
ArgusPrintMean(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)5921 ArgusPrintMean (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
5922 {
5923 struct ArgusAgrStruct *agr = NULL;
5924 char avg[32];
5925
5926 bzero (avg, 32);
5927
5928 switch (argus->hdr.type & 0xF0) {
5929 case ARGUS_MAR:
5930 break;
5931
5932 case ARGUS_EVENT:
5933 case ARGUS_NETFLOW:
5934 case ARGUS_FAR: {
5935 if ((agr = (struct ArgusAgrStruct *) argus->dsrs[ARGUS_AGR_INDEX]) != NULL) {
5936 if (agr->count > 0) {
5937 sprintf (avg, "%.*f", parser->pflag, agr->act.meanval);
5938 } else
5939 sprintf (avg, "%.*f", parser->pflag, 0.0);
5940 } else
5941 sprintf (avg, "%.*f", parser->pflag, 0.0);
5942 break;
5943 }
5944 }
5945
5946 if (parser->ArgusPrintXml) {
5947 sprintf (buf, " Mean = \"%s\"", avg);
5948 } else {
5949 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
5950 len = strlen(avg);
5951 } else {
5952 if (strlen(avg) > len) {
5953 avg[len - 1] = '*';
5954 avg[len] = '\0';
5955 }
5956 }
5957 sprintf (buf, "%*.*s ", len, len, avg);
5958 }
5959
5960 #ifdef ARGUSDEBUG
5961 ArgusDebug (10, "ArgusPrintMean (%p, %p)", buf, argus);
5962 #endif
5963 }
5964
5965 void
ArgusPrintSum(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)5966 ArgusPrintSum (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
5967 {
5968 struct ArgusAgrStruct *agr = NULL;
5969 char sum[32];
5970
5971 bzero (sum, 32);
5972
5973 switch (argus->hdr.type & 0xF0) {
5974 case ARGUS_MAR:
5975 break;
5976
5977 case ARGUS_EVENT:
5978 case ARGUS_NETFLOW:
5979 case ARGUS_FAR: {
5980 if ((agr = (struct ArgusAgrStruct *) argus->dsrs[ARGUS_AGR_INDEX]) != NULL) {
5981 if (agr->count > 0) {
5982 sprintf (sum, "%.*f", parser->pflag, agr->act.meanval * agr->act.n);
5983 } else
5984 sprintf (sum, "%.*f", parser->pflag, 0.0);
5985 } else
5986 sprintf (sum, "%.*f", parser->pflag, 0.0);
5987 break;
5988 }
5989 }
5990
5991 if (parser->ArgusPrintXml) {
5992 sprintf (buf, " Sum = \"%s\"", sum);
5993 } else {
5994 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
5995 len = strlen(sum);
5996 } else {
5997 if (strlen(sum) > len) {
5998 sum[len - 1] = '*';
5999 sum[len] = '\0';
6000 }
6001 }
6002 sprintf (buf, "%*.*s ", len, len, sum);
6003 }
6004
6005 #ifdef ARGUSDEBUG
6006 ArgusDebug (10, "ArgusPrintSum (%p, %p)", buf, argus);
6007 #endif
6008 }
6009
6010 void
ArgusPrintRunTime(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)6011 ArgusPrintRunTime (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
6012 {
6013 struct ArgusAgrStruct *agr = NULL;
6014 char sum[32];
6015
6016 bzero (sum, 32);
6017 switch (argus->hdr.type & 0xF0) {
6018 case ARGUS_MAR:
6019 break;
6020
6021 case ARGUS_EVENT:
6022 case ARGUS_NETFLOW:
6023 case ARGUS_FAR: {
6024 if ((agr = (struct ArgusAgrStruct *) argus->dsrs[ARGUS_AGR_INDEX]) != NULL) {
6025 if (agr->count > 0) {
6026 sprintf (sum, "%.*f", parser->pflag, agr->act.meanval * agr->act.n);
6027 } else
6028 sprintf (sum, "%.*f", parser->pflag, 0.0);
6029 } else
6030 sprintf (sum, "%.*f", parser->pflag, 0.0);
6031 break;
6032 }
6033 }
6034
6035 if (parser->ArgusPrintXml) {
6036 sprintf (buf, " Run = \"%s\"", sum);
6037 } else {
6038 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
6039 len = strlen(sum);
6040 } else {
6041 if (strlen(sum) > len) {
6042 sum[len - 1] = '*';
6043 sum[len] = '\0';
6044 }
6045 }
6046 sprintf (buf, "%*.*s ", len, len, sum);
6047 }
6048
6049 #ifdef ARGUSDEBUG
6050 ArgusDebug (10, "ArgusPrintRunTime (%p, %p)", buf, argus);
6051 #endif
6052 }
6053
6054
6055 void
ArgusPrintMin(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)6056 ArgusPrintMin (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
6057 {
6058 struct ArgusAgrStruct *agr = NULL;
6059 char minval[32];
6060
6061 bzero (minval, 32);
6062 switch (argus->hdr.type & 0xF0) {
6063 case ARGUS_MAR:
6064 break;
6065
6066 case ARGUS_EVENT:
6067 case ARGUS_NETFLOW:
6068 case ARGUS_FAR:
6069 if ((agr = (struct ArgusAgrStruct *) argus->dsrs[ARGUS_AGR_INDEX]) != NULL)
6070 sprintf (minval, "%.*f", parser->pflag, agr->act.minval);
6071 break;
6072 }
6073
6074 if (parser->ArgusPrintXml) {
6075 sprintf (buf, " Min = \"%s\"", minval);
6076 } else {
6077 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
6078 len = strlen(minval);
6079 } else {
6080 if (strlen(minval) > len) {
6081 minval[len - 1] = '*';
6082 minval[len] = '\0';
6083 }
6084 }
6085 sprintf (buf, "%*.*s ", len, len, minval);
6086 }
6087
6088 #ifdef ARGUSDEBUG
6089 ArgusDebug (10, "ArgusPrintMinDuration (%p, %p)", buf, argus);
6090 #endif
6091 }
6092
6093 void
ArgusPrintMax(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)6094 ArgusPrintMax (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
6095 {
6096 struct ArgusAgrStruct *agr = NULL;
6097 char maxval[32];
6098
6099 bzero (maxval, 32);
6100
6101 switch (argus->hdr.type & 0xF0) {
6102 case ARGUS_MAR:
6103 break;
6104
6105 case ARGUS_EVENT:
6106 case ARGUS_NETFLOW:
6107 case ARGUS_FAR:
6108 if ((agr = (struct ArgusAgrStruct *) argus->dsrs[ARGUS_AGR_INDEX]) != NULL)
6109 sprintf (maxval, "%.*f", parser->pflag, agr->act.maxval);
6110 break;
6111 }
6112
6113 if (parser->ArgusPrintXml) {
6114 sprintf (buf, " Max = \"%s\"", maxval);
6115 } else {
6116 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
6117 len = strlen(maxval);
6118 } else {
6119 if (strlen(maxval) > len) {
6120 maxval[len - 1] = '*';
6121 maxval[len] = '\0';
6122 }
6123 }
6124 sprintf (buf, "%*.*s ", len, len, maxval);
6125 }
6126
6127 #ifdef ARGUSDEBUG
6128 ArgusDebug (10, "ArgusPrintMax (%p, %p)", buf, argus);
6129 #endif
6130 }
6131
6132 void
ArgusPrintStdDeviation(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)6133 ArgusPrintStdDeviation (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
6134 {
6135 struct ArgusAgrStruct *agr = NULL;
6136 char stddev[32];
6137
6138 bzero (stddev, 32);
6139
6140 switch (argus->hdr.type & 0xF0) {
6141 case ARGUS_MAR:
6142 break;
6143
6144 case ARGUS_EVENT:
6145 case ARGUS_NETFLOW:
6146 case ARGUS_FAR: {
6147 if ((agr = (struct ArgusAgrStruct *) argus->dsrs[ARGUS_AGR_INDEX]) != NULL)
6148 sprintf (stddev, "%.*f", parser->pflag, agr->act.stdev);
6149 else
6150 ArgusPrintDuration (parser, stddev, argus, len);
6151 break;
6152 }
6153 }
6154
6155 if (parser->ArgusPrintXml) {
6156 sprintf (buf, " StdDev = \"%s\"", stddev);
6157 } else {
6158 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
6159 len = strlen(stddev);
6160 } else {
6161 if (strlen(stddev) > len) {
6162 stddev[len - 1] = '*';
6163 stddev[len] = '\0';
6164 }
6165 }
6166 sprintf (buf, "%*.*s ", len, len, stddev);
6167 }
6168
6169 #ifdef ARGUSDEBUG
6170 ArgusDebug (10, "ArgusPrintStdDeviation (%p, %p)", buf, argus);
6171 #endif
6172 }
6173
6174
6175 void
ArgusPrintIdleTime(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)6176 ArgusPrintIdleTime (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
6177 {
6178 char idle[32];
6179
6180 bzero (idle, 32);
6181
6182 switch (argus->hdr.type & 0xF0) {
6183 case ARGUS_MAR:
6184 break;
6185
6186 case ARGUS_EVENT:
6187 case ARGUS_NETFLOW:
6188 case ARGUS_FAR: {
6189 float tidle = RaGetFloatIdleTime(argus);
6190 if (tidle < 0) tidle = 0;
6191 sprintf (idle, "%.*f", parser->pflag, tidle);
6192 break;
6193 }
6194 }
6195
6196 if (parser->ArgusPrintXml) {
6197 sprintf (buf, " Idle = \"%s\"", idle);
6198 } else {
6199 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
6200 len = strlen(idle);
6201 } else {
6202 if (strlen(idle) > len) {
6203 idle[len - 1] = '*';
6204 idle[len] = '\0';
6205 }
6206 }
6207 sprintf (buf, "%*.*s ", len, len, idle);
6208 }
6209
6210 #ifdef ARGUSDEBUG
6211 ArgusDebug (10, "ArgusPrintIdleTime (%p, %p)", buf, argus);
6212 #endif
6213 }
6214
6215
6216
6217 void
ArgusPrintStartRange(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)6218 ArgusPrintStartRange (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
6219 {
6220 char ebuf[32];
6221 bzero (ebuf, sizeof(ebuf));
6222
6223 switch (argus->hdr.type & 0xF0) {
6224 case ARGUS_MAR:
6225 case ARGUS_EVENT:
6226 case ARGUS_NETFLOW:
6227 case ARGUS_FAR:
6228 break;
6229 }
6230
6231 if (parser->ArgusPrintXml) {
6232 sprintf (buf, " StartRange = \"%s\"", ebuf);
6233 } else {
6234 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
6235 len = strlen(ebuf);
6236 } else {
6237 if (strlen(ebuf) > len) {
6238 ebuf[len - 1] = '*';
6239 ebuf[len] = '\0';
6240 }
6241 }
6242 sprintf (buf, "%*.*s ", len, len, ebuf);
6243 }
6244
6245 #ifdef ARGUSDEBUG
6246 ArgusDebug (10, "ArgusPrintStartRange (%p, %p)", buf, argus);
6247 #endif
6248 }
6249
6250
6251 void
ArgusPrintEndRange(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)6252 ArgusPrintEndRange (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
6253 {
6254 char ebuf[32];
6255 bzero (ebuf, sizeof(ebuf));
6256
6257 switch (argus->hdr.type & 0xF0) {
6258 case ARGUS_MAR:
6259 case ARGUS_EVENT:
6260 case ARGUS_NETFLOW:
6261 case ARGUS_FAR:
6262 break;
6263 }
6264
6265 if (parser->ArgusPrintXml) {
6266 sprintf (buf, " DstRange = \"%s\"", ebuf);
6267 } else {
6268 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
6269 len = strlen(ebuf);
6270 } else {
6271 if (strlen(ebuf) > len) {
6272 ebuf[len - 1] = '*';
6273 ebuf[len] = '\0';
6274 }
6275 }
6276 sprintf (buf, "%*.*s ", len, len, ebuf);
6277 }
6278
6279 #ifdef ARGUSDEBUG
6280 ArgusDebug (10, "ArgusPrintEndRange (%p, %p)", buf, argus);
6281 #endif
6282 }
6283
6284 void
ArgusPrintDuration(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)6285 ArgusPrintDuration (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
6286 {
6287 float fdur = RaGetFloatDuration (argus);
6288 char durbuf[128];
6289
6290 bzero(durbuf, sizeof(durbuf));
6291 sprintf (durbuf, "%0.*f", parser->pflag, fdur);
6292
6293 if (parser->ArgusPrintXml) {
6294 sprintf (buf, " Duration = \"%s\"", durbuf);
6295 } else {
6296 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
6297 len = strlen(durbuf);
6298 } else {
6299 if (strlen(durbuf) > len) {
6300 durbuf[len - 1] = '*';
6301 durbuf[len] = '\0';
6302 }
6303 }
6304 sprintf (buf, "%*.*s ", len, len, durbuf);
6305 }
6306
6307 #ifdef ARGUSDEBUG
6308 ArgusDebug (10, "ArgusPrintDuration (%p, %p, %p, %d)", parser, buf, argus, len);
6309 #endif
6310 }
6311
6312 void
ArgusPrintSrcDuration(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)6313 ArgusPrintSrcDuration (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
6314 {
6315 float fdur = RaGetFloatSrcDuration (argus);
6316 char dur[128];
6317
6318 bzero(dur, sizeof(dur));
6319 sprintf (dur, "%0.*f", parser->pflag, fdur);
6320
6321 if (parser->ArgusPrintXml) {
6322 sprintf (buf, " SrcDuration = \"%s\"", dur);
6323 } else {
6324 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
6325 len = strlen(dur);
6326 } else {
6327 if (strlen(dur) > len) {
6328 dur[len - 1] = '*';
6329 dur[len] = '\0';
6330 }
6331 }
6332 sprintf (buf, "%*.*s ", len, len, dur);
6333 }
6334
6335 #ifdef ARGUSDEBUG
6336 ArgusDebug (10, "ArgusPrintSrcDuration (%p, %p, %p, %d)", parser, buf, argus, len);
6337 #endif
6338 }
6339
6340 void
ArgusPrintDstDuration(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)6341 ArgusPrintDstDuration (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
6342 {
6343 float fdur = RaGetFloatDstDuration (argus);
6344 char dur[128];
6345
6346 bzero(dur, sizeof(dur));
6347 sprintf (dur, "%0.*f", parser->pflag, fdur);
6348
6349 if (parser->ArgusPrintXml) {
6350 sprintf (buf, " DstDuration = \"%s\"", dur);
6351 } else {
6352 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
6353 len = strlen(dur);
6354 } else {
6355 if (strlen(dur) > len) {
6356 dur[len - 1] = '*';
6357 dur[len] = '\0';
6358 }
6359 }
6360 sprintf (buf, "%*.*s ", len, len, dur);
6361 }
6362
6363 #ifdef ARGUSDEBUG
6364 ArgusDebug (10, "ArgusPrintDstDuration (%p, %p, %p, %d)", parser, buf, argus, len);
6365 #endif
6366 }
6367
6368
6369 void ArgusGetIndicatorString (struct ArgusParserStruct *parser, struct ArgusRecordStruct *, char *);
6370
6371 void
ArgusGetIndicatorString(struct ArgusParserStruct * parser,struct ArgusRecordStruct * argus,char * buf)6372 ArgusGetIndicatorString (struct ArgusParserStruct *parser, struct ArgusRecordStruct *argus, char *buf)
6373 {
6374 int type = 0;
6375 bzero (buf, 16);
6376
6377 bcopy (" ", buf, 9);
6378
6379 switch (argus->hdr.type & 0xF0) {
6380 case ARGUS_MAR:
6381 case ARGUS_EVENT:
6382 break;
6383
6384 case ARGUS_NETFLOW:
6385 case ARGUS_FAR: {
6386 struct ArgusFlow *flow;
6387 struct ArgusMacStruct *mac;
6388 struct ArgusTimeObject *time;
6389 struct ArgusNetworkStruct *net;
6390 struct ArgusEncapsStruct *encaps;
6391
6392 if ((argus->hdr.type & 0xF0) == ARGUS_NETFLOW)
6393 buf[0] = 'N';
6394
6395 if ((time = (void *)argus->dsrs[ARGUS_TIME_INDEX]) != NULL)
6396 if (time->hdr.argus_dsrvl8.qual & ARGUS_TIMEADJUST)
6397 buf[0] = 'T';
6398
6399 if ((encaps = (struct ArgusEncapsStruct *)argus->dsrs[ARGUS_ENCAPS_INDEX]) != NULL) {
6400 unsigned int i, types = encaps->src | encaps->dst, ind = 0;
6401
6402 for (i = 0; i < ARGUS_ENCAPS_TYPE; i++) {
6403 if (types & (0x01 << i)) {
6404 ind++;
6405 switch (0x01 << i) {
6406 case ARGUS_ENCAPS_ETHER: buf[1] = 'e'; break;
6407 case ARGUS_ENCAPS_LLC: buf[1] = 'l'; break;
6408 case ARGUS_ENCAPS_MPLS: buf[1] = 'm'; break;
6409 case ARGUS_ENCAPS_8021Q: buf[1] = 'v'; break;
6410 case ARGUS_ENCAPS_PPP: buf[1] = 'p'; break;
6411 case ARGUS_ENCAPS_ISL: buf[1] = 'i'; break;
6412 case ARGUS_ENCAPS_GRE: buf[1] = 'G'; break;
6413 case ARGUS_ENCAPS_AH: buf[1] = 'a'; break;
6414 case ARGUS_ENCAPS_IP: buf[1] = 'P'; break;
6415 case ARGUS_ENCAPS_IPV6: buf[1] = '6'; break;
6416 case ARGUS_ENCAPS_HDLC: buf[1] = 'H'; break;
6417 case ARGUS_ENCAPS_CHDLC: buf[1] = 'C'; break;
6418 case ARGUS_ENCAPS_ATM: buf[1] = 'A'; break;
6419 case ARGUS_ENCAPS_SLL: buf[1] = 'S'; break;
6420 case ARGUS_ENCAPS_FDDI: buf[1] = 'F'; break;
6421 case ARGUS_ENCAPS_SLIP: buf[1] = 's'; break;
6422 case ARGUS_ENCAPS_ARCNET: buf[1] = 'R'; break;
6423 case ARGUS_ENCAPS_802_11: buf[1] = 'w'; break;
6424 case ARGUS_ENCAPS_PRISM: buf[1] = 'z'; break;
6425 case ARGUS_ENCAPS_AVS: buf[1] = 'a'; break;
6426 case ARGUS_ENCAPS_TEREDO: buf[1] = 'T'; break;
6427 case ARGUS_ENCAPS_JUNIPER: buf[1] = 'J'; break;
6428 case ARGUS_ENCAPS_ERSPAN_II: buf[1] = 'E'; break;
6429 }
6430 }
6431 }
6432
6433 if (ind > 1)
6434 buf[1] = '*';
6435
6436 } else {
6437 if (argus->dsrs[ARGUS_MPLS_INDEX] != NULL)
6438 buf[1] = 'm';
6439 if (argus->dsrs[ARGUS_MAC_INDEX] != NULL)
6440 buf[1] = 'e';
6441 if (argus->dsrs[ARGUS_VLAN_INDEX] != NULL)
6442 buf[1] = 'v';
6443 }
6444
6445 if ((mac = (struct ArgusMacStruct *) argus->dsrs[ARGUS_MAC_INDEX]) != NULL) {
6446 if (mac->hdr.argus_dsrvl8.qual & ARGUS_MULTIPATH)
6447 buf[1] = 'M';
6448 }
6449
6450 net = (struct ArgusNetworkStruct *) argus->dsrs[ARGUS_NETWORK_INDEX];
6451 flow = (struct ArgusFlow *)argus->dsrs[ARGUS_FLOW_INDEX];
6452
6453 if (net && (net->hdr.subtype == ARGUS_UDT_FLOW)) {
6454 int status = net->net_union.udt.status;
6455
6456 if (status & ARGUS_OUTOFORDER) {
6457 buf[3] = 'i';
6458 }
6459 if (status & (ARGUS_PKTS_RETRANS | ARGUS_PKTS_DROP)) {
6460 buf[3] = 's';
6461 }
6462 if (status & ARGUS_WINDOW_SHUT) {
6463 buf[4] = 'S';
6464 }
6465 if (status & ARGUS_ECN_CONGESTED) {
6466 buf[5] = 'E';
6467 }
6468
6469 } else {
6470 if (flow != NULL) {
6471 switch (flow->hdr.subtype & 0x3F) {
6472 case ARGUS_FLOW_CLASSIC5TUPLE: {
6473 switch (type = (flow->hdr.argus_dsrvl8.qual & 0x1F)) {
6474 case ARGUS_TYPE_IPV4: {
6475 struct ArgusIPAttrStruct *attr = (void *)argus->dsrs[ARGUS_IPATTR_INDEX];
6476 if ((attr != NULL) && ((attr->hdr.argus_dsrvl8.qual &
6477 (ARGUS_IPATTR_SRC_FRAGMENTS | ARGUS_IPATTR_DST_FRAGMENTS)) ||
6478 (flow->hdr.argus_dsrvl8.qual & ARGUS_FRAGMENT)))
6479 buf[6] = 'F';
6480
6481 switch (flow->ip_flow.ip_p) {
6482 case IPPROTO_TCP: {
6483 if (net != NULL) {
6484 struct ArgusTCPObject *tcp = (struct ArgusTCPObject *)&net->net_union.tcp;
6485 unsigned int status = tcp->status;
6486
6487 if (status & ARGUS_PKTS_RETRANS) {
6488 if ((status & ARGUS_SRC_PKTS_RETRANS) && (status & ARGUS_DST_PKTS_RETRANS))
6489 buf[3] = '*';
6490 else {
6491 if (status & ARGUS_SRC_PKTS_RETRANS)
6492 buf[3] = 's';
6493 if (status & ARGUS_DST_PKTS_RETRANS)
6494 buf[3] = 'd';
6495 }
6496 } else
6497 if ((ArgusFetchSrcGap(argus) > 0) || (ArgusFetchDstGap(argus) > 0)) {
6498 buf[3] = 'g';
6499 } else
6500 if (status & ARGUS_OUTOFORDER) {
6501 if ((status & ARGUS_SRC_OUTOFORDER) && (status & ARGUS_DST_OUTOFORDER))
6502 buf[3] = '&';
6503 else {
6504 if (status & ARGUS_SRC_OUTOFORDER)
6505 buf[3] = 'i';
6506 if (status & ARGUS_DST_OUTOFORDER)
6507 buf[3] = 'r';
6508 }
6509 }
6510 if (status & ARGUS_WINDOW_SHUT) {
6511 if ((status & ARGUS_SRC_WINDOW_SHUT) && (status & ARGUS_DST_WINDOW_SHUT))
6512 buf[4] = '@';
6513 else {
6514 if (status & ARGUS_SRC_WINDOW_SHUT)
6515 buf[4] = 'S';
6516 if (status & ARGUS_DST_WINDOW_SHUT)
6517 buf[4] = 'D';
6518 }
6519 }
6520 if (status & ARGUS_ECN_CONGESTED) {
6521 if ((status & ARGUS_SRC_CONGESTED) && (status & ARGUS_DST_CONGESTED))
6522 buf[5] = 'E';
6523 else {
6524 if (status & ARGUS_SRC_CONGESTED)
6525 buf[5] = 'x';
6526 if (status & ARGUS_DST_CONGESTED)
6527 buf[5] = 't';
6528 }
6529 }
6530 }
6531 break;
6532 }
6533
6534 case IPPROTO_UDP: {
6535 if (net != NULL) {
6536 switch (net->hdr.subtype) {
6537 case ARGUS_RTP_FLOW: {
6538 struct ArgusRTPObject *rtp = &net->net_union.rtp;
6539 if (rtp->sdrop && rtp->ddrop) {
6540 buf[3] = '*';
6541 } else {
6542 if (rtp->sdrop)
6543 buf[3] = 's';
6544 if (rtp->ddrop)
6545 buf[3] = 'd';
6546 }
6547 break;
6548 }
6549 case ARGUS_RTCP_FLOW:
6550 break;
6551 }
6552 }
6553 break;
6554 }
6555
6556 default:
6557 case IPPROTO_ICMP:
6558 break;
6559
6560 case IPPROTO_ESP: {
6561 if (net != NULL) {
6562 unsigned int status = net->net_union.esp.status;
6563 if ((status & ARGUS_PKTS_DROP) && (net->net_union.esp.lostseq)) {
6564 if ((status & ARGUS_SRC_PKTS_DROP) && (status & ARGUS_DST_PKTS_DROP))
6565 buf[3] = '*';
6566 else {
6567 if (status & ARGUS_SRC_PKTS_DROP)
6568 buf[3] = 's';
6569 if (status & ARGUS_DST_PKTS_DROP)
6570 buf[3] = 'd';
6571 }
6572 }
6573 if (status & ARGUS_OUTOFORDER) {
6574 if ((status & ARGUS_SRC_OUTOFORDER) && (status & ARGUS_DST_OUTOFORDER))
6575 buf[3] = '&';
6576 else {
6577 if (status & ARGUS_SRC_OUTOFORDER)
6578 buf[3] = 'i';
6579 if (status & ARGUS_DST_OUTOFORDER)
6580 buf[3] = 'r';
6581 }
6582 }
6583 }
6584 break;
6585 }
6586 }
6587 break;
6588 }
6589
6590 case ARGUS_TYPE_IPV6: {
6591 struct ArgusIPAttrStruct *ipattr = (void *)argus->dsrs[ARGUS_IPATTR_INDEX];
6592 if (((ipattr != NULL) && (ipattr->hdr.argus_dsrvl8.qual & (ARGUS_IPATTR_SRC_FRAGMENTS | ARGUS_IPATTR_DST_FRAGMENTS))) ||
6593 (flow->hdr.argus_dsrvl8.qual & ARGUS_FRAGMENT))
6594 buf[6] = 'F';
6595
6596 switch (flow->ipv6_flow.ip_p) {
6597 case IPPROTO_TCP: {
6598 if (net != NULL) {
6599 struct ArgusTCPObject *tcp = (struct ArgusTCPObject *)&net->net_union.tcp;
6600 if (tcp->src.status & ARGUS_PKTS_RETRANS) {
6601 if ((tcp->status & ARGUS_SRC_PKTS_RETRANS) && (tcp->status & ARGUS_DST_PKTS_RETRANS))
6602 buf[3] = '*';
6603 else {
6604 if (tcp->status & ARGUS_SRC_PKTS_RETRANS)
6605 buf[3] = 's';
6606 if (tcp->status & ARGUS_DST_PKTS_RETRANS)
6607 buf[3] = 'd';
6608 }
6609 }
6610 }
6611 break;
6612 }
6613 case IPPROTO_UDP: {
6614 if (net != NULL) {
6615 switch (net->hdr.subtype) {
6616 case ARGUS_RTP_FLOW: {
6617 struct ArgusRTPObject *rtp = &net->net_union.rtp;
6618 if (rtp->sdrop && rtp->ddrop) {
6619 buf[3] = '*';
6620 } else {
6621 if (rtp->sdrop)
6622 buf[3] = 's';
6623 if (rtp->ddrop)
6624 buf[3] = 'd';
6625 }
6626 break;
6627 }
6628 case ARGUS_RTCP_FLOW:
6629 break;
6630 }
6631 }
6632 break;
6633 }
6634 case IPPROTO_ICMP:
6635 break;
6636 case IPPROTO_IGMP:
6637 break;
6638 default:
6639 break;
6640 }
6641
6642 break;
6643 }
6644 }
6645 break;
6646 }
6647 case ARGUS_FLOW_ARP: {
6648 break;
6649 }
6650 }
6651 }
6652 }
6653
6654
6655 if (argus->dsrs[ARGUS_ICMP_INDEX] != NULL) {
6656 struct ArgusIcmpStruct *icmp = (void *)argus->dsrs[ARGUS_ICMP_INDEX];
6657 if (icmp->hdr.argus_dsrvl8.qual & ARGUS_ICMP_MAPPED) {
6658 buf[2] = 'I';
6659 switch (icmp->icmp_type) {
6660 case ICMP_UNREACH: buf[2] = 'U'; break;
6661 case ICMP_REDIRECT: buf[2] = 'R'; break;
6662 case ICMP_TIMXCEED: buf[2] = 'T'; break;
6663 }
6664 }
6665 }
6666
6667 if (net != NULL) {
6668 switch (net->hdr.subtype) {
6669 case ARGUS_NETWORK_SUBTYPE_FRAG:
6670 buf[6] = 'f';
6671
6672 if (net->hdr.argus_dsrvl8.qual & ARGUS_FRAGOVERLAP) {
6673 switch (type = (flow->hdr.argus_dsrvl8.qual & 0x1F)) {
6674 default:
6675 buf[6] = 'V';
6676 break;
6677 }
6678 }
6679 break;
6680
6681 case ARGUS_RTP_FLOW:
6682 if (net->hdr.argus_dsrvl8.qual & (ARGUS_RTP_SRCSILENCE | ARGUS_RTP_DSTSILENCE)) {
6683 if ((net->hdr.argus_dsrvl8.qual & (ARGUS_RTP_SRCSILENCE | ARGUS_RTP_DSTSILENCE)) ==
6684 (ARGUS_RTP_SRCSILENCE | ARGUS_RTP_DSTSILENCE))
6685 buf[4] = '*';
6686 if (net->hdr.argus_dsrvl8.qual & ARGUS_RTP_DSTSILENCE)
6687 buf[4] = 's';
6688 if (net->hdr.argus_dsrvl8.qual & ARGUS_RTP_DSTSILENCE)
6689 buf[4] = 'd';
6690 }
6691 break;
6692 }
6693 }
6694
6695 if (argus->dsrs[ARGUS_IPATTR_INDEX]) {
6696 struct ArgusIPAttrStruct *attr = (struct ArgusIPAttrStruct *)argus->dsrs[ARGUS_IPATTR_INDEX];
6697 unsigned char options = attr->src.options | attr->dst.options;
6698 if (attr) {
6699 switch (options) {
6700 case ARGUS_RTRALERT: buf[7] = 'A'; break;
6701 case ARGUS_TIMESTAMP: buf[7] = 'T'; break;
6702 case ARGUS_RECORDROUTE: buf[7] = 'R'; break;
6703 case ARGUS_SECURITY: buf[7] = '+'; break;
6704 case ARGUS_LSRCROUTE: buf[7] = 'L'; break;
6705 case ARGUS_SSRCROUTE: buf[7] = 'S'; break;
6706 case ARGUS_SATID: buf[7] = 'D'; break;
6707 default: {
6708 unsigned char v = options, c;
6709 for (c = 0; v; c++)
6710 v &= v - 1;
6711 if (c > 1)
6712 buf[7] = 'O';
6713 else
6714 buf[7] = 'U';
6715 break;
6716 }
6717 case 0: break;
6718 }
6719 }
6720 }
6721 if ((argus->correlates != NULL) || (argus->dsrs[ARGUS_COR_INDEX])) {
6722 struct ArgusCorrelateStruct *cor = (void *)argus->dsrs[ARGUS_COR_INDEX];
6723 if (argus->correlates != NULL)
6724 sprintf(&buf[8], "%d", argus->correlates->count);
6725 if (cor != NULL) {
6726 int count = (cor->hdr.argus_dsrvl8.len - 1)/(sizeof(struct ArgusCorMetrics)/4);
6727 sprintf(&buf[8], "%d", count);
6728 }
6729 }
6730 }
6731 break;
6732 }
6733
6734 #ifdef ARGUSDEBUG
6735 ArgusDebug (10, "ArgusGetIndicatorString (%p, %p, %p)", parser, argus, buf);
6736 #endif
6737 return;
6738 }
6739
6740 void
ArgusPrintSourceID(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)6741 ArgusPrintSourceID (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
6742 {
6743 char strbuf[64], *value = NULL;
6744
6745 switch (argus->hdr.type & 0xF0) {
6746 case ARGUS_MAR: {
6747 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
6748
6749 if (rec != NULL) {
6750 void *pid;
6751
6752 switch (argus->hdr.cause & 0xF0) {
6753 case ARGUS_START: pid = &rec->argus_mar.thisid; break;
6754 default:
6755 case ARGUS_STATUS:
6756 case ARGUS_STOP:
6757 case ARGUS_SHUTDOWN:
6758 case ARGUS_ERROR: pid = &rec->argus_mar.argusid; break;
6759 }
6760
6761 switch (rec->argus_mar.status & (ARGUS_IDIS_STRING | ARGUS_IDIS_INT | ARGUS_IDIS_IPV4)) {
6762 case ARGUS_IDIS_STRING: value = ArgusGetString(parser, (u_char *)pid, 4); break;
6763 case ARGUS_IDIS_INT: {
6764 snprintf (strbuf, sizeof(strbuf), "%d", *(unsigned int *)pid);
6765 value = strdup(strbuf);
6766 break;
6767 }
6768 default:
6769 case ARGUS_IDIS_IPV4: value = strdup(ArgusGetName(parser, pid)); break;
6770 }
6771 }
6772
6773 break;
6774 }
6775
6776 case ARGUS_EVENT:
6777 case ARGUS_NETFLOW:
6778 case ARGUS_FAR: {
6779 struct ArgusTransportStruct *trans = (struct ArgusTransportStruct *) argus->dsrs[ARGUS_TRANSPORT_INDEX];
6780 if (trans != NULL) {
6781 switch (trans->hdr.argus_dsrvl8.qual) {
6782 case ARGUS_TYPE_INT: {
6783 snprintf (strbuf, sizeof(strbuf), "%d", trans->srcid.a_un.value);
6784 value = strdup(strbuf);
6785 break;
6786 }
6787 case ARGUS_TYPE_STRING: value = ArgusGetString(parser, (u_char *)&trans->srcid.a_un.str, 4); break;
6788
6789 default:
6790 case ARGUS_TYPE_IPV4: value = strdup(ArgusGetName(parser, (u_char *)&trans->srcid.a_un.ipv4)); break;
6791 /*
6792 case ARGUS_TYPE_IPV6: value = ArgusGetV6Name(parser, (u_char *)&trans->srcid.ipv6); break;
6793 case ARGUS_TYPE_ETHER: value = ArgusGetEtherName(parser, (u_char *)&trans->srcid.ether); break;
6794 */
6795 }
6796 }
6797 break;
6798 }
6799 }
6800
6801 if (value == NULL) {
6802 value = strdup(" ");
6803 }
6804
6805 if (parser->ArgusPrintXml) {
6806 sprintf (buf, " SourceId = \"%s\"", value);
6807 } else {
6808 if (len != 0) {
6809 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
6810 len = strlen(value);
6811 } else {
6812 if (strlen(value) > len) {
6813 value[len - 1] = '*';
6814 value[len] = '\0';
6815 }
6816 }
6817 sprintf (buf, "%*.*s ", len, len, value);
6818 } else
6819 sprintf (buf, "%s ", value);
6820 }
6821
6822 if (value != NULL)
6823 free(value);
6824
6825 #ifdef ARGUSDEBUG
6826 ArgusDebug (10, "ArgusPrintSourceID (%p, %p)", buf, argus);
6827 #endif
6828 }
6829
6830 void ArgusPrintRank (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
6831 void ArgusPrintBinNumber (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
6832 void ArgusPrintBins (struct ArgusParserStruct *parser, char *, struct ArgusRecordStruct *, int);
6833
6834 void
ArgusPrintRank(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)6835 ArgusPrintRank (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus , int len)
6836 {
6837 char rank[32];
6838
6839 bzero (rank, sizeof(rank));
6840 if (argus->rank > 0) {
6841 sprintf (rank, "%d", argus->rank);
6842 }
6843
6844 if (parser->ArgusPrintXml) {
6845 sprintf (buf, " Rank = \"%s\"", rank);
6846 } else {
6847 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
6848 len = strlen(rank);
6849 } else {
6850 if (strlen(rank) > len) {
6851 rank[len - 1] = '*';
6852 rank[len] = '\0';
6853 }
6854 }
6855 sprintf (buf, "%*.*s ", len, len, rank);
6856 }
6857 }
6858
6859 void
ArgusPrintBinNumber(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)6860 ArgusPrintBinNumber (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus , int len)
6861 {
6862 char binbuf[32];
6863
6864 bzero (binbuf, sizeof(binbuf));
6865
6866 if (parser->ArgusPrintXml) {
6867 sprintf (buf, " BinNum = \"%s\"", binbuf);
6868 } else {
6869 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
6870 len = strlen(binbuf);
6871 } else {
6872 if (strlen(binbuf) > len) {
6873 binbuf[len - 1] = '*';
6874 binbuf[len] = '\0';
6875 }
6876 }
6877 sprintf (buf, "%*.*s ", len, len, binbuf);
6878 }
6879 }
6880
6881 void
ArgusPrintBins(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)6882 ArgusPrintBins (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
6883 {
6884 char binbuf[32];
6885
6886 bzero (binbuf, sizeof(binbuf));
6887
6888 if (parser->ArgusPrintXml) {
6889 sprintf (buf, " Bins = \"%s\"", binbuf);
6890 } else {
6891 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
6892 len = strlen(binbuf);
6893 } else {
6894 if (strlen(binbuf) > len) {
6895 binbuf[len - 1] = '*';
6896 binbuf[len] = '\0';
6897 }
6898 }
6899 sprintf (buf, "%*.*s ", len, len, binbuf);
6900 }
6901 }
6902
6903 void
ArgusPrintSequenceNumber(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)6904 ArgusPrintSequenceNumber (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
6905 {
6906 char value[128];
6907
6908 bzero(value, sizeof(value));
6909
6910 switch (argus->hdr.type & 0xF0) {
6911 case ARGUS_MAR: {
6912 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
6913 if (rec != NULL)
6914 sprintf (value, "%u", rec->argus_mar.nextMrSequenceNum);
6915 break;
6916 }
6917
6918 case ARGUS_EVENT:
6919 case ARGUS_NETFLOW:
6920 case ARGUS_FAR: {
6921 struct ArgusTransportStruct *trans;
6922
6923 if ((trans = (void *)argus->dsrs[ARGUS_TRANSPORT_INDEX]) != NULL)
6924 sprintf (value, "%u", trans->seqnum);
6925 break;
6926 }
6927 }
6928
6929 if (parser->ArgusPrintXml) {
6930 sprintf (buf, " SeqNumber = \"%s\"", value);
6931 } else {
6932 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
6933 len = strlen(value);
6934 } else {
6935 if (strlen(value) > len) {
6936 value[len - 1] = '*';
6937 value[len] = '\0';
6938 }
6939 }
6940 sprintf (buf, "%*.*s ", len, len, value);
6941 }
6942
6943 #ifdef ARGUSDEBUG
6944 ArgusDebug (10, "ArgusPrintSequenceNumber (%p, %p)", buf, argus);
6945 #endif
6946 }
6947
6948 void
ArgusPrintFlags(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)6949 ArgusPrintFlags (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
6950 {
6951 char flags[32];
6952 bzero (flags, 32);
6953 ArgusGetIndicatorString (parser, argus, flags);
6954
6955 if (parser->ArgusPrintXml) {
6956 char xmlflags[64];
6957 int i, len = strlen(flags);
6958
6959 bzero(xmlflags, sizeof(xmlflags));
6960 for (i = 0; i < len; i++) {
6961 if (flags[i] == '&') {
6962 sprintf(&xmlflags[strlen(xmlflags)], "&");
6963 } else
6964 xmlflags[strlen(xmlflags)] = flags[i];
6965 }
6966
6967 sprintf (buf, " Flags = \"%s\"", xmlflags);
6968
6969 } else {
6970 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
6971 len = strlen(flags);
6972 } else {
6973 if (strlen(flags) > len) {
6974 flags[len - 1] = '*';
6975 flags[len] = '\0';
6976 }
6977 }
6978 sprintf (buf, "%*.*s ", len, len, flags);
6979 }
6980
6981 #ifdef ARGUSDEBUG
6982 ArgusDebug (10, "ArgusPrintFlags (%p, %p)", buf, argus);
6983 #endif
6984 }
6985
6986 void
ArgusPrintSrcMacAddress(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)6987 ArgusPrintSrcMacAddress (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
6988 {
6989 struct ArgusMacStruct *mac = (struct ArgusMacStruct *) argus->dsrs[ARGUS_MAC_INDEX];
6990 char *macstr = NULL;
6991
6992 if (mac != NULL) {
6993 switch (mac->hdr.subtype & 0x3F) {
6994 default:
6995 case ARGUS_TYPE_ETHER:
6996 macstr = etheraddr_string (parser, (unsigned char *)&mac->mac.mac_union.ether.ehdr.ether_shost);
6997 break;
6998 }
6999 }
7000
7001 if (macstr == NULL)
7002 macstr = "";
7003
7004 if (parser->ArgusPrintXml) {
7005 sprintf (buf, " SrcMacAddr = \"%s\"", macstr);
7006 } else {
7007 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
7008 len = strlen(macstr);
7009 } else {
7010 if (strlen(macstr) > len) {
7011 macstr[len - 1] = '*';
7012 macstr[len] = '\0';
7013 }
7014 }
7015 sprintf (buf, "%*.*s ", len, len, macstr);
7016 }
7017
7018 #ifdef ARGUSDEBUG
7019 ArgusDebug (10, "ArgusPrintSrcMacAddress (%p, %p)", buf, argus);
7020 #endif
7021 }
7022
7023 void
ArgusPrintDstMacAddress(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)7024 ArgusPrintDstMacAddress (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
7025 {
7026 struct ArgusMacStruct *mac = (struct ArgusMacStruct *) argus->dsrs[ARGUS_MAC_INDEX];
7027 char *macstr = NULL;
7028
7029 if (mac != NULL) {
7030 switch (mac->hdr.subtype & 0x3F) {
7031 default:
7032 case ARGUS_TYPE_ETHER:
7033 macstr = etheraddr_string (parser, (unsigned char *)&mac->mac.mac_union.ether.ehdr.ether_dhost);
7034 break;
7035 }
7036 }
7037
7038 if (macstr == NULL)
7039 macstr = "";
7040
7041 if (parser->ArgusPrintXml) {
7042 sprintf (buf, " DstMacAddr = \"%s\"", macstr);
7043 } else {
7044 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
7045 len = strlen(macstr);
7046 } else {
7047 if (strlen(macstr) > len) {
7048 macstr[len - 1] = '*';
7049 macstr[len] = '\0';
7050 }
7051 }
7052 sprintf (buf, "%*.*s ", len, len, macstr);
7053 }
7054
7055 #ifdef ARGUSDEBUG
7056 ArgusDebug (10, "ArgusPrintDstMacAddress (%p, %p)", buf, argus);
7057 #endif
7058 }
7059
7060 void
ArgusPrintSrcOui(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)7061 ArgusPrintSrcOui (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
7062 {
7063 struct ArgusMacStruct *mac = (struct ArgusMacStruct *) argus->dsrs[ARGUS_MAC_INDEX];
7064 char *oui = NULL;
7065
7066 if (mac != NULL) {
7067 switch (mac->hdr.subtype & 0x3F) {
7068 default:
7069 case ARGUS_TYPE_ETHER:
7070 oui = etheraddr_oui (parser, (unsigned char *)&mac->mac.mac_union.ether.ehdr.ether_shost);
7071 break;
7072 }
7073 }
7074
7075 if (oui == NULL)
7076 oui = "";
7077
7078 if (parser->ArgusPrintXml) {
7079 sprintf (buf, " SrcOui = \"%s\"", oui);
7080 } else {
7081 char strbuf[18];
7082
7083 bzero(strbuf, sizeof(strbuf));
7084 strncpy(strbuf, oui, 16);
7085
7086 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
7087 len = strlen(strbuf);
7088 } else {
7089 if (strlen(strbuf) > len) {
7090 strbuf[len - 1] = '*';
7091 strbuf[len] = '\0';
7092 }
7093 }
7094 sprintf (buf, "%*.*s ", len, len, strbuf);
7095 }
7096
7097 #ifdef ARGUSDEBUG
7098 ArgusDebug (10, "ArgusPrintSrcOui (%p, %p)", buf, argus);
7099 #endif
7100 }
7101
7102 void
ArgusPrintDstOui(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)7103 ArgusPrintDstOui (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
7104 {
7105 struct ArgusMacStruct *mac = (struct ArgusMacStruct *) argus->dsrs[ARGUS_MAC_INDEX];
7106 char *oui = NULL;
7107
7108 if (mac != NULL) {
7109 switch (mac->hdr.subtype & 0x3F) {
7110 default:
7111 case ARGUS_TYPE_ETHER: {
7112 oui = etheraddr_oui (parser, (unsigned char *)&mac->mac.mac_union.ether.ehdr.ether_dhost);
7113 break;
7114 }
7115 }
7116 }
7117
7118 if (oui == NULL)
7119 oui = "";
7120
7121 if (parser->ArgusPrintXml) {
7122 sprintf (buf, " DstOui = \"%s\"", oui);
7123 } else {
7124 char strbuf[18];
7125 bzero(strbuf, sizeof(strbuf));
7126 strncpy(strbuf, oui, 16);
7127
7128 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
7129 len = strlen(strbuf);
7130 } else {
7131 if (strlen(strbuf) > len) {
7132 strbuf[len - 1] = '*';
7133 strbuf[len] = '\0';
7134 }
7135 }
7136 sprintf (buf, "%*.*s ", len, len, strbuf);
7137 }
7138
7139 #ifdef ARGUSDEBUG
7140 ArgusDebug (10, "ArgusPrintDstOui (%p, %p)", buf, argus);
7141 #endif
7142 }
7143
7144
7145 void
ArgusPrintProto(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)7146 ArgusPrintProto (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
7147 {
7148 struct ArgusFlow *flow;
7149 char protoStrBuf[16], *protoStr = NULL;
7150 u_short eproto;
7151 u_char proto;
7152
7153 bzero (protoStrBuf, sizeof(protoStrBuf));
7154 protoStr = protoStrBuf;
7155
7156 switch (argus->hdr.type & 0xF0) {
7157 case ARGUS_MAR:
7158 sprintf (protoStrBuf, "man");
7159 break;
7160
7161 case ARGUS_EVENT:
7162 sprintf (protoStrBuf, "evt");
7163 break;
7164
7165 case ARGUS_NETFLOW:
7166 case ARGUS_FAR: {
7167 if (((flow = (void *)argus->dsrs[ARGUS_FLOW_INDEX]) != NULL)) {
7168 switch (flow->hdr.subtype & 0x3F) {
7169 case ARGUS_FLOW_CLASSIC5TUPLE: {
7170 struct ArgusNetworkStruct *net = (struct ArgusNetworkStruct *)argus->dsrs[ARGUS_NETWORK_INDEX];
7171
7172 switch ((flow->hdr.argus_dsrvl8.qual & 0x1F)) {
7173 case ARGUS_TYPE_IPV4:
7174 switch (proto = flow->ip_flow.ip_p) {
7175 case IPPROTO_UDP: {
7176 if (parser->nflag > 2) {
7177 sprintf (protoStr, "%u", proto);
7178 break;
7179 } else {
7180 if (net && (net->hdr.subtype == ARGUS_RTP_FLOW)) {
7181 protoStr = "rtp";
7182 break;
7183 } else
7184 if (net && (net->hdr.subtype == ARGUS_RTCP_FLOW)) {
7185 protoStr = "rtcp";
7186 break;
7187 } else
7188 if (net && (net->hdr.subtype == ARGUS_UDT_FLOW)) {
7189 protoStr = "udt";
7190 break;
7191 }
7192 }
7193 }
7194 default:
7195 if (ip_proto_string[proto] == NULL)
7196 ip_proto_string[proto] = "unas";
7197
7198 if (parser->nflag > 2)
7199 sprintf (protoStr, "%u", proto);
7200 else
7201 sprintf (protoStr, "%s", ip_proto_string[proto]);
7202 break;
7203 }
7204 break;
7205
7206 case ARGUS_TYPE_IPV6:
7207 switch (proto = flow->ipv6_flow.ip_p) {
7208 case IPPROTO_UDP: {
7209 if (parser->nflag > 2) {
7210 sprintf (protoStr, "%u", proto);
7211 break;
7212 } else {
7213 if (net && (net->hdr.subtype == ARGUS_RTP_FLOW)) {
7214 protoStr = "rtp";
7215 break;
7216 } else {
7217 if (net && (net->hdr.subtype == ARGUS_RTCP_FLOW)) {
7218 protoStr = "rtcp";
7219 break;
7220 }
7221 }
7222 }
7223 }
7224 default:
7225 if (ip_proto_string[proto] == NULL)
7226 ip_proto_string[proto] = "unas";
7227
7228 protoStr = protoStrBuf;
7229 if (parser->nflag > 2)
7230 sprintf (protoStr, "%u", proto);
7231 else
7232 sprintf (protoStr, "%s", ip_proto_string[proto]);
7233 break;
7234 }
7235 break;
7236
7237 case ARGUS_TYPE_RARP:
7238 protoStr = (parser->nflag > 2) ? "32821" : "rarp";
7239 break;
7240 case ARGUS_TYPE_ARP:
7241 protoStr = (parser->nflag > 2) ? "2054" : "arp";
7242 break;
7243
7244 case ARGUS_TYPE_ISIS:
7245 protoStr = "isis"; break;
7246 break;
7247
7248 case ARGUS_TYPE_WLAN:
7249 protoStr = "wlan"; break;
7250 break;
7251
7252 case ARGUS_TYPE_ETHER:
7253 eproto = flow->mac_flow.mac_union.ether.ehdr.ether_type;
7254 if (parser->nflag > 2) {
7255 sprintf (protoStr, "%u", eproto);
7256 } else {
7257 char *pstr = ArgusEtherProtoString(parser, eproto);
7258 if (pstr != NULL) {
7259 sprintf (protoStr, "%s", pstr);
7260 } else
7261 sprintf (protoStr, "%u", eproto);
7262 }
7263 break;
7264 }
7265 break;
7266 }
7267
7268 case ARGUS_FLOW_ARP: {
7269 switch ((flow->hdr.argus_dsrvl8.qual & 0x1F)) {
7270 case ARGUS_TYPE_RARP:
7271 protoStr = (parser->nflag > 2) ? "32821" : "rarp";
7272 break;
7273 case ARGUS_TYPE_ARP:
7274 protoStr = (parser->nflag > 2) ? "2054" : "arp";
7275 break;
7276 }
7277 }
7278
7279 default:
7280 switch ((flow->hdr.argus_dsrvl8.qual & 0x1F)) {
7281 case ARGUS_TYPE_IPV4:
7282 case ARGUS_TYPE_IPV6:
7283 protoStr = "ip ";
7284 break;
7285 case ARGUS_TYPE_RARP:
7286 protoStr = (parser->nflag > 2) ? "32821" : "rarp";
7287 protoStr = "rarp";
7288 break;
7289 case ARGUS_TYPE_ARP:
7290 protoStr = (parser->nflag > 2) ? "2054" : "arp";
7291 break;
7292 case ARGUS_TYPE_WLAN:
7293 protoStr = "wlan";
7294 break;
7295 case ARGUS_TYPE_ETHER:
7296 protoStr = "ether";
7297 break;
7298 }
7299 break;
7300 }
7301 }
7302 }
7303 }
7304
7305 if (parser->ArgusPrintXml) {
7306 sprintf (buf, " Proto = \"%s\"", protoStr);
7307 } else {
7308 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
7309 len = strlen(protoStr);
7310 } else {
7311 if (strlen(protoStr) > len) {
7312 protoStr[len - 1] = '*';
7313 protoStr[len] = '\0';
7314 }
7315 }
7316 sprintf (buf, "%*.*s ", len, len, protoStr);
7317 }
7318
7319 #ifdef ARGUSDEBUG
7320 ArgusDebug (10, "ArgusPrintProto (%p, %p)", buf, argus);
7321 #endif
7322 }
7323
7324 int ArgusPrintNet = 0;
7325
7326 void
ArgusPrintSrcNet(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)7327 ArgusPrintSrcNet (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
7328 {
7329 struct ArgusFlow *flow;
7330 unsigned int naddr;
7331 void *addr = NULL;
7332 int objlen = 0, type = 0;
7333 char masklen = 32;
7334
7335 switch (argus->hdr.type & 0xF0) {
7336 case ARGUS_MAR: {
7337 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
7338 unsigned int value = 0;
7339 char pbuf[32];
7340
7341 if (rec != NULL) {
7342 value = rec->argus_mar.queue;
7343 sprintf (pbuf, "%u", value);
7344 } else
7345 bzero(pbuf, sizeof(pbuf));
7346
7347 if (parser->ArgusPrintXml) {
7348 } else {
7349 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
7350 len = strlen(pbuf);
7351 } else {
7352 if (strlen(pbuf) > len) {
7353 pbuf[len - 1] = '*';
7354 pbuf[len] = '\0';
7355 }
7356 }
7357 sprintf (buf, "%*.*s ", len, len, pbuf);
7358 }
7359 break;
7360 }
7361
7362 case ARGUS_EVENT:
7363 case ARGUS_NETFLOW:
7364 case ARGUS_FAR: {
7365 if ((flow = (void *)argus->dsrs[ARGUS_FLOW_INDEX]) != NULL) {
7366 switch (flow->hdr.subtype & 0x3F) {
7367 case ARGUS_FLOW_CLASSIC5TUPLE:
7368 case ARGUS_FLOW_LAYER_3_MATRIX: {
7369 switch (type = (flow->hdr.argus_dsrvl8.qual & 0x1F)) {
7370 case ARGUS_TYPE_IPV4:
7371 naddr = flow->ip_flow.ip_src;
7372 naddr &= ipaddrtonetmask(naddr);
7373 addr = &naddr;
7374 objlen = 4;
7375 break;
7376 case ARGUS_TYPE_IPV6:
7377 addr = &flow->ipv6_flow.ip_src;
7378 objlen = 16;
7379 break;
7380
7381 case ARGUS_TYPE_RARP: {
7382 type = ARGUS_TYPE_ETHER;
7383 addr = &flow->lrarp_flow.tareaddr;
7384 objlen = 6;
7385 break;
7386 }
7387 case ARGUS_TYPE_ARP: {
7388 type = ARGUS_TYPE_IPV4;
7389 addr = &flow->larp_flow.arp_spa;
7390 objlen = 4;
7391 break;
7392 }
7393 case ARGUS_TYPE_ETHER:
7394 addr = &flow->mac_flow.mac_union.ether.ehdr.ether_shost;
7395 objlen = 6;
7396 break;
7397 case ARGUS_TYPE_WLAN:
7398 addr = &flow->wlan_flow.shost;
7399 objlen = 6;
7400 break;
7401 }
7402 break;
7403 }
7404
7405 case ARGUS_FLOW_ARP: {
7406 switch (type = (flow->hdr.argus_dsrvl8.qual & 0x1F)) {
7407 case ARGUS_TYPE_RARP:
7408 type = ARGUS_TYPE_ETHER;
7409 addr = &flow->rarp_flow.shaddr;
7410 objlen = 6;
7411 break;
7412 case ARGUS_TYPE_ARP:
7413 type = ARGUS_TYPE_IPV4;
7414 addr = &flow->arp_flow.haddr;
7415 objlen = 4;
7416 break;
7417 }
7418 break;
7419 }
7420
7421 default:
7422 break;
7423 }
7424 }
7425 ArgusPrintAddr (parser, buf, type, addr, objlen, masklen, len, ARGUS_SRC);
7426 break;
7427 }
7428 }
7429
7430 #ifdef ARGUSDEBUG
7431 ArgusDebug (10, "ArgusPrintSrcNet (%p, %p)", buf, argus);
7432 #endif
7433 }
7434
7435
7436 #if !defined(ETHER_ADDR_LEN)
7437 #define ETHER_ADDR_LEN 6
7438 #endif
7439
7440 #define SYSTEM_ID_LEN ETHER_ADDR_LEN
7441 #define NODE_ID_LEN SYSTEM_ID_LEN+1
7442 #define LSP_ID_LEN SYSTEM_ID_LEN+2
7443
7444 void
ArgusPrintSrcAddr(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)7445 ArgusPrintSrcAddr (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
7446 {
7447 struct ArgusFlow *flow;
7448 void *addr = NULL;
7449 int objlen = 0, type = 0;
7450 unsigned char masklen = 0;
7451
7452 switch (argus->hdr.type & 0xF0) {
7453 case ARGUS_MAR: {
7454 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
7455 unsigned int value = 0;
7456 char pbuf[32];
7457
7458 if (rec != NULL) {
7459 value = rec->argus_mar.queue;
7460 sprintf (pbuf, "%u", value);
7461 } else
7462 bzero(pbuf, sizeof(pbuf));
7463
7464 if (parser->ArgusPrintXml) {
7465 } else {
7466 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
7467 len = strlen(pbuf);
7468 } else {
7469 if (strlen(pbuf) > len) {
7470 pbuf[len - 1] = '*';
7471 pbuf[len] = '\0';
7472 }
7473 }
7474 sprintf (buf, "%*.*s ", len, len, pbuf);
7475 }
7476 break;
7477 }
7478
7479 case ARGUS_EVENT: {
7480 struct ArgusTransportStruct *trans = (void *) argus->dsrs[ARGUS_TRANSPORT_INDEX];
7481 char strbuf[64], *value = NULL;
7482
7483 if (trans != NULL) {
7484 switch (trans->hdr.argus_dsrvl8.qual) {
7485 case ARGUS_TYPE_INT: {
7486 snprintf (strbuf, sizeof(strbuf), "%d", trans->srcid.a_un.value);
7487 value = strdup(strbuf);
7488 break;
7489 }
7490 case ARGUS_TYPE_IPV4: {
7491 char *format = NULL;
7492 if (parser->RaPrintAlgorithmList[parser->RaPrintIndex] != NULL)
7493 format = parser->RaPrintAlgorithmList[parser->RaPrintIndex]->format;
7494
7495 if ((format != NULL) && (strlen(format) > 0)) {
7496 unsigned int naddr = *(unsigned int *)&trans->srcid.a_un.ipv4;
7497 snprintf (strbuf, 64, format, naddr);
7498 value = strdup(strbuf);
7499
7500 } else
7501 value = strdup(ArgusGetName(parser, (u_char *)&trans->srcid.a_un.ipv4));
7502 break;
7503 }
7504
7505 case ARGUS_TYPE_STRING: value = ArgusGetString(parser, (u_char *)&trans->srcid.a_un.str, 4); break;
7506 /*
7507 case ARGUS_TYPE_IPV6: value = ArgusGetV6Name(parser, (u_char *)&trans->srcid.ipv6); break;
7508 case ARGUS_TYPE_ETHER: value = ArgusGetEtherName(parser, (u_char *)&trans->srcid.ether); break;
7509 */
7510 }
7511 }
7512
7513 if (value != NULL) {
7514 if (parser->ArgusPrintXml) {
7515 sprintf (buf, " SrcAddr = \"%s\"", value);
7516 } else {
7517 switch (parser->RaFieldWidth) {
7518 case RA_FIXED_WIDTH:
7519 if (strlen(value) > len) {
7520 value[len - 1] = '*';
7521 value[len] = '\0';
7522 }
7523 sprintf (buf, "%*.*s ", len, len, value);
7524 break;
7525 default:
7526 sprintf (buf, "%s ", value);
7527 break;
7528 }
7529 }
7530 free(value);
7531 }
7532 break;
7533 }
7534
7535 case ARGUS_NETFLOW:
7536 case ARGUS_FAR: {
7537 if ((flow = (void *)argus->dsrs[ARGUS_FLOW_INDEX]) != NULL) {
7538 switch (flow->hdr.subtype & 0x3F) {
7539 case ARGUS_FLOW_CLASSIC5TUPLE:
7540 case ARGUS_FLOW_LAYER_3_MATRIX: {
7541 switch (type = (flow->hdr.argus_dsrvl8.qual & 0x1F)) {
7542 case ARGUS_TYPE_IPV4:
7543 addr = &flow->ip_flow.ip_src;
7544 if (flow->hdr.argus_dsrvl8.qual & ARGUS_FRAGMENT)
7545 masklen = 32;
7546 else
7547 masklen = flow->ip_flow.smask;
7548 objlen = 4;
7549 break;
7550 case ARGUS_TYPE_IPV6:
7551 addr = &flow->ipv6_flow.ip_src;
7552 if (flow->hdr.argus_dsrvl8.qual & ARGUS_FRAGMENT)
7553 masklen = 128;
7554 else
7555 masklen = flow->ipv6_flow.smask;
7556 objlen = 16;
7557 break;
7558
7559 case ARGUS_TYPE_RARP:
7560 type = ARGUS_TYPE_ETHER;
7561 addr = &flow->lrarp_flow.tareaddr;
7562 objlen = 6;
7563 break;
7564 case ARGUS_TYPE_ARP:
7565 type = ARGUS_TYPE_IPV4;
7566 addr = &flow->larp_flow.arp_spa;
7567 objlen = 4;
7568 break;
7569 case ARGUS_TYPE_ETHER:
7570 addr = &flow->mac_flow.mac_union.ether.ehdr.ether_shost;
7571 objlen = 6;
7572 break;
7573 case ARGUS_TYPE_WLAN:
7574 type = ARGUS_TYPE_ETHER;
7575 addr = &flow->wlan_flow.shost;
7576 objlen = 6;
7577 break;
7578
7579 case ARGUS_TYPE_ISIS: {
7580 type = ARGUS_TYPE_ISIS;
7581 switch (flow->isis_flow.pdu_type) {
7582 case L1_LAN_IIH:
7583 case L2_LAN_IIH:
7584 type = ARGUS_TYPE_ISIS;
7585 addr = &flow->isis_flow.isis_un.hello.srcid;
7586 objlen = SYSTEM_ID_LEN;
7587 break;
7588
7589 case L1_CSNP:
7590 case L2_CSNP:
7591 type = ARGUS_TYPE_ISIS;
7592 addr = &flow->isis_flow.isis_un.csnp.srcid;
7593 objlen = NODE_ID_LEN;
7594 break;
7595
7596 case L1_PSNP:
7597 case L2_PSNP:
7598 type = ARGUS_TYPE_ISIS;
7599 addr = &flow->isis_flow.isis_un.psnp.srcid;
7600 objlen = NODE_ID_LEN;
7601 break;
7602
7603 case L1_LSP:
7604 case L2_LSP:
7605 type = ARGUS_TYPE_ISIS;
7606 addr = &flow->isis_flow.isis_un.lsp.lspid;
7607 objlen = LSP_ID_LEN;
7608 break;
7609 }
7610 break;
7611 }
7612 }
7613 break;
7614 }
7615
7616 case ARGUS_FLOW_ARP: {
7617 switch (type = (flow->hdr.argus_dsrvl8.qual & 0x1F)) {
7618 case ARGUS_TYPE_RARP:
7619 type = ARGUS_TYPE_ETHER;
7620 addr = &flow->rarp_flow.dhaddr;
7621 objlen = 6;
7622 break;
7623
7624 case ARGUS_TYPE_ARP:
7625 type = ARGUS_TYPE_IPV4;
7626 addr = &flow->arp_flow.arp_spa;
7627 objlen = 4;
7628 break;
7629 }
7630 break;
7631 }
7632
7633 default:
7634 break;
7635 }
7636 }
7637
7638 ArgusPrintAddr (parser, buf, type, addr, objlen, masklen, len, ARGUS_SRC);
7639 break;
7640 }
7641 }
7642
7643 #ifdef ARGUSDEBUG
7644 ArgusDebug (10, "ArgusPrintSrcAddr (%p, %p)", buf, argus);
7645 #endif
7646 }
7647
7648 void
ArgusPrintLocalAddr(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)7649 ArgusPrintLocalAddr (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
7650 {
7651 sprintf (buf, "%*.*s ", len, len, " ");
7652 #ifdef ARGUSDEBUG
7653 ArgusDebug (10, "ArgusPrintLocalAddr (%p, %p)", buf, argus);
7654 #endif
7655 }
7656
7657 void
ArgusPrintLocalNet(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)7658 ArgusPrintLocalNet (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
7659 {
7660 sprintf (buf, "%*.*s ", len, len, " ");
7661 #ifdef ARGUSDEBUG
7662 ArgusDebug (10, "ArgusPrintLocalNet (%p, %p)", buf, argus);
7663 #endif
7664 }
7665
7666 void
ArgusPrintDstNet(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)7667 ArgusPrintDstNet (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
7668 {
7669 struct ArgusFlow *flow;
7670 unsigned int naddr;
7671 void *addr = NULL;
7672 int objlen = 0, type = 0;
7673 char masklen = 0;
7674
7675 switch (argus->hdr.type & 0xF0) {
7676 case ARGUS_MAR: {
7677 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
7678 unsigned int value = 0;
7679 char pbuf[32];
7680
7681 if (rec != NULL) {
7682 value = rec->argus_mar.queue;
7683 sprintf (pbuf, "%u", value);
7684 } else
7685 bzero(pbuf, sizeof(pbuf));
7686
7687 if (parser->ArgusPrintXml) {
7688 } else {
7689 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
7690 len = strlen(pbuf);
7691 } else {
7692 if (strlen(pbuf) > len) {
7693 pbuf[len - 1] = '*';
7694 pbuf[len] = '\0';
7695 }
7696 }
7697 sprintf (buf, "%*.*s ", len, len, pbuf);
7698 }
7699 break;
7700 }
7701
7702 case ARGUS_EVENT:
7703 case ARGUS_NETFLOW:
7704 case ARGUS_FAR: {
7705 if ((flow = (void *)argus->dsrs[ARGUS_FLOW_INDEX]) != NULL) {
7706 switch (flow->hdr.subtype & 0x3F) {
7707
7708 case ARGUS_FLOW_CLASSIC5TUPLE:
7709 case ARGUS_FLOW_LAYER_3_MATRIX: {
7710 switch (type = (flow->hdr.argus_dsrvl8.qual & 0x1F)) {
7711 case ARGUS_TYPE_IPV4:
7712 naddr = flow->ip_flow.ip_dst;
7713 naddr &= ipaddrtonetmask(naddr);
7714 addr = &naddr;
7715 objlen = 4;
7716 break;
7717 case ARGUS_TYPE_IPV6:
7718 addr = &flow->ipv6_flow.ip_dst;
7719 objlen = 16;
7720 break;
7721 case ARGUS_TYPE_RARP:
7722 type = ARGUS_TYPE_ETHER;
7723 addr = &flow->lrarp_flow.srceaddr;
7724 objlen = 6;
7725 break;
7726 case ARGUS_TYPE_ARP:
7727 type = ARGUS_TYPE_IPV4;
7728 addr = &flow->larp_flow.arp_tpa;
7729 objlen = 4;
7730 break;
7731 case ARGUS_TYPE_ETHER:
7732 addr = &flow->mac_flow.mac_union.ether.ehdr.ether_dhost;
7733 objlen = 6;
7734 break;
7735 case ARGUS_TYPE_WLAN:
7736 type = ARGUS_TYPE_ETHER;
7737 addr = &flow->wlan_flow.dhost;
7738 objlen = 6;
7739 break;
7740 }
7741 break;
7742 }
7743 case ARGUS_FLOW_ARP: {
7744 switch (type = (flow->hdr.argus_dsrvl8.qual & 0x1F)) {
7745 case ARGUS_TYPE_RARP:
7746 type = ARGUS_TYPE_ETHER;
7747 addr = &flow->rarp_flow.shaddr;
7748 objlen = 6;
7749 break;
7750
7751 case ARGUS_TYPE_ARP:
7752 type = ARGUS_TYPE_IPV4;
7753 addr = &flow->arp_flow.haddr;
7754 objlen = 4;
7755 break;
7756 }
7757 break;
7758 }
7759
7760 default:
7761 break;
7762 }
7763 }
7764
7765 ArgusPrintAddr (parser, buf, type, addr, objlen, masklen, len, ARGUS_DST);
7766 break;
7767 }
7768 }
7769
7770 #ifdef ARGUSDEBUG
7771 ArgusDebug (10, "ArgusPrintDstNet (%p, %p)", buf, argus);
7772 #endif
7773 }
7774
7775
7776 void
ArgusPrintDstAddr(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)7777 ArgusPrintDstAddr (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
7778 {
7779 struct ArgusFlow *flow;
7780 void *addr = NULL;
7781 int objlen = 0, type = 0;
7782 unsigned char masklen = 0;
7783
7784 switch (argus->hdr.type & 0xF0) {
7785 case ARGUS_MAR: {
7786 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
7787 unsigned int value = 0;
7788 char pbuf[32];
7789 if (rec != NULL) {
7790 value = rec->argus_mar.bufs;
7791 sprintf (pbuf, "%u", value);
7792 } else
7793 bzero(pbuf, sizeof(pbuf));
7794
7795 if (parser->ArgusPrintXml) {
7796 } else {
7797 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
7798 len = strlen(pbuf);
7799 } else {
7800 if (strlen(pbuf) > len) {
7801 pbuf[len - 1] = '*';
7802 pbuf[len] = '\0';
7803 }
7804 }
7805 sprintf (buf, "%*.*s ", len, len, pbuf);
7806 }
7807 break;
7808 }
7809
7810 case ARGUS_EVENT: {
7811 break;
7812 }
7813
7814 case ARGUS_NETFLOW:
7815 case ARGUS_FAR: {
7816 if (((flow = (void *)argus->dsrs[ARGUS_FLOW_INDEX]) != NULL)) {
7817 switch (flow->hdr.subtype & 0x3F) {
7818 case ARGUS_FLOW_CLASSIC5TUPLE:
7819 case ARGUS_FLOW_LAYER_3_MATRIX: {
7820 switch (type = (flow->hdr.argus_dsrvl8.qual & 0x1F)) {
7821 case ARGUS_TYPE_IPV4:
7822 addr = &flow->ip_flow.ip_dst;
7823 if (flow->hdr.argus_dsrvl8.qual & ARGUS_FRAGMENT)
7824 masklen = 32;
7825 else
7826 masklen = flow->ip_flow.dmask;
7827 objlen = 4;
7828 break;
7829 case ARGUS_TYPE_IPV6:
7830 addr = &flow->ipv6_flow.ip_dst;
7831 if (flow->hdr.argus_dsrvl8.qual & ARGUS_FRAGMENT)
7832 masklen = 32;
7833 else
7834 masklen = flow->ipv6_flow.dmask;
7835 objlen = 16;
7836 break;
7837 case ARGUS_TYPE_RARP:
7838 type = ARGUS_TYPE_ETHER;
7839 addr = &flow->lrarp_flow.srceaddr;
7840 objlen = 6;
7841 break;
7842 case ARGUS_TYPE_ARP:
7843 type = ARGUS_TYPE_IPV4;
7844 addr = &flow->larp_flow.arp_tpa;
7845 objlen = 4;
7846 break;
7847 case ARGUS_TYPE_ETHER:
7848 addr = &flow->mac_flow.mac_union.ether.ehdr.ether_dhost;
7849 objlen = 6;
7850 break;
7851 case ARGUS_TYPE_WLAN:
7852 type = ARGUS_TYPE_ETHER;
7853 addr = &flow->wlan_flow.dhost;
7854 objlen = 6;
7855 break;
7856
7857 case ARGUS_TYPE_ISIS: {
7858 switch (flow->isis_flow.pdu_type) {
7859 case L1_LAN_IIH:
7860 case L2_LAN_IIH:
7861 type = ARGUS_TYPE_ISIS;
7862 addr = &flow->isis_flow.isis_un.hello.lanid;
7863 objlen = NODE_ID_LEN;
7864 break;
7865
7866 case L1_LSP:
7867 case L2_LSP:
7868 type = ARGUS_TYPE_INT;
7869 addr = &flow->isis_flow.isis_un.lsp.seqnum;
7870 objlen = 4;
7871 break;
7872
7873 case L1_CSNP:
7874 case L2_CSNP:
7875 case L1_PSNP:
7876 case L2_PSNP:
7877 addr = NULL;
7878 break;
7879 }
7880 break;
7881 }
7882 }
7883 break;
7884 }
7885 case ARGUS_FLOW_ARP: {
7886 switch (type = (flow->hdr.argus_dsrvl8.qual & 0x1F)) {
7887 case ARGUS_TYPE_RARP:
7888 type = ARGUS_TYPE_ETHER;
7889 addr = &flow->rarp_flow.shaddr;
7890 objlen = 6;
7891 break;
7892
7893 case ARGUS_TYPE_ARP:
7894 type = ARGUS_TYPE_IPV4;
7895 addr = &flow->arp_flow.arp_tpa;
7896 objlen = 4;
7897 break;
7898 }
7899 break;
7900 }
7901 }
7902 }
7903
7904 ArgusPrintAddr (parser, buf, type, addr, objlen, masklen, len, ARGUS_DST);
7905 break;
7906 }
7907 }
7908
7909 #ifdef ARGUSDEBUG
7910 ArgusDebug (10, "ArgusPrintDstAddr (%p, %p)", buf, argus);
7911 #endif
7912 }
7913
7914 void
ArgusPrintRemoteAddr(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)7915 ArgusPrintRemoteAddr (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
7916 {
7917 sprintf (buf, "%*.*s ", len, len, " ");
7918 #ifdef ARGUSDEBUG
7919 ArgusDebug (10, "ArgusPrintRemoteAddr (%p, %p)", buf, argus);
7920 #endif
7921 }
7922
7923 void
ArgusPrintRemoteNet(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)7924 ArgusPrintRemoteNet (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
7925 {
7926 sprintf (buf, "%*.*s ", len, len, " ");
7927 #ifdef ARGUSDEBUG
7928 ArgusDebug (10, "ArgusPrintRemoteNet (%p, %p)", buf, argus);
7929 #endif
7930 }
7931
7932
7933 /* shared routine for printing system, node and lsp-ids */
7934 static char *
isis_print_id(const u_int8_t * cp,int id_len)7935 isis_print_id(const u_int8_t *cp, int id_len)
7936 {
7937 int i;
7938 static char id[sizeof("xxxx.xxxx.xxxx.yy-zz")];
7939 char *pos = id;
7940
7941 for (i = 1; i <= SYSTEM_ID_LEN; i++) {
7942 snprintf(pos, sizeof(id) - (pos - id), "%02x", *cp++);
7943
7944 pos += strlen(pos);
7945 if (i == 2 || i == 4)
7946 *pos++ = '.';
7947 }
7948 if (id_len >= NODE_ID_LEN) {
7949 snprintf(pos, sizeof(id) - (pos - id), ".%02x", *cp++);
7950 pos += strlen(pos);
7951 }
7952 if (id_len == LSP_ID_LEN)
7953 snprintf(pos, sizeof(id) - (pos - id), "-%02x", *cp);
7954
7955 return (id);
7956 }
7957
7958
7959 #define ARGUS_INODE 0x03
7960
7961 void
ArgusPrintAddr(struct ArgusParserStruct * parser,char * buf,int type,void * addr,int objlen,unsigned char masklen,int len,int dir)7962 ArgusPrintAddr (struct ArgusParserStruct *parser, char *buf, int type, void *addr, int objlen, unsigned char masklen, int len, int dir)
7963 {
7964 char addrbuf[128], *addrstr = NULL;
7965 char *dirstr, *dptr = NULL;
7966
7967 switch (dir) {
7968 case ARGUS_SRC: dirstr = "Src"; break;
7969 case ARGUS_DST: dirstr = "Dst"; break;
7970 case ARGUS_INODE: dirstr = "Inode"; break;
7971 }
7972
7973 if (addr != NULL) {
7974 char *format = NULL;
7975
7976 if (parser->RaPrintAlgorithmList[parser->RaPrintIndex] != NULL)
7977 format = parser->RaPrintAlgorithmList[parser->RaPrintIndex]->format;
7978
7979 switch (type) {
7980 case ARGUS_TYPE_IPV4:
7981 if (parser->status & ARGUS_PRINTNET) {
7982 unsigned int naddr = (*(unsigned int *)addr & ipaddrtonetmask(*(unsigned int *)addr));
7983
7984 if ((format != NULL) && (strlen(format) > 0)) {
7985 snprintf (addrbuf, sizeof(addrbuf), format, naddr);
7986 addrstr = addrbuf;
7987
7988 } else
7989 addrstr = ArgusGetName (parser, (unsigned char *)&naddr);
7990
7991 } else {
7992 if ((format != NULL) && (strlen(format) > 0)) {
7993 unsigned int naddr = *(unsigned int *)addr;
7994 snprintf (addrbuf, sizeof(addrbuf), format, naddr);
7995 addrstr = addrbuf;
7996
7997 } else
7998 addrstr = ArgusGetName (parser, (unsigned char *)addr);
7999
8000 switch (parser->cidrflag) {
8001 case RA_ENABLE_CIDR_ADDRESS_FORMAT:
8002 if ((masklen == 32) || (masklen == 0))
8003 break;
8004
8005 // deliberately fall through
8006 case RA_STRICT_CIDR_ADDRESS_FORMAT:
8007 sprintf(addrbuf, "%s/%d", addrstr, masklen);
8008 addrstr = addrbuf;
8009 }
8010 }
8011 break;
8012
8013 case ARGUS_TYPE_IPV6: {
8014 if ((format != NULL) && (strlen(format) > 0)) {
8015 char bbuf[64], *tptr = bbuf;
8016 sprint128(tptr, format, (uint128 *)addr);
8017 snprintf (addrbuf, sizeof(addrbuf), "%s", tptr);
8018 addrstr = addrbuf;
8019 } else
8020 addrstr = ArgusGetV6Name (parser, (unsigned char *)addr);
8021
8022 switch (parser->cidrflag) {
8023 case RA_ENABLE_CIDR_ADDRESS_FORMAT:
8024 if ((masklen == 128) || (masklen == 0))
8025 break;
8026
8027 // deliberately fall through
8028 case RA_STRICT_CIDR_ADDRESS_FORMAT:
8029 sprintf(addrbuf, "%s/%d", addrstr, masklen);
8030 addrstr = addrbuf;
8031 }
8032
8033 break;
8034 }
8035
8036 case ARGUS_TYPE_ARP:
8037 case ARGUS_TYPE_RARP:
8038 case ARGUS_TYPE_ETHER:
8039 addrstr = etheraddr_string (parser, (unsigned char *) addr);
8040 break;
8041
8042 case ARGUS_TYPE_INT:
8043 sprintf (addrbuf, "0x%08x", *(unsigned int *)addr);
8044 addrstr = addrbuf;
8045 break;
8046
8047
8048 case ARGUS_TYPE_ISIS:
8049 addrstr = isis_print_id ((unsigned char *) addr, objlen);
8050 break;
8051 }
8052 }
8053
8054 if (parser->domainonly) {
8055 char *tptr = addrstr;
8056 dptr = addrstr;
8057
8058 while (tptr && (strlen(tptr) > len))
8059 if ((tptr = strchr(tptr, (int) '.')) != NULL)
8060 tptr++;
8061 if (dptr != tptr)
8062 addrstr = tptr;
8063 }
8064
8065 if (parser->ArgusPrintXml) {
8066 sprintf (buf, " %sAddr = \"%s\"", dirstr, addrstr);
8067 } else {
8068 if (len != 0) {
8069 switch (parser->RaFieldWidth) {
8070 case RA_FIXED_WIDTH:
8071 if (addrstr && (len < strlen(addrstr))) {
8072 if (parser->domainonly) {
8073 char *tptr = addrstr;
8074 while (tptr && (strlen(tptr) > len))
8075 if ((tptr = strchr(tptr, (int) '.')) != NULL)
8076 tptr++;
8077 if (tptr)
8078 sprintf (buf, "%*.*s ", len, len, tptr);
8079 else
8080 sprintf (buf, "%*.*s* ", len-1, len-1, (addrstr != NULL ? addrstr : ""));
8081 } else
8082 sprintf (buf, "%*.*s* ", len-1, len-1, (addrstr != NULL ? addrstr : ""));
8083 } else
8084 sprintf (buf, "%*.*s ", len, len, (addrstr != NULL ? addrstr : ""));
8085 break;
8086 default:
8087 sprintf (buf, "%s ", addrstr);
8088 break;
8089 }
8090
8091 } else
8092 sprintf (buf, "%s ", (addrstr != NULL ? addrstr : ""));
8093 }
8094
8095 #ifdef ARGUSDEBUG
8096 ArgusDebug (10, "ArgusPrintAddr (%p, %p, %d, %p, %d, %d)", parser, buf, type, addr, objlen, len, dir);
8097 #endif
8098 }
8099
8100
8101 void
ArgusPrintSrcPort(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)8102 ArgusPrintSrcPort (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
8103 {
8104 switch (argus->hdr.type & 0xF0) {
8105 case ARGUS_MAR: {
8106 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
8107 unsigned int value = 0;
8108 char pbuf[32];
8109
8110 if (rec != NULL) {
8111 value = rec->argus_mar.dropped;
8112 sprintf (pbuf, "%u", value);
8113 } else
8114 bzero(pbuf, sizeof(pbuf));
8115
8116 if (parser->ArgusPrintXml) {
8117 } else {
8118 switch (parser->RaFieldWidth) {
8119 case RA_FIXED_WIDTH:
8120 if (strlen(pbuf) > len) {
8121 pbuf[len - 1] = '*';
8122 pbuf[len] = '\0';
8123 }
8124 sprintf (buf, "%*.*s ", len, len, pbuf);
8125 break;
8126 default:
8127 sprintf (buf, "%u ", value);
8128 break;
8129 }
8130 }
8131 break;
8132 }
8133
8134 case ARGUS_EVENT:
8135 case ARGUS_NETFLOW:
8136 case ARGUS_FAR: {
8137 struct ArgusFlow *flow;
8138 int type, done = 0;
8139 u_char proto;
8140
8141 if (((flow = (void *)argus->dsrs[ARGUS_FLOW_INDEX]) != NULL)) {
8142 switch (flow->hdr.subtype & 0x3F) {
8143 case ARGUS_FLOW_CLASSIC5TUPLE: {
8144 switch (type = (flow->hdr.argus_dsrvl8.qual & 0x1F)) {
8145 case ARGUS_TYPE_IPV4:
8146 proto = flow->ip_flow.ip_p;
8147 switch (proto) {
8148 case IPPROTO_TCP:
8149 case IPPROTO_UDP:
8150 case IPPROTO_ICMP:
8151 ArgusPrintPort (parser, buf, argus, type, proto, flow->ip_flow.sport, len, ARGUS_SRC);
8152 done++;
8153 break;
8154 }
8155 break;
8156
8157 case ARGUS_TYPE_IPV6:
8158 switch (proto = flow->ipv6_flow.ip_p) {
8159 case IPPROTO_TCP:
8160 case IPPROTO_UDP:
8161 ArgusPrintPort (parser, buf, argus, type, proto, flow->ipv6_flow.sport, len, ARGUS_SRC);
8162 done++;
8163 break;
8164
8165 case IPPROTO_ICMPV6:
8166 ArgusPrintPort (parser, buf, argus, type, proto, flow->icmpv6_flow.type, len, ARGUS_SRC);
8167 done++;
8168 break;
8169 }
8170 break;
8171
8172 case ARGUS_TYPE_ETHER:
8173 ArgusPrintPort (parser, buf, argus, type, ARGUS_TYPE_ETHER, flow->mac_flow.mac_union.ether.ssap, len, ARGUS_SRC);
8174 done++;
8175 break;
8176
8177 case ARGUS_TYPE_ARP:
8178 case ARGUS_TYPE_RARP: {
8179 if (parser->ArgusPrintXml) {
8180 } else
8181 sprintf (buf, "%-*.*s ", len, len, " ");
8182 done++;
8183 break;
8184 }
8185 }
8186 break;
8187 }
8188 }
8189 }
8190
8191 if (!done) {
8192 if (parser->ArgusPrintXml) {
8193 sprintf (buf, " SrcPort = \"\"");
8194 } else
8195 sprintf (buf, "%*s ", len, " ");
8196 }
8197 break;
8198 }
8199 }
8200
8201 #ifdef ARGUSDEBUG
8202 ArgusDebug (10, "ArgusPrintSrcPort (%p, %p)", buf, argus);
8203 #endif
8204 }
8205
8206 void
ArgusPrintDstPort(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)8207 ArgusPrintDstPort (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
8208 {
8209 switch (argus->hdr.type & 0xF0) {
8210 case ARGUS_MAR: {
8211 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
8212 unsigned int value = 0;
8213 char pbuf[32];
8214
8215 if (rec != NULL) {
8216 value = rec->argus_mar.clients;
8217 sprintf (pbuf, "%u", value);
8218 } else
8219 bzero(pbuf, sizeof(pbuf));
8220
8221 if (parser->ArgusPrintXml) {
8222 } else {
8223 switch (parser->RaFieldWidth) {
8224 case RA_FIXED_WIDTH:
8225 if (strlen(pbuf) > len) {
8226 pbuf[len - 1] = '*';
8227 pbuf[len] = '\0';
8228 }
8229 sprintf (buf, "%*.*s ", len, len, pbuf);
8230 break;
8231 default:
8232 sprintf (buf, "%u ", value);
8233 break;
8234 }
8235 }
8236 break;
8237 }
8238
8239 case ARGUS_EVENT:
8240 case ARGUS_NETFLOW:
8241 case ARGUS_FAR: {
8242 struct ArgusFlow *flow;
8243 int type, done = 0;
8244 u_char proto;
8245
8246 if (((flow = (void *)argus->dsrs[ARGUS_FLOW_INDEX]) != NULL)) {
8247 switch (flow->hdr.subtype & 0x3F) {
8248 case ARGUS_FLOW_CLASSIC5TUPLE: {
8249 switch (type = (flow->hdr.argus_dsrvl8.qual & 0x1F)) {
8250 case ARGUS_TYPE_IPV4:
8251 proto = flow->ip_flow.ip_p;
8252 switch (flow->ip_flow.ip_p) {
8253 case IPPROTO_TCP:
8254 case IPPROTO_UDP:
8255 case IPPROTO_ICMP:
8256 ArgusPrintPort (parser, buf, argus, type, proto, flow->ip_flow.dport, len, ARGUS_DST);
8257 done++;
8258 break;
8259
8260 case IPPROTO_ESP:
8261 ArgusPrintEspSpi (parser, buf, argus, type, flow->esp_flow.spi, len);
8262 done++;
8263 break;
8264 }
8265 break;
8266
8267 case ARGUS_TYPE_IPV6:
8268 proto = flow->ipv6_flow.ip_p;
8269 switch (flow->ipv6_flow.ip_p) {
8270 case IPPROTO_TCP:
8271 case IPPROTO_UDP:
8272 ArgusPrintPort (parser, buf, argus, type, proto, flow->ipv6_flow.dport, len, ARGUS_DST);
8273 done++;
8274 break;
8275
8276 case IPPROTO_ICMPV6:
8277 ArgusPrintPort (parser, buf, argus, type, proto, flow->icmpv6_flow.code, len, ARGUS_DST);
8278 done++;
8279 break;
8280
8281 case IPPROTO_ESP:
8282 ArgusPrintEspSpi (parser, buf, argus, type, flow->esp_flow.spi, len);
8283 done++;
8284 break;
8285 }
8286 break;
8287
8288 case ARGUS_TYPE_ETHER:
8289 ArgusPrintPort (parser, buf, argus, type, ARGUS_TYPE_ETHER, flow->mac_flow.mac_union.ether.dsap, len, ARGUS_DST);
8290 done++;
8291 break;
8292
8293 case ARGUS_TYPE_ARP:
8294 case ARGUS_TYPE_RARP:
8295 if (parser->ArgusPrintXml) {
8296 } else {
8297 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
8298 len = strlen(" ");
8299 sprintf (buf, "%*.*s ", len, len, " ");
8300 }
8301 done++;
8302 break;
8303
8304 case ARGUS_TYPE_ISIS: {
8305 char chksum[32];
8306 sprintf (chksum, "0x%x", flow->flow_un.isis.chksum);
8307
8308 if ((parser->RaFieldDelimiter != ' ') && (parser->RaFieldDelimiter != '\0')) {
8309 switch (parser->RaFieldWidth) {
8310 case RA_FIXED_WIDTH:
8311 if (strlen(chksum) > len) {
8312 chksum[len - 1] = '*';
8313 chksum[len] = '\0';
8314 }
8315 sprintf (buf, "%-*.*s%c", len, len, chksum, parser->RaFieldDelimiter);
8316 break;
8317 default:
8318 sprintf (buf, "0x%x%c", flow->flow_un.isis.chksum, parser->RaFieldDelimiter);
8319 break;
8320 }
8321
8322 } else {
8323 if (strlen(chksum) > len)
8324 chksum[len - 1] = '*';
8325 chksum[len] = '\0';
8326 sprintf (buf, "%-*.*s ", len, len, chksum);
8327 }
8328 done++;
8329 break;
8330 }
8331 }
8332 break;
8333 }
8334 }
8335 }
8336
8337 if (!done) {
8338 if (parser->ArgusPrintXml) {
8339 sprintf (buf, " DstPort = \"\"");
8340 } else
8341 sprintf (buf, "%*.*s ", len, len, " ");
8342 }
8343 break;
8344 }
8345 }
8346
8347 #ifdef ARGUSDEBUG
8348 ArgusDebug (10, "ArgusPrintDstPort (%p, %p)", buf, argus);
8349 #endif
8350 }
8351
8352
8353 /*
8354 parser->nflag values represent
8355 0 - "all"
8356 1 - "port"
8357 2 - "proto"
8358 3 - "none"
8359 */
8360
8361 void
ArgusPrintPort(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int type,u_char proto,u_int port,int len,int dir)8362 ArgusPrintPort (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus,
8363 int type, u_char proto, u_int port, int len, int dir)
8364 {
8365 char *dirstr = (dir == ARGUS_SRC) ? "Src" : "Dst";
8366 char *format = NULL;
8367
8368 if (parser->nflag > 1) {
8369 char upbuf[128], *upstr = upbuf;
8370
8371 if (parser->RaPrintAlgorithmList[parser->RaPrintIndex] != NULL)
8372 format = parser->RaPrintAlgorithmList[parser->RaPrintIndex]->format;
8373
8374 if ((format == NULL) || (strlen(format) == 0)) {
8375 switch (proto) {
8376 case IPPROTO_ICMP: format = "0x%4.4x"; break;
8377 default: format = "%d"; break;
8378 }
8379 }
8380
8381 snprintf (upbuf, sizeof(upbuf), format, port);
8382
8383 if (parser->ArgusPrintXml) {
8384 sprintf (buf, " %sPort = \"%s\"", dirstr, upstr);
8385 } else {
8386 switch (parser->RaFieldWidth) {
8387 case RA_FIXED_WIDTH:
8388 sprintf (buf, "%-*s ", len, upstr);
8389 break;
8390 default:
8391 sprintf (buf, "%-s ", upstr);
8392 break;
8393 }
8394 }
8395
8396 } else {
8397 switch (type) {
8398 case ARGUS_TYPE_IPV4:
8399 case ARGUS_TYPE_IPV6:
8400 break;
8401
8402 case ARGUS_TYPE_ETHER: {
8403 char *llcstr = llcsap_string((unsigned char) port);
8404
8405 if (parser->ArgusPrintXml) {
8406 sprintf (buf, " %sEtherLlcSap = \"%s\"", dirstr, llcstr);
8407 } else {
8408 switch (parser->RaFieldWidth) {
8409 case RA_FIXED_WIDTH:
8410 if (strlen(llcstr) > len) {
8411 sprintf (buf, "%-*.*s* ", len-1 , len-1, llcstr);
8412 } else
8413 sprintf (buf, "%-*.*s ", len , len, llcstr);
8414 break;
8415 default:
8416 sprintf (buf, "%s ", llcstr);
8417 break;
8418 }
8419 }
8420 return;
8421 }
8422 }
8423
8424 switch (proto) {
8425 case IPPROTO_TCP: {
8426 char *tpstr = (port > 0) ? tcpport_string(port) : " ";
8427
8428 if (parser->ArgusPrintXml) {
8429 sprintf (buf, " %sPort = \"%s\"", dirstr, tpstr);
8430 } else {
8431 switch (parser->RaFieldWidth) {
8432 case RA_FIXED_WIDTH:
8433 if (strlen(tpstr) > len) {
8434 sprintf (buf, "%-*.*s* ", len-1, len-1, tpstr);
8435 } else
8436 sprintf (buf, "%-*.*s ", len, len, tpstr);
8437 break;
8438 default:
8439 sprintf (buf, "%s ", tpstr);
8440 break;
8441 }
8442 }
8443 break;
8444 }
8445 case IPPROTO_UDP: {
8446 char *upstr = (port > 0) ? udpport_string(port) : " ";
8447 if (parser->ArgusPrintXml) {
8448 sprintf (buf, " %sPort = \"%s\"", dirstr, upstr);
8449 } else
8450 switch (parser->RaFieldWidth) {
8451 case RA_FIXED_WIDTH:
8452 if (strlen(upstr) > len) {
8453 sprintf (buf, "%-*.*s* ", len-1, len-1, upstr);
8454 } else
8455 sprintf (buf, "%-*.*s ", len, len, upstr);
8456 break;
8457 default:
8458 sprintf (buf, "%s ", upstr);
8459 break;
8460 }
8461 break;
8462 }
8463
8464 case IPPROTO_ICMP:
8465 case IPPROTO_ICMPV6: {
8466 char upbuf[32], *upstr = upbuf;
8467 sprintf(upstr, "0x%4.4x", port);
8468
8469 if (parser->ArgusPrintXml) {
8470 sprintf (buf, " %sPort = \"%s\"", dirstr, upstr);
8471 } else
8472 switch (parser->RaFieldWidth) {
8473 case RA_FIXED_WIDTH:
8474 if (strlen(upstr) > len) {
8475 sprintf (buf, "%-*.*s* ", len-1, len-1, upstr);
8476 } else
8477 sprintf (buf, "%-*.*s ", len, len, upstr);
8478 break;
8479 default:
8480 sprintf (buf, "%s ", upstr);
8481 break;
8482 }
8483 break;
8484 }
8485
8486 default:
8487 if (parser->ArgusPrintXml) {
8488 sprintf (buf, " %sPort = \"%u\"", dirstr, port);
8489 } else
8490 switch (parser->RaFieldWidth) {
8491 case RA_FIXED_WIDTH:
8492 sprintf (buf, "%-*u ", len, port);
8493 break;
8494 default:
8495 sprintf (buf, "%u ", port);
8496 break;
8497 }
8498 break;
8499 }
8500 }
8501
8502 #ifdef ARGUSDEBUG
8503 ArgusDebug (10, "ArgusPrintPort (%p, %p, %p, %d, %d, %d)", parser, buf, argus, port, len, dir);
8504 #endif
8505 }
8506
8507
8508
8509 void
ArgusPrintEspSpi(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int type,u_int spi,int len)8510 ArgusPrintEspSpi (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int type, u_int spi, int len)
8511 {
8512 switch (argus->hdr.type & 0xF0) {
8513 case ARGUS_MAR:
8514 break;
8515
8516 case ARGUS_EVENT:
8517 case ARGUS_NETFLOW:
8518 case ARGUS_FAR: {
8519 struct ArgusFlow *flow;
8520
8521 if (((flow = (void *)argus->dsrs[ARGUS_FLOW_INDEX]) != NULL)) {
8522 char spibuf[32];
8523
8524 sprintf (spibuf, "0x%8.8x", spi);
8525 if (strlen(spibuf) > len) {
8526 spibuf[len - 1] = '*';
8527 spibuf[len] = '\0';
8528 }
8529
8530 if (parser->RaSeparateAddrPortWithPeriod) {
8531 if (parser->RaPrintIndex > 0) {
8532 if (parser->RaPrintAlgorithmList[parser->RaPrintIndex - 1]) {
8533 if ((parser->RaPrintAlgorithmList[parser->RaPrintIndex - 1]->print == ArgusPrintSrcAddr) ||
8534 (parser->RaPrintAlgorithmList[parser->RaPrintIndex - 1]->print == ArgusPrintDstAddr))
8535 if (parser->RaFieldDelimiter == '\0')
8536 if (buf[strlen(buf) - 1] == ' ')
8537 buf[strlen(buf) - 1] = '.';
8538 }
8539 }
8540 }
8541
8542 if (parser->ArgusPrintXml) {
8543 sprintf (buf, " EspSpi = \"%s\"", spibuf);
8544 } else {
8545 switch (parser->RaFieldWidth) {
8546 case RA_FIXED_WIDTH:
8547 if (strlen(spibuf) > len) {
8548 sprintf (buf, "%-*.*s* ", len-1, len-1, spibuf);
8549 } else
8550 sprintf (buf, "%-*.*s ", len, len, spibuf);
8551 break;
8552 default:
8553 sprintf (buf, "0x%x ", spi);
8554 break;
8555 }
8556 }
8557 }
8558 break;
8559 }
8560 }
8561
8562 #ifdef ARGUSDEBUG
8563 ArgusDebug (10, "ArgusPrintEspSpi (%p, %p, %p, %d, %d)", parser, buf, argus, spi, len);
8564 #endif
8565 }
8566
8567 void
ArgusPrintSrcIpId(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)8568 ArgusPrintSrcIpId (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
8569 {
8570 struct ArgusIPAttrStruct *attr = (struct ArgusIPAttrStruct *)argus->dsrs[ARGUS_IPATTR_INDEX];
8571 char ipidbuf[8];
8572
8573 bzero (ipidbuf, sizeof(ipidbuf));
8574
8575 if (attr != NULL)
8576 if (attr->hdr.argus_dsrvl8.qual & ARGUS_IPATTR_SRC)
8577 sprintf (ipidbuf, "0x%04x", attr->src.ip_id);
8578
8579 if (parser->ArgusPrintXml) {
8580 sprintf (buf, " SrcIpId = \"%s\"", ipidbuf);
8581 } else
8582 switch (parser->RaFieldWidth) {
8583 case RA_FIXED_WIDTH:
8584 if (strlen(ipidbuf) > len) {
8585 sprintf (buf, "%*.*s* ", len-1, len-1, ipidbuf);
8586 } else
8587 sprintf (buf, "%*.*s ", len, len, ipidbuf);
8588 break;
8589 default:
8590 sprintf (buf, "%s ", ipidbuf);
8591 break;
8592 }
8593
8594 #ifdef ARGUSDEBUG
8595 ArgusDebug (10, "ArgusPrintSrcIpId (%p, %p)", buf, argus);
8596 #endif
8597 }
8598
8599 void
ArgusPrintDstIpId(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)8600 ArgusPrintDstIpId (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
8601 {
8602 struct ArgusIPAttrStruct *attr = (struct ArgusIPAttrStruct *)argus->dsrs[ARGUS_IPATTR_INDEX];
8603 char ipidbuf[8];
8604
8605 bzero (ipidbuf, sizeof(ipidbuf));
8606
8607 if (attr != NULL)
8608 if (attr->hdr.argus_dsrvl8.qual & ARGUS_IPATTR_DST)
8609 sprintf (ipidbuf, "0x%04x", attr->dst.ip_id);
8610
8611 if (parser->ArgusPrintXml) {
8612 sprintf (buf, " DstIpId = \"%s\"", ipidbuf);
8613 } else
8614 switch (parser->RaFieldWidth) {
8615 case RA_FIXED_WIDTH:
8616 if (strlen(ipidbuf) > len) {
8617 sprintf (buf, "%*.*s* ", len-1, len-1, ipidbuf);
8618 } else
8619 sprintf (buf, "%*.*s ", len, len, ipidbuf);
8620 break;
8621 default:
8622 sprintf (buf, "%s ", ipidbuf);
8623 break;
8624 }
8625
8626 #ifdef ARGUSDEBUG
8627 ArgusDebug (10, "ArgusPrintDstIpId (%p, %p)", buf, argus);
8628 #endif
8629 }
8630
8631
8632 char *argus_dscodes[0x100];
8633
8634 void
ArgusPrintSrcDSByte(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)8635 ArgusPrintSrcDSByte (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
8636 {
8637 int tos;
8638 struct ArgusIPAttrStruct *attr = (struct ArgusIPAttrStruct *)argus->dsrs[ARGUS_IPATTR_INDEX];
8639 char obuf[32];
8640
8641 bzero(obuf, sizeof(obuf));
8642 switch (argus->hdr.type & 0xF0) {
8643 case ARGUS_MAR:
8644 break;
8645
8646 case ARGUS_EVENT:
8647 case ARGUS_NETFLOW:
8648 case ARGUS_FAR: {
8649 if ((attr != NULL) && (attr->hdr.argus_dsrvl8.qual & ARGUS_IPATTR_SRC)) {
8650 tos = (attr->src.tos >> 2);
8651 if (!(parser->nflag > 2) && (argus_dscodes[tos] != NULL)) {
8652 sprintf (obuf, "%s", argus_dscodes[tos]);
8653 } else {
8654 sprintf (obuf, "%2d", tos);
8655 }
8656 }
8657 break;
8658 }
8659 }
8660
8661 if (parser->ArgusPrintXml) {
8662 sprintf (buf, " SrcDSByte = \"%s\"", obuf);
8663 } else {
8664 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
8665 len = strlen(obuf);
8666 else {
8667 if (strlen(obuf) > len) {
8668 obuf[len - 1] = '*';
8669 obuf[len] = '\0';
8670 }
8671 }
8672 sprintf (buf, "%*.*s ", len, len, obuf);
8673 }
8674
8675 #ifdef ARGUSDEBUG
8676 ArgusDebug (10, "ArgusPrintSrcDSByte (%p, %p)", buf, argus);
8677 #endif
8678 }
8679
8680 void
ArgusPrintDstDSByte(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)8681 ArgusPrintDstDSByte (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
8682 {
8683 int tos;
8684 struct ArgusIPAttrStruct *attr = (struct ArgusIPAttrStruct *)argus->dsrs[ARGUS_IPATTR_INDEX];
8685 char obuf[32];
8686
8687 bzero (obuf, sizeof(obuf));
8688 switch (argus->hdr.type & 0xF0) {
8689 case ARGUS_MAR:
8690 break;
8691
8692 case ARGUS_EVENT:
8693 case ARGUS_NETFLOW:
8694 case ARGUS_FAR: {
8695 if ((attr != NULL) && (attr->hdr.argus_dsrvl8.qual & ARGUS_IPATTR_DST)) {
8696 tos = (attr->dst.tos >> 2);
8697 if (!(parser->nflag > 2) && (argus_dscodes[tos] != NULL)) {
8698 sprintf (obuf, "%s", argus_dscodes[tos]);
8699 } else {
8700 sprintf (obuf, "%2d", tos);
8701 }
8702 }
8703 break;
8704 }
8705 }
8706
8707 if (parser->ArgusPrintXml) {
8708 sprintf (buf, " DstDSByte = \"%s\"", obuf);
8709 } else {
8710 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
8711 len = strlen(obuf);
8712 else {
8713 if (strlen(obuf) > len) {
8714 obuf[len - 1] = '*';
8715 obuf[len] = '\0';
8716 }
8717 }
8718 sprintf (buf, "%*.*s ", len, len, obuf);
8719 }
8720
8721 #ifdef ARGUSDEBUG
8722 ArgusDebug (10, "ArgusPrintDstDSByte (%p, %p)", buf, argus);
8723 #endif
8724 }
8725
8726 void
ArgusPrintSrcTos(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)8727 ArgusPrintSrcTos (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
8728 {
8729 struct ArgusIPAttrStruct *attr = (struct ArgusIPAttrStruct *)argus->dsrs[ARGUS_IPATTR_INDEX];
8730 char obuf[32];
8731
8732 bzero(obuf, sizeof(obuf));
8733
8734 switch (argus->hdr.type & 0xF0) {
8735 case ARGUS_MAR:
8736 break;
8737
8738 case ARGUS_EVENT:
8739 case ARGUS_NETFLOW:
8740 case ARGUS_FAR:
8741 if ((attr != NULL) && (attr->hdr.argus_dsrvl8.qual & ARGUS_IPATTR_SRC))
8742 sprintf (obuf, "%d", attr->src.tos);
8743 break;
8744 }
8745
8746 if (parser->ArgusPrintXml) {
8747 sprintf (buf, " SrcTos = \"%s\"", obuf);
8748 } else {
8749 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
8750 len = strlen(obuf);
8751 else {
8752 if (strlen(obuf) > len) {
8753 obuf[len - 1] = '*';
8754 obuf[len] = '\0';
8755 }
8756 }
8757 sprintf (buf, "%*.*s ", len, len, obuf);
8758 }
8759
8760 #ifdef ARGUSDEBUG
8761 ArgusDebug (10, "ArgusPrintSrcTos (%p, %p)", buf, argus);
8762 #endif
8763 }
8764
8765 void
ArgusPrintDstTos(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)8766 ArgusPrintDstTos (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
8767 {
8768 struct ArgusIPAttrStruct *attr = (struct ArgusIPAttrStruct *)argus->dsrs[ARGUS_IPATTR_INDEX];
8769 char obuf[32];
8770
8771 bzero(obuf, sizeof(obuf));
8772
8773 switch (argus->hdr.type & 0xF0) {
8774 case ARGUS_MAR:
8775 break;
8776
8777 case ARGUS_EVENT:
8778 case ARGUS_NETFLOW:
8779 case ARGUS_FAR:
8780 if ((attr != NULL) && (attr->hdr.argus_dsrvl8.qual & ARGUS_IPATTR_DST))
8781 sprintf (obuf, "%d", attr->dst.tos);
8782 break;
8783 }
8784
8785 if (parser->ArgusPrintXml) {
8786 sprintf (buf, " DstTos = \"%s\"", obuf);
8787 } else {
8788 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
8789 len = strlen(obuf);
8790 else {
8791 if (strlen(obuf) > len) {
8792 obuf[len - 1] = '*';
8793 obuf[len] = '\0';
8794 }
8795 }
8796 sprintf (buf, "%*.*s ", len, len, obuf);
8797 }
8798
8799 #ifdef ARGUSDEBUG
8800 ArgusDebug (10, "ArgusPrintDstTos (%p, %p)", buf, argus);
8801 #endif
8802 }
8803
8804 /*
8805 void
8806 ArgusPrintTos (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
8807 {
8808 ArgusPrintSrcTos (parser, buf, argus);
8809 ArgusPrintDstTos (parser, buf, argus);
8810
8811 #ifdef ARGUSDEBUG
8812 ArgusDebug (10, "ArgusPrintTos (%p, %p)", buf, argus);
8813 #endif
8814 }
8815 */
8816
8817
8818 void
ArgusPrintSrcTtl(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)8819 ArgusPrintSrcTtl (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
8820 {
8821 struct ArgusIPAttrStruct *attr = (struct ArgusIPAttrStruct *)argus->dsrs[ARGUS_IPATTR_INDEX];
8822 char obuf[32];
8823
8824 bzero(obuf, sizeof(obuf));
8825
8826 switch (argus->hdr.type & 0xF0) {
8827 case ARGUS_MAR:
8828 break;
8829
8830 case ARGUS_EVENT:
8831 case ARGUS_NETFLOW:
8832 case ARGUS_FAR:
8833 if ((attr != NULL) && (attr->hdr.argus_dsrvl8.qual & ARGUS_IPATTR_SRC))
8834 sprintf (obuf, "%d", attr->src.ttl);
8835 break;
8836 }
8837
8838 if (parser->ArgusPrintXml) {
8839 sprintf (buf, " SrcTtl = \"%s\"", obuf);
8840 } else {
8841 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
8842 len = strlen(obuf);
8843 else {
8844 if (strlen(obuf) > len) {
8845 obuf[len - 1] = '*';
8846 obuf[len] = '\0';
8847 }
8848 }
8849 sprintf (buf, "%*.*s ", len, len, obuf);
8850 }
8851
8852 #ifdef ARGUSDEBUG
8853 ArgusDebug (10, "ArgusPrintSrcTtl (%p, %p)", buf, argus);
8854 #endif
8855 }
8856
8857 void
ArgusPrintDstTtl(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)8858 ArgusPrintDstTtl (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
8859 {
8860 struct ArgusIPAttrStruct *attr = (struct ArgusIPAttrStruct *)argus->dsrs[ARGUS_IPATTR_INDEX];
8861 char obuf[32];
8862
8863 bzero(obuf, sizeof(obuf));
8864
8865 switch (argus->hdr.type & 0xF0) {
8866 case ARGUS_MAR:
8867 break;
8868
8869 case ARGUS_EVENT:
8870 case ARGUS_NETFLOW:
8871 case ARGUS_FAR:
8872 if ((attr != NULL) && (attr->hdr.argus_dsrvl8.qual & ARGUS_IPATTR_DST))
8873 sprintf (obuf, "%d", attr->dst.ttl);
8874 break;
8875 }
8876
8877 if (parser->ArgusPrintXml) {
8878 sprintf (buf, " DstTtl = \"%s\"", obuf);
8879 } else {
8880 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
8881 len = strlen(obuf);
8882 else {
8883 if (strlen(obuf) > len) {
8884 obuf[len - 1] = '*';
8885 obuf[len] = '\0';
8886 }
8887 }
8888 sprintf (buf, "%*.*s ", len, len, obuf);
8889 }
8890
8891 #ifdef ARGUSDEBUG
8892 ArgusDebug (10, "ArgusPrintDstTtl (%p, %p)", buf, argus);
8893 #endif
8894 }
8895
8896
8897 void
ArgusPrintSrcHopCount(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)8898 ArgusPrintSrcHopCount (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
8899 {
8900 int esthops = 1;
8901 struct ArgusIPAttrStruct *attr = (struct ArgusIPAttrStruct *)argus->dsrs[ARGUS_IPATTR_INDEX];
8902 char obuf[32];
8903
8904 bzero(obuf, sizeof(obuf));
8905
8906 switch (argus->hdr.type & 0xF0) {
8907 case ARGUS_MAR:
8908 break;
8909
8910 case ARGUS_EVENT:
8911 case ARGUS_NETFLOW:
8912 case ARGUS_FAR:
8913 if ((attr != NULL) && (attr->hdr.argus_dsrvl8.qual & ARGUS_IPATTR_SRC)) {
8914 while (esthops < attr->src.ttl)
8915 esthops = esthops * 2;
8916 sprintf (obuf, "%d", (esthops - attr->src.ttl));
8917 }
8918 break;
8919 }
8920
8921 if (parser->ArgusPrintXml) {
8922 sprintf (buf, " SrcHops = \"%s\"", obuf);
8923 } else {
8924 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
8925 len = strlen(obuf);
8926 else {
8927 if (strlen(obuf) > len) {
8928 obuf[len - 1] = '*';
8929 obuf[len] = '\0';
8930 }
8931 }
8932 sprintf (buf, "%*.*s ", len, len, obuf);
8933 }
8934
8935 #ifdef ARGUSDEBUG
8936 ArgusDebug (10, "ArgusPrintSrcHopCount (%p, %p)", buf, argus);
8937 #endif
8938 }
8939
8940 void
ArgusPrintDstHopCount(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)8941 ArgusPrintDstHopCount (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
8942 {
8943 int esthops = 1;
8944 struct ArgusIPAttrStruct *attr = (struct ArgusIPAttrStruct *)argus->dsrs[ARGUS_IPATTR_INDEX];
8945 char obuf[32];
8946
8947 bzero(obuf, sizeof(obuf));
8948
8949 switch (argus->hdr.type & 0xF0) {
8950 case ARGUS_MAR:
8951 break;
8952
8953 case ARGUS_EVENT:
8954 case ARGUS_NETFLOW:
8955 case ARGUS_FAR:
8956 if ((attr != NULL) && (attr->hdr.argus_dsrvl8.qual & ARGUS_IPATTR_DST)) {
8957 while (esthops < attr->dst.ttl)
8958 esthops = esthops * 2;
8959 sprintf (obuf, "%d", (esthops - attr->dst.ttl));
8960 }
8961 break;
8962 }
8963
8964 if (parser->ArgusPrintXml) {
8965 sprintf (buf, " DstHops = \"%s\"", obuf);
8966 } else {
8967 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
8968 len = strlen(obuf);
8969 else {
8970 if (strlen(obuf) > len) {
8971 obuf[len - 1] = '*';
8972 obuf[len] = '\0';
8973 }
8974 }
8975 sprintf (buf, "%*.*s ", len, len, obuf);
8976 }
8977
8978 #ifdef ARGUSDEBUG
8979 ArgusDebug (10, "ArgusPrintDstHopCount (%p, %p)", buf, argus);
8980 #endif
8981 }
8982
8983
8984 void
ArgusPrintInode(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)8985 ArgusPrintInode (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
8986 {
8987 unsigned char masklen = 0, obuf[32];
8988 int objlen = 0;
8989
8990 bzero(obuf, sizeof(obuf));
8991
8992 switch (argus->hdr.type & 0xF0) {
8993 case ARGUS_MAR:
8994 sprintf (buf, "%*.*s ", len, len, "");
8995 break;
8996
8997 case ARGUS_EVENT:
8998 case ARGUS_NETFLOW:
8999 case ARGUS_FAR: {
9000 struct ArgusIcmpStruct *icmp = (void *)argus->dsrs[ARGUS_ICMP_INDEX];
9001
9002 if (icmp != NULL) {
9003 if (icmp->hdr.argus_dsrvl8.qual & ARGUS_ICMP_MAPPED) {
9004 struct ArgusFlow *flow = (void *)argus->dsrs[ARGUS_FLOW_INDEX];
9005 void *addr = NULL;
9006 int type = 0;
9007
9008 if (flow != NULL) {
9009 switch (flow->hdr.subtype & 0x3F) {
9010 case ARGUS_FLOW_CLASSIC5TUPLE:
9011 case ARGUS_FLOW_LAYER_3_MATRIX: {
9012 switch (type = (flow->hdr.argus_dsrvl8.qual & 0x1F)) {
9013 case ARGUS_TYPE_IPV4:
9014 objlen = 4;
9015 masklen = 32;
9016 break;
9017 case ARGUS_TYPE_IPV6:
9018 objlen = 16;
9019 masklen = 128;
9020 break;
9021 }
9022 break;
9023 }
9024
9025 default:
9026 break;
9027 }
9028 }
9029
9030 if (objlen > 0)
9031 addr = &icmp->osrcaddr;
9032
9033 ArgusPrintAddr (parser, buf, type, addr, objlen, masklen, len, ARGUS_INODE);
9034
9035 } else
9036 sprintf (buf, "%*.*s ", len, len, "");
9037
9038 } else
9039 sprintf (buf, "%*.*s ", len, len, "");
9040
9041 break;
9042 }
9043 }
9044
9045 #ifdef ARGUSDEBUG
9046 ArgusDebug (10, "ArgusPrintInode (%p, %p)", buf, argus);
9047 #endif
9048 }
9049
9050
9051 void
ArgusPrintKeyStrokeNStroke(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)9052 ArgusPrintKeyStrokeNStroke (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
9053 {
9054 char obuf[32];
9055
9056 bzero(obuf, sizeof(obuf));
9057
9058 switch (argus->hdr.type & 0xF0) {
9059 case ARGUS_MAR:
9060 sprintf (buf, "%*.*s ", len, len, "");
9061 break;
9062
9063 case ARGUS_EVENT:
9064 case ARGUS_NETFLOW:
9065 case ARGUS_FAR: {
9066 struct ArgusBehaviorStruct *actor = (void *)argus->dsrs[ARGUS_BEHAVIOR_INDEX];
9067
9068 if (actor != NULL) {
9069 sprintf (obuf, "%d ", actor->keyStroke.src.n_strokes + actor->keyStroke.dst.n_strokes);
9070 } else
9071 sprintf (obuf, "%*.*s", len, len, "");
9072 break;
9073 }
9074 }
9075
9076 if (parser->ArgusPrintXml) {
9077 sprintf (buf, " KeyStrokeNStroke = \"%s\"", obuf);
9078 } else {
9079 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
9080 len = strlen(obuf);
9081 else {
9082 if (strlen(obuf) > len) {
9083 obuf[len - 1] = '*';
9084 obuf[len] = '\0';
9085 }
9086 }
9087 sprintf (buf, "%*.*s ", len, len, obuf);
9088 }
9089
9090 #ifdef ARGUSDEBUG
9091 ArgusDebug (10, "ArgusPrintKeyStrokeNStroke (%p, %p)", buf, argus);
9092 #endif
9093 }
9094
9095 void
ArgusPrintKeyStrokeSrcNStroke(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)9096 ArgusPrintKeyStrokeSrcNStroke (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
9097 {
9098 char obuf[32];
9099
9100 bzero(obuf, sizeof(obuf));
9101
9102 switch (argus->hdr.type & 0xF0) {
9103 case ARGUS_MAR:
9104 sprintf (buf, "%*.*s ", len, len, "");
9105 break;
9106
9107 case ARGUS_EVENT:
9108 case ARGUS_NETFLOW:
9109 case ARGUS_FAR: {
9110 struct ArgusBehaviorStruct *actor = (void *)argus->dsrs[ARGUS_BEHAVIOR_INDEX];
9111
9112 if (actor != NULL) {
9113 sprintf (obuf, "%d ", actor->keyStroke.src.n_strokes);
9114 } else
9115 sprintf (obuf, "%*.*s", len, len, "");
9116
9117 break;
9118 }
9119 }
9120
9121 if (parser->ArgusPrintXml) {
9122 sprintf (buf, " KeyStrokeSrcNStroke = \"%s\"", obuf);
9123 } else {
9124 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
9125 len = strlen(obuf);
9126 else {
9127 if (strlen(obuf) > len) {
9128 obuf[len - 1] = '*';
9129 obuf[len] = '\0';
9130 }
9131 }
9132 sprintf (buf, "%*.*s ", len, len, obuf);
9133 }
9134
9135 #ifdef ARGUSDEBUG
9136 ArgusDebug (10, "ArgusPrintKeyStrokeSrcNStroke (%p, %p)", buf, argus);
9137 #endif
9138 }
9139
9140 void
ArgusPrintKeyStrokeDstNStroke(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)9141 ArgusPrintKeyStrokeDstNStroke (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
9142 {
9143 char obuf[32];
9144
9145 bzero(obuf, sizeof(obuf));
9146
9147 switch (argus->hdr.type & 0xF0) {
9148 case ARGUS_MAR:
9149 sprintf (buf, "%*.*s ", len, len, "");
9150 break;
9151
9152 case ARGUS_EVENT:
9153 case ARGUS_NETFLOW:
9154 case ARGUS_FAR: {
9155 struct ArgusBehaviorStruct *actor = (void *)argus->dsrs[ARGUS_BEHAVIOR_INDEX];
9156
9157 if (actor != NULL) {
9158 sprintf (obuf, "%d ", actor->keyStroke.dst.n_strokes);
9159 } else
9160 sprintf (obuf, "%*.*s", len, len, "");
9161
9162 break;
9163 }
9164 }
9165
9166 if (parser->ArgusPrintXml) {
9167 sprintf (buf, " KeyStrokeDstNStroke = \"%s\"", obuf);
9168 } else {
9169 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
9170 len = strlen(obuf);
9171 else {
9172 if (strlen(obuf) > len) {
9173 obuf[len - 1] = '*';
9174 obuf[len] = '\0';
9175 }
9176 }
9177 sprintf (buf, "%*.*s ", len, len, obuf);
9178 }
9179
9180 #ifdef ARGUSDEBUG
9181 ArgusDebug (10, "ArgusPrintKeyStrokeDstNStroke (%p, %p)", buf, argus);
9182 #endif
9183 }
9184
9185
9186 char *ArgusProcessStr = NULL;
9187
9188 void
ArgusPrintDirection(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)9189 ArgusPrintDirection (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
9190 {
9191 switch (argus->hdr.type & 0xF0) {
9192 case ARGUS_MAR:
9193 if (parser->ArgusPrintXml) {
9194 } else {
9195 sprintf (buf, "%*.*s ", len, len, " ");
9196 }
9197 break;
9198
9199 case ARGUS_EVENT:
9200 case ARGUS_NETFLOW:
9201 case ARGUS_FAR: {
9202 struct ArgusMetricStruct *metric = (struct ArgusMetricStruct *)argus->dsrs[ARGUS_METRIC_INDEX];
9203 struct ArgusFlow *flow = (struct ArgusFlow *)argus->dsrs[ARGUS_FLOW_INDEX];
9204 struct ArgusNetworkStruct *net = (struct ArgusNetworkStruct *)argus->dsrs[ARGUS_NETWORK_INDEX];
9205 int type, src_count = 0, dst_count = 0;
9206
9207 if (metric == NULL) {
9208 sprintf (buf, "%*.*s ", len, len, " ");
9209 if (parser->ArgusPrintXml) {
9210 } else {
9211 }
9212
9213 } else {
9214 char dirStr[16];
9215 sprintf (dirStr, "%s", "<->");
9216
9217 if ((dst_count = metric->dst.pkts) == 0)
9218 dirStr[0] = ' ';
9219 if ((src_count = metric->src.pkts) == 0)
9220 dirStr[2] = ' ';
9221 if ((src_count == 0) && (dst_count == 0))
9222 dirStr[1] = ' ';
9223
9224 if (flow != NULL) {
9225 switch (flow->hdr.subtype & 0x3F) {
9226 case ARGUS_FLOW_CLASSIC5TUPLE: {
9227 switch (type = (flow->hdr.argus_dsrvl8.qual & 0x1F)) {
9228 case ARGUS_TYPE_IPV4:
9229 switch (flow->ip_flow.ip_p) {
9230 case IPPROTO_TCP: {
9231 if (net != NULL) {
9232 struct ArgusTCPObject *tcp = (struct ArgusTCPObject *)&net->net_union.tcp;
9233 if (!((tcp->status & ARGUS_SAW_SYN) || (tcp->status & ARGUS_SAW_SYN_SENT))) {
9234 dirStr[1] = '?';
9235 }
9236 if ((tcp->status & ARGUS_SAW_SYN) || (tcp->status & ARGUS_SAW_SYN_SENT)) {
9237 if (flow->hdr.subtype & ARGUS_REVERSE) {
9238 dirStr[0] = '<';
9239 dirStr[2] = ' ';
9240 } else {
9241 dirStr[0] = ' ';
9242 dirStr[2] = '>';
9243 }
9244 }
9245 }
9246 }
9247 break;
9248 }
9249 break;
9250
9251 case ARGUS_TYPE_IPV6:
9252 switch (flow->ipv6_flow.ip_p) {
9253 case IPPROTO_TCP: {
9254 if (net != NULL) {
9255 struct ArgusTCPObject *tcp = (struct ArgusTCPObject *)&net->net_union.tcp;
9256 if (!((tcp->status & ARGUS_SAW_SYN) || (tcp->status & ARGUS_SAW_SYN_SENT))) {
9257 dirStr[1] = '?';
9258 } else {
9259 if ((tcp->status & ARGUS_SAW_SYN) || (tcp->status & ARGUS_SAW_SYN_SENT)) {
9260 if (flow->hdr.subtype & ARGUS_REVERSE) {
9261 dirStr[0] = '<';
9262 dirStr[2] = ' ';
9263 } else {
9264 dirStr[0] = ' ';
9265 dirStr[2] = '>';
9266 }
9267 }
9268 }
9269 }
9270 }
9271 break;
9272 }
9273 break;
9274
9275 case ARGUS_TYPE_RARP:
9276 sprintf (dirStr, "%s", "tel");
9277 break;
9278
9279 case ARGUS_TYPE_ARP:
9280 sprintf (dirStr, "%s", "who");
9281 break;
9282 }
9283 break;
9284 }
9285
9286 case ARGUS_FLOW_ARP: {
9287 sprintf (dirStr, "%s", "who");
9288 break;
9289 }
9290 }
9291 }
9292 if (parser->ArgusPrintXml) {
9293 char ndirStr[16], *dptr = dirStr;
9294 int i, tlen;
9295
9296 bzero(ndirStr, 16);
9297 for (i = 0, tlen = strlen(dirStr); i < tlen; i++) {
9298 if (*dptr == '<')
9299 sprintf (&ndirStr[strlen(ndirStr)], "<");
9300 else if (*dptr == '>')
9301 sprintf (&ndirStr[strlen(ndirStr)], ">");
9302 else
9303 sprintf (&ndirStr[strlen(ndirStr)], "%c", *dptr);
9304 dptr++;
9305 }
9306 snprintf (buf, len, " Dir = \"%s\"", ndirStr);
9307
9308 } else {
9309 if ((parser->RaFieldDelimiter != ' ') && (parser->RaFieldDelimiter != '\0')) {
9310 sprintf (buf, "%s ", dirStr);
9311 } else {
9312 sprintf (buf, "%*.*s ", len, len, dirStr);
9313 }
9314 }
9315 }
9316
9317 break;
9318 }
9319 }
9320
9321 #ifdef ARGUSDEBUG
9322 ArgusDebug (10, "ArgusPrintDirection (%p, %p)", buf, argus);
9323 #endif
9324 }
9325
9326
9327 void
ArgusPrintPackets(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)9328 ArgusPrintPackets (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
9329 {
9330 struct ArgusMetricStruct *metric, *nsmetric;
9331
9332 switch (argus->hdr.type & 0xF0) {
9333 case ARGUS_MAR: {
9334 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
9335 unsigned long long value = 0;
9336 char pbuf[32];
9337
9338 if (rec != NULL) {
9339 value = rec->argus_mar.pktsRcvd;
9340 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__APPLE_CC__) || defined(__APPLE__) || defined(ARGUS_SOLARIS)
9341 sprintf (pbuf, "%llu", value);
9342 #else
9343 sprintf (pbuf, "%Lu", value);
9344 #endif
9345 } else
9346 bzero(pbuf, sizeof(pbuf));
9347
9348 if (parser->ArgusPrintXml) {
9349 sprintf (buf, " Pkts = \"%s\"", pbuf);
9350
9351 } else {
9352 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
9353 len = strlen(pbuf);
9354 else {
9355 if (strlen(pbuf) > len) {
9356 pbuf[len - 1] = '*';
9357 pbuf[len] = '\0';
9358 }
9359 }
9360 sprintf (buf, "%*.*s ", len, len, pbuf);
9361 }
9362 break;
9363 }
9364
9365 case ARGUS_EVENT:
9366 case ARGUS_NETFLOW:
9367 case ARGUS_FAR: {
9368 if (argus && ((metric = (void *)argus->dsrs[ARGUS_METRIC_INDEX]) != NULL)) {
9369 long long value = metric->src.pkts + metric->dst.pkts;
9370 float fvalue = 0.0;
9371 char pbuf[32];
9372
9373 if (parser->Pctflag && parser->ns) {
9374 if ((nsmetric = (void *)parser->ns->dsrs[ARGUS_METRIC_INDEX]) != NULL) {
9375 if (value > 0)
9376 fvalue = (value * 100.0) / ((nsmetric->src.pkts + nsmetric->dst.pkts) * 1.0);
9377 }
9378 }
9379
9380 if (parser->Pctflag && parser->ns) {
9381 sprintf (pbuf, "%3.*f", parser->pflag, fvalue);
9382 } else {
9383 double tvalue = value * 1.0;
9384 if (parser->Hflag) {
9385 ArgusAbbreviateMetric(parser, pbuf, 32, tvalue);
9386 } else {
9387 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__APPLE_CC__) || defined(__APPLE__) || defined(ARGUS_SOLARIS)
9388 sprintf (pbuf, "%llu", value);
9389 #else
9390 sprintf (pbuf, "%Lu", value);
9391 #endif
9392 }
9393 }
9394
9395 if (parser->ArgusPrintXml) {
9396 sprintf (buf, " Pkts = \"%s\"", pbuf);
9397 } else {
9398 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
9399 len = strlen(pbuf);
9400 else {
9401 if (strlen(pbuf) > len) {
9402 pbuf[len - 1] = '*';
9403 pbuf[len] = '\0';
9404 }
9405 }
9406 sprintf (buf, "%*.*s ", len, len, pbuf);
9407 }
9408 }
9409 break;
9410 }
9411 }
9412
9413 #ifdef ARGUSDEBUG
9414 ArgusDebug (10, "ArgusPrintPackets (%p, %p)", buf, argus);
9415 #endif
9416 }
9417
9418 void
ArgusPrintSrcPackets(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)9419 ArgusPrintSrcPackets (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
9420 {
9421 struct ArgusMetricStruct *metric, *nsmetric;
9422
9423 switch (argus->hdr.type & 0xF0) {
9424 case ARGUS_MAR: {
9425 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
9426 long long value = 0;
9427 char pbuf[32];
9428
9429 if (rec != NULL) {
9430 value = rec->argus_mar.pktsRcvd;
9431 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__APPLE_CC__) || defined(__APPLE__) || defined(ARGUS_SOLARIS)
9432 sprintf (pbuf, "%llu", value);
9433 #else
9434 sprintf (pbuf, "%Lu", value);
9435 #endif
9436 } else
9437 bzero(pbuf, sizeof(pbuf));
9438
9439 if (parser->ArgusPrintXml) {
9440 sprintf (buf, " PktsRcvd = \"%s\"", pbuf);
9441 } else {
9442 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
9443 len = strlen(pbuf);
9444 else {
9445 if (strlen(pbuf) > len) {
9446 pbuf[len - 1] = '*';
9447 pbuf[len] = '\0';
9448 }
9449 }
9450 sprintf (buf, "%*.*s ", len, len, pbuf);
9451 }
9452 break;
9453 }
9454
9455 case ARGUS_EVENT:
9456 case ARGUS_NETFLOW:
9457 case ARGUS_FAR: {
9458 char pbuf[32];
9459 bzero (pbuf, 4);
9460
9461 if (argus && ((metric = (void *)argus->dsrs[ARGUS_METRIC_INDEX]) != NULL)) {
9462 long long value = metric->src.pkts;
9463 float fvalue = 0.0;
9464
9465 if (parser->Pctflag && parser->ns) {
9466 if ((nsmetric = (void *)parser->ns->dsrs[ARGUS_METRIC_INDEX]) != NULL) {
9467 if (nsmetric->src.pkts > 0)
9468 fvalue = (metric->src.pkts * 100.0) / (nsmetric->src.pkts * 1.0);
9469 }
9470 sprintf (pbuf, "%.*f", parser->pflag, fvalue);
9471
9472 } else {
9473 double tvalue = value * 1.0;
9474 if (parser->Hflag) {
9475 ArgusAbbreviateMetric(parser, pbuf, 32, tvalue);
9476 } else {
9477 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__APPLE_CC__) || defined(__APPLE__) || defined(ARGUS_SOLARIS)
9478 sprintf (pbuf, "%llu", value);
9479 #else
9480 sprintf (pbuf, "%Lu", value);
9481 #endif
9482 }
9483 }
9484 }
9485
9486 if (parser->ArgusPrintXml) {
9487 sprintf (buf, " SrcPkts = \"%s\"", pbuf);
9488 } else {
9489 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
9490 len = strlen(pbuf);
9491 else {
9492 if (strlen(pbuf) > len) {
9493 pbuf[len - 1] = '*';
9494 pbuf[len] = '\0';
9495 }
9496 }
9497 sprintf (buf, "%*.*s ", len, len, pbuf);
9498 }
9499 break;
9500 }
9501 }
9502
9503 #ifdef ARGUSDEBUG
9504 ArgusDebug (10, "ArgusPrintSrcPackets (%p, %p)", buf, argus);
9505 #endif
9506 }
9507
9508 void
ArgusPrintDstPackets(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)9509 ArgusPrintDstPackets (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
9510 {
9511 struct ArgusMetricStruct *metric, *nsmetric;
9512
9513 switch (argus->hdr.type & 0xF0) {
9514 case ARGUS_MAR: {
9515 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
9516 unsigned int value = 0;
9517 char pbuf[32];
9518
9519 if (rec != NULL) {
9520 value = rec->argus_mar.records;
9521 #if defined(__APPLE_CC__) || defined(__APPLE__) || defined(ARGUS_SOLARIS)
9522 sprintf (pbuf, "%u", value);
9523 #else
9524 sprintf (pbuf, "%u", value);
9525 #endif
9526 } else
9527 bzero(pbuf, sizeof(pbuf));
9528
9529 if (parser->ArgusPrintXml) {
9530 sprintf (buf, " Records = \"%s\"", pbuf);
9531 } else {
9532 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
9533 len = strlen(pbuf);
9534 else {
9535 if (strlen(pbuf) > len) {
9536 pbuf[len - 1] = '*';
9537 pbuf[len] = '\0';
9538 }
9539 }
9540 sprintf (buf, "%*.*s ", len, len, pbuf);
9541 }
9542 break;
9543 }
9544
9545 case ARGUS_EVENT:
9546 case ARGUS_NETFLOW:
9547 case ARGUS_FAR: {
9548 char pbuf[32];
9549 bzero (pbuf, 4);
9550
9551 if (argus && ((metric = (void *)argus->dsrs[ARGUS_METRIC_INDEX]) != NULL)) {
9552 long long value = metric->dst.pkts;
9553 float fvalue = 0.0;
9554
9555 if (parser->Pctflag && parser->ns) {
9556 if ((nsmetric = (void *)parser->ns->dsrs[ARGUS_METRIC_INDEX]) != NULL) {
9557 if (nsmetric->dst.pkts > 0)
9558 fvalue = (metric->dst.pkts * 100.0) / (nsmetric->dst.pkts * 1.0);
9559 sprintf (pbuf, "%.*f", parser->pflag, fvalue);
9560 }
9561
9562 } else {
9563 double tvalue = value * 1.0;
9564 if (parser->Hflag) {
9565 ArgusAbbreviateMetric(parser, pbuf, 32, tvalue);
9566 } else {
9567 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__APPLE_CC__) || defined(__APPLE__) || defined(ARGUS_SOLARIS)
9568 sprintf (pbuf, "%llu", value);
9569 #else
9570 sprintf (pbuf, "%Lu", value);
9571 #endif
9572 }
9573 }
9574 }
9575
9576 if (parser->ArgusPrintXml) {
9577 sprintf (buf, " DstPkts = \"%s\"", pbuf);
9578 } else {
9579 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
9580 len = strlen(pbuf);
9581 else {
9582 if (strlen(pbuf) > len) {
9583 pbuf[len - 1] = '*';
9584 pbuf[len] = '\0';
9585 }
9586 }
9587 sprintf (buf, "%*.*s ", len, len, pbuf);
9588 }
9589 break;
9590 }
9591 }
9592
9593 #ifdef ARGUSDEBUG
9594 ArgusDebug (10, "ArgusPrintDstPackets (%p, %p)", buf, argus);
9595 #endif
9596 }
9597
9598 void
ArgusPrintBytes(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)9599 ArgusPrintBytes (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
9600 {
9601 struct ArgusMetricStruct *metric, *nsmetric;
9602 char pbuf[32];
9603
9604 bzero(pbuf, 4);
9605
9606 switch (argus->hdr.type & 0xF0) {
9607 case ARGUS_MAR: {
9608 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
9609 long long value = 0;
9610 char pbuf[32];
9611
9612 if (rec != NULL) {
9613 value = rec->argus_mar.bytes;
9614 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__APPLE_CC__) || defined(__APPLE__) || defined(ARGUS_SOLARIS)
9615 sprintf (pbuf, "%llu", value);
9616 #else
9617 sprintf (pbuf, "%Lu", value);
9618 #endif
9619 } else
9620 bzero(pbuf, sizeof(pbuf));
9621
9622
9623 if (parser->ArgusPrintXml) {
9624 sprintf (buf, " Bytes = \"%s\"", pbuf);
9625 } else {
9626 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
9627 len = strlen(pbuf);
9628 else {
9629 if (strlen(pbuf) > len) {
9630 pbuf[len - 1] = '*';
9631 pbuf[len] = '\0';
9632 }
9633 }
9634 sprintf (buf, "%*.*s ", len, len, pbuf);
9635 }
9636 break;
9637 }
9638
9639 case ARGUS_EVENT:
9640 case ARGUS_NETFLOW:
9641 case ARGUS_FAR: {
9642 if (argus && ((metric = (void *)argus->dsrs[ARGUS_METRIC_INDEX]) != NULL)) {
9643 long long value = metric->src.bytes + metric->dst.bytes;
9644 float fvalue = 0.0;
9645
9646 if (parser->Pctflag && parser->ns) {
9647 if ((nsmetric = (void *)parser->ns->dsrs[ARGUS_METRIC_INDEX]) != NULL) {
9648 if (value > 0)
9649 fvalue = (value * 100.0) / ((nsmetric->src.bytes + nsmetric->dst.bytes) * 1.0);
9650 }
9651 }
9652
9653 if (parser->Pctflag && parser->ns) {
9654 sprintf (pbuf, "%.*f", parser->pflag, fvalue);
9655 sprintf (buf, "%*.*s ", len, len, pbuf);
9656 } else {
9657 double tvalue = value * 1.0;
9658 if (parser->Hflag) {
9659 ArgusAbbreviateMetric(parser, pbuf, 32, tvalue);
9660 } else {
9661 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__APPLE_CC__) || defined(__APPLE__) || defined(ARGUS_SOLARIS)
9662 sprintf (pbuf, "%llu", value);
9663 #else
9664 sprintf (pbuf, "%Lu", value);
9665 #endif
9666 }
9667 }
9668 }
9669
9670 if (parser->ArgusPrintXml) {
9671 sprintf (buf, " Bytes = \"%s\"", pbuf);
9672 } else {
9673 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
9674 len = strlen(pbuf);
9675 else {
9676 if (strlen(pbuf) > len) {
9677 pbuf[len - 1] = '*';
9678 pbuf[len] = '\0';
9679 }
9680 }
9681 sprintf (buf, "%*.*s ", len, len, pbuf);
9682 }
9683 break;
9684 }
9685 }
9686
9687 #ifdef ARGUSDEBUG
9688 ArgusDebug (10, "ArgusPrintBytes (%p, %p)", buf, argus);
9689 #endif
9690 }
9691
9692 void
ArgusPrintSrcBytes(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)9693 ArgusPrintSrcBytes (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
9694 {
9695 struct ArgusMetricStruct *metric, *nsmetric;
9696
9697 switch (argus->hdr.type & 0xF0) {
9698 case ARGUS_MAR: {
9699 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
9700 long long value = 0;
9701 char pbuf[32];
9702
9703 if (rec != NULL) {
9704 value = rec->argus_mar.bytesRcvd;
9705 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__APPLE_CC__) || defined(__APPLE__) || defined(ARGUS_SOLARIS)
9706 sprintf (pbuf, "%llu", value);
9707 #else
9708 sprintf (pbuf, "%Lu", value);
9709 #endif
9710 } else
9711 bzero(pbuf, sizeof(pbuf));
9712
9713 if (parser->ArgusPrintXml) {
9714 sprintf (buf, " BytesRcvd = \"%s\"", pbuf);
9715 } else {
9716 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
9717 len = strlen(pbuf);
9718 } else {
9719 if (strlen(pbuf) > len) {
9720 pbuf[len - 1] = '*';
9721 pbuf[len] = '\0';
9722 }
9723 }
9724 sprintf (buf, "%*.*s ", len, len, pbuf);
9725 }
9726 break;
9727 }
9728
9729 case ARGUS_EVENT:
9730 case ARGUS_NETFLOW:
9731 case ARGUS_FAR: {
9732 char pbuf[32];
9733 bzero(pbuf, 4);
9734
9735 if (argus && ((metric = (void *)argus->dsrs[ARGUS_METRIC_INDEX]) != NULL)) {
9736 long long value = metric->src.bytes;
9737 float fvalue = 0.0;
9738
9739 if (parser->Pctflag && parser->ns) {
9740 if ((nsmetric = (void *)parser->ns->dsrs[ARGUS_METRIC_INDEX]) != NULL) {
9741 if (nsmetric->src.bytes > 0)
9742 fvalue = (metric->src.bytes * 100.0) / (nsmetric->src.bytes * 1.0);
9743 }
9744 }
9745
9746 if (parser->Pctflag && parser->ns) {
9747 sprintf (pbuf, "%.*f", parser->pflag, fvalue);
9748 } else {
9749 double tvalue = value * 1.0;
9750 if (parser->Hflag) {
9751 ArgusAbbreviateMetric(parser, pbuf, 32, tvalue);
9752 } else {
9753 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__APPLE_CC__) || defined(__APPLE__) || defined(ARGUS_SOLARIS)
9754 sprintf (pbuf, "%llu", value);
9755 #else
9756 sprintf (pbuf, "%Lu", value);
9757 #endif
9758 }
9759 }
9760 }
9761
9762 if (parser->ArgusPrintXml) {
9763 sprintf (buf, " SrcBytes = \"%s\"", pbuf);
9764 } else {
9765 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
9766 len = strlen(pbuf);
9767 } else {
9768 if (strlen(pbuf) > len) {
9769 pbuf[len - 1] = '*';
9770 pbuf[len] = '\0';
9771 }
9772 }
9773 sprintf (buf, "%*.*s ", len, len, pbuf);
9774 }
9775 break;
9776 }
9777 }
9778
9779 #ifdef ARGUSDEBUG
9780 ArgusDebug (10, "ArgusPrintSrcBytes (%p, %p)", buf, argus);
9781 #endif
9782 }
9783
9784 void
ArgusPrintDstBytes(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)9785 ArgusPrintDstBytes (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
9786 {
9787 struct ArgusMetricStruct *metric, *nsmetric;
9788
9789 switch (argus->hdr.type & 0xF0) {
9790 case ARGUS_MAR: {
9791 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
9792 long long value = 0;
9793 char pbuf[32];
9794
9795 if (rec != NULL) {
9796 value = rec->argus_mar.dropped;
9797 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__APPLE_CC__) || defined(__APPLE__) || defined(ARGUS_SOLARIS)
9798 sprintf (pbuf, "%llu", value);
9799 #else
9800 sprintf (pbuf, "%Lu", value);
9801 #endif
9802 } else
9803 bzero(pbuf, sizeof(pbuf));
9804
9805 if (parser->ArgusPrintXml) {
9806 sprintf (buf, " PktsDropped = \"%s\"", pbuf);
9807 } else {
9808 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
9809 len = strlen(pbuf);
9810 } else {
9811 if (strlen(pbuf) > len) {
9812 pbuf[len - 1] = '*';
9813 pbuf[len] = '\0';
9814 }
9815 }
9816 sprintf (buf, "%*.*s ", len, len, pbuf);
9817 }
9818 break;
9819 }
9820
9821 case ARGUS_EVENT:
9822 case ARGUS_NETFLOW:
9823 case ARGUS_FAR: {
9824 char pbuf[32];
9825 bzero(pbuf, 4);
9826
9827 if (argus && ((metric = (void *)argus->dsrs[ARGUS_METRIC_INDEX]) != NULL)) {
9828 long long value = metric->dst.bytes;
9829 float fvalue = 0.0;
9830
9831 if (parser->Pctflag && parser->ns) {
9832 if ((nsmetric = (void *)parser->ns->dsrs[ARGUS_METRIC_INDEX]) != NULL) {
9833 if (nsmetric->dst.bytes > 0)
9834 fvalue = (metric->dst.bytes * 100.0) / (nsmetric->dst.bytes * 1.0);
9835 }
9836 }
9837
9838 if (parser->Pctflag && parser->ns) {
9839 sprintf (pbuf, "%.*f", parser->pflag, fvalue);
9840 } else {
9841 double tvalue = value * 1.0;
9842 if (parser->Hflag) {
9843 ArgusAbbreviateMetric(parser, pbuf, 32, tvalue);
9844 } else {
9845 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__APPLE_CC__) || defined(__APPLE__) || defined(ARGUS_SOLARIS)
9846 sprintf (pbuf, "%llu", value);
9847 #else
9848 sprintf (pbuf, "%Lu", value);
9849 #endif
9850 }
9851 }
9852 }
9853
9854 if (parser->ArgusPrintXml) {
9855 sprintf (buf, " DstBytes = \"%s\"", pbuf);
9856 } else {
9857 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
9858 len = strlen(pbuf);
9859 } else {
9860 if (strlen(pbuf) > len) {
9861 pbuf[len - 1] = '*';
9862 pbuf[len] = '\0';
9863 }
9864 }
9865 sprintf (buf, "%*.*s ", len, len, pbuf);
9866 }
9867 break;
9868 }
9869 }
9870
9871 #ifdef ARGUSDEBUG
9872 ArgusDebug (10, "ArgusPrintDstBytes (%p, %p)", buf, argus);
9873 #endif
9874 }
9875
9876
9877 void
ArgusPrintAppBytes(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)9878 ArgusPrintAppBytes (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
9879 {
9880 struct ArgusMetricStruct *metric, *nsmetric;
9881
9882 switch (argus->hdr.type & 0xF0) {
9883 case ARGUS_MAR: {
9884 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
9885 long long value = 0;
9886
9887 if (rec != NULL)
9888 value = rec->argus_mar.bytes;
9889
9890 if (parser->ArgusPrintXml) {
9891 } else {
9892 char pbuf[32];
9893 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__APPLE_CC__) || defined(__APPLE__) || defined(ARGUS_SOLARIS)
9894 sprintf (pbuf, "%llu", value);
9895 #else
9896 sprintf (pbuf, "%Lu", value);
9897 #endif
9898
9899 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
9900 len = strlen(pbuf);
9901 } else {
9902 if (strlen(pbuf) > len) {
9903 pbuf[len - 1] = '*';
9904 pbuf[len] = '\0';
9905 }
9906 }
9907 sprintf (buf, "%*.*s ", len, len, pbuf);
9908 }
9909
9910
9911 break;
9912 }
9913
9914 case ARGUS_EVENT:
9915 case ARGUS_NETFLOW:
9916 case ARGUS_FAR: {
9917 char pbuf[32];
9918 bzero(pbuf, 4);
9919 if (argus && ((metric = (void *)argus->dsrs[ARGUS_METRIC_INDEX]) != NULL)) {
9920 long long value = metric->src.appbytes + metric->dst.appbytes;
9921 float fvalue = 0.0;
9922
9923 if (parser->Pctflag && parser->ns) {
9924 if ((nsmetric = (void *)parser->ns->dsrs[ARGUS_METRIC_INDEX]) != NULL) {
9925 if (value > 0)
9926 fvalue = (value * 100.0) / ((nsmetric->src.appbytes + nsmetric->dst.appbytes) * 1.0);
9927 }
9928 }
9929
9930 if (parser->Pctflag && parser->ns) {
9931 sprintf (pbuf, "%.*f", parser->pflag, fvalue);
9932 sprintf (buf, "%*.*s ", len, len, pbuf);
9933 } else {
9934 double tvalue = value * 1.0;
9935 if (parser->Hflag) {
9936 ArgusAbbreviateMetric(parser, pbuf, 32, tvalue);
9937 } else {
9938 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__APPLE_CC__) || defined(__APPLE__) || defined(ARGUS_SOLARIS)
9939 sprintf (pbuf, "%llu", value);
9940 #else
9941 sprintf (pbuf, "%Lu", value);
9942 #endif
9943 }
9944 }
9945 }
9946
9947 if (parser->ArgusPrintXml) {
9948 sprintf (buf, " AppBytes = \"%s\"", pbuf);
9949 } else {
9950 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
9951 len = strlen(pbuf);
9952 } else {
9953 if (strlen(pbuf) > len) {
9954 pbuf[len - 1] = '*';
9955 pbuf[len] = '\0';
9956 }
9957 }
9958 sprintf (buf, "%*.*s ", len, len, pbuf);
9959 }
9960 break;
9961 }
9962 }
9963
9964 #ifdef ARGUSDEBUG
9965 ArgusDebug (10, "ArgusPrintAppBytes (%p, %p)", buf, argus);
9966 #endif
9967 }
9968
9969 void
ArgusPrintSrcAppBytes(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)9970 ArgusPrintSrcAppBytes (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
9971 {
9972 struct ArgusMetricStruct *metric, *nsmetric;
9973
9974 switch (argus->hdr.type & 0xF0) {
9975 case ARGUS_MAR: {
9976 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
9977 long long value = 0;
9978 char pbuf[32];
9979
9980 if (rec != NULL) {
9981 value = rec->argus_mar.bufs;
9982 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__APPLE_CC__) || defined(__APPLE__) || defined(ARGUS_SOLARIS)
9983 sprintf (pbuf, "%llu", value);
9984 #else
9985 sprintf (pbuf, "%Lu", value);
9986 #endif
9987 } else
9988 bzero(pbuf, sizeof(pbuf));
9989
9990 if (parser->ArgusPrintXml) {
9991 } else {
9992 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
9993 len = strlen(pbuf);
9994 } else {
9995 if (strlen(pbuf) > len) {
9996 pbuf[len - 1] = '*';
9997 pbuf[len] = '\0';
9998 }
9999 }
10000 sprintf (buf, "%*.*s ", len, len, pbuf);
10001 }
10002
10003 break;
10004 }
10005
10006 case ARGUS_EVENT:
10007 case ARGUS_NETFLOW:
10008 case ARGUS_FAR: {
10009 char pbuf[32];
10010 bzero(pbuf, 4);
10011
10012 if (argus && ((metric = (void *)argus->dsrs[ARGUS_METRIC_INDEX]) != NULL)) {
10013 long long value = metric->src.appbytes;
10014 float fvalue = 0.0;
10015
10016 if (parser->Pctflag && parser->ns) {
10017 if ((nsmetric = (void *)parser->ns->dsrs[ARGUS_METRIC_INDEX]) != NULL) {
10018 if (nsmetric->src.appbytes > 0)
10019 fvalue = (metric->src.appbytes * 100.0) / (nsmetric->src.appbytes * 1.0);
10020 }
10021 }
10022
10023 if (parser->Pctflag && parser->ns) {
10024 sprintf (pbuf, "%.*f", parser->pflag, fvalue);
10025 } else {
10026 double tvalue = value * 1.0;
10027 if (parser->Hflag) {
10028 ArgusAbbreviateMetric(parser, pbuf, 32, tvalue);
10029 } else {
10030 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__APPLE_CC__) || defined(__APPLE__) || defined(ARGUS_SOLARIS)
10031 sprintf (pbuf, "%llu", value);
10032 #else
10033 sprintf (pbuf, "%Lu", value);
10034 #endif
10035 }
10036 }
10037 }
10038
10039 if (parser->ArgusPrintXml) {
10040 sprintf (buf, " SrcAppBytes = \"%s\"", pbuf);
10041 } else {
10042 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
10043 len = strlen(pbuf);
10044 } else {
10045 if (strlen(pbuf) > len) {
10046 pbuf[len - 1] = '*';
10047 pbuf[len] = '\0';
10048 }
10049 }
10050 sprintf (buf, "%*.*s ", len, len, pbuf);
10051 }
10052 break;
10053 }
10054 }
10055
10056 #ifdef ARGUSDEBUG
10057 ArgusDebug (10, "ArgusPrintSrcAppBytes (%p, %p)", buf, argus);
10058 #endif
10059 }
10060
10061 void
ArgusPrintDstAppBytes(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)10062 ArgusPrintDstAppBytes (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
10063 {
10064 struct ArgusMetricStruct *metric, *nsmetric;
10065
10066 switch (argus->hdr.type & 0xF0) {
10067 case ARGUS_MAR: {
10068 struct ArgusRecord *rec = (struct ArgusRecord *) argus->dsrs[0];
10069 long long value = 0;
10070 char pbuf[32];
10071
10072 if (rec != NULL) {
10073 value = rec->argus_mar.queue;
10074 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__APPLE_CC__) || defined(__APPLE__) || defined(ARGUS_SOLARIS)
10075 sprintf (pbuf, "%llu", value);
10076 #else
10077 sprintf (pbuf, "%Lu", value);
10078 #endif
10079 } else
10080 bzero(pbuf, sizeof(pbuf));
10081
10082 if (parser->ArgusPrintXml) {
10083 } else {
10084 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
10085 len = strlen(pbuf);
10086 } else {
10087 if (strlen(pbuf) > len) {
10088 pbuf[len - 1] = '*';
10089 pbuf[len] = '\0';
10090 }
10091 }
10092 sprintf (buf, "%*.*s ", len, len, pbuf);
10093 }
10094
10095 break;
10096 }
10097
10098 case ARGUS_EVENT:
10099 case ARGUS_NETFLOW:
10100 case ARGUS_FAR: {
10101 char pbuf[32];
10102 bzero(pbuf, 4);
10103
10104 if (argus && ((metric = (void *)argus->dsrs[ARGUS_METRIC_INDEX]) != NULL)) {
10105 long long value = metric->dst.appbytes;
10106 float fvalue = 0.0;
10107
10108 if (parser->Pctflag && parser->ns) {
10109 if ((nsmetric = (void *)parser->ns->dsrs[ARGUS_METRIC_INDEX]) != NULL) {
10110 if (nsmetric->dst.appbytes > 0)
10111 fvalue = (metric->dst.appbytes * 100.0) / (nsmetric->dst.appbytes * 1.0);
10112 }
10113 }
10114
10115 if (parser->Pctflag && parser->ns) {
10116 sprintf (pbuf, "%.*f", parser->pflag, fvalue);
10117 } else {
10118 double tvalue = value * 1.0;
10119 if (parser->Hflag) {
10120 ArgusAbbreviateMetric(parser, pbuf, 32, tvalue);
10121 } else {
10122 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__APPLE_CC__) || defined(__APPLE__) || defined(ARGUS_SOLARIS)
10123 sprintf (pbuf, "%llu", value);
10124 #else
10125 sprintf (pbuf, "%Lu", value);
10126 #endif
10127 }
10128 }
10129 }
10130
10131 if (parser->ArgusPrintXml) {
10132 sprintf (buf, " DstAppBytes = \"%s\"", pbuf);
10133 } else {
10134 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
10135 len = strlen(pbuf);
10136 } else {
10137 if (strlen(pbuf) > len) {
10138 pbuf[len - 1] = '*';
10139 pbuf[len] = '\0';
10140 }
10141 }
10142 sprintf (buf, "%*.*s ", len, len, pbuf);
10143 }
10144 break;
10145 }
10146 }
10147
10148 #ifdef ARGUSDEBUG
10149 ArgusDebug (10, "ArgusPrintDstAppBytes (%p, %p)", buf, argus);
10150 #endif
10151 }
10152
10153 void
ArgusPrintAppByteRatio(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)10154 ArgusPrintAppByteRatio (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
10155 {
10156 ArgusPrintProducerConsumerRatio (parser, buf, argus, len);
10157 #ifdef ARGUSDEBUG
10158 ArgusDebug (10, "ArgusPrintAppByteRatio (%p, %p)", buf, argus);
10159 #endif
10160 }
10161
10162 void
ArgusPrintProducerConsumerRatio(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)10163 ArgusPrintProducerConsumerRatio (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
10164 {
10165 char pbuf[32];
10166 bzero(pbuf, 4);
10167
10168 switch (argus->hdr.type & 0xF0) {
10169 case ARGUS_EVENT:
10170 case ARGUS_MAR:
10171 case ARGUS_NETFLOW:
10172 sprintf (buf, "%*.*s ", len, len, pbuf);
10173 break;
10174
10175 case ARGUS_FAR: {
10176 double pcr = ArgusFetchAppByteRatio(argus);
10177 sprintf (pbuf, "%.*f", parser->pflag, pcr);
10178
10179 if (parser->ArgusPrintXml) {
10180 sprintf (buf, " PCR = \"%s\"", pbuf);
10181 } else {
10182 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
10183 len = strlen(pbuf);
10184 } else {
10185 if (strlen(pbuf) > len) {
10186 pbuf[len - 1] = '*';
10187 pbuf[len] = '\0';
10188 }
10189 }
10190 sprintf (buf, "%*.*s ", len, len, pbuf);
10191 }
10192 }
10193 }
10194
10195 #ifdef ARGUSDEBUG
10196 ArgusDebug (10, "ArgusPrintProducerConsumerRatio (%p, %p)", buf, argus);
10197 #endif
10198 }
10199
10200
10201 void
ArgusPrintTransEfficiency(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)10202 ArgusPrintTransEfficiency (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
10203 {
10204 char pbuf[32];
10205 bzero(pbuf, 4);
10206
10207 switch (argus->hdr.type & 0xF0) {
10208 case ARGUS_EVENT:
10209 case ARGUS_MAR:
10210 case ARGUS_NETFLOW:
10211 sprintf (buf, "%*.*s ", len, len, pbuf);
10212 break;
10213
10214 case ARGUS_FAR: {
10215 struct ArgusMetricStruct *metric;
10216
10217 if (argus && ((metric = (void *)argus->dsrs[ARGUS_METRIC_INDEX]) != NULL)) {
10218 long long avalue = metric->src.appbytes + metric->dst.appbytes;
10219 long long bvalue = metric->src.bytes + metric->dst.bytes;
10220 float fvalue = -0.0;
10221
10222 if (bvalue > 0.0)
10223 fvalue = (avalue * 1.0) / (bvalue * 1.0);
10224
10225 sprintf (pbuf, "%.*f", parser->pflag, fvalue);
10226 }
10227
10228 if (parser->ArgusPrintXml) {
10229 sprintf (buf, " TransEff = \"%s\"", pbuf);
10230 } else {
10231 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
10232 len = strlen(pbuf);
10233 } else {
10234 if (strlen(pbuf) > len) {
10235 pbuf[len - 1] = '*';
10236 pbuf[len] = '\0';
10237 }
10238 }
10239 sprintf (buf, "%*.*s ", len, len, pbuf);
10240 }
10241 }
10242 }
10243
10244 #ifdef ARGUSDEBUG
10245 ArgusDebug (10, "ArgusPrintTransEfficiency (%p, %p)", buf, argus);
10246 #endif
10247 }
10248
10249 void
ArgusPrintSrcTransEfficiency(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)10250 ArgusPrintSrcTransEfficiency (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
10251 {
10252 char pbuf[32];
10253 bzero(pbuf, 4);
10254
10255 switch (argus->hdr.type & 0xF0) {
10256 case ARGUS_EVENT:
10257 case ARGUS_MAR:
10258 case ARGUS_NETFLOW:
10259 sprintf (buf, "%*.*s ", len, len, pbuf);
10260 break;
10261
10262 case ARGUS_FAR: {
10263 struct ArgusMetricStruct *metric;
10264
10265 if (argus && ((metric = (void *)argus->dsrs[ARGUS_METRIC_INDEX]) != NULL)) {
10266 long long avalue = metric->src.appbytes;
10267 long long bvalue = metric->src.bytes;
10268 float fvalue = -0.0;
10269
10270 if (bvalue > 0.0)
10271 fvalue = (avalue * 1.0) / (bvalue * 1.0);
10272
10273 sprintf (pbuf, "%.*f", parser->pflag, fvalue);
10274 }
10275
10276 if (parser->ArgusPrintXml) {
10277 sprintf (buf, " TransEff = \"%s\"", pbuf);
10278 } else {
10279 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
10280 len = strlen(pbuf);
10281 } else {
10282 if (strlen(pbuf) > len) {
10283 pbuf[len - 1] = '*';
10284 pbuf[len] = '\0';
10285 }
10286 }
10287 sprintf (buf, "%*.*s ", len, len, pbuf);
10288 }
10289 }
10290 }
10291
10292 #ifdef ARGUSDEBUG
10293 ArgusDebug (10, "ArgusPrintSrcTransEfficiency (%p, %p)", buf, argus);
10294 #endif
10295 }
10296
10297 void
ArgusPrintDstTransEfficiency(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)10298 ArgusPrintDstTransEfficiency (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
10299 {
10300 char pbuf[32];
10301 bzero(pbuf, 4);
10302
10303 switch (argus->hdr.type & 0xF0) {
10304 case ARGUS_EVENT:
10305 case ARGUS_MAR:
10306 case ARGUS_NETFLOW:
10307 sprintf (buf, "%*.*s ", len, len, pbuf);
10308 break;
10309
10310 case ARGUS_FAR: {
10311 struct ArgusMetricStruct *metric;
10312
10313 if (argus && ((metric = (void *)argus->dsrs[ARGUS_METRIC_INDEX]) != NULL)) {
10314 long long avalue = metric->dst.appbytes;
10315 long long bvalue = metric->dst.bytes;
10316 float fvalue = -0.0;
10317
10318 if (bvalue > 0.0)
10319 fvalue = (avalue * 1.0) / (bvalue * 1.0);
10320
10321 sprintf (pbuf, "%.*f", parser->pflag, fvalue);
10322 }
10323
10324 if (parser->ArgusPrintXml) {
10325 sprintf (buf, " TransEff = \"%s\"", pbuf);
10326 } else {
10327 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
10328 len = strlen(pbuf);
10329 } else {
10330 if (strlen(pbuf) > len) {
10331 pbuf[len - 1] = '*';
10332 pbuf[len] = '\0';
10333 }
10334 }
10335 sprintf (buf, "%*.*s ", len, len, pbuf);
10336 }
10337 }
10338 }
10339
10340 #ifdef ARGUSDEBUG
10341 ArgusDebug (10, "ArgusPrintDstTransEfficiency (%p, %p)", buf, argus);
10342 #endif
10343 }
10344
10345
10346 void
ArgusPrintSrcPktSize(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)10347 ArgusPrintSrcPktSize (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
10348 {
10349 struct ArgusPacketSizeStruct *psize;
10350 char value[128];
10351
10352 bzero(value, sizeof(value));
10353
10354 switch (argus->hdr.type & 0xF0) {
10355 case ARGUS_MAR:
10356 break;
10357
10358 case ARGUS_EVENT:
10359 case ARGUS_NETFLOW:
10360 case ARGUS_FAR: {
10361 if ((psize = (struct ArgusPacketSizeStruct *)argus->dsrs[ARGUS_PSIZE_INDEX]) != NULL) {
10362 if (psize->hdr.subtype & ARGUS_PSIZE_HISTO) {
10363 int i, tpkts[8], count = 0, max = 0, tlen, tmax;
10364
10365 for (i = 0; i < 8; i++) {
10366 tpkts[i] = psize->src.psize[i];
10367 count += psize->src.psize[i];
10368 max = (max < psize->src.psize[i]) ? psize->src.psize[i] : max;
10369 }
10370
10371 tlen = ((len == 8) || (len == 16)) ? len : ((len < 16) ? 8 : 16);
10372 tmax = ((tlen == 8)) ? 15 : 255;
10373
10374 if (max > tmax)
10375 for (i = 0; i < 8; i++) {
10376 if (tpkts[i]) {
10377 tpkts[i] = (tpkts[i] * tmax) / max;
10378 if (tpkts[i] == 0)
10379 tpkts[i] = 1;
10380 }
10381 }
10382
10383 switch (tlen) {
10384 case 8:
10385 for (i = 0; i < 8; i++)
10386 sprintf (&value[strlen(value)], "%1.1x", tpkts[i]);
10387 break;
10388
10389 case 16:
10390 for (i = 0; i < 8; i++)
10391 sprintf (&value[strlen(value)], "%2.2x", tpkts[i]);
10392 break;
10393 }
10394 } else
10395 sprintf (value, " ");
10396 }
10397 break;
10398 }
10399 }
10400
10401 if (parser->ArgusPrintXml) {
10402 sprintf (buf, " SrcPktSize = \"%s\"", value);
10403 } else {
10404 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
10405 len = strlen(value);
10406 } else {
10407 if (strlen(value) > len) {
10408 value[len - 1] = '*';
10409 value[len] = '\0';
10410 }
10411 }
10412 sprintf (buf, "%*.*s ", len, len, value);
10413 }
10414
10415 #ifdef ARGUSDEBUG
10416 ArgusDebug (10, "ArgusPrintSrcPktSize (%p, %p)", buf, argus);
10417 #endif
10418 }
10419
10420
10421 void
ArgusPrintSrcMaxPktSize(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)10422 ArgusPrintSrcMaxPktSize (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
10423 {
10424 struct ArgusPacketSizeStruct *psize;
10425 char value[128];
10426
10427 bzero(value, sizeof(value));
10428
10429 switch (argus->hdr.type & 0xF0) {
10430 case ARGUS_MAR:
10431 break;
10432
10433 case ARGUS_EVENT:
10434 case ARGUS_NETFLOW:
10435 case ARGUS_FAR: {
10436 if ((psize = (struct ArgusPacketSizeStruct *)argus->dsrs[ARGUS_PSIZE_INDEX]) != NULL) {
10437 if (psize->src.psizemax > 0)
10438 sprintf (value, "%d", psize->src.psizemax);
10439 else
10440 sprintf (value, " ");
10441 }
10442 break;
10443 }
10444 }
10445
10446 if (parser->ArgusPrintXml) {
10447 sprintf (buf, " SrcMaxPktSize = \"%s\"", value);
10448 } else {
10449 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
10450 len = strlen(value);
10451 } else {
10452 if (strlen(value) > len) {
10453 value[len - 1] = '*';
10454 value[len] = '\0';
10455 }
10456 }
10457
10458 sprintf (buf, "%*.*s ", len, len, value);
10459 }
10460
10461 #ifdef ARGUSDEBUG
10462 ArgusDebug (10, "ArgusPrintSrcMaxPktSize (%p, %p)", buf, argus);
10463 #endif
10464 }
10465
10466 void
ArgusPrintSrcMinPktSize(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)10467 ArgusPrintSrcMinPktSize (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
10468 {
10469 struct ArgusPacketSizeStruct *psize;
10470 char value[128];
10471
10472 bzero(value, sizeof(value));
10473
10474 switch (argus->hdr.type & 0xF0) {
10475 case ARGUS_MAR:
10476 break;
10477
10478 case ARGUS_EVENT:
10479 case ARGUS_NETFLOW:
10480 case ARGUS_FAR: {
10481 if ((psize = (struct ArgusPacketSizeStruct *)argus->dsrs[ARGUS_PSIZE_INDEX]) != NULL) {
10482 if (psize->src.psizemin > 0)
10483 sprintf (value, "%d", psize->src.psizemin);
10484 else
10485 sprintf (value, " ");
10486 }
10487 break;
10488 }
10489 }
10490
10491 if (parser->ArgusPrintXml) {
10492 sprintf (buf, " SrcMinPktSize = \"%s\"", value);
10493 } else {
10494 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
10495 len = strlen(value);
10496 } else {
10497 if (strlen(value) > len) {
10498 value[len - 1] = '*';
10499 value[len] = '\0';
10500 }
10501 }
10502 sprintf (buf, "%*.*s ", len, len, value);
10503 }
10504
10505 #ifdef ARGUSDEBUG
10506 ArgusDebug (10, "ArgusPrintSrcMinPktSize (%p, %p)", buf, argus);
10507 #endif
10508 }
10509
10510 void
ArgusPrintSrcMeanPktSize(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)10511 ArgusPrintSrcMeanPktSize (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
10512 {
10513 struct ArgusMetricStruct *metric = (struct ArgusMetricStruct *) argus->dsrs[ARGUS_METRIC_INDEX];
10514 char tmpbuf[128], *ptr = tmpbuf;
10515 long long pkts = 0, bytes = 0;
10516 float value = 0.0;
10517
10518 switch (argus->hdr.type & 0xF0) {
10519 case ARGUS_MAR:
10520 break;
10521
10522 case ARGUS_EVENT:
10523 case ARGUS_NETFLOW:
10524 case ARGUS_FAR: {
10525 if (metric != NULL) {
10526 pkts = metric->src.pkts;
10527 bytes = metric->src.bytes;
10528 }
10529 break;
10530 }
10531 }
10532
10533 if (pkts > 0)
10534 value = (float)(bytes * 1.0)/(pkts * 1.0);
10535
10536 if (parser->Hflag) {
10537 ArgusAbbreviateMetric(parser, ptr, sizeof(tmpbuf), value);
10538 } else
10539 sprintf (ptr, "%.*f", parser->pflag, value);
10540
10541 if (parser->ArgusPrintXml) {
10542 sprintf (buf, " SrcMeanPktSize = \"%s\"", ptr);
10543 } else {
10544 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
10545 len = strlen(ptr);
10546 } else {
10547 if (strlen(ptr) > len) {
10548 ptr[len - 1] = '*';
10549 ptr[len] = '\0';
10550 }
10551 }
10552 sprintf (buf, "%*.*s ", len, len, ptr);
10553 }
10554
10555 #ifdef ARGUSDEBUG
10556 ArgusDebug (10, "ArgusPrintSrcMeanPktSize (%p, %p)", buf, argus);
10557 #endif
10558 }
10559
10560 void
ArgusPrintDstPktSize(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)10561 ArgusPrintDstPktSize (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
10562 {
10563 struct ArgusPacketSizeStruct *psize;
10564 char value[128];
10565
10566 bzero(value, sizeof(value));
10567
10568 switch (argus->hdr.type & 0xF0) {
10569 case ARGUS_MAR:
10570 break;
10571
10572 case ARGUS_EVENT:
10573 case ARGUS_NETFLOW:
10574 case ARGUS_FAR: {
10575 if ((psize = (struct ArgusPacketSizeStruct *)argus->dsrs[ARGUS_PSIZE_INDEX]) != NULL) {
10576 if (psize->hdr.subtype & ARGUS_PSIZE_HISTO) {
10577 int i, tpkts[8], count = 0, max = 0, tlen, tmax;
10578
10579 for (i = 0; i < 8; i++) {
10580 tpkts[i] = psize->dst.psize[i];
10581 count += psize->dst.psize[i];
10582 max = (max < psize->dst.psize[i]) ? psize->dst.psize[i] : max;
10583 }
10584
10585 tlen = ((len == 8) || (len == 16)) ? len : ((len < 16) ? 8 : 16);
10586 tmax = ((tlen == 8)) ? 15 : 255;
10587
10588 if (max > tmax)
10589 for (i = 0; i < 8; i++) {
10590 if (tpkts[i]) {
10591 tpkts[i] = (tpkts[i] * tmax) / max;
10592 if (tpkts[i] == 0)
10593 tpkts[i] = 1;
10594 }
10595 }
10596
10597 switch (tlen) {
10598 case 8:
10599 for (i = 0; i < 8; i++)
10600 sprintf (&value[strlen(value)], "%1.1x", tpkts[i]);
10601 break;
10602
10603 case 16:
10604 for (i = 0; i < 8; i++)
10605 sprintf (&value[strlen(value)], "%2.2x", tpkts[i]);
10606 break;
10607 }
10608 } else
10609 sprintf (value, " ");
10610 }
10611 break;
10612 }
10613 }
10614
10615 if (parser->ArgusPrintXml) {
10616 sprintf (buf, " DstPktSize = \"%s\"", value);
10617 } else {
10618 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
10619 len = strlen(value);
10620 } else {
10621 if (strlen(value) > len) {
10622 value[len - 1] = '*';
10623 value[len] = '\0';
10624 }
10625 }
10626 sprintf (buf, "%*.*s ", len, len, value);
10627 }
10628
10629 #ifdef ARGUSDEBUG
10630 ArgusDebug (10, "ArgusPrintDstPktSize (%p, %p)", buf, argus);
10631 #endif
10632 }
10633
10634 void
ArgusPrintDstMaxPktSize(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)10635 ArgusPrintDstMaxPktSize (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
10636 {
10637 struct ArgusPacketSizeStruct *psize;
10638 char value[128];
10639
10640 bzero(value, sizeof(value));
10641
10642 switch (argus->hdr.type & 0xF0) {
10643 case ARGUS_MAR:
10644 break;
10645
10646 case ARGUS_EVENT:
10647 case ARGUS_NETFLOW:
10648 case ARGUS_FAR: {
10649 if ((psize = (struct ArgusPacketSizeStruct *)argus->dsrs[ARGUS_PSIZE_INDEX]) != NULL) {
10650 if (psize->dst.psizemax > 0)
10651 sprintf (value, "%d", psize->dst.psizemax);
10652 else
10653 sprintf (value, " ");
10654 }
10655 break;
10656 }
10657 }
10658
10659 if (parser->ArgusPrintXml) {
10660 sprintf (buf, " DstMaxPktSize = \"%s\"", value);
10661 } else {
10662 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
10663 len = strlen(value);
10664 } else {
10665 if (strlen(value) > len) {
10666 value[len - 1] = '*';
10667 value[len] = '\0';
10668 }
10669 }
10670 sprintf (buf, "%*.*s ", len, len, value);
10671 }
10672
10673 #ifdef ARGUSDEBUG
10674 ArgusDebug (10, "ArgusPrintDstMaxPktSize (%p, %p)", buf, argus);
10675 #endif
10676 }
10677
10678 void
ArgusPrintDstMinPktSize(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)10679 ArgusPrintDstMinPktSize (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
10680 {
10681 struct ArgusPacketSizeStruct *psize;
10682 char value[128];
10683
10684 bzero(value, sizeof(value));
10685
10686 switch (argus->hdr.type & 0xF0) {
10687 case ARGUS_MAR:
10688 break;
10689
10690 case ARGUS_EVENT:
10691 case ARGUS_NETFLOW:
10692 case ARGUS_FAR: {
10693 if ((psize = (struct ArgusPacketSizeStruct *)argus->dsrs[ARGUS_PSIZE_INDEX]) != NULL) {
10694 if (psize->dst.psizemin > 0)
10695 sprintf (value, "%d", psize->dst.psizemin);
10696 else
10697 sprintf (value, " ");
10698 }
10699 break;
10700 }
10701 }
10702
10703 if (parser->ArgusPrintXml) {
10704 sprintf (buf, " DstMinPktSize = \"%s\"", value);
10705 } else {
10706 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
10707 len = strlen(value);
10708 } else {
10709 if (strlen(value) > len) {
10710 value[len - 1] = '*';
10711 value[len] = '\0';
10712 }
10713 }
10714 sprintf (buf, "%*.*s ", len, len, value);
10715 }
10716
10717 #ifdef ARGUSDEBUG
10718 ArgusDebug (10, "ArgusPrintDstMinPktSize (%p, %p)", buf, argus);
10719 #endif
10720 }
10721
10722 void
ArgusPrintDstMeanPktSize(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)10723 ArgusPrintDstMeanPktSize (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
10724 {
10725 struct ArgusMetricStruct *metric = (struct ArgusMetricStruct *) argus->dsrs[ARGUS_METRIC_INDEX];
10726 char tmpbuf[128], *ptr = tmpbuf;
10727 long long pkts = 0, bytes = 0;
10728 float value = 0.0;
10729
10730 switch (argus->hdr.type & 0xF0) {
10731 case ARGUS_MAR:
10732 break;
10733
10734 case ARGUS_EVENT:
10735 case ARGUS_NETFLOW:
10736 case ARGUS_FAR:
10737 if (metric != NULL) {
10738 pkts = metric->dst.pkts;
10739 bytes = metric->dst.bytes;
10740 }
10741 break;
10742 }
10743
10744 if (pkts > 0)
10745 value = (float)(bytes * 1.0)/(pkts * 1.0);
10746
10747 if (parser->Hflag) {
10748 ArgusAbbreviateMetric(parser, ptr, sizeof(tmpbuf), value);
10749 } else
10750 sprintf (ptr, "%.*f", parser->pflag, value);
10751
10752 if (parser->ArgusPrintXml) {
10753 sprintf (buf, " DstMeanPktSize = \"%s\"", ptr);
10754 } else {
10755 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
10756 len = strlen(ptr);
10757 } else {
10758 if (strlen(ptr) > len) {
10759 ptr[len - 1] = '*';
10760 ptr[len] = '\0';
10761 }
10762 }
10763 sprintf (buf, "%*.*s ", len, len, ptr);
10764 }
10765
10766 #ifdef ARGUSDEBUG
10767 ArgusDebug (10, "ArgusPrintDstMeanPktSize (%p, %p)", buf, argus);
10768 #endif
10769 }
10770
10771 #include <math.h>
10772
10773
10774 void
ArgusPrintSrcIntPkt(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)10775 ArgusPrintSrcIntPkt (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
10776 {
10777 struct ArgusJitterStruct *jitter = NULL;
10778 char value[128];
10779
10780 bzero(value, sizeof(value));
10781
10782 switch (argus->hdr.type & 0xF0) {
10783 case ARGUS_MAR:
10784 break;
10785
10786 case ARGUS_EVENT:
10787 case ARGUS_NETFLOW:
10788 case ARGUS_FAR: {
10789 float meanval = 0.0;
10790 unsigned int n;
10791
10792 if ((jitter = (struct ArgusJitterStruct *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL) {
10793 if ((n = (jitter->src.act.n + jitter->src.idle.n)) > 0) {
10794 meanval += ((jitter->src.act.meanval * jitter->src.act.n) +
10795 (jitter->src.idle.meanval * jitter->src.idle.n));
10796 meanval = meanval / n;
10797 }
10798 sprintf (value, "%.*f", parser->pflag, meanval/1000.0);
10799 }
10800 break;
10801 }
10802 }
10803
10804 if (parser->ArgusPrintXml) {
10805 sprintf (buf, " SrcIntPkt = \"%s\"", value);
10806 } else {
10807 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
10808 len = strlen(value);
10809 } else {
10810 if (strlen(value) > len) {
10811 value[len - 1] = '*';
10812 value[len] = '\0';
10813 }
10814 }
10815 sprintf (buf, "%*.*s ", len, len, value);
10816 }
10817
10818 #ifdef ARGUSDEBUG
10819 ArgusDebug (10, "ArgusPrintSrcIntPkt (%p, %p)", buf, argus);
10820 #endif
10821 }
10822
10823
10824 void
ArgusPrintSrcIntPktDist(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)10825 ArgusPrintSrcIntPktDist (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
10826 {
10827 struct ArgusJitterStruct *jitter;
10828 char value[128];
10829
10830 bzero(value, sizeof(value));
10831
10832 switch (argus->hdr.type & 0xF0) {
10833 case ARGUS_MAR:
10834 break;
10835
10836 case ARGUS_EVENT:
10837 case ARGUS_NETFLOW:
10838 case ARGUS_FAR: {
10839 if ((jitter = (struct ArgusJitterStruct *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL) {
10840 switch (jitter->hdr.subtype & (ARGUS_HISTO_EXP | ARGUS_HISTO_LINEAR)) {
10841 case ARGUS_HISTO_EXP: {
10842 int i, tpkts[8], count = 0, max = 0, tlen, tmax;
10843
10844 for (i = 0; i < 8; i++) {
10845 tpkts[i] = jitter->src.act.dist_union.fdist[i] + jitter->src.idle.dist_union.fdist[i];
10846 count += tpkts[i];
10847 max = (max < tpkts[i]) ? tpkts[i] : max;
10848 }
10849
10850 tlen = ((len == 8) || (len == 16)) ? len : ((len < 16) ? 8 : 16);
10851 tmax = ((tlen == 8)) ? 15 : 255;
10852
10853 if (max > tmax)
10854 for (i = 0; i < 8; i++) {
10855 if (tpkts[i]) {
10856 tpkts[i] = (tpkts[i] * tmax) / max;
10857 if (tpkts[i] == 0)
10858 tpkts[i] = 1;
10859 }
10860 }
10861
10862 switch (tlen) {
10863 case 8:
10864 for (i = 0; i < 8; i++)
10865 sprintf (&value[strlen(value)], "%1.1x", tpkts[i]);
10866 break;
10867
10868 case 16:
10869 for (i = 0; i < 8; i++)
10870 sprintf (&value[strlen(value)], "%2.2x", tpkts[i]);
10871 break;
10872 }
10873 break;
10874 }
10875
10876 case ARGUS_HISTO_LINEAR: {
10877 struct ArgusHistoObject *ahist = &jitter->src.act.dist_union.linear;
10878 struct ArgusHistoObject *ihist = &jitter->src.idle.dist_union.linear;
10879
10880 int i, tpkts[256], count = 0, max = 0;
10881 int tlen = ahist->bins, tmax = 8;;
10882
10883 bzero(&tpkts, sizeof(tpkts));
10884
10885 if (ahist->data)
10886 for (i = 0; i < tlen; i++) {
10887 tpkts[i] += ahist->data[i];
10888 count += ahist->data[i];
10889 max = (max < tpkts[i]) ? tpkts[i] : max;
10890 }
10891
10892 if (ihist->data)
10893 for (i = 0; i < tlen; i++) {
10894 tpkts[i] += ihist->data[i];
10895 count += ihist->data[i];
10896 max = (max < tpkts[i]) ? tpkts[i] : max;
10897 }
10898
10899 if (ahist->bits == 4) tmax = 15;
10900 else if (ahist->bits == 8) tmax = 255;
10901
10902 if (max > tmax)
10903 for (i = 0; i < tlen; i++) {
10904 if (tpkts[i]) {
10905 tpkts[i] = (tpkts[i] * tmax) / max;
10906 if (tpkts[i] == 0)
10907 tpkts[i] = 1;
10908 }
10909 }
10910
10911 switch (ahist->bits) {
10912 case 4:
10913 for (i = 0; i < tlen; i++)
10914 sprintf (&value[strlen(value)], "%1.1x", tpkts[i]);
10915 break;
10916
10917 case 8:
10918 for (i = 0; i < tlen; i++)
10919 sprintf (&value[strlen(value)], "%2.2x", tpkts[i]);
10920 break;
10921 }
10922 break;
10923 }
10924
10925 default:
10926 sprintf (value, " ");
10927 break;
10928 }
10929 }
10930 break;
10931 }
10932 }
10933
10934 if (parser->ArgusPrintXml) {
10935 sprintf (buf, " SrcIntDist = \"%s\"", value);
10936 } else {
10937 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
10938 len = strlen(value);
10939 } else {
10940 if (strlen(value) > len) {
10941 value[len - 1] = '*';
10942 value[len] = '\0';
10943 }
10944 }
10945 sprintf (buf, "%*.*s ", len, len, value);
10946 }
10947
10948 #ifdef ARGUSDEBUG
10949 ArgusDebug (10, "ArgusPrintSrcIntPktDist (%p, %p)", buf, argus);
10950 #endif
10951 }
10952
10953
10954 void
ArgusPrintActiveSrcIntPktDist(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)10955 ArgusPrintActiveSrcIntPktDist (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
10956 {
10957 struct ArgusJitterStruct *jitter;
10958 char value[128];
10959
10960 bzero(value, sizeof(value));
10961
10962 switch (argus->hdr.type & 0xF0) {
10963 case ARGUS_MAR:
10964 break;
10965
10966 case ARGUS_EVENT:
10967 case ARGUS_NETFLOW:
10968 case ARGUS_FAR: {
10969 if ((jitter = (struct ArgusJitterStruct *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL) {
10970 if (jitter->hdr.subtype & ARGUS_HISTO_EXP) {
10971 int i, tpkts[8], count = 0, max = 0, tlen, tmax;
10972
10973 for (i = 0; i < 8; i++) {
10974 tpkts[i] = jitter->src.act.dist_union.fdist[i];
10975 count += tpkts[i];
10976 max = (max < tpkts[i]) ? tpkts[i] : max;
10977 }
10978
10979 tlen = ((len == 8) || (len == 16)) ? len : ((len < 16) ? 8 : 16);
10980 tmax = ((tlen == 8)) ? 15 : 255;
10981
10982 if (max > tmax)
10983 for (i = 0; i < 8; i++) {
10984 if (tpkts[i]) {
10985 tpkts[i] = (tpkts[i] * tmax) / max;
10986 if (tpkts[i] == 0)
10987 tpkts[i] = 1;
10988 }
10989 }
10990
10991 switch (tlen) {
10992 case 8:
10993 for (i = 0; i < 8; i++)
10994 sprintf (&value[strlen(value)], "%1.1x", tpkts[i]);
10995 break;
10996
10997 case 16:
10998 for (i = 0; i < 8; i++)
10999 sprintf (&value[strlen(value)], "%2.2x", tpkts[i]);
11000 break;
11001 }
11002 } else
11003 sprintf (value, " ");
11004 }
11005 break;
11006 }
11007 }
11008
11009 if (parser->ArgusPrintXml) {
11010 sprintf (buf, " SrcIntDist = \"%s\"", value);
11011 } else {
11012 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
11013 len = strlen(value);
11014 } else {
11015 if (strlen(value) > len) {
11016 value[len - 1] = '*';
11017 value[len] = '\0';
11018 }
11019 }
11020 sprintf (buf, "%*.*s ", len, len, value);
11021 }
11022
11023 #ifdef ARGUSDEBUG
11024 ArgusDebug (10, "ArgusPrintActiveSrcIntPktDist (%p, %p)", buf, argus);
11025 #endif
11026 }
11027
11028
11029 void
ArgusPrintIdleSrcIntPktDist(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)11030 ArgusPrintIdleSrcIntPktDist (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
11031 {
11032 struct ArgusJitterStruct *jitter;
11033 char value[128];
11034
11035 bzero(value, sizeof(value));
11036
11037 switch (argus->hdr.type & 0xF0) {
11038 case ARGUS_MAR:
11039 break;
11040
11041 case ARGUS_EVENT:
11042 case ARGUS_NETFLOW:
11043 case ARGUS_FAR: {
11044 if ((jitter = (struct ArgusJitterStruct *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL) {
11045 if (jitter->hdr.subtype & ARGUS_HISTO_EXP) {
11046 int i, tpkts[8], count = 0, max = 0, tlen, tmax;
11047
11048 for (i = 0; i < 8; i++) {
11049 tpkts[i] = jitter->src.idle.dist_union.fdist[i];
11050 count += tpkts[i];
11051 max = (max < tpkts[i]) ? tpkts[i] : max;
11052 }
11053
11054 tlen = ((len == 8) || (len == 16)) ? len : ((len < 16) ? 8 : 16);
11055 tmax = ((tlen == 8)) ? 15 : 255;
11056
11057 if (max > tmax)
11058 for (i = 0; i < 8; i++) {
11059 if (tpkts[i]) {
11060 tpkts[i] = (tpkts[i] * tmax) / max;
11061 if (tpkts[i] == 0)
11062 tpkts[i] = 1;
11063 }
11064 }
11065
11066 switch (tlen) {
11067 case 8:
11068 for (i = 0; i < 8; i++)
11069 sprintf (&value[strlen(value)], "%1.1x", tpkts[i]);
11070 break;
11071
11072 case 16:
11073 for (i = 0; i < 8; i++)
11074 sprintf (&value[strlen(value)], "%2.2x", tpkts[i]);
11075 break;
11076 }
11077 } else
11078 sprintf (value, " ");
11079 }
11080 break;
11081 }
11082 }
11083
11084 if (parser->ArgusPrintXml) {
11085 sprintf (buf, " SrcIntDist = \"%s\"", value);
11086 } else {
11087 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
11088 len = strlen(value);
11089 } else {
11090 if (strlen(value) > len) {
11091 value[len - 1] = '*';
11092 value[len] = '\0';
11093 }
11094 }
11095 sprintf (buf, "%*.*s ", len, len, value);
11096 }
11097
11098 #ifdef ARGUSDEBUG
11099 ArgusDebug (10, "ArgusPrintIdleSrcIntPktDist (%p, %p)", buf, argus);
11100 #endif
11101 }
11102
11103
11104 void
ArgusPrintDstIntPkt(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)11105 ArgusPrintDstIntPkt (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
11106 {
11107 struct ArgusJitterStruct *jitter;
11108 char value[128];
11109
11110 bzero(value, sizeof(value));
11111
11112 switch (argus->hdr.type & 0xF0) {
11113 case ARGUS_MAR:
11114 break;
11115
11116 case ARGUS_EVENT:
11117 case ARGUS_NETFLOW:
11118 case ARGUS_FAR: {
11119 float meanval = 0.0;
11120 unsigned int n;
11121
11122 if ((jitter = (struct ArgusJitterStruct *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL) {
11123 if ((n = (jitter->dst.act.n + jitter->dst.idle.n)) > 0) {
11124 if (jitter->dst.act.n && jitter->dst.idle.n) {
11125 meanval = ((jitter->dst.act.meanval * jitter->dst.act.n) +
11126 (jitter->dst.idle.meanval * jitter->dst.idle.n)) / n;
11127 } else {
11128 meanval = (jitter->dst.act.n) ? jitter->dst.act.meanval : jitter->dst.idle.meanval;
11129 }
11130
11131 sprintf (value, "%.*f", parser->pflag, meanval/1000.0);
11132 }
11133 }
11134 break;
11135 }
11136 }
11137
11138 if (parser->ArgusPrintXml) {
11139 sprintf (buf, " DstIntPkt = \"%s\"", value);
11140 } else {
11141 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
11142 len = strlen(value);
11143 } else {
11144 if (strlen(value) > len) {
11145 value[len - 1] = '*';
11146 value[len] = '\0';
11147 }
11148 }
11149 sprintf (buf, "%*.*s ", len, len, value);
11150 }
11151
11152 #ifdef ARGUSDEBUG
11153 ArgusDebug (10, "ArgusPrintDstIntPkt (%p, %p)", buf, argus);
11154 #endif
11155 }
11156
11157
11158 void
ArgusPrintDstIntPktDist(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)11159 ArgusPrintDstIntPktDist (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
11160 {
11161 struct ArgusJitterStruct *jitter;
11162 char value[128];
11163
11164 bzero(value, sizeof(value));
11165
11166 switch (argus->hdr.type & 0xF0) {
11167 case ARGUS_MAR:
11168 break;
11169
11170 case ARGUS_EVENT:
11171 case ARGUS_NETFLOW:
11172 case ARGUS_FAR: {
11173 if ((jitter = (struct ArgusJitterStruct *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL) {
11174 switch (jitter->hdr.subtype & (ARGUS_HISTO_EXP | ARGUS_HISTO_LINEAR)) {
11175 case ARGUS_HISTO_EXP: {
11176 int i, tpkts[8], count = 0, max = 0, tlen, tmax;
11177
11178 for (i = 0; i < 8; i++) {
11179 tpkts[i] = jitter->dst.act.dist_union.fdist[i] + jitter->dst.idle.dist_union.fdist[i];
11180 count += tpkts[i];
11181 max = (max < tpkts[i]) ? tpkts[i] : max;
11182 }
11183
11184 tlen = ((len == 8) || (len == 16)) ? len : ((len < 16) ? 8 : 16);
11185 tmax = ((tlen == 8)) ? 15 : 255;
11186
11187 if (max > tmax)
11188 for (i = 0; i < 8; i++) {
11189 if (tpkts[i]) {
11190 tpkts[i] = (tpkts[i] * tmax) / max;
11191 if (tpkts[i] == 0)
11192 tpkts[i] = 1;
11193 }
11194 }
11195
11196 switch (tlen) {
11197 case 8:
11198 for (i = 0; i < 8; i++)
11199 sprintf (&value[strlen(value)], "%1.1x", tpkts[i]);
11200 break;
11201
11202 case 16:
11203 for (i = 0; i < 8; i++)
11204 sprintf (&value[strlen(value)], "%2.2x", tpkts[i]);
11205 break;
11206 }
11207 break;
11208 }
11209
11210 case ARGUS_HISTO_LINEAR: {
11211 struct ArgusHistoObject *ahist = &jitter->dst.act.dist_union.linear;
11212 struct ArgusHistoObject *ihist = &jitter->dst.idle.dist_union.linear;
11213
11214 int i, tpkts[256], count = 0, max = 0;
11215 int tlen = ahist->bins, tmax = 8;;
11216
11217 bzero(&tpkts, sizeof(tpkts));
11218
11219 if (ahist->data)
11220 for (i = 0; i < tlen; i++) {
11221 tpkts[i] += ahist->data[i];
11222 count += ahist->data[i];
11223 max = (max < tpkts[i]) ? tpkts[i] : max;
11224 }
11225
11226 if (ihist->data)
11227 for (i = 0; i < tlen; i++) {
11228 tpkts[i] += ihist->data[i];
11229 count += ihist->data[i];
11230 max = (max < tpkts[i]) ? tpkts[i] : max;
11231 }
11232
11233 if (ahist->bits == 4) tmax = 15;
11234 else if (ahist->bits == 8) tmax = 255;
11235
11236 if (max > tmax)
11237 for (i = 0; i < tlen; i++) {
11238 if (tpkts[i]) {
11239 tpkts[i] = (tpkts[i] * tmax) / max;
11240 if (tpkts[i] == 0)
11241 tpkts[i] = 1;
11242 }
11243 }
11244
11245 switch (ahist->bits) {
11246 case 4:
11247 for (i = 0; i < tlen; i++)
11248 sprintf (&value[strlen(value)], "%1.1x", tpkts[i]);
11249 break;
11250
11251 case 8:
11252 for (i = 0; i < tlen; i++)
11253 sprintf (&value[strlen(value)], "%2.2x", tpkts[i]);
11254 break;
11255 }
11256 break;
11257 }
11258
11259 default:
11260 sprintf (value, " ");
11261 break;
11262 }
11263 }
11264 break;
11265 }
11266 }
11267
11268 if (parser->ArgusPrintXml) {
11269 sprintf (buf, " SrcIntDist = \"%s\"", value);
11270 } else {
11271 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
11272 len = strlen(value);
11273 } else {
11274 if (strlen(value) > len) {
11275 value[len - 1] = '*';
11276 value[len] = '\0';
11277 }
11278 }
11279 sprintf (buf, "%*.*s ", len, len, value);
11280 }
11281
11282 #ifdef ARGUSDEBUG
11283 ArgusDebug (10, "ArgusPrintDstIntPktDist (%p, %p)", buf, argus);
11284 #endif
11285 }
11286
11287
11288 void
ArgusPrintActiveDstIntPktDist(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)11289 ArgusPrintActiveDstIntPktDist (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
11290 {
11291 struct ArgusJitterStruct *jitter;
11292 char value[128];
11293
11294 bzero(value, sizeof(value));
11295
11296 switch (argus->hdr.type & 0xF0) {
11297 case ARGUS_MAR:
11298 break;
11299
11300 case ARGUS_EVENT:
11301 case ARGUS_NETFLOW:
11302 case ARGUS_FAR: {
11303 if ((jitter = (struct ArgusJitterStruct *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL) {
11304 if (jitter->hdr.subtype & ARGUS_HISTO_EXP) {
11305 int i, tpkts[8], count = 0, max = 0, tlen, tmax;
11306
11307 for (i = 0; i < 8; i++) {
11308 tpkts[i] = jitter->dst.act.dist_union.fdist[i];
11309 count += tpkts[i];
11310 max = (max < tpkts[i]) ? tpkts[i] : max;
11311 }
11312
11313 tlen = ((len == 8) || (len == 16)) ? len : ((len < 16) ? 8 : 16);
11314 tmax = ((tlen == 8)) ? 15 : 255;
11315
11316 if (max > tmax)
11317 for (i = 0; i < 8; i++) {
11318 if (tpkts[i]) {
11319 tpkts[i] = (tpkts[i] * tmax) / max;
11320 if (tpkts[i] == 0)
11321 tpkts[i] = 1;
11322 }
11323 }
11324
11325 switch (tlen) {
11326 case 8:
11327 for (i = 0; i < 8; i++)
11328 sprintf (&value[strlen(value)], "%1.1x", tpkts[i]);
11329 break;
11330
11331 case 16:
11332 for (i = 0; i < 8; i++)
11333 sprintf (&value[strlen(value)], "%2.2x", tpkts[i]);
11334 break;
11335 }
11336 } else
11337 sprintf (value, " ");
11338 }
11339 break;
11340 }
11341 }
11342
11343 if (parser->ArgusPrintXml) {
11344 sprintf (buf, " SrcIntDist = \"%s\"", value);
11345 } else {
11346 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
11347 len = strlen(value);
11348 } else {
11349 if (strlen(value) > len) {
11350 value[len - 1] = '*';
11351 value[len] = '\0';
11352 }
11353 }
11354 sprintf (buf, "%*.*s ", len, len, value);
11355 }
11356
11357 #ifdef ARGUSDEBUG
11358 ArgusDebug (10, "ArgusPrintActiveDstIntPktDist (%p, %p)", buf, argus);
11359 #endif
11360 }
11361
11362
11363 void
ArgusPrintIdleDstIntPktDist(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)11364 ArgusPrintIdleDstIntPktDist (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
11365 {
11366 struct ArgusJitterStruct *jitter;
11367 char value[128];
11368
11369 bzero(value, sizeof(value));
11370
11371 switch (argus->hdr.type & 0xF0) {
11372 case ARGUS_MAR:
11373 break;
11374
11375 case ARGUS_EVENT:
11376 case ARGUS_NETFLOW:
11377 case ARGUS_FAR: {
11378 if ((jitter = (struct ArgusJitterStruct *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL) {
11379 if (jitter->hdr.subtype & ARGUS_HISTO_EXP) {
11380 int i, tpkts[8], count = 0, max = 0, tlen, tmax;
11381
11382 for (i = 0; i < 8; i++) {
11383 tpkts[i] = jitter->dst.idle.dist_union.fdist[i];
11384 count += tpkts[i];
11385 max = (max < tpkts[i]) ? tpkts[i] : max;
11386 }
11387
11388 tlen = ((len == 8) || (len == 16)) ? len : ((len < 16) ? 8 : 16);
11389 tmax = ((tlen == 8)) ? 15 : 255;
11390
11391 if (max > tmax)
11392 for (i = 0; i < 8; i++) {
11393 if (tpkts[i]) {
11394 tpkts[i] = (tpkts[i] * tmax) / max;
11395 if (tpkts[i] == 0)
11396 tpkts[i] = 1;
11397 }
11398 }
11399
11400 switch (tlen) {
11401 case 8:
11402 for (i = 0; i < 8; i++)
11403 sprintf (&value[strlen(value)], "%1.1x", tpkts[i]);
11404 break;
11405
11406 case 16:
11407 for (i = 0; i < 8; i++)
11408 sprintf (&value[strlen(value)], "%2.2x", tpkts[i]);
11409 break;
11410 }
11411 } else
11412 sprintf (value, " ");
11413 }
11414 break;
11415 }
11416 }
11417
11418 if (parser->ArgusPrintXml) {
11419 sprintf (buf, " SrcIntDist = \"%s\"", value);
11420 } else {
11421 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
11422 len = strlen(value);
11423 } else {
11424 if (strlen(value) > len) {
11425 value[len - 1] = '*';
11426 value[len] = '\0';
11427 }
11428 }
11429 sprintf (buf, "%*.*s ", len, len, value);
11430 }
11431
11432 #ifdef ARGUSDEBUG
11433 ArgusDebug (10, "ArgusPrintIdleDstIntPktDist (%p, %p)", buf, argus);
11434 #endif
11435 }
11436
11437 void
ArgusPrintActiveSrcIntPkt(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)11438 ArgusPrintActiveSrcIntPkt (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
11439 {
11440 struct ArgusJitterStruct *jitter;
11441 char value[128];
11442 bzero(value, sizeof(value));
11443
11444 switch (argus->hdr.type & 0xF0) {
11445 case ARGUS_MAR:
11446 break;
11447
11448 case ARGUS_EVENT:
11449 case ARGUS_NETFLOW:
11450 case ARGUS_FAR:
11451 if ((jitter = (struct ArgusJitterStruct *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL)
11452 sprintf (value, "%.*f", parser->pflag, jitter->src.act.meanval/1000.0);
11453 break;
11454 }
11455
11456 if (parser->ArgusPrintXml) {
11457 sprintf (buf, " SrcActiveIntPkt = \"%s\"", value);
11458 } else {
11459 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
11460 len = strlen(value);
11461 } else {
11462 if (strlen(value) > len) {
11463 value[len - 1] = '*';
11464 value[len] = '\0';
11465 }
11466 }
11467 sprintf (buf, "%*.*s ", len, len, value);
11468 }
11469
11470 #ifdef ARGUSDEBUG
11471 ArgusDebug (10, "ArgusPrintActiveSrcIntPkt (%p, %p)", buf, argus);
11472 #endif
11473 }
11474
11475 void
ArgusPrintActiveDstIntPkt(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)11476 ArgusPrintActiveDstIntPkt (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
11477 {
11478 struct ArgusJitterStruct *jitter;
11479 char value[128];
11480
11481 bzero(value, sizeof(value));
11482
11483 switch (argus->hdr.type & 0xF0) {
11484 case ARGUS_MAR:
11485 break;
11486
11487 case ARGUS_EVENT:
11488 case ARGUS_NETFLOW:
11489 case ARGUS_FAR:
11490 if ((jitter = (struct ArgusJitterStruct *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL)
11491 sprintf (value, "%.*f", parser->pflag, jitter->dst.act.meanval/1000.0);
11492 break;
11493 }
11494
11495 if (parser->ArgusPrintXml) {
11496 sprintf (buf, " DstActiveIntPkt = \"%s\"", value);
11497 } else {
11498 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
11499 len = strlen(value);
11500 } else {
11501 if (strlen(value) > len) {
11502 value[len - 1] = '*';
11503 value[len] = '\0';
11504 }
11505 }
11506 sprintf (buf, "%*.*s ", len, len, value);
11507 }
11508
11509 #ifdef ARGUSDEBUG
11510 ArgusDebug (10, "ArgusPrintActiveDstIntPkt (%p, %p)", buf, argus);
11511 #endif
11512 }
11513
11514 void
ArgusPrintIdleSrcIntPkt(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)11515 ArgusPrintIdleSrcIntPkt (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
11516 {
11517 struct ArgusJitterStruct *jitter;
11518 char value[128];
11519
11520 bzero(value, sizeof(value));
11521
11522 switch (argus->hdr.type & 0xF0) {
11523 case ARGUS_MAR:
11524 break;
11525
11526 case ARGUS_EVENT:
11527 case ARGUS_NETFLOW:
11528 case ARGUS_FAR:
11529 if ((jitter = (struct ArgusJitterStruct *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL)
11530 sprintf (value, "%.*f", parser->pflag, jitter->src.idle.meanval/1000.0);
11531 break;
11532 }
11533
11534 if (parser->ArgusPrintXml) {
11535 sprintf (buf, " SrcIdleIntPkt = \"%s\"", value);
11536 } else {
11537 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
11538 len = strlen(value);
11539 } else {
11540 if (strlen(value) > len) {
11541 value[len - 1] = '*';
11542 value[len] = '\0';
11543 }
11544 }
11545 sprintf (buf, "%*.*s ", len, len, value);
11546 }
11547
11548 #ifdef ARGUSDEBUG
11549 ArgusDebug (10, "ArgusPrintIdleSrcIntPkt (%p, %p)", buf, argus);
11550 #endif
11551 }
11552
11553 void
ArgusPrintIdleDstIntPkt(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)11554 ArgusPrintIdleDstIntPkt (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
11555 {
11556 struct ArgusJitterStruct *jitter;
11557 char value[128];
11558
11559 bzero (value, sizeof(value));
11560
11561 switch (argus->hdr.type & 0xF0) {
11562 case ARGUS_MAR: {
11563 if (parser->ArgusPrintXml) {
11564 } else {
11565 sprintf (buf, "%*.*s ", len, len, " ");
11566 }
11567 break;
11568 }
11569
11570 case ARGUS_EVENT:
11571 case ARGUS_NETFLOW:
11572 case ARGUS_FAR: {
11573 if ((jitter = (struct ArgusJitterStruct *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL)
11574 sprintf (value, "%.*f", parser->pflag, jitter->dst.idle.meanval/1000.0);
11575
11576 if (parser->ArgusPrintXml) {
11577 sprintf (buf, " DstIdleIntPkt = \"%s\"", value);
11578 } else {
11579 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
11580 len = strlen(value);
11581 } else {
11582 if (strlen(value) > len) {
11583 value[len - 1] = '*';
11584 value[len] = '\0';
11585 }
11586 }
11587 sprintf (buf, "%*.*s ", len, len, value);
11588 }
11589 break;
11590 }
11591 }
11592
11593 #ifdef ARGUSDEBUG
11594 ArgusDebug (10, "ArgusPrintIdleDstIntPkt (%p, %p)", buf, argus);
11595 #endif
11596 }
11597
11598 /*
11599 struct ArgusStatObject {
11600 int n;
11601 unsigned int minval;
11602 float meanval;
11603 float stdev;
11604 unsigned int maxval;
11605 };
11606 */
11607
11608 void
ArgusPrintSrcIntPktMax(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)11609 ArgusPrintSrcIntPktMax (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
11610 {
11611 struct ArgusJitterStruct *jitter;
11612 char value[128];
11613
11614 bzero (value, sizeof(value));
11615
11616 switch (argus->hdr.type & 0xF0) {
11617 case ARGUS_MAR: {
11618 if (parser->ArgusPrintXml) {
11619 } else {
11620 sprintf (buf, "%*.*s ", len, len, " ");
11621 }
11622 break;
11623 }
11624
11625 case ARGUS_EVENT:
11626 case ARGUS_NETFLOW:
11627 case ARGUS_FAR: {
11628 if ((jitter = (struct ArgusJitterStruct *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL) {
11629 float maxval = (jitter->src.act.maxval > jitter->src.idle.maxval) ?
11630 jitter->src.act.maxval : jitter->src.idle.maxval;
11631 sprintf (value, "%.*f", parser->pflag, maxval/1000.0);
11632 }
11633
11634 if (parser->ArgusPrintXml) {
11635 sprintf (buf, " SrcIntPktMax = \"%s\"", value);
11636 } else {
11637 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
11638 len = strlen(value);
11639 } else {
11640 if (strlen(value) > len) {
11641 value[len - 1] = '*';
11642 value[len] = '\0';
11643 }
11644 }
11645 sprintf (buf, "%*.*s ", len, len, value);
11646 }
11647 break;
11648 }
11649 }
11650 #ifdef ARGUSDEBUG
11651 ArgusDebug (10, "ArgusPrintSrcIntPktMax (%p, %p)", buf, argus);
11652 #endif
11653 }
11654
11655 void
ArgusPrintSrcIntPktMin(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)11656 ArgusPrintSrcIntPktMin (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
11657 {
11658 struct ArgusJitterStruct *jitter;
11659 char value[128];
11660
11661 bzero (value, sizeof(value));
11662
11663 switch (argus->hdr.type & 0xF0) {
11664 case ARGUS_MAR: {
11665 if (parser->ArgusPrintXml) {
11666 } else {
11667 sprintf (buf, "%*.*s ", len, len, " ");
11668 }
11669 break;
11670 }
11671
11672 case ARGUS_EVENT:
11673 case ARGUS_NETFLOW:
11674 case ARGUS_FAR: {
11675 if ((jitter = (struct ArgusJitterStruct *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL) {
11676 float minval = (jitter->src.act.minval > jitter->src.idle.minval) ?
11677 jitter->src.act.minval : jitter->src.idle.minval;
11678 sprintf (value, "%.*f", parser->pflag, minval/1000.0);
11679 }
11680
11681 if (parser->ArgusPrintXml) {
11682 sprintf (buf, " SrcIntPktMin = \"%s\"", value);
11683 } else {
11684 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
11685 len = strlen(value);
11686 } else {
11687 if (strlen(value) > len) {
11688 value[len - 1] = '*';
11689 value[len] = '\0';
11690 }
11691 }
11692 sprintf (buf, "%*.*s ", len, len, value);
11693 }
11694 break;
11695 }
11696 }
11697
11698 #ifdef ARGUSDEBUG
11699 ArgusDebug (10, "ArgusPrintSrcIntPktMin (%p, %p)", buf, argus);
11700 #endif
11701 }
11702
11703 void
ArgusPrintDstIntPktMax(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)11704 ArgusPrintDstIntPktMax (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
11705 {
11706 struct ArgusJitterStruct *jitter;
11707 char value[128];
11708 bzero(value, sizeof(value));
11709
11710 switch (argus->hdr.type & 0xF0) {
11711 case ARGUS_MAR:
11712 break;
11713
11714 case ARGUS_EVENT:
11715 case ARGUS_NETFLOW:
11716 case ARGUS_FAR:
11717 if ((jitter = (struct ArgusJitterStruct *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL)
11718 sprintf (value, "%.*f", parser->pflag, jitter->dst.act.maxval/1000.0);
11719 break;
11720 }
11721
11722 if (parser->ArgusPrintXml) {
11723 sprintf (buf, " DstIntPktMax = \"%s\"", value);
11724 } else {
11725 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
11726 len = strlen(value);
11727 } else {
11728 if (strlen(value) > len) {
11729 value[len - 1] = '*';
11730 value[len] = '\0';
11731 }
11732 }
11733 sprintf (buf, "%*.*s ", len, len, value);
11734 }
11735
11736 #ifdef ARGUSDEBUG
11737 ArgusDebug (10, "ArgusPrintDstIntPktMax (%p, %p)", buf, argus);
11738 #endif
11739 }
11740
11741 void
ArgusPrintDstIntPktMin(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)11742 ArgusPrintDstIntPktMin (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
11743 {
11744 struct ArgusJitterStruct *jitter;
11745 char value[128];
11746 bzero(value, sizeof(value));
11747
11748 switch (argus->hdr.type & 0xF0) {
11749 case ARGUS_MAR:
11750 break;
11751
11752 case ARGUS_EVENT:
11753 case ARGUS_NETFLOW:
11754 case ARGUS_FAR:
11755 if ((jitter = (struct ArgusJitterStruct *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL)
11756 sprintf (value, "%.*f", parser->pflag, jitter->dst.act.minval/1000.0);
11757 break;
11758 }
11759
11760 if (parser->ArgusPrintXml) {
11761 sprintf (buf, " DstIntPktMin = \"%s\"", value);
11762 } else {
11763 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
11764 len = strlen(value);
11765 } else {
11766 if (strlen(value) > len) {
11767 value[len - 1] = '*';
11768 value[len] = '\0';
11769 }
11770 }
11771 sprintf (buf, "%*.*s ", len, len, value);
11772 }
11773
11774 #ifdef ARGUSDEBUG
11775 ArgusDebug (10, "ArgusPrintDstIntPktMin (%p, %p)", buf, argus);
11776 #endif
11777 }
11778
11779 void
ArgusPrintActiveSrcIntPktMax(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)11780 ArgusPrintActiveSrcIntPktMax (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
11781 {
11782 struct ArgusJitterStruct *jitter;
11783 char value[128];
11784 bzero(value, sizeof(value));
11785
11786 switch (argus->hdr.type & 0xF0) {
11787 case ARGUS_MAR:
11788 break;
11789
11790 case ARGUS_EVENT:
11791 case ARGUS_NETFLOW:
11792 case ARGUS_FAR:
11793 if ((jitter = (struct ArgusJitterStruct *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL)
11794 sprintf (value, "%.*f", parser->pflag, jitter->src.act.maxval/1000.0);
11795 break;
11796 }
11797
11798 if (parser->ArgusPrintXml) {
11799 sprintf (buf, " SrcActIntPktMax = \"%s\"", value);
11800 } else {
11801 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
11802 len = strlen(value);
11803 } else {
11804 if (strlen(value) > len) {
11805 value[len - 1] = '*';
11806 value[len] = '\0';
11807 }
11808 }
11809 sprintf (buf, "%*.*s ", len, len, value);
11810 }
11811
11812 #ifdef ARGUSDEBUG
11813 ArgusDebug (10, "ArgusPrintActiveSrcIntPktMax (%p, %p)", buf, argus);
11814 #endif
11815 }
11816
11817 void
ArgusPrintActiveSrcIntPktMin(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)11818 ArgusPrintActiveSrcIntPktMin (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
11819 {
11820 struct ArgusJitterStruct *jitter;
11821 char value[128];
11822 bzero(value, sizeof(value));
11823
11824 switch (argus->hdr.type & 0xF0) {
11825 case ARGUS_MAR:
11826 break;
11827
11828 case ARGUS_EVENT:
11829 case ARGUS_NETFLOW:
11830 case ARGUS_FAR:
11831 if ((jitter = (struct ArgusJitterStruct *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL)
11832 sprintf (value, "%.*f", parser->pflag, jitter->src.act.minval/1000.0);
11833 break;
11834 }
11835
11836 if (parser->ArgusPrintXml) {
11837 sprintf (buf, " SrcActIntPktMin = \"%s\"", value);
11838 } else {
11839 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
11840 len = strlen(value);
11841 } else {
11842 if (strlen(value) > len) {
11843 value[len - 1] = '*';
11844 value[len] = '\0';
11845 }
11846 }
11847 sprintf (buf, "%*.*s ", len, len, value);
11848 }
11849
11850 #ifdef ARGUSDEBUG
11851 ArgusDebug (10, "ArgusPrintActiveSrcIntPktMin (%p, %p)", buf, argus);
11852 #endif
11853 }
11854
11855 void
ArgusPrintActiveDstIntPktMax(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)11856 ArgusPrintActiveDstIntPktMax (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
11857 {
11858 struct ArgusJitterStruct *jitter;
11859 char value[128];
11860 bzero(value, sizeof(value));
11861
11862 switch (argus->hdr.type & 0xF0) {
11863 case ARGUS_MAR:
11864 break;
11865
11866 case ARGUS_EVENT:
11867 case ARGUS_NETFLOW:
11868 case ARGUS_FAR:
11869 if ((jitter = (struct ArgusJitterStruct *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL)
11870 sprintf (value, "%.*f", parser->pflag, jitter->dst.act.maxval/1000.0);
11871 break;
11872 }
11873
11874 if (parser->ArgusPrintXml) {
11875 sprintf (buf, " DstActIntPktMax = \"%s\"", value);
11876 } else {
11877 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
11878 len = strlen(value);
11879 } else {
11880 if (strlen(value) > len) {
11881 value[len - 1] = '*';
11882 value[len] = '\0';
11883 }
11884 }
11885 sprintf (buf, "%*.*s ", len, len, value);
11886 }
11887
11888 #ifdef ARGUSDEBUG
11889 ArgusDebug (10, "ArgusPrintActiveDstIntPktMax (%p, %p)", buf, argus);
11890 #endif
11891 }
11892
11893 void
ArgusPrintActiveDstIntPktMin(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)11894 ArgusPrintActiveDstIntPktMin (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
11895 {
11896 struct ArgusJitterStruct *jitter;
11897 char value[128];
11898 bzero(value, sizeof(value));
11899
11900 switch (argus->hdr.type & 0xF0) {
11901 case ARGUS_MAR:
11902 break;
11903
11904 case ARGUS_EVENT:
11905 case ARGUS_NETFLOW:
11906 case ARGUS_FAR:
11907 if ((jitter = (struct ArgusJitterStruct *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL)
11908 sprintf (value, "%.*f", parser->pflag, jitter->dst.act.minval/1000.0);
11909 break;
11910 }
11911
11912 if (parser->ArgusPrintXml) {
11913 sprintf (buf, " DstActIntPktMin = \"%s\"", value);
11914 } else {
11915 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
11916 len = strlen(value);
11917 } else {
11918 if (strlen(value) > len) {
11919 value[len - 1] = '*';
11920 value[len] = '\0';
11921 }
11922 }
11923 sprintf (buf, "%*.*s ", len, len, value);
11924 }
11925
11926 #ifdef ARGUSDEBUG
11927 ArgusDebug (10, "ArgusPrintActiveDstIntPktMin (%p, %p)", buf, argus);
11928 #endif
11929 }
11930
11931 void
ArgusPrintIdleSrcIntPktMax(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)11932 ArgusPrintIdleSrcIntPktMax (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
11933 {
11934 struct ArgusJitterStruct *jitter;
11935 char value[128];
11936 bzero(value, sizeof(value));
11937
11938 switch (argus->hdr.type & 0xF0) {
11939 case ARGUS_MAR:
11940 break;
11941
11942 case ARGUS_EVENT:
11943 case ARGUS_NETFLOW:
11944 case ARGUS_FAR:
11945 if ((jitter = (struct ArgusJitterStruct *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL)
11946 sprintf (value, "%.*f", parser->pflag, jitter->src.idle.maxval/1000.0);
11947 break;
11948 }
11949
11950 if (parser->ArgusPrintXml) {
11951 } else {
11952 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
11953 len = strlen(value);
11954 } else {
11955 if (strlen(value) > len) {
11956 value[len - 1] = '*';
11957 value[len] = '\0';
11958 }
11959 }
11960 sprintf (buf, "%*.*s ", len, len, value);
11961 }
11962
11963 #ifdef ARGUSDEBUG
11964 ArgusDebug (10, "ArgusPrintIdleSrcIntPktMax (%p, %p)", buf, argus);
11965 #endif
11966 }
11967
11968 void
ArgusPrintIdleSrcIntPktMin(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)11969 ArgusPrintIdleSrcIntPktMin (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
11970 {
11971 struct ArgusJitterStruct *jitter;
11972 char value[128];
11973 bzero(value, sizeof(value));
11974
11975 switch (argus->hdr.type & 0xF0) {
11976 case ARGUS_MAR:
11977 break;
11978
11979 case ARGUS_EVENT:
11980 case ARGUS_NETFLOW:
11981 case ARGUS_FAR:
11982 if ((jitter = (struct ArgusJitterStruct *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL)
11983 sprintf (value, "%.*f", parser->pflag, jitter->src.idle.minval/1000.0);
11984 break;
11985 }
11986
11987 if (parser->ArgusPrintXml) {
11988 } else {
11989 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
11990 len = strlen(value);
11991 } else {
11992 if (strlen(value) > len) {
11993 value[len - 1] = '*';
11994 value[len] = '\0';
11995 }
11996 }
11997 sprintf (buf, "%*.*s ", len, len, value);
11998 }
11999
12000 #ifdef ARGUSDEBUG
12001 ArgusDebug (10, "ArgusPrintIdleSrcIntPktMin (%p, %p)", buf, argus);
12002 #endif
12003 }
12004
12005 void
ArgusPrintIdleDstIntPktMax(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12006 ArgusPrintIdleDstIntPktMax (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12007 {
12008 struct ArgusJitterStruct *jitter;
12009 char value[128];
12010 bzero(value, sizeof(value));
12011
12012 switch (argus->hdr.type & 0xF0) {
12013 case ARGUS_MAR:
12014 break;
12015
12016 case ARGUS_EVENT:
12017 case ARGUS_NETFLOW:
12018 case ARGUS_FAR:
12019 if ((jitter = (struct ArgusJitterStruct *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL)
12020 sprintf (value, "%.*f", parser->pflag, jitter->dst.idle.maxval/1000.0);
12021 break;
12022 }
12023
12024 if (parser->ArgusPrintXml) {
12025 } else {
12026 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
12027 len = strlen(value);
12028 } else {
12029 if (strlen(value) > len) {
12030 value[len - 1] = '*';
12031 value[len] = '\0';
12032 }
12033 }
12034 sprintf (buf, "%*.*s ", len, len, value);
12035 }
12036
12037 #ifdef ARGUSDEBUG
12038 ArgusDebug (10, "ArgusPrintIdleDstIntPktMax (%p, %p)", buf, argus);
12039 #endif
12040 }
12041
12042 void
ArgusPrintIdleDstIntPktMin(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12043 ArgusPrintIdleDstIntPktMin (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12044 {
12045 struct ArgusJitterStruct *jitter;
12046 char value[128];
12047 bzero(value, sizeof(value));
12048
12049 switch (argus->hdr.type & 0xF0) {
12050 case ARGUS_MAR:
12051 break;
12052
12053 case ARGUS_EVENT:
12054 case ARGUS_NETFLOW:
12055 case ARGUS_FAR:
12056 if ((jitter = (struct ArgusJitterStruct *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL)
12057 sprintf (value, "%.*f", parser->pflag, jitter->dst.idle.minval/1000.0);
12058 break;
12059 }
12060
12061 if (parser->ArgusPrintXml) {
12062 } else {
12063 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
12064 len = strlen(value);
12065 } else {
12066 if (strlen(value) > len) {
12067 value[len - 1] = '*';
12068 value[len] = '\0';
12069 }
12070 }
12071 sprintf (buf, "%*.*s ", len, len, value);
12072 }
12073
12074 #ifdef ARGUSDEBUG
12075 ArgusDebug (10, "ArgusPrintIdleDstIntPktMin (%p, %p)", buf, argus);
12076 #endif
12077 }
12078
12079
12080 void
ArgusPrintSrcJitter(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12081 ArgusPrintSrcJitter (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12082 {
12083 struct ArgusJitterStruct *jitter;
12084
12085 switch (argus->hdr.type & 0xF0) {
12086 case ARGUS_MAR: {
12087 if (parser->ArgusPrintXml) {
12088 } else {
12089 sprintf (buf, "%*.*s ", len, len, " ");
12090 }
12091 break;
12092 }
12093
12094 case ARGUS_EVENT:
12095 case ARGUS_NETFLOW:
12096 case ARGUS_FAR: {
12097 char value[128];
12098 bzero(value, sizeof(value));
12099
12100 if (argus && ((jitter = (void *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL)) {
12101 double stdev = 0.0, sumsqrd1 = 0.0, sumsqrd2 = 0.0, sumsqrd;
12102 unsigned int n;
12103 float meanval;
12104
12105 if ((n = (jitter->src.act.n + jitter->src.idle.n)) > 0) {
12106 if (jitter->src.act.n && jitter->src.idle.n) {
12107 meanval = ((jitter->src.act.meanval * jitter->src.act.n) +
12108 (jitter->src.idle.meanval * jitter->src.idle.n)) / n;
12109
12110 if (jitter->src.act.n) {
12111 stdev = jitter->src.act.stdev;
12112 sumsqrd1 = (jitter->src.act.n * pow(stdev, 2.0)) +
12113 pow((jitter->src.act.meanval * jitter->src.act.n), 2.0)/jitter->src.act.n;
12114 }
12115
12116 if (jitter->src.idle.n) {
12117 stdev = jitter->src.idle.stdev;
12118 sumsqrd2 = (jitter->src.idle.n * pow(stdev, 2.0)) +
12119 pow((jitter->src.idle.meanval * jitter->src.idle.n), 2.0)/jitter->src.idle.n;
12120 }
12121
12122 sumsqrd = sumsqrd1 + sumsqrd2;
12123 sumsqrd = sumsqrd / 1000;
12124 meanval = meanval / 1000.0;
12125 stdev = ((sqrt ((sumsqrd/n) - pow (meanval, 2.0))) * 1);
12126
12127 } else {
12128 stdev = (jitter->src.act.n) ? jitter->src.act.stdev : jitter->src.idle.stdev;
12129 stdev = stdev / 1000;
12130 }
12131
12132 sprintf (value, "%.*f", parser->pflag, stdev);
12133 }
12134 }
12135
12136 if (parser->ArgusPrintXml) {
12137 } else {
12138 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
12139 len = strlen(value);
12140 } else {
12141 if (strlen(value) > len) {
12142 value[len - 1] = '*';
12143 value[len] = '\0';
12144 }
12145 }
12146 sprintf (buf, "%*.*s ", len, len, value);
12147 }
12148 break;
12149 }
12150 }
12151
12152 #ifdef ARGUSDEBUG
12153 ArgusDebug (10, "ArgusPrintSrcJitter (%p, %p)", buf, argus);
12154 #endif
12155 }
12156
12157
12158 void
ArgusPrintDstJitter(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12159 ArgusPrintDstJitter (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12160 {
12161 struct ArgusJitterStruct *jitter;
12162
12163 switch (argus->hdr.type & 0xF0) {
12164 case ARGUS_MAR: {
12165 if (parser->ArgusPrintXml) {
12166 } else {
12167 sprintf (buf, "%*.*s ", len, len, " ");
12168 }
12169 break;
12170 }
12171
12172 case ARGUS_EVENT:
12173 case ARGUS_NETFLOW:
12174 case ARGUS_FAR: {
12175 double stdev = 0.0, sumsqrd1 = 0.0, sumsqrd2 = 0.0, sumsqrd;
12176 unsigned int n;
12177 float meanval;
12178 char sbuf[128];
12179 bzero(sbuf, 32);
12180
12181 if (argus && ((jitter = (void *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL)) {
12182 if ((n = (jitter->dst.act.n + jitter->dst.idle.n)) > 0) {
12183 if (jitter->dst.act.n && jitter->dst.idle.n) {
12184 meanval = ((jitter->dst.act.meanval * jitter->dst.act.n) +
12185 (jitter->dst.idle.meanval * jitter->dst.idle.n)) / n;
12186
12187 if (jitter->dst.act.n) {
12188 stdev = jitter->dst.act.stdev;
12189 sumsqrd1 = (jitter->dst.act.n * pow(stdev, 2.0)) +
12190 pow((jitter->dst.act.meanval * jitter->dst.act.n), 2.0)/jitter->dst.act.n;
12191 }
12192
12193 if (jitter->dst.idle.n) {
12194 stdev = jitter->dst.idle.stdev;
12195 sumsqrd2 = (jitter->dst.idle.n * pow(jitter->dst.idle.stdev, 2.0)) +
12196 pow((jitter->dst.idle.meanval * jitter->dst.idle.n), 2.0)/jitter->dst.idle.n;
12197 }
12198
12199 sumsqrd = sumsqrd1 + sumsqrd2;
12200 sumsqrd = sumsqrd / 1000;
12201 meanval = meanval / 1000.0;
12202 stdev = ((sqrt ((sumsqrd/n) - pow (meanval, 2.0))) * 1);
12203
12204 } else {
12205 stdev = (jitter->dst.act.n) ? jitter->dst.act.stdev : jitter->dst.idle.stdev;
12206 stdev = stdev / 1000.0;
12207 }
12208
12209 sprintf (sbuf, "%.*f", parser->pflag, stdev);
12210 }
12211 }
12212
12213 if (parser->ArgusPrintXml) {
12214 } else {
12215 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
12216 len = strlen(sbuf);
12217 } else {
12218 if (strlen(sbuf) > len) {
12219 sbuf[len - 1] = '*';
12220 sbuf[len] = '\0';
12221 }
12222 }
12223 sprintf (buf, "%*.*s ", len, len, sbuf);
12224 }
12225 break;
12226 }
12227 }
12228
12229 #ifdef ARGUSDEBUG
12230 ArgusDebug (10, "ArgusPrintDstJitter (%p, %p)", buf, argus);
12231 #endif
12232 }
12233
12234
12235 void
ArgusPrintActiveSrcJitter(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12236 ArgusPrintActiveSrcJitter (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12237 {
12238 struct ArgusJitterStruct *jitter;
12239
12240 switch (argus->hdr.type & 0xF0) {
12241 case ARGUS_MAR: {
12242 if (parser->ArgusPrintXml) {
12243 } else {
12244 sprintf (buf, "%*.*s ", len, len, " ");
12245 }
12246 break;
12247 }
12248
12249 case ARGUS_EVENT:
12250 case ARGUS_NETFLOW:
12251 case ARGUS_FAR: {
12252 char sbuf[128];
12253 bzero(sbuf, 4);
12254
12255 if (argus && ((jitter = (void *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL)) {
12256 double stdev = 0;
12257 if (jitter->src.act.n > 0) {
12258 stdev = jitter->src.act.stdev/1000.0;
12259 sprintf (sbuf, "%.*f", parser->pflag, stdev);
12260 }
12261 }
12262
12263 if (parser->ArgusPrintXml) {
12264 } else {
12265 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
12266 len = strlen(sbuf);
12267 } else {
12268 if (strlen(sbuf) > len) {
12269 sbuf[len - 1] = '*';
12270 sbuf[len] = '\0';
12271 }
12272 }
12273 sprintf (buf, "%*.*s ", len, len, sbuf);
12274 }
12275 break;
12276 }
12277 }
12278
12279 #ifdef ARGUSDEBUG
12280 ArgusDebug (10, "ArgusPrintActiveSrcJitter (%p, %p)", buf, argus);
12281 #endif
12282 }
12283
12284 void
ArgusPrintActiveDstJitter(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12285 ArgusPrintActiveDstJitter (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12286 {
12287 struct ArgusJitterStruct *jitter;
12288
12289 switch (argus->hdr.type & 0xF0) {
12290 case ARGUS_MAR: {
12291 if (parser->ArgusPrintXml) {
12292 } else
12293 sprintf (buf, "%*.*s ", len, len, " ");
12294 break;
12295 }
12296
12297 case ARGUS_EVENT:
12298 case ARGUS_NETFLOW:
12299 case ARGUS_FAR: {
12300 char sbuf[128];
12301 bzero(sbuf, 4);
12302
12303 if (argus && ((jitter = (void *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL)) {
12304 double stdev = 0;
12305
12306 if (jitter->dst.act.n > 0) {
12307 stdev = jitter->dst.act.stdev/1000.0;
12308 sprintf (sbuf, "%.*f", parser->pflag, stdev);
12309 }
12310 }
12311
12312 if (parser->ArgusPrintXml) {
12313 } else {
12314 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
12315 len = strlen(sbuf);
12316 } else {
12317 if (strlen(sbuf) > len) {
12318 sbuf[len - 1] = '*';
12319 sbuf[len] = '\0';
12320 }
12321 }
12322 sprintf (buf, "%*.*s ", len, len, sbuf);
12323 }
12324 break;
12325 }
12326 }
12327
12328 #ifdef ARGUSDEBUG
12329 ArgusDebug (10, "ArgusPrintActiveDstJitter (%p, %p)", buf, argus);
12330 #endif
12331 }
12332
12333
12334 void
ArgusPrintIdleSrcJitter(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12335 ArgusPrintIdleSrcJitter (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12336 {
12337 struct ArgusJitterStruct *jitter;
12338
12339 if (argus->hdr.type & ARGUS_MAR) {
12340 if (parser->ArgusPrintXml) {
12341 } else {
12342 sprintf (buf, "%*.*s ", len, len, " ");
12343 }
12344
12345 } else {
12346 char sbuf[128];
12347 bzero(sbuf, 4);
12348
12349 if (argus && ((jitter = (void *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL)) {
12350 double stdev = 0;
12351 if (jitter->src.idle.n > 0) {
12352 stdev = jitter->src.idle.stdev/1000.0;
12353 sprintf (sbuf, "%.*f", parser->pflag, stdev);
12354 }
12355 }
12356
12357 if (parser->ArgusPrintXml) {
12358 } else {
12359 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
12360 len = strlen(sbuf);
12361 } else {
12362 if (strlen(sbuf) > len) {
12363 sbuf[len - 1] = '*';
12364 sbuf[len] = '\0';
12365 }
12366 }
12367 sprintf (buf, "%*.*s ", len, len, sbuf);
12368 }
12369 }
12370
12371 #ifdef ARGUSDEBUG
12372 ArgusDebug (10, "ArgusPrintIdleSrcJitter (%p, %p)", buf, argus);
12373 #endif
12374 }
12375
12376 void
ArgusPrintIdleDstJitter(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12377 ArgusPrintIdleDstJitter (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12378 {
12379 struct ArgusJitterStruct *jitter;
12380
12381 if (argus->hdr.type & ARGUS_MAR) {
12382 if (parser->ArgusPrintXml) {
12383 } else {
12384 sprintf (buf, "%*.*s ", len, len, " ");
12385 }
12386
12387 } else {
12388 char sbuf[128];
12389 bzero(sbuf, 4);
12390
12391 if (argus && ((jitter = (void *)argus->dsrs[ARGUS_JITTER_INDEX]) != NULL)) {
12392 double stdev = 0;
12393
12394 if (jitter->dst.idle.n > 0) {
12395 stdev = jitter->dst.idle.stdev/1000.0;
12396 sprintf (sbuf, "%.*f", parser->pflag, stdev);
12397 }
12398 }
12399
12400 if (parser->ArgusPrintXml) {
12401 } else {
12402 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
12403 len = strlen(sbuf);
12404 } else {
12405 if (strlen(sbuf) > len) {
12406 sbuf[len - 1] = '*';
12407 sbuf[len] = '\0';
12408 }
12409 }
12410 sprintf (buf, "%*.*s ", len, len, sbuf);
12411 }
12412 }
12413
12414 #ifdef ARGUSDEBUG
12415 ArgusDebug (10, "ArgusPrintDstJitter (%p, %p)", buf, argus);
12416 #endif
12417 }
12418
12419
12420 void
ArgusPrintSrcRate(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12421 ArgusPrintSrcRate (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12422 {
12423 struct ArgusMetricStruct *metric = (struct ArgusMetricStruct *) argus->dsrs[ARGUS_METRIC_INDEX];
12424 char tmpbuf[128], *ptr = tmpbuf;
12425 float seconds = 0.0, load = 0.0;
12426 long long count = 0;
12427
12428 if (argus->hdr.type & ARGUS_MAR) {
12429
12430 } else {
12431 if (metric != NULL) {
12432 if ((seconds = RaGetFloatSrcDuration(argus)) == 0.0)
12433 seconds = RaGetFloatDuration(argus);
12434 count = metric->src.pkts - 1;
12435 }
12436 }
12437
12438 if ((count > 0) && (seconds > 0))
12439 load = (float)(count/seconds);
12440
12441 if (parser->Hflag) {
12442 ArgusAbbreviateMetric(parser, ptr, sizeof(tmpbuf), load);
12443 } else
12444 sprintf (ptr, "%.*f", parser->pflag, load);
12445
12446 if (parser->ArgusPrintXml) {
12447 sprintf (buf, " SrcRate = \"%s\"", ptr);
12448 } else {
12449 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
12450 len = strlen(ptr);
12451 } else {
12452 if (strlen(ptr) > len) {
12453 ptr[len - 1] = '*';
12454 ptr[len] = '\0';
12455 }
12456 }
12457 sprintf (buf, "%*.*s ", len, len, ptr);
12458 }
12459
12460 #ifdef ARGUSDEBUG
12461 ArgusDebug (10, "ArgusPrintSrcRate (%p, %p)", buf, argus);
12462 #endif
12463 }
12464
12465 void
ArgusPrintDstRate(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12466 ArgusPrintDstRate (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12467 {
12468 struct ArgusMetricStruct *metric = (struct ArgusMetricStruct *) argus->dsrs[ARGUS_METRIC_INDEX];
12469 char tmpbuf[128], *ptr = tmpbuf;
12470 float seconds = 0.0, load = 0.0;
12471 long long count = 0;
12472
12473 if (argus->hdr.type & ARGUS_MAR) {
12474
12475 } else {
12476 if (metric != NULL) {
12477 if ((seconds = RaGetFloatDstDuration(argus)) == 0.0)
12478 seconds = RaGetFloatDuration(argus);
12479 count = metric->dst.pkts - 1;
12480 }
12481 }
12482
12483 if ((count > 0) && (seconds > 0.0))
12484 load = (float)(count/seconds);
12485
12486 if (parser->Hflag) {
12487 ArgusAbbreviateMetric(parser, ptr, sizeof(tmpbuf), load);
12488 } else
12489 sprintf (ptr, "%.*f", parser->pflag, load);
12490
12491 if (parser->ArgusPrintXml) {
12492 sprintf (buf, " DstRate = \"%s\"", ptr);
12493 } else {
12494 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
12495 len = strlen(ptr);
12496 } else {
12497 if (strlen(ptr) > len) {
12498 ptr[len - 1] = '*';
12499 ptr[len] = '\0';
12500 }
12501 }
12502 sprintf (buf, "%*.*s ", len, len, ptr);
12503 }
12504
12505 #ifdef ARGUSDEBUG
12506 ArgusDebug (10, "ArgusPrintDstRate (%p, %p)", buf, argus);
12507 #endif
12508 }
12509
12510 void
ArgusPrintRate(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12511 ArgusPrintRate (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12512 {
12513 struct ArgusMetricStruct *metric = (struct ArgusMetricStruct *) argus->dsrs[ARGUS_METRIC_INDEX];
12514 char tmpbuf[128], *ptr = tmpbuf;
12515 float seconds = 0.0, load = 0.0;
12516 long long pkts = 0;
12517
12518 if (argus->hdr.type & ARGUS_MAR) {
12519
12520 } else {
12521 if (metric != NULL) {
12522 seconds = RaGetFloatDuration(argus);
12523 pkts = (metric->src.pkts + metric->dst.pkts) - 1;
12524 }
12525 }
12526
12527 if ((pkts > 0) && (seconds > 0))
12528 load = (double)(pkts/seconds);
12529
12530 if (parser->Hflag) {
12531 ArgusAbbreviateMetric(parser, ptr, sizeof(tmpbuf), load);
12532 } else
12533 sprintf (ptr, "%.*f", parser->pflag, load);
12534
12535 if (parser->ArgusPrintXml) {
12536 sprintf (buf, " Rate = \"%s\"", ptr);
12537 } else {
12538 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
12539 len = strlen(ptr);
12540 } else {
12541 if (strlen(ptr) > len) {
12542 ptr[len - 1] = '*';
12543 ptr[len] = '\0';
12544 }
12545 }
12546 sprintf (buf, "%*.*s ", len, len, ptr);
12547 }
12548
12549 #ifdef ARGUSDEBUG
12550 ArgusDebug (10, "ArgusPrintRate (%p, %p)", buf, argus);
12551 #endif
12552 }
12553
12554 void
ArgusPrintSrcLoss(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12555 ArgusPrintSrcLoss (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12556 {
12557 char tmpbuf[64], *ptr = tmpbuf;
12558
12559 bzero(tmpbuf, sizeof(tmpbuf));
12560
12561 if (parser->Pctflag) {
12562 double ploss = ArgusFetchPercentSrcLoss(argus);
12563 sprintf (ptr, "%.*f", parser->pflag, ploss);
12564
12565 } else {
12566 double ploss = ArgusFetchSrcLoss(argus);
12567 int loss = ploss;
12568 sprintf (ptr, "%d", loss);
12569 }
12570
12571 if (parser->ArgusPrintXml) {
12572 sprintf (buf, " SrcLoss = \"%s\"", ptr);
12573 } else {
12574 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
12575 len = strlen(ptr);
12576 } else {
12577 if (strlen(ptr) > len) {
12578 ptr[len - 1] = '*';
12579 ptr[len] = '\0';
12580 }
12581 }
12582 sprintf (buf, "%*.*s ", len, len, ptr);
12583 }
12584
12585 #ifdef ARGUSDEBUG
12586 ArgusDebug (10, "ArgusPrintSrcLoss (%p, %p)", buf, argus);
12587 #endif
12588 }
12589
12590 void
ArgusPrintDstLoss(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12591 ArgusPrintDstLoss (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12592 {
12593 char tmpbuf[64], *ptr = tmpbuf;
12594
12595 bzero(tmpbuf, sizeof(tmpbuf));
12596
12597 if (parser->Pctflag) {
12598 double ploss = ArgusFetchPercentDstLoss(argus);
12599 sprintf (ptr, "%3.*f", parser->pflag, ploss);
12600
12601 } else {
12602 double ploss = ArgusFetchDstLoss(argus);
12603 int loss = ploss;
12604 sprintf (ptr, "%d", loss);
12605 }
12606
12607 if (parser->ArgusPrintXml) {
12608 sprintf (buf, " DstLoss = \"%s\"", ptr);
12609 } else {
12610 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
12611 len = strlen(ptr);
12612 } else {
12613 if (strlen(ptr) > len) {
12614 ptr[len - 1] = '*';
12615 ptr[len] = '\0';
12616 }
12617 }
12618 sprintf (buf, "%*.*s ", len, len, ptr);
12619 }
12620
12621 #ifdef ARGUSDEBUG
12622 ArgusDebug (10, "ArgusPrintDstLoss (%p, %p)", buf, argus);
12623 #endif
12624 }
12625
12626
12627 void
ArgusPrintLoss(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12628 ArgusPrintLoss (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12629 {
12630 char tmpbuf[64], *ptr = tmpbuf;
12631
12632 bzero(tmpbuf, sizeof(tmpbuf));
12633
12634 if (parser->Pctflag) {
12635 double ploss = ArgusFetchPercentLoss(argus);
12636 sprintf (ptr, "%3.*f", parser->pflag, ploss);
12637
12638 } else {
12639 double ploss = ArgusFetchLoss(argus);
12640 int loss = ploss;
12641 sprintf (ptr, "%d", loss);
12642 }
12643
12644 if (parser->ArgusPrintXml) {
12645 sprintf (buf, " Loss = \"%s\"", ptr);
12646 } else {
12647 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
12648 len = strlen(ptr);
12649 } else {
12650 if (strlen(ptr) > len) {
12651 ptr[len - 1] = '*';
12652 ptr[len] = '\0';
12653 }
12654 }
12655 sprintf (buf, "%*.*s ", len, len, ptr);
12656 }
12657
12658 #ifdef ARGUSDEBUG
12659 ArgusDebug (10, "ArgusPrintLoss (%p, %p)", buf, argus);
12660 #endif
12661 }
12662
12663
12664 void
ArgusPrintSrcRetrans(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12665 ArgusPrintSrcRetrans (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12666 {
12667 char tmpbuf[64], *ptr = tmpbuf;
12668
12669 bzero(tmpbuf, sizeof(tmpbuf));
12670
12671 if (parser->Pctflag) {
12672 double pretrans = ArgusFetchPercentSrcRetrans(argus);
12673 sprintf (ptr, "%.*f", parser->pflag, pretrans);
12674
12675 } else {
12676 double pretrans = ArgusFetchSrcRetrans(argus);
12677 int retrans = pretrans;
12678 sprintf (ptr, "%d", retrans);
12679 }
12680
12681 if (parser->ArgusPrintXml) {
12682 sprintf (buf, " SrcRetrans = \"%s\"", ptr);
12683 } else {
12684 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
12685 len = strlen(ptr);
12686 } else {
12687 if (strlen(ptr) > len) {
12688 ptr[len - 1] = '*';
12689 ptr[len] = '\0';
12690 }
12691 }
12692 sprintf (buf, "%*.*s ", len, len, ptr);
12693 }
12694
12695 #ifdef ARGUSDEBUG
12696 ArgusDebug (10, "ArgusPrintSrcRetrans (%p, %p)", buf, argus);
12697 #endif
12698 }
12699
12700 void
ArgusPrintDstRetrans(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12701 ArgusPrintDstRetrans (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12702 {
12703 char tmpbuf[64], *ptr = tmpbuf;
12704
12705 bzero(tmpbuf, sizeof(tmpbuf));
12706
12707 if (parser->Pctflag) {
12708 double pretrans = ArgusFetchPercentDstRetrans(argus);
12709 sprintf (ptr, "%3.*f", parser->pflag, pretrans);
12710
12711 } else {
12712 double pretrans = ArgusFetchDstRetrans(argus);
12713 int retrans = pretrans;
12714 sprintf (ptr, "%d", retrans);
12715 }
12716
12717 if (parser->ArgusPrintXml) {
12718 sprintf (buf, " DstRetrans = \"%s\"", ptr);
12719 } else {
12720 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
12721 len = strlen(ptr);
12722 } else {
12723 if (strlen(ptr) > len) {
12724 ptr[len - 1] = '*';
12725 ptr[len] = '\0';
12726 }
12727 }
12728 sprintf (buf, "%*.*s ", len, len, ptr);
12729 }
12730
12731 #ifdef ARGUSDEBUG
12732 ArgusDebug (10, "ArgusPrintDstRetrans (%p, %p)", buf, argus);
12733 #endif
12734 }
12735
12736
12737 void
ArgusPrintRetrans(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12738 ArgusPrintRetrans (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12739 {
12740 char tmpbuf[64], *ptr = tmpbuf;
12741
12742 bzero(tmpbuf, sizeof(tmpbuf));
12743
12744 if (parser->Pctflag) {
12745 double pretrans = ArgusFetchPercentRetrans(argus);
12746 sprintf (ptr, "%3.*f", parser->pflag, pretrans);
12747
12748 } else {
12749 double pretrans = ArgusFetchRetrans(argus);
12750 int retrans = pretrans;
12751 sprintf (ptr, "%d", retrans);
12752 }
12753
12754 if (parser->ArgusPrintXml) {
12755 sprintf (buf, " Retrans = \"%s\"", ptr);
12756 } else {
12757 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
12758 len = strlen(ptr);
12759 } else {
12760 if (strlen(ptr) > len) {
12761 ptr[len - 1] = '*';
12762 ptr[len] = '\0';
12763 }
12764 }
12765 sprintf (buf, "%*.*s ", len, len, ptr);
12766 }
12767
12768 #ifdef ARGUSDEBUG
12769 ArgusDebug (10, "ArgusPrintRetrans (%p, %p)", buf, argus);
12770 #endif
12771 }
12772
12773
12774 void
ArgusPrintPercentSrcRetrans(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12775 ArgusPrintPercentSrcRetrans (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12776 {
12777 char tmpbuf[64], *ptr = tmpbuf;
12778 double pretrans = ArgusFetchPercentSrcRetrans(argus);
12779
12780 bzero(tmpbuf, sizeof(tmpbuf));
12781 sprintf (ptr, "%3.*f", parser->pflag, pretrans);
12782
12783 if (parser->ArgusPrintXml) {
12784 sprintf (buf, " SrcPctRetrans = \"%s\"", ptr);
12785 } else {
12786 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
12787 len = strlen(ptr);
12788 } else {
12789 if (strlen(ptr) > len) {
12790 ptr[len - 1] = '*';
12791 ptr[len] = '\0';
12792 }
12793 }
12794 sprintf (buf, "%*.*s ", len, len, ptr);
12795 }
12796
12797 #ifdef ARGUSDEBUG
12798 ArgusDebug (10, "ArgusPrintPercentSrcRetrans (%p, %p)", buf, argus);
12799 #endif
12800 }
12801
12802 void
ArgusPrintPercentDstRetrans(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12803 ArgusPrintPercentDstRetrans (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12804 {
12805 char tmpbuf[64], *ptr = tmpbuf;
12806 double pretrans = ArgusFetchPercentDstRetrans(argus);
12807
12808 bzero(tmpbuf, sizeof(tmpbuf));
12809 sprintf (ptr, "%3.*f", parser->pflag, pretrans);
12810
12811 if (parser->ArgusPrintXml) {
12812 sprintf (buf, " DstPctRetrans = \"%s\"", ptr);
12813 } else {
12814 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
12815 len = strlen(ptr);
12816 } else {
12817 if (strlen(ptr) > len) {
12818 ptr[len - 1] = '*';
12819 ptr[len] = '\0';
12820 }
12821 }
12822 sprintf (buf, "%*.*s ", len, len, ptr);
12823 }
12824
12825 #ifdef ARGUSDEBUG
12826 ArgusDebug (10, "ArgusPrintPercentDstRetrans (%p, %p)", buf, argus);
12827 #endif
12828 }
12829
12830 void
ArgusPrintPercentRetrans(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12831 ArgusPrintPercentRetrans (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12832 {
12833 char tmpbuf[64], *ptr = tmpbuf;
12834 double pretrans = ArgusFetchPercentRetrans(argus);
12835
12836 bzero(tmpbuf, sizeof(tmpbuf));
12837 sprintf (ptr, "%3.*f", parser->pflag, pretrans);
12838
12839 if (parser->ArgusPrintXml) {
12840 sprintf (buf, " PctRetrans = \"%s\"", ptr);
12841 } else {
12842 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
12843 len = strlen(ptr);
12844 } else {
12845 if (strlen(ptr) > len) {
12846 ptr[len - 1] = '*';
12847 ptr[len] = '\0';
12848 }
12849 }
12850 sprintf (buf, "%*.*s ", len, len, ptr);
12851 }
12852
12853 #ifdef ARGUSDEBUG
12854 ArgusDebug (10, "ArgusPrintPercentRetrans (%p, %p)", buf, argus);
12855 #endif
12856 }
12857
12858 void
ArgusPrintSrcNacks(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12859 ArgusPrintSrcNacks (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12860 {
12861 char tmpbuf[64], *ptr = tmpbuf;
12862
12863 bzero(tmpbuf, sizeof(tmpbuf));
12864
12865 if (parser->Pctflag) {
12866 double pnacks = ArgusFetchPercentSrcNacks(argus);
12867 sprintf (ptr, "%.*f", parser->pflag, pnacks);
12868
12869 } else {
12870 double pnacks = ArgusFetchSrcNacks(argus);
12871 int nacks = pnacks;
12872 sprintf (ptr, "%d", nacks);
12873 }
12874
12875 if (parser->ArgusPrintXml) {
12876 sprintf (buf, " SrcNacks = \"%s\"", ptr);
12877 } else {
12878 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
12879 len = strlen(ptr);
12880 } else {
12881 if (strlen(ptr) > len) {
12882 ptr[len - 1] = '*';
12883 ptr[len] = '\0';
12884 }
12885 }
12886 sprintf (buf, "%*.*s ", len, len, ptr);
12887 }
12888
12889 #ifdef ARGUSDEBUG
12890 ArgusDebug (10, "ArgusPrintSrcNacks (%p, %p)", buf, argus);
12891 #endif
12892 }
12893
12894 void
ArgusPrintDstNacks(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12895 ArgusPrintDstNacks (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12896 {
12897 char tmpbuf[64], *ptr = tmpbuf;
12898
12899 bzero(tmpbuf, sizeof(tmpbuf));
12900
12901 if (parser->Pctflag) {
12902 double pnacks = ArgusFetchPercentDstNacks(argus);
12903 sprintf (ptr, "%3.*f", parser->pflag, pnacks);
12904
12905 } else {
12906 double pnacks = ArgusFetchDstNacks(argus);
12907 int nacks = pnacks;
12908 sprintf (ptr, "%d", nacks);
12909 }
12910
12911 if (parser->ArgusPrintXml) {
12912 sprintf (buf, " DstNacks = \"%s\"", ptr);
12913 } else {
12914 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
12915 len = strlen(ptr);
12916 } else {
12917 if (strlen(ptr) > len) {
12918 ptr[len - 1] = '*';
12919 ptr[len] = '\0';
12920 }
12921 }
12922 sprintf (buf, "%*.*s ", len, len, ptr);
12923 }
12924
12925 #ifdef ARGUSDEBUG
12926 ArgusDebug (10, "ArgusPrintDstNacks (%p, %p)", buf, argus);
12927 #endif
12928 }
12929
12930
12931 void
ArgusPrintNacks(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12932 ArgusPrintNacks (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12933 {
12934 char tmpbuf[64], *ptr = tmpbuf;
12935
12936 bzero(tmpbuf, sizeof(tmpbuf));
12937
12938 if (parser->Pctflag) {
12939 double pnacks = ArgusFetchPercentNacks(argus);
12940 sprintf (ptr, "%3.*f", parser->pflag, pnacks);
12941
12942 } else {
12943 double pnacks = ArgusFetchNacks(argus);
12944 int nacks = pnacks;
12945 sprintf (ptr, "%d", nacks);
12946 }
12947
12948 if (parser->ArgusPrintXml) {
12949 sprintf (buf, " Nacks = \"%s\"", ptr);
12950 } else {
12951 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
12952 len = strlen(ptr);
12953 } else {
12954 if (strlen(ptr) > len) {
12955 ptr[len - 1] = '*';
12956 ptr[len] = '\0';
12957 }
12958 }
12959 sprintf (buf, "%*.*s ", len, len, ptr);
12960 }
12961
12962 #ifdef ARGUSDEBUG
12963 ArgusDebug (10, "ArgusPrintNacks (%p, %p)", buf, argus);
12964 #endif
12965 }
12966
12967
12968 void
ArgusPrintPercentSrcNacks(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12969 ArgusPrintPercentSrcNacks (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12970 {
12971 char tmpbuf[64], *ptr = tmpbuf;
12972 double pnacks = ArgusFetchPercentSrcNacks(argus);
12973
12974 bzero(tmpbuf, sizeof(tmpbuf));
12975 sprintf (ptr, "%3.*f", parser->pflag, pnacks);
12976
12977 if (parser->ArgusPrintXml) {
12978 sprintf (buf, " SrcPctNacks = \"%s\"", ptr);
12979 } else {
12980 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
12981 len = strlen(ptr);
12982 } else {
12983 if (strlen(ptr) > len) {
12984 ptr[len - 1] = '*';
12985 ptr[len] = '\0';
12986 }
12987 }
12988 sprintf (buf, "%*.*s ", len, len, ptr);
12989 }
12990
12991 #ifdef ARGUSDEBUG
12992 ArgusDebug (10, "ArgusPrintPercentSrcNacks (%p, %p)", buf, argus);
12993 #endif
12994 }
12995
12996 void
ArgusPrintPercentDstNacks(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)12997 ArgusPrintPercentDstNacks (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
12998 {
12999 char tmpbuf[64], *ptr = tmpbuf;
13000 double pnacks = ArgusFetchPercentDstNacks(argus);
13001
13002 bzero(tmpbuf, sizeof(tmpbuf));
13003 sprintf (ptr, "%3.*f", parser->pflag, pnacks);
13004
13005 if (parser->ArgusPrintXml) {
13006 sprintf (buf, " DstPctNacks = \"%s\"", ptr);
13007 } else {
13008 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13009 len = strlen(ptr);
13010 } else {
13011 if (strlen(ptr) > len) {
13012 ptr[len - 1] = '*';
13013 ptr[len] = '\0';
13014 }
13015 }
13016 sprintf (buf, "%*.*s ", len, len, ptr);
13017 }
13018
13019 #ifdef ARGUSDEBUG
13020 ArgusDebug (10, "ArgusPrintPercentDstNacks (%p, %p)", buf, argus);
13021 #endif
13022 }
13023
13024 void
ArgusPrintPercentNacks(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13025 ArgusPrintPercentNacks (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13026 {
13027 char tmpbuf[64], *ptr = tmpbuf;
13028 double pnacks = ArgusFetchPercentNacks(argus);
13029
13030 bzero(tmpbuf, sizeof(tmpbuf));
13031 sprintf (ptr, "%3.*f", parser->pflag, pnacks);
13032
13033 if (parser->ArgusPrintXml) {
13034 sprintf (buf, " PctNacks = \"%s\"", ptr);
13035 } else {
13036 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13037 len = strlen(ptr);
13038 } else {
13039 if (strlen(ptr) > len) {
13040 ptr[len - 1] = '*';
13041 ptr[len] = '\0';
13042 }
13043 }
13044 sprintf (buf, "%*.*s ", len, len, ptr);
13045 }
13046
13047 #ifdef ARGUSDEBUG
13048 ArgusDebug (10, "ArgusPrintPercentNacks (%p, %p)", buf, argus);
13049 #endif
13050 }
13051
13052
13053 void
ArgusPrintSrcSolo(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13054 ArgusPrintSrcSolo (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13055 {
13056 char tmpbuf[64], *ptr = tmpbuf;
13057
13058 bzero(tmpbuf, sizeof(tmpbuf));
13059
13060 if (parser->Pctflag) {
13061 double psolo = ArgusFetchPercentSrcSolo(argus);
13062 sprintf (ptr, "%.*f", parser->pflag, psolo);
13063
13064 } else {
13065 double psolo = ArgusFetchSrcSolo(argus);
13066 int solo = psolo;
13067 sprintf (ptr, "%d", solo);
13068 }
13069
13070 if (parser->ArgusPrintXml) {
13071 sprintf (buf, " SrcSolo = \"%s\"", ptr);
13072 } else {
13073 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13074 len = strlen(ptr);
13075 } else {
13076 if (strlen(ptr) > len) {
13077 ptr[len - 1] = '*';
13078 ptr[len] = '\0';
13079 }
13080 }
13081 sprintf (buf, "%*.*s ", len, len, ptr);
13082 }
13083
13084 #ifdef ARGUSDEBUG
13085 ArgusDebug (10, "ArgusPrintSrcSolo (%p, %p)", buf, argus);
13086 #endif
13087 }
13088
13089 void
ArgusPrintDstSolo(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13090 ArgusPrintDstSolo (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13091 {
13092 char tmpbuf[64], *ptr = tmpbuf;
13093
13094 bzero(tmpbuf, sizeof(tmpbuf));
13095
13096 if (parser->Pctflag) {
13097 double psolo = ArgusFetchPercentDstSolo(argus);
13098 sprintf (ptr, "%3.*f", parser->pflag, psolo);
13099
13100 } else {
13101 double psolo = ArgusFetchDstSolo(argus);
13102 int solo = psolo;
13103 sprintf (ptr, "%d", solo);
13104 }
13105
13106 if (parser->ArgusPrintXml) {
13107 sprintf (buf, " DstSolo = \"%s\"", ptr);
13108 } else {
13109 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13110 len = strlen(ptr);
13111 } else {
13112 if (strlen(ptr) > len) {
13113 ptr[len - 1] = '*';
13114 ptr[len] = '\0';
13115 }
13116 }
13117 sprintf (buf, "%*.*s ", len, len, ptr);
13118 }
13119
13120 #ifdef ARGUSDEBUG
13121 ArgusDebug (10, "ArgusPrintDstSolo (%p, %p)", buf, argus);
13122 #endif
13123 }
13124
13125
13126 void
ArgusPrintSolo(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13127 ArgusPrintSolo (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13128 {
13129 char tmpbuf[64], *ptr = tmpbuf;
13130
13131 bzero(tmpbuf, sizeof(tmpbuf));
13132
13133 if (parser->Pctflag) {
13134 double psolo = ArgusFetchPercentSolo(argus);
13135 sprintf (ptr, "%3.*f", parser->pflag, psolo);
13136
13137 } else {
13138 double psolo = ArgusFetchSolo(argus);
13139 int solo = psolo;
13140 sprintf (ptr, "%d", solo);
13141 }
13142
13143 if (parser->ArgusPrintXml) {
13144 sprintf (buf, " Solo = \"%s\"", ptr);
13145 } else {
13146 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13147 len = strlen(ptr);
13148 } else {
13149 if (strlen(ptr) > len) {
13150 ptr[len - 1] = '*';
13151 ptr[len] = '\0';
13152 }
13153 }
13154 sprintf (buf, "%*.*s ", len, len, ptr);
13155 }
13156
13157 #ifdef ARGUSDEBUG
13158 ArgusDebug (10, "ArgusPrintSolo (%p, %p)", buf, argus);
13159 #endif
13160 }
13161
13162
13163 void
ArgusPrintPercentSrcSolo(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13164 ArgusPrintPercentSrcSolo (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13165 {
13166 char tmpbuf[64], *ptr = tmpbuf;
13167 double psolo = ArgusFetchPercentSrcSolo(argus);
13168
13169 bzero(tmpbuf, sizeof(tmpbuf));
13170 sprintf (ptr, "%3.*f", parser->pflag, psolo);
13171
13172 if (parser->ArgusPrintXml) {
13173 sprintf (buf, " SrcPctSolo = \"%s\"", ptr);
13174 } else {
13175 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13176 len = strlen(ptr);
13177 } else {
13178 if (strlen(ptr) > len) {
13179 ptr[len - 1] = '*';
13180 ptr[len] = '\0';
13181 }
13182 }
13183 sprintf (buf, "%*.*s ", len, len, ptr);
13184 }
13185
13186 #ifdef ARGUSDEBUG
13187 ArgusDebug (10, "ArgusPrintPercentSrcSolo (%p, %p)", buf, argus);
13188 #endif
13189 }
13190
13191 void
ArgusPrintPercentDstSolo(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13192 ArgusPrintPercentDstSolo (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13193 {
13194 char tmpbuf[64], *ptr = tmpbuf;
13195 double psolo = ArgusFetchPercentDstSolo(argus);
13196
13197 bzero(tmpbuf, sizeof(tmpbuf));
13198 sprintf (ptr, "%3.*f", parser->pflag, psolo);
13199
13200 if (parser->ArgusPrintXml) {
13201 sprintf (buf, " DstPctSolo = \"%s\"", ptr);
13202 } else {
13203 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13204 len = strlen(ptr);
13205 } else {
13206 if (strlen(ptr) > len) {
13207 ptr[len - 1] = '*';
13208 ptr[len] = '\0';
13209 }
13210 }
13211 sprintf (buf, "%*.*s ", len, len, ptr);
13212 }
13213
13214 #ifdef ARGUSDEBUG
13215 ArgusDebug (10, "ArgusPrintPercentDstSolo (%p, %p)", buf, argus);
13216 #endif
13217 }
13218
13219 void
ArgusPrintPercentSolo(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13220 ArgusPrintPercentSolo (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13221 {
13222 char tmpbuf[64], *ptr = tmpbuf;
13223 double psolo = ArgusFetchPercentSolo(argus);
13224
13225 bzero(tmpbuf, sizeof(tmpbuf));
13226 sprintf (ptr, "%3.*f", parser->pflag, psolo);
13227
13228 if (parser->ArgusPrintXml) {
13229 sprintf (buf, " PctSolo = \"%s\"", ptr);
13230 } else {
13231 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13232 len = strlen(ptr);
13233 } else {
13234 if (strlen(ptr) > len) {
13235 ptr[len - 1] = '*';
13236 ptr[len] = '\0';
13237 }
13238 }
13239 sprintf (buf, "%*.*s ", len, len, ptr);
13240 }
13241
13242 #ifdef ARGUSDEBUG
13243 ArgusDebug (10, "ArgusPrintPercentSolo (%p, %p)", buf, argus);
13244 #endif
13245 }
13246
13247
13248 void
ArgusPrintSrcFirst(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13249 ArgusPrintSrcFirst (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13250 {
13251 char tmpbuf[64], *ptr = tmpbuf;
13252
13253 bzero(tmpbuf, sizeof(tmpbuf));
13254
13255 if (parser->Pctflag) {
13256 double pfirst = ArgusFetchPercentSrcFirst(argus);
13257 sprintf (ptr, "%.*f", parser->pflag, pfirst);
13258
13259 } else {
13260 double pfirst = ArgusFetchSrcFirst(argus);
13261 int first = pfirst;
13262 sprintf (ptr, "%d", first);
13263 }
13264
13265 if (parser->ArgusPrintXml) {
13266 sprintf (buf, " SrcFirst = \"%s\"", ptr);
13267 } else {
13268 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13269 len = strlen(ptr);
13270 } else {
13271 if (strlen(ptr) > len) {
13272 ptr[len - 1] = '*';
13273 ptr[len] = '\0';
13274 }
13275 }
13276 sprintf (buf, "%*.*s ", len, len, ptr);
13277 }
13278
13279 #ifdef ARGUSDEBUG
13280 ArgusDebug (10, "ArgusPrintSrcFirst (%p, %p)", buf, argus);
13281 #endif
13282 }
13283
13284 void
ArgusPrintDstFirst(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13285 ArgusPrintDstFirst (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13286 {
13287 char tmpbuf[64], *ptr = tmpbuf;
13288
13289 bzero(tmpbuf, sizeof(tmpbuf));
13290
13291 if (parser->Pctflag) {
13292 double pfirst = ArgusFetchPercentDstFirst(argus);
13293 sprintf (ptr, "%3.*f", parser->pflag, pfirst);
13294
13295 } else {
13296 double pfirst = ArgusFetchDstFirst(argus);
13297 int first = pfirst;
13298 sprintf (ptr, "%d", first);
13299 }
13300
13301 if (parser->ArgusPrintXml) {
13302 sprintf (buf, " DstFirst = \"%s\"", ptr);
13303 } else {
13304 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13305 len = strlen(ptr);
13306 } else {
13307 if (strlen(ptr) > len) {
13308 ptr[len - 1] = '*';
13309 ptr[len] = '\0';
13310 }
13311 }
13312 sprintf (buf, "%*.*s ", len, len, ptr);
13313 }
13314
13315 #ifdef ARGUSDEBUG
13316 ArgusDebug (10, "ArgusPrintDstFirst (%p, %p)", buf, argus);
13317 #endif
13318 }
13319
13320
13321 void
ArgusPrintFirst(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13322 ArgusPrintFirst (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13323 {
13324 char tmpbuf[64], *ptr = tmpbuf;
13325
13326 bzero(tmpbuf, sizeof(tmpbuf));
13327
13328 if (parser->Pctflag) {
13329 double pfirst = ArgusFetchPercentFirst(argus);
13330 sprintf (ptr, "%3.*f", parser->pflag, pfirst);
13331
13332 } else {
13333 double pfirst = ArgusFetchFirst(argus);
13334 int first = pfirst;
13335 sprintf (ptr, "%d", first);
13336 }
13337
13338 if (parser->ArgusPrintXml) {
13339 sprintf (buf, " First = \"%s\"", ptr);
13340 } else {
13341 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13342 len = strlen(ptr);
13343 } else {
13344 if (strlen(ptr) > len) {
13345 ptr[len - 1] = '*';
13346 ptr[len] = '\0';
13347 }
13348 }
13349 sprintf (buf, "%*.*s ", len, len, ptr);
13350 }
13351
13352 #ifdef ARGUSDEBUG
13353 ArgusDebug (10, "ArgusPrintFirst (%p, %p)", buf, argus);
13354 #endif
13355 }
13356
13357
13358 void
ArgusPrintPercentSrcFirst(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13359 ArgusPrintPercentSrcFirst (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13360 {
13361 char tmpbuf[64], *ptr = tmpbuf;
13362 double pfirst = ArgusFetchPercentSrcFirst(argus);
13363
13364 bzero(tmpbuf, sizeof(tmpbuf));
13365 sprintf (ptr, "%3.*f", parser->pflag, pfirst);
13366
13367 if (parser->ArgusPrintXml) {
13368 sprintf (buf, " SrcPctFirst = \"%s\"", ptr);
13369 } else {
13370 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13371 len = strlen(ptr);
13372 } else {
13373 if (strlen(ptr) > len) {
13374 ptr[len - 1] = '*';
13375 ptr[len] = '\0';
13376 }
13377 }
13378 sprintf (buf, "%*.*s ", len, len, ptr);
13379 }
13380
13381 #ifdef ARGUSDEBUG
13382 ArgusDebug (10, "ArgusPrintPercentSrcFirst (%p, %p)", buf, argus);
13383 #endif
13384 }
13385
13386 void
ArgusPrintPercentDstFirst(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13387 ArgusPrintPercentDstFirst (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13388 {
13389 char tmpbuf[64], *ptr = tmpbuf;
13390 double pfirst = ArgusFetchPercentDstFirst(argus);
13391
13392 bzero(tmpbuf, sizeof(tmpbuf));
13393 sprintf (ptr, "%3.*f", parser->pflag, pfirst);
13394
13395 if (parser->ArgusPrintXml) {
13396 sprintf (buf, " DstPctFirst = \"%s\"", ptr);
13397 } else {
13398 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13399 len = strlen(ptr);
13400 } else {
13401 if (strlen(ptr) > len) {
13402 ptr[len - 1] = '*';
13403 ptr[len] = '\0';
13404 }
13405 }
13406 sprintf (buf, "%*.*s ", len, len, ptr);
13407 }
13408
13409 #ifdef ARGUSDEBUG
13410 ArgusDebug (10, "ArgusPrintPercentDstFirst (%p, %p)", buf, argus);
13411 #endif
13412 }
13413
13414 void
ArgusPrintPercentFirst(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13415 ArgusPrintPercentFirst (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13416 {
13417 char tmpbuf[64], *ptr = tmpbuf;
13418 double pfirst = ArgusFetchPercentFirst(argus);
13419
13420 bzero(tmpbuf, sizeof(tmpbuf));
13421 sprintf (ptr, "%3.*f", parser->pflag, pfirst);
13422
13423 if (parser->ArgusPrintXml) {
13424 sprintf (buf, " PctFirst = \"%s\"", ptr);
13425 } else {
13426 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13427 len = strlen(ptr);
13428 } else {
13429 if (strlen(ptr) > len) {
13430 ptr[len - 1] = '*';
13431 ptr[len] = '\0';
13432 }
13433 }
13434 sprintf (buf, "%*.*s ", len, len, ptr);
13435 }
13436
13437 #ifdef ARGUSDEBUG
13438 ArgusDebug (10, "ArgusPrintPercentFirst (%p, %p)", buf, argus);
13439 #endif
13440 }
13441
13442 void
ArgusPrintPercentSrcLoss(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13443 ArgusPrintPercentSrcLoss (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13444 {
13445 char tmpbuf[64], *ptr = tmpbuf;
13446 double ploss = ArgusFetchPercentSrcLoss(argus);
13447
13448 bzero(tmpbuf, sizeof(tmpbuf));
13449 sprintf (ptr, "%3.*f", parser->pflag, ploss);
13450
13451 if (parser->ArgusPrintXml) {
13452 sprintf (buf, " SrcPctLoss = \"%s\"", ptr);
13453 } else {
13454 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13455 len = strlen(ptr);
13456 } else {
13457 if (strlen(ptr) > len) {
13458 ptr[len - 1] = '*';
13459 ptr[len] = '\0';
13460 }
13461 }
13462 sprintf (buf, "%*.*s ", len, len, ptr);
13463 }
13464
13465 #ifdef ARGUSDEBUG
13466 ArgusDebug (10, "ArgusPrintPercentSrcLoss (%p, %p)", buf, argus);
13467 #endif
13468 }
13469
13470 void
ArgusPrintPercentDstLoss(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13471 ArgusPrintPercentDstLoss (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13472 {
13473 char tmpbuf[64], *ptr = tmpbuf;
13474 double ploss = ArgusFetchPercentDstLoss(argus);
13475
13476 bzero(tmpbuf, sizeof(tmpbuf));
13477 sprintf (ptr, "%3.*f", parser->pflag, ploss);
13478
13479 if (parser->ArgusPrintXml) {
13480 sprintf (buf, " DstPctLoss = \"%s\"", ptr);
13481 } else {
13482 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13483 len = strlen(ptr);
13484 } else {
13485 if (strlen(ptr) > len) {
13486 ptr[len - 1] = '*';
13487 ptr[len] = '\0';
13488 }
13489 }
13490 sprintf (buf, "%*.*s ", len, len, ptr);
13491 }
13492
13493 #ifdef ARGUSDEBUG
13494 ArgusDebug (10, "ArgusPrintPercentDstLoss (%p, %p)", buf, argus);
13495 #endif
13496 }
13497
13498 void
ArgusPrintPercentLoss(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13499 ArgusPrintPercentLoss (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13500 {
13501 char tmpbuf[64], *ptr = tmpbuf;
13502 double ploss = ArgusFetchPercentLoss(argus);
13503
13504 bzero(tmpbuf, sizeof(tmpbuf));
13505 sprintf (ptr, "%3.*f", parser->pflag, ploss);
13506
13507 if (parser->ArgusPrintXml) {
13508 sprintf (buf, " PctLoss = \"%s\"", ptr);
13509 } else {
13510 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13511 len = strlen(ptr);
13512 } else {
13513 if (strlen(ptr) > len) {
13514 ptr[len - 1] = '*';
13515 ptr[len] = '\0';
13516 }
13517 }
13518 sprintf (buf, "%*.*s ", len, len, ptr);
13519 }
13520
13521 #ifdef ARGUSDEBUG
13522 ArgusDebug (10, "ArgusPrintPercentLoss (%p, %p)", buf, argus);
13523 #endif
13524 }
13525
13526
13527
13528 void
ArgusPrintSrcLoad(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13529 ArgusPrintSrcLoad (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13530 {
13531 char tmpbuf[128], *ptr = tmpbuf;
13532 float load = 0.0;
13533
13534 if (argus->hdr.type & ARGUS_MAR) {
13535
13536 } else
13537 load = argus->sload;
13538
13539 if (parser->Hflag) {
13540 ArgusAbbreviateMetric(parser, ptr, sizeof(tmpbuf), load);
13541 } else
13542 sprintf (ptr, "%.*f", parser->pflag, load);
13543
13544 if (parser->ArgusPrintXml) {
13545 sprintf (buf, " SrcLoad = \"%s\"", ptr);
13546 } else {
13547 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13548 len = strlen(ptr);
13549 } else {
13550 if (strlen(ptr) > len) {
13551 ptr[len - 1] = '*';
13552 ptr[len] = '\0';
13553 }
13554 }
13555 sprintf (buf, "%*.*s ", len, len, ptr);
13556 }
13557
13558 #ifdef ARGUSDEBUG
13559 ArgusDebug (10, "ArgusPrintSrcLoad (%p, %p)", buf, argus);
13560 #endif
13561 }
13562
13563
13564 void
ArgusPrintDstLoad(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13565 ArgusPrintDstLoad (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13566 {
13567 char tmpbuf[128], *ptr = tmpbuf;
13568 float load = 0.0;
13569
13570 if (argus->hdr.type & ARGUS_MAR) {
13571
13572 } else
13573 load = argus->dload;
13574
13575 if (parser->Hflag) {
13576 ArgusAbbreviateMetric(parser, ptr, sizeof(tmpbuf), load);
13577 } else
13578 sprintf (ptr, "%.*f", parser->pflag, load);
13579
13580 if (parser->ArgusPrintXml) {
13581 sprintf (buf, " DstLoad = \"%s\"", ptr);
13582 } else {
13583 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13584 len = strlen(ptr);
13585 } else {
13586 if (strlen(ptr) > len) {
13587 ptr[len - 1] = '*';
13588 ptr[len] = '\0';
13589 }
13590 }
13591 sprintf (buf, "%*.*s ", len, len, ptr);
13592 }
13593
13594 #ifdef ARGUSDEBUG
13595 ArgusDebug (10, "ArgusPrintDstLoad (%p, %p)", buf, argus);
13596 #endif
13597 }
13598
13599 void
ArgusPrintLoad(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13600 ArgusPrintLoad (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13601 {
13602 char tmpbuf[128], *ptr = tmpbuf;
13603 float load = 0.0;
13604
13605 if (argus->hdr.type & ARGUS_MAR) {
13606
13607 } else {
13608 float sdur = RaGetFloatSrcDuration(argus);
13609 float ddur = RaGetFloatDstDuration(argus);
13610
13611 if (!(sdur > 0)) sdur = argus->dur;
13612 if (!(ddur > 0)) ddur = argus->dur;
13613
13614 if (argus->dur > 0.0)
13615 load = ((argus->sload * sdur) + (argus->dload * ddur)) / argus->dur;
13616 }
13617
13618 if (parser->Hflag) {
13619 ArgusAbbreviateMetric(parser, ptr, sizeof(tmpbuf), load);
13620 } else
13621 sprintf (ptr, "%.*f", parser->pflag, load);
13622
13623 if (parser->ArgusPrintXml) {
13624 sprintf (buf, " Load = \"%s\"", ptr);
13625 } else {
13626 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13627 len = strlen(ptr);
13628 } else {
13629 if (strlen(ptr) > len) {
13630 ptr[len - 1] = '*';
13631 ptr[len] = '\0';
13632 }
13633 }
13634 sprintf (buf, "%*.*s ", len, len, ptr);
13635 }
13636
13637 #ifdef ARGUSDEBUG
13638 ArgusDebug (10, "ArgusPrintLoad (%p, %p)", buf, argus);
13639 #endif
13640 }
13641
13642
13643 void
ArgusPrintSrcVID(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13644 ArgusPrintSrcVID (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13645 {
13646 struct ArgusVlanStruct *vlan = (struct ArgusVlanStruct *)argus->dsrs[ARGUS_VLAN_INDEX];
13647 char vlanbuf[32], *format = NULL;
13648
13649 bzero(vlanbuf, sizeof(vlanbuf));
13650
13651 if (parser->RaPrintAlgorithmList[parser->RaPrintIndex] != NULL)
13652 format = parser->RaPrintAlgorithmList[parser->RaPrintIndex]->format;
13653
13654 if ((format == NULL) || (strlen(format) == 0))
13655 format = "%d";
13656
13657 if (vlan != NULL)
13658 if ((vlan->hdr.argus_dsrvl8.qual & ARGUS_SRC_VLAN))
13659 sprintf (vlanbuf, format, (vlan->sid & 0x0FFF));
13660
13661 if (parser->ArgusPrintXml) {
13662 } else {
13663 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13664 len = strlen(vlanbuf);
13665 } else {
13666 if (strlen(vlanbuf) > len) {
13667 vlanbuf[len - 1] = '*';
13668 vlanbuf[len] = '\0';
13669 }
13670 }
13671 sprintf (buf, "%*.*s ", len, len, vlanbuf);
13672 }
13673
13674 #ifdef ARGUSDEBUG
13675 ArgusDebug (10, "ArgusPrintSrcVID (%p, %p)", buf, argus);
13676 #endif
13677 }
13678
13679 void
ArgusPrintDstVID(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13680 ArgusPrintDstVID (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13681 {
13682 struct ArgusVlanStruct *vlan = (struct ArgusVlanStruct *)argus->dsrs[ARGUS_VLAN_INDEX];
13683 char vlanbuf[32], *format = NULL;
13684
13685 bzero(vlanbuf, sizeof(vlanbuf));
13686
13687 if (parser->RaPrintAlgorithmList[parser->RaPrintIndex] != NULL)
13688 format = parser->RaPrintAlgorithmList[parser->RaPrintIndex]->format;
13689
13690 if ((format == NULL) || (strlen(format) == 0))
13691 format = "%d";
13692
13693 if (vlan != NULL)
13694 if ((vlan->hdr.argus_dsrvl8.qual & ARGUS_DST_VLAN))
13695 sprintf (vlanbuf, format, (vlan->did & 0x0FFF));
13696
13697 if (parser->ArgusPrintXml) {
13698 } else {
13699 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13700 len = strlen(vlanbuf);
13701 } else {
13702 if (strlen(vlanbuf) > len) {
13703 vlanbuf[len - 1] = '*';
13704 vlanbuf[len] = '\0';
13705 }
13706 }
13707 sprintf (buf, "%*.*s ", len, len, vlanbuf);
13708 }
13709
13710 #ifdef ARGUSDEBUG
13711 ArgusDebug (10, "ArgusPrintDstVID (%p, %p)", buf, argus);
13712 #endif
13713 }
13714
13715 void
ArgusPrintSrcVPRI(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13716 ArgusPrintSrcVPRI (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13717 {
13718
13719 if (parser->ArgusPrintXml) {
13720 } else
13721 sprintf (buf, "%*.*s ", len, len, " ");
13722
13723 #ifdef ARGUSDEBUG
13724 ArgusDebug (10, "ArgusPrintSrcVPRI (%p, %p)", buf, argus);
13725 #endif
13726 }
13727
13728 void
ArgusPrintDstVPRI(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13729 ArgusPrintDstVPRI (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13730 {
13731
13732 if (parser->ArgusPrintXml) {
13733 } else
13734 sprintf (buf, "%*.*s ", len, len, " ");
13735
13736 #ifdef ARGUSDEBUG
13737 ArgusDebug (10, "ArgusPrintDstVPRI (%p, %p)", buf, argus);
13738 #endif
13739 }
13740
13741 void
ArgusPrintSrcVlan(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13742 ArgusPrintSrcVlan (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13743 {
13744 struct ArgusVlanStruct *vlan = (struct ArgusVlanStruct *)argus->dsrs[ARGUS_VLAN_INDEX];
13745 char vstr[16];
13746
13747 bzero(vstr, sizeof(vstr));
13748 if (vlan != NULL)
13749 if ((vlan->hdr.argus_dsrvl8.qual & ARGUS_SRC_VLAN) || (vlan->sid > 0))
13750 sprintf (vstr, "0x%04x", vlan->sid);
13751
13752 if (parser->ArgusPrintXml) {
13753 } else {
13754 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13755 len = strlen(vstr);
13756 } else {
13757 if (strlen(vstr) > len) {
13758 vstr[len - 1] = '*';
13759 vstr[len] = '\0';
13760 }
13761 }
13762 sprintf (buf, "%*.*s ", len, len, vstr);
13763 }
13764
13765 #ifdef ARGUSDEBUG
13766 ArgusDebug (10, "ArgusPrintSrcVlan (%p, %p)", buf, argus);
13767 #endif
13768 }
13769
13770 void
ArgusPrintDstVlan(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13771 ArgusPrintDstVlan (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13772 {
13773 struct ArgusVlanStruct *vlan = (struct ArgusVlanStruct *)argus->dsrs[ARGUS_VLAN_INDEX];
13774 char vstr[16];
13775
13776 bzero(vstr, sizeof(vstr));
13777 if (vlan != NULL)
13778 if ((vlan->hdr.argus_dsrvl8.qual & ARGUS_DST_VLAN) || (vlan->did > 0))
13779 sprintf (vstr, "0x%04x", vlan->did);
13780
13781 if (parser->ArgusPrintXml) {
13782 } else {
13783 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13784 len = strlen(vstr);
13785 } else {
13786 if (strlen(vstr) > len) {
13787 vstr[len - 1] = '*';
13788 vstr[len] = '\0';
13789 }
13790 }
13791 sprintf (buf, "%*.*s ", len, len, vstr);
13792 }
13793
13794 #ifdef ARGUSDEBUG
13795 ArgusDebug (10, "ArgusPrintDstVlan (%p, %p)", buf, argus);
13796 #endif
13797 }
13798
13799
13800 void
ArgusPrintSrcMpls(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13801 ArgusPrintSrcMpls (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13802 {
13803 struct ArgusMplsStruct *mpls = (struct ArgusMplsStruct *)argus->dsrs[ARGUS_MPLS_INDEX];
13804 unsigned int label;
13805 char tbuf[32];
13806
13807 bzero (tbuf, sizeof(tbuf));
13808 if (mpls != NULL) {
13809 if (mpls->hdr.subtype & ARGUS_MPLS_SRC_LABEL) {
13810 label = mpls->slabel >> 12;
13811 sprintf (tbuf, "%d", label);
13812 }
13813 }
13814
13815 if (parser->ArgusPrintXml) {
13816 } else {
13817 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13818 len = strlen(tbuf);
13819 } else {
13820 if (strlen(tbuf) > len) {
13821 tbuf[len - 1] = '*';
13822 tbuf[len] = '\0';
13823 }
13824 }
13825 sprintf (buf, "%*.*s ", len, len, tbuf);
13826 }
13827
13828 #ifdef ARGUSDEBUG
13829 ArgusDebug (10, "ArgusPrintSrcMpls (%p, %p)", buf, argus);
13830 #endif
13831 }
13832
13833 void
ArgusPrintDstMpls(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13834 ArgusPrintDstMpls (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13835 {
13836 struct ArgusMplsStruct *mpls = (struct ArgusMplsStruct *)argus->dsrs[ARGUS_MPLS_INDEX];
13837 unsigned int label;
13838 char tbuf[32];
13839
13840 bzero (tbuf, sizeof(tbuf));
13841 if (mpls != NULL) {
13842 if (mpls->hdr.subtype & ARGUS_MPLS_DST_LABEL) {
13843 label = mpls->dlabel >> 12;
13844 sprintf (tbuf, "%d", label);
13845 }
13846 }
13847
13848 if (parser->ArgusPrintXml) {
13849 } else {
13850 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13851 len = strlen(tbuf);
13852 } else {
13853 if (strlen(tbuf) > len) {
13854 tbuf[len - 1] = '*';
13855 tbuf[len] = '\0';
13856 }
13857 }
13858 sprintf (buf, "%*.*s ", len, len, tbuf);
13859 }
13860
13861 #ifdef ARGUSDEBUG
13862 ArgusDebug (10, "ArgusPrintDstMpls (%p, %p)", buf, argus);
13863 #endif
13864 }
13865
13866 /*
13867 void
13868 ArgusPrintMpls (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13869 {
13870 ArgusPrintSrcMpls (parser, buf, argus);
13871 ArgusPrintDstMpls (parser, buf, argus);
13872
13873 #ifdef ARGUSDEBUG
13874 ArgusDebug (10, "ArgusPrintMpls (%p, %p)", buf, argus);
13875 #endif
13876 }
13877 */
13878
13879 #include <netinet/igmp.h>
13880
13881 void
ArgusPrintJoinDelay(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13882 ArgusPrintJoinDelay (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13883 {
13884 if (parser->ArgusPrintXml) {
13885 } else
13886 sprintf (buf, "%*.*s ", len, len, " ");
13887
13888 #ifdef ARGUSDEBUG
13889 ArgusDebug (10, "ArgusPrintJoinDelay (%p, %p)", buf, argus);
13890 #endif
13891 }
13892
13893 void
ArgusPrintLeaveDelay(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13894 ArgusPrintLeaveDelay (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13895 {
13896 if (parser->ArgusPrintXml) {
13897 } else
13898 sprintf (buf, "%*.*s ", len, len, " ");
13899
13900 #ifdef ARGUSDEBUG
13901 ArgusDebug (10, "ArgusPrintLeaveDelay (%p, %p)", buf, argus);
13902 #endif
13903 }
13904
13905
13906 void
ArgusPrintSrcWindow(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13907 ArgusPrintSrcWindow (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13908 {
13909 struct ArgusNetworkStruct *net = (struct ArgusNetworkStruct *)argus->dsrs[ARGUS_NETWORK_INDEX];
13910 char winbuf[32];
13911
13912 bzero(winbuf, sizeof(winbuf));
13913
13914 if (net != NULL) {
13915 struct ArgusFlow *flow = (struct ArgusFlow *)argus->dsrs[ARGUS_FLOW_INDEX];
13916 struct ArgusMetricStruct *metric = (struct ArgusMetricStruct *) argus->dsrs[ARGUS_METRIC_INDEX];
13917
13918 if (net && (net->hdr.subtype == ARGUS_UDT_FLOW)) {
13919 unsigned int win = net->net_union.udt.src.bsize;
13920 if (parser->Hflag)
13921 ArgusAbbreviateMetric(parser, winbuf, 32, win);
13922 else
13923 snprintf (winbuf, 32, "%u", win);
13924 } else {
13925 if ((flow != NULL) && ((metric != NULL) && (metric->src.pkts > 0))) {
13926 switch (flow->hdr.subtype & 0x3F) {
13927 case ARGUS_FLOW_CLASSIC5TUPLE: {
13928 switch ((flow->hdr.argus_dsrvl8.qual & 0x1F)) {
13929 case ARGUS_TYPE_IPV4:
13930 switch (flow->ip_flow.ip_p) {
13931 case IPPROTO_TCP: {
13932 struct ArgusTCPObject *tcp = (struct ArgusTCPObject *)&net->net_union.tcp;
13933
13934 unsigned int win = tcp->src.win << tcp->src.winshift;
13935 if (parser->Hflag)
13936 ArgusAbbreviateMetric(parser, winbuf, 32, win);
13937 else
13938 sprintf (winbuf, "%u", win);
13939 break;
13940 }
13941 default:
13942 break;
13943 }
13944 break;
13945
13946 case ARGUS_TYPE_IPV6:
13947 switch (flow->ipv6_flow.ip_p) {
13948 case IPPROTO_TCP: {
13949 struct ArgusTCPObject *tcp = (struct ArgusTCPObject *)&net->net_union.tcp;
13950 unsigned int win = tcp->src.win << tcp->src.winshift;
13951 if (parser->Hflag)
13952 ArgusAbbreviateMetric(parser, winbuf, 32, win);
13953 else
13954 sprintf (winbuf, "%u", win);
13955 break;
13956 }
13957 default:
13958 break;
13959 }
13960 break;
13961 }
13962 break;
13963 }
13964
13965 default:
13966 break;
13967 }
13968 }
13969 }
13970 }
13971
13972 if (parser->ArgusPrintXml) {
13973 } else {
13974 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
13975 len = strlen(winbuf);
13976 } else {
13977 if (strlen(winbuf) > len) {
13978 winbuf[len - 1] = '*';
13979 winbuf[len] = '\0';
13980 }
13981 }
13982 sprintf (buf, "%*.*s ", len, len, winbuf);
13983 }
13984
13985 #ifdef ARGUSDEBUG
13986 ArgusDebug (10, "ArgusPrintSrcWindow (%p, %p)", buf, argus);
13987 #endif
13988 }
13989
13990
13991 void
ArgusPrintDstWindow(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)13992 ArgusPrintDstWindow (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
13993 {
13994 struct ArgusNetworkStruct *net = (struct ArgusNetworkStruct *)argus->dsrs[ARGUS_NETWORK_INDEX];
13995 char winbuf[32];
13996
13997 bzero(winbuf, sizeof(winbuf));
13998
13999 if (net != NULL) {
14000 struct ArgusTCPObject *tcp = (struct ArgusTCPObject *)&net->net_union.tcp;
14001 struct ArgusFlow *flow = (struct ArgusFlow *)argus->dsrs[ARGUS_FLOW_INDEX];
14002 struct ArgusMetricStruct *metric = (struct ArgusMetricStruct *) argus->dsrs[ARGUS_METRIC_INDEX];
14003
14004 if ((flow != NULL) && ((metric != NULL) && (metric->src.pkts > 0))) {
14005 if (metric->dst.pkts > 0) {
14006 switch (flow->hdr.subtype & 0x3F) {
14007 case ARGUS_FLOW_CLASSIC5TUPLE: {
14008 switch ((flow->hdr.argus_dsrvl8.qual & 0x1F)) {
14009 case ARGUS_TYPE_IPV4:
14010 switch (flow->ip_flow.ip_p) {
14011 case IPPROTO_TCP: {
14012 unsigned int win = tcp->dst.win << tcp->dst.winshift;
14013 if (parser->Hflag)
14014 ArgusAbbreviateMetric(parser, winbuf, 32, win);
14015 else
14016 snprintf (winbuf, 32, "%u", win);
14017 break;
14018 }
14019 default:
14020 break;
14021 }
14022 break;
14023
14024 case ARGUS_TYPE_IPV6:
14025 switch (flow->ipv6_flow.ip_p) {
14026 case IPPROTO_TCP: {
14027 unsigned int win = tcp->dst.win << tcp->dst.winshift;
14028 if (parser->Hflag)
14029 ArgusAbbreviateMetric(parser, winbuf, 32, win);
14030 else
14031 sprintf (winbuf, "%u", win);
14032 break;
14033 }
14034 default:
14035 break;
14036 }
14037 break;
14038 }
14039 break;
14040 }
14041
14042 default:
14043 break;
14044 }
14045 }
14046 }
14047 }
14048
14049 if (parser->ArgusPrintXml) {
14050 } else {
14051 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
14052 len = strlen(winbuf);
14053 } else {
14054 if (strlen(winbuf) > len) {
14055 winbuf[len - 1] = '*';
14056 winbuf[len] = '\0';
14057 }
14058 }
14059 sprintf (buf, "%*.*s ", len, len, winbuf);
14060 }
14061
14062 #ifdef ARGUSDEBUG
14063 ArgusDebug (10, "ArgusPrintDstWindow (%p, %p)", buf, argus);
14064 #endif
14065 }
14066
14067 void
ArgusPrintTCPRTT(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)14068 ArgusPrintTCPRTT (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14069 {
14070 char tbuf[32], *ptr = tbuf;
14071 double rtt = 0.0;
14072
14073 rtt = ArgusFetchTcpRtt(argus);
14074 if (parser->Hflag)
14075 ArgusAbbreviateMetric(parser, ptr, 32, rtt);
14076 else
14077 snprintf (ptr, 32, "%.*f", parser->pflag, rtt);
14078
14079 if (parser->ArgusPrintXml) {
14080 if (rtt > 0.0)
14081 sprintf (buf, " TcpRtt = \"%s\"", ptr);
14082 } else {
14083 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
14084 len = strlen(ptr);
14085 } else {
14086 if (strlen(ptr) > len) {
14087 ptr[len - 1] = '*';
14088 ptr[len] = '\0';
14089 }
14090 }
14091 sprintf (buf, "%*.*s ", len, len, ptr);
14092 }
14093
14094 #ifdef ARGUSDEBUG
14095 ArgusDebug (10, "ArgusPrintTCPRTT (%p, %p)", buf, argus);
14096 #endif
14097 }
14098
14099 void
ArgusPrintTCPSynAck(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)14100 ArgusPrintTCPSynAck (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14101 {
14102 double rtt = ArgusFetchTcpSynAck(argus);
14103 char tbuf[32], *ptr = tbuf;
14104
14105 if (parser->Hflag)
14106 ArgusAbbreviateMetric(parser, ptr, 32, rtt);
14107 else
14108 snprintf (ptr, 32, "%.*f", parser->pflag, rtt);
14109
14110 if (parser->ArgusPrintXml) {
14111 sprintf (buf, " TcpSynAck = \"%s\"", ptr);
14112 } else {
14113 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
14114 len = strlen(ptr);
14115 } else {
14116 if (strlen(ptr) > len) {
14117 ptr[len - 1] = '*';
14118 ptr[len] = '\0';
14119 }
14120 }
14121 sprintf (buf, "%*.*s ", len, len, ptr);
14122 }
14123
14124 #ifdef ARGUSDEBUG
14125 ArgusDebug (10, "ArgusPrintTCPSynAck (%p, %p)", buf, argus);
14126 #endif
14127 }
14128
14129 void
ArgusPrintTCPAckDat(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)14130 ArgusPrintTCPAckDat (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14131 {
14132 double rtt = ArgusFetchTcpAckDat(argus);
14133 char tbuf[32], *ptr = tbuf;
14134
14135 if (parser->Hflag)
14136 ArgusAbbreviateMetric(parser, ptr, 32, rtt);
14137 else
14138 snprintf (ptr, 32, "%.*f", parser->pflag, rtt);
14139
14140 if (parser->ArgusPrintXml) {
14141 sprintf (buf, " TcpAckDat = \"%s\"", ptr);
14142 } else {
14143 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
14144 len = strlen(ptr);
14145 } else {
14146 if (strlen(ptr) > len) {
14147 ptr[len - 1] = '*';
14148 ptr[len] = '\0';
14149 }
14150 }
14151 sprintf (buf, "%*.*s ", len, len, ptr);
14152 }
14153
14154 #ifdef ARGUSDEBUG
14155 ArgusDebug (10, "ArgusPrintTCPAckDat (%p, %p)", buf, argus);
14156 #endif
14157 }
14158
14159
14160 void
ArgusPrintTCPSrcMax(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)14161 ArgusPrintTCPSrcMax (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14162 {
14163 double value = ArgusFetchSrcTcpMax(argus);
14164 char tbuf[32], *ptr = tbuf;
14165
14166 if (parser->Hflag)
14167 ArgusAbbreviateMetric(parser, ptr, 32, value);
14168 else
14169 sprintf (ptr, "%.*f", parser->pflag, value);
14170
14171 if (parser->ArgusPrintXml) {
14172 } else {
14173 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
14174 len = strlen(ptr);
14175 } else {
14176 if (strlen(ptr) > len) {
14177 ptr[len - 1] = '*';
14178 ptr[len] = '\0';
14179 }
14180 }
14181 sprintf (buf, "%*.*s ", len, len, ptr);
14182 }
14183
14184 #ifdef ARGUSDEBUG
14185 ArgusDebug (10, "ArgusPrintTCPSrcMax (%p, %p)", buf, argus);
14186 #endif
14187 }
14188
14189
14190 void
ArgusPrintTCPDstMax(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)14191 ArgusPrintTCPDstMax (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14192 {
14193 double value = ArgusFetchDstTcpMax(argus);
14194 char tbuf[32], *ptr = tbuf;
14195
14196 if (parser->Hflag)
14197 ArgusAbbreviateMetric(parser, ptr, 32, value);
14198 else
14199 sprintf (ptr, "%.*f", parser->pflag, value);
14200
14201 if (parser->ArgusPrintXml) {
14202 } else {
14203 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
14204 len = strlen(ptr);
14205 } else {
14206 if (strlen(ptr) > len) {
14207 ptr[len - 1] = '*';
14208 ptr[len] = '\0';
14209 }
14210 }
14211 sprintf (buf, "%*.*s ", len, len, ptr);
14212 }
14213
14214 #ifdef ARGUSDEBUG
14215 ArgusDebug (10, "ArgusPrintTCPDstMax (%p, %p)", buf, argus);
14216 #endif
14217 }
14218
14219
14220 void
ArgusPrintSrcGap(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)14221 ArgusPrintSrcGap (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14222 {
14223 double value = ArgusFetchSrcGap(argus);
14224 int tcpgap = value;
14225 char tbuf[32], *ptr = tbuf;
14226
14227 bzero(tbuf, sizeof(tbuf));
14228
14229 if (parser->Hflag)
14230 ArgusAbbreviateMetric(parser, ptr, 32, value);
14231 else {
14232 if (tcpgap != -1)
14233 sprintf (ptr, "%d", tcpgap);
14234 }
14235
14236 if (parser->ArgusPrintXml) {
14237 if (strlen(ptr))
14238 sprintf (buf, " SrcGap = \"%s\"", ptr);
14239 } else {
14240 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
14241 len = strlen(ptr);
14242 } else {
14243 if (strlen(ptr) > len) {
14244 ptr[len - 1] = '*';
14245 ptr[len] = '\0';
14246 }
14247 }
14248 sprintf (buf, "%*.*s ", len, len, ptr);
14249 }
14250
14251 #ifdef ARGUSDEBUG
14252 ArgusDebug (10, "ArgusPrintSrcGap (%p, %p)", buf, argus);
14253 #endif
14254 }
14255
14256 void
ArgusPrintDstGap(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)14257 ArgusPrintDstGap (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14258 {
14259 double value = ArgusFetchDstGap(argus);
14260 int tcpgap = value;
14261 char tbuf[32], *ptr = tbuf;
14262
14263 bzero(tbuf, sizeof(tbuf));
14264
14265 if (parser->Hflag)
14266 ArgusAbbreviateMetric(parser, ptr, 32, value);
14267 else {
14268 if (tcpgap != -1)
14269 sprintf (ptr, "%d", tcpgap);
14270 }
14271
14272 if (parser->ArgusPrintXml) {
14273 if (strlen(ptr))
14274 sprintf (buf, " DstGap = \"%s\"", ptr);
14275 } else {
14276 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
14277 len = strlen(ptr);
14278 } else {
14279 if (strlen(ptr) > len) {
14280 ptr[len - 1] = '*';
14281 ptr[len] = '\0';
14282 }
14283 }
14284 sprintf (buf, "%*.*s ", len, len, ptr);
14285 }
14286
14287 #ifdef ARGUSDEBUG
14288 ArgusDebug (10, "ArgusPrintDstGap (%p, %p)", buf, argus);
14289 #endif
14290 }
14291
14292 /*
14293 void
14294 ArgusPrintSrcDup (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14295 {
14296 double value = ArgusFetchSrcDup(argus);
14297 int tcpgap = value;
14298 char tbuf[32], *ptr = tbuf;
14299
14300 bzero(tbuf, sizeof(tbuf));
14301
14302 if (parser->Hflag)
14303 ArgusAbbreviateMetric(parser, ptr, 32, value);
14304 else {
14305 if (tcpgap != -1)
14306 sprintf (ptr, "%d", tcpgap);
14307 }
14308
14309 if (parser->ArgusPrintXml) {
14310 if (strlen(ptr))
14311 sprintf (buf, " SrcDup = \"%s\"", ptr);
14312 } else {
14313 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
14314 len = strlen(ptr);
14315 } else {
14316 if (strlen(ptr) > len) {
14317 ptr[len - 1] = '*';
14318 ptr[len] = '\0';
14319 }
14320 }
14321 sprintf (buf, "%*.*s ", len, len, ptr);
14322 }
14323
14324 #ifdef ARGUSDEBUG
14325 ArgusDebug (10, "ArgusPrintSrcDup (%p, %p)", buf, argus);
14326 #endif
14327 }
14328
14329 void
14330 ArgusPrintDstDup (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14331 {
14332 double value = ArgusFetchDstDup(argus);
14333 int tcpgap = value;
14334 char tbuf[32], *ptr = tbuf;
14335
14336 bzero(tbuf, sizeof(tbuf));
14337
14338 if (parser->Hflag)
14339 ArgusAbbreviateMetric(parser, ptr, 32, value);
14340 else {
14341 if (tcpgap != -1)
14342 sprintf (ptr, "%d", tcpgap);
14343 }
14344
14345 if (parser->ArgusPrintXml) {
14346 if (strlen(ptr))
14347 sprintf (buf, " DstDup = \"%s\"", ptr);
14348 } else {
14349 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
14350 len = strlen(ptr);
14351 } else {
14352 if (strlen(ptr) > len) {
14353 ptr[len - 1] = '*';
14354 ptr[len] = '\0';
14355 }
14356 }
14357 sprintf (buf, "%*.*s ", len, len, ptr);
14358 }
14359
14360 #ifdef ARGUSDEBUG
14361 ArgusDebug (10, "ArgusPrintDstDup (%p, %p)", buf, argus);
14362 #endif
14363 }
14364 */
14365
14366
14367 void
ArgusPrintTCPSrcBase(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)14368 ArgusPrintTCPSrcBase (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14369 {
14370 struct ArgusNetworkStruct *net;
14371 struct ArgusTCPObject *tcp;
14372 struct ArgusFlow *flow;
14373 char pbuf[32];
14374
14375 bzero(pbuf, sizeof(pbuf));
14376
14377 if ((flow = (struct ArgusFlow *)argus->dsrs[ARGUS_FLOW_INDEX]) != NULL) {
14378 if ((net = (struct ArgusNetworkStruct *)argus->dsrs[ARGUS_NETWORK_INDEX]) != NULL) {
14379 tcp = (struct ArgusTCPObject *)&net->net_union.tcp;
14380 switch (flow->hdr.subtype & 0x3F) {
14381 case ARGUS_FLOW_CLASSIC5TUPLE: {
14382 switch ((flow->hdr.argus_dsrvl8.qual & 0x1F)) {
14383 case ARGUS_TYPE_IPV4:
14384 switch (flow->ip_flow.ip_p) {
14385 case IPPROTO_TCP:
14386 if (tcp->src.seqbase != 0)
14387 sprintf (pbuf, "%u", tcp->src.seqbase);
14388 else
14389 sprintf (pbuf, "%s", " ");
14390 break;
14391 default:
14392 break;
14393 }
14394 break;
14395
14396 case ARGUS_TYPE_IPV6:
14397 switch (flow->ipv6_flow.ip_p) {
14398 case IPPROTO_TCP:
14399 if (tcp->src.seqbase != 0)
14400 sprintf (pbuf, "%u", tcp->src.seqbase);
14401 else
14402 sprintf (pbuf, "%s", " ");
14403 break;
14404 default:
14405 break;
14406 }
14407 break;
14408 }
14409 break;
14410 }
14411
14412 default:
14413 break;
14414 }
14415 }
14416 }
14417
14418 if (parser->ArgusPrintXml) {
14419 } else {
14420 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
14421 len = strlen(pbuf);
14422 } else {
14423 if (strlen(pbuf) > len) {
14424 pbuf[len - 1] = '*';
14425 pbuf[len] = '\0';
14426 }
14427 }
14428 sprintf (buf, "%*.*s ", len, len, pbuf);
14429 }
14430
14431 #ifdef ARGUSDEBUG
14432 ArgusDebug (10, "ArgusPrintTCPSrcBase (%p, %p)", buf, argus);
14433 #endif
14434 }
14435
14436 void
ArgusPrintTCPDstBase(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)14437 ArgusPrintTCPDstBase (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14438 {
14439 struct ArgusNetworkStruct *net;
14440 struct ArgusTCPObject *tcp;
14441 struct ArgusFlow *flow;
14442 char pbuf[32];
14443
14444 bzero(pbuf, sizeof(pbuf));
14445
14446 if ((flow = (struct ArgusFlow *)argus->dsrs[ARGUS_FLOW_INDEX]) != NULL) {
14447 if ((net = (struct ArgusNetworkStruct *)argus->dsrs[ARGUS_NETWORK_INDEX]) != NULL) {
14448 tcp = (struct ArgusTCPObject *)&net->net_union.tcp;
14449
14450 switch (flow->hdr.subtype & 0x3F) {
14451 case ARGUS_FLOW_CLASSIC5TUPLE: {
14452 switch ((flow->hdr.argus_dsrvl8.qual & 0x1F)) {
14453 case ARGUS_TYPE_IPV4:
14454 switch (flow->ip_flow.ip_p) {
14455 case IPPROTO_TCP:
14456 if (tcp->dst.seqbase != 0)
14457 sprintf (pbuf, "%u", tcp->dst.seqbase);
14458 else
14459 sprintf (pbuf, "%s", " ");
14460 break;
14461 default:
14462 break;
14463 }
14464 break;
14465
14466 case ARGUS_TYPE_IPV6:
14467 switch (flow->ipv6_flow.ip_p) {
14468 case IPPROTO_TCP:
14469 sprintf (pbuf, "%u", tcp->dst.seqbase);
14470 break;
14471 default:
14472 break;
14473 }
14474 break;
14475 }
14476 break;
14477 }
14478
14479 default:
14480 sprintf (pbuf, "%s", "");
14481 break;
14482 }
14483 }
14484 }
14485
14486 if (parser->ArgusPrintXml) {
14487 } else {
14488 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
14489 len = strlen(pbuf);
14490 } else {
14491 if (strlen(pbuf) > len) {
14492 pbuf[len - 1] = '*';
14493 pbuf[len] = '\0';
14494 }
14495 }
14496 sprintf (buf, "%*.*s ", len, len, pbuf);
14497 }
14498
14499 #ifdef ARGUSDEBUG
14500 ArgusDebug (10, "ArgusPrintTCPDstBase (%p, %p)", buf, argus);
14501 #endif
14502 }
14503
14504 /*
14505 void
14506 ArgusPrintTCPBase (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14507 {
14508 ArgusPrintTCPSrcBase(parser, &buf[strlen(buf)], argus);
14509 ArgusPrintTCPDstBase(parser, &buf[strlen(buf)], argus);
14510
14511 #ifdef ARGUSDEBUG
14512 ArgusDebug (10, "ArgusPrintTCPBase (%p, %p)", buf, argus);
14513 #endif
14514 }
14515 */
14516
14517 void
ArgusPrintTCPOptions(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)14518 ArgusPrintTCPOptions (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14519 {
14520 struct ArgusNetworkStruct *net;
14521 struct ArgusTCPObject *tcp = NULL;
14522 struct ArgusFlow *flow;
14523 char options[16];
14524
14525 strcpy(options, " ");
14526
14527 if ((flow = (struct ArgusFlow *)argus->dsrs[ARGUS_FLOW_INDEX]) != NULL) {
14528 if ((net = (struct ArgusNetworkStruct *)argus->dsrs[ARGUS_NETWORK_INDEX]) != NULL) {
14529 switch (flow->hdr.subtype & 0x3F) {
14530 case ARGUS_FLOW_CLASSIC5TUPLE: {
14531 switch ((flow->hdr.argus_dsrvl8.qual & 0x1F)) {
14532 case ARGUS_TYPE_IPV4:
14533 switch (flow->ip_flow.ip_p) {
14534 case IPPROTO_TCP:
14535 tcp = (struct ArgusTCPObject *)&net->net_union.tcp;
14536 break;
14537 default:
14538 break;
14539 }
14540 break;
14541
14542 case ARGUS_TYPE_IPV6:
14543 switch (flow->ipv6_flow.ip_p) {
14544 case IPPROTO_TCP:
14545 tcp = (struct ArgusTCPObject *)&net->net_union.tcp;
14546 break;
14547 default:
14548 break;
14549 }
14550 break;
14551 }
14552 break;
14553 }
14554
14555 default:
14556 break;
14557 }
14558 }
14559 }
14560
14561 #define ARGUSTCPOPTNUM 12
14562
14563 if (tcp != NULL) {
14564 unsigned int opt, tcpoptions = tcp->options & ARGUS_TCP_OPTIONS;
14565 char *optr = options;
14566 int i;
14567 if (tcpoptions != 0) {
14568 for (i = 0, opt = ARGUS_TCP_MAXSEG; i < ARGUSTCPOPTNUM; i++) {
14569 if (tcpoptions & opt) {
14570 switch (opt) {
14571 case ARGUS_TCP_MAXSEG: *optr = 'M'; break;
14572 case ARGUS_TCP_WSCALE: *optr = 'w'; break;
14573 case ARGUS_TCP_SACKOK: *optr = 's'; break;
14574 case ARGUS_TCP_SACK: *optr = 'S'; break;
14575 case ARGUS_TCP_ECHO: *optr = 'e'; break;
14576 case ARGUS_TCP_ECHOREPLY: *optr = 'E'; break;
14577 case ARGUS_TCP_TIMESTAMP: *optr = 'T'; break;
14578 case ARGUS_TCP_CC: *optr = 'c'; break;
14579 case ARGUS_TCP_CCNEW: *optr = 'N'; break;
14580 case ARGUS_TCP_CCECHO: *optr = 'O'; break;
14581 case ARGUS_TCP_SRC_ECN: *optr = 'S'; break;
14582 case ARGUS_TCP_DST_ECN: *optr = 'D'; break;
14583 }
14584 }
14585 opt = opt << 1;
14586 optr++;
14587 }
14588 }
14589 }
14590
14591 if (parser->ArgusPrintXml) {
14592 if (tcp != NULL)
14593 sprintf (buf, " TcpOptions = \"%s\"", options);
14594 } else
14595 sprintf (buf, "%*.*s ", len, len, options);
14596
14597 #ifdef ARGUSDEBUG
14598 ArgusDebug (10, "ArgusPrintTCPOptions (%p, %p)", buf, argus);
14599 #endif
14600 }
14601
14602 void
ArgusPrintTCPExtensions(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)14603 ArgusPrintTCPExtensions (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14604 {
14605 if (parser->ArgusPrintXml) {
14606 } else
14607 sprintf (buf, "%*.*s ", len, len, " ");
14608
14609 #ifdef ARGUSDEBUG
14610 ArgusDebug (10, "ArgusPrintTCPExtentions (%p, %p)", buf, argus);
14611 #endif
14612 }
14613
14614 char *ArgusGetManStatus (struct ArgusParserStruct *parser, struct ArgusRecordStruct *);
14615 char *ArgusGetTCPStatus (struct ArgusParserStruct *parser, struct ArgusRecordStruct *);
14616 char *ArgusGetIGMPStatus (struct ArgusParserStruct *parser, struct ArgusRecordStruct *);
14617 char *ArgusGetICMPStatus (struct ArgusParserStruct *parser, struct ArgusRecordStruct *);
14618 char *ArgusGetICMPv6Status (struct ArgusParserStruct *parser, struct ArgusRecordStruct *);
14619 char *ArgusGetIPStatus (struct ArgusParserStruct *parser, struct ArgusRecordStruct *);
14620
14621 char *ArgusTCPFlags [] = {
14622 "F", "S", "R", "P", "A", "U", "E", "C"
14623 };
14624
14625
14626 void
ArgusPrintState(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)14627 ArgusPrintState (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14628 {
14629 char ArgusProcessBuf[256], *ArgusProcessStr = ArgusProcessBuf;
14630 struct ArgusMetricStruct *metric = NULL;
14631 struct ArgusFlow *flow = NULL;
14632 int type;
14633
14634 sprintf (ArgusProcessStr, "UNK");
14635
14636 if (argus->hdr.type & ARGUS_MAR) {
14637 ArgusProcessStr = ArgusGetManStatus (parser, argus);
14638 } else {
14639 if (argus->hdr.cause == ARGUS_ERROR) {
14640 ArgusProcessStr = "ERR";
14641 } else
14642 if (((flow = (struct ArgusFlow *)argus->dsrs[ARGUS_FLOW_INDEX]) != NULL)) {
14643 metric = (struct ArgusMetricStruct *)argus->dsrs[ARGUS_METRIC_INDEX];
14644
14645 switch (flow->hdr.subtype & 0x3F) {
14646 case ARGUS_FLOW_CLASSIC5TUPLE: {
14647 switch (type = (flow->hdr.argus_dsrvl8.qual & 0x1F)) {
14648 case ARGUS_TYPE_IPV4:
14649 switch (flow->ip_flow.ip_p) {
14650 case IPPROTO_TCP: ArgusProcessStr = ArgusGetTCPStatus (parser, argus); break;
14651 case IPPROTO_ICMP: ArgusProcessStr = ArgusGetICMPStatus (parser, argus); break;
14652 case IPPROTO_IGMP: ArgusProcessStr = ArgusGetIPStatus (parser, argus); break;
14653 default: ArgusProcessStr = ArgusGetIPStatus (parser, argus); break;
14654 }
14655 break;
14656
14657 case ARGUS_TYPE_IPV6:
14658 switch (flow->ipv6_flow.ip_p) {
14659 case IPPROTO_TCP: ArgusProcessStr = ArgusGetTCPStatus (parser, argus); break;
14660 case IPPROTO_ICMPV6: ArgusProcessStr = ArgusGetICMPv6Status (parser, argus); break;
14661 case IPPROTO_IGMP: ArgusProcessStr = ArgusGetIPStatus (parser, argus); break;
14662 default: ArgusProcessStr = ArgusGetIPStatus (parser, argus); break;
14663 }
14664 break;
14665
14666 case ARGUS_TYPE_RARP:
14667 case ARGUS_TYPE_ARP: {
14668 if (metric != NULL) {
14669 if (metric->src.pkts && metric->dst.pkts)
14670 sprintf(ArgusProcessStr, "%s", "CON");
14671 else
14672 if ((metric->src.pkts) || (parser->RaMonMode)) {
14673 if (argus->hdr.cause & ARGUS_START)
14674 sprintf(ArgusProcessStr, "%s", "INT");
14675 else
14676 sprintf(ArgusProcessStr, "%s", "REQ");
14677 } else
14678 sprintf(ArgusProcessStr, "%s", "RSP");
14679 } else
14680 sprintf(ArgusProcessStr, "%s", "INT");
14681 break;
14682 }
14683
14684 case ARGUS_TYPE_ETHER:
14685 default: {
14686 ArgusProcessStr = ArgusGetIPStatus(parser, argus);
14687 }
14688
14689 case ARGUS_TYPE_ISIS: {
14690 switch (flow->isis_flow.pdu_type) {
14691 case L1_LAN_IIH: sprintf(ArgusProcessStr, "%s", "L1-IIH"); break;
14692 case L2_LAN_IIH: sprintf(ArgusProcessStr, "%s", "L2-IIH"); break;
14693 case L1_LSP: sprintf(ArgusProcessStr, "%s", "L1-LSP"); break;
14694 case L2_LSP: sprintf(ArgusProcessStr, "%s", "L2-LSP"); break;
14695 case L1_CSNP: sprintf(ArgusProcessStr, "%s", "L1-CSNP"); break;
14696 case L2_CSNP: sprintf(ArgusProcessStr, "%s", "L2-CSNP"); break;
14697 case L1_PSNP: sprintf(ArgusProcessStr, "%s", "L1-PSNP"); break;
14698 case L2_PSNP: sprintf(ArgusProcessStr, "%s", "L2-PSNP"); break;
14699 }
14700 break;
14701 }
14702 }
14703 break;
14704 }
14705
14706 case ARGUS_FLOW_ARP: {
14707 if (metric != NULL) {
14708 if (metric->src.pkts && metric->dst.pkts)
14709 sprintf(ArgusProcessStr, "%s", "CON");
14710 else
14711 if ((metric->src.pkts) || (parser->RaMonMode)) {
14712 if (argus->hdr.type & ARGUS_START)
14713 sprintf(ArgusProcessStr, "%s", "INT");
14714 else
14715 sprintf(ArgusProcessStr, "%s", "REQ");
14716 } else
14717 sprintf(ArgusProcessStr, "%s", "RSP");
14718 } else
14719 sprintf(ArgusProcessStr, "%s", "INT");
14720 break;
14721 }
14722 }
14723
14724 } else
14725 ArgusProcessStr = " ";
14726 }
14727
14728 if (parser->ArgusPrintXml) {
14729 sprintf (buf, " State = \"%s\"", ArgusProcessStr);
14730
14731 } else {
14732 int slen = strlen(ArgusProcessStr);
14733 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
14734 len = slen;
14735 } else {
14736 if (slen > len) {
14737 ArgusProcessStr[len - 1] = '*';
14738 ArgusProcessStr[len] = '\0';
14739 }
14740 }
14741 sprintf (buf, "%*.*s ", len, len, ArgusProcessStr);
14742 }
14743
14744 #ifdef ARGUSDEBUG
14745 ArgusDebug (10, "ArgusPrintState (%p, %p)", buf, argus);
14746 #endif
14747 }
14748
14749
14750 void
ArgusPrintDeltaDuration(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)14751 ArgusPrintDeltaDuration (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14752 {
14753 struct ArgusCorrelateStruct *cor = (void *)argus->dsrs[ARGUS_COR_INDEX];
14754 char deltadur[128];
14755 float ddur = 0.0;
14756
14757 bzero (deltadur, sizeof(deltadur));
14758 if (cor != NULL) {
14759 ddur = cor->metrics.deltaDur/1000000.0;
14760 sprintf (deltadur, "%.*f", parser->pflag, ddur);
14761 } else {
14762 sprintf (deltadur, " ");
14763 }
14764
14765 if (parser->ArgusPrintXml) {
14766 sprintf (buf, " DeltaDuration = \"%s\"", deltadur);
14767 } else {
14768 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
14769 len = strlen(deltadur);
14770 } else {
14771 if (strlen(deltadur) > len) {
14772 deltadur[len - 1] = '*';
14773 deltadur[len] = '\0';
14774 }
14775 }
14776 sprintf (buf, "%*.*s ", len, len, deltadur);
14777 }
14778
14779 #ifdef ARGUSDEBUG
14780 ArgusDebug (10, "ArgusPrintDeltaDuration (%p, %p)", buf, argus);
14781 #endif
14782 }
14783
14784
14785 void
ArgusPrintDeltaStartTime(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)14786 ArgusPrintDeltaStartTime (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14787 {
14788 struct ArgusCorrelateStruct *cor = (void *)argus->dsrs[ARGUS_COR_INDEX];
14789 char deltastart[128];
14790 float dstart = 0.0;
14791
14792 bzero (deltastart, sizeof(deltastart));
14793 if (cor != NULL) {
14794 dstart = cor->metrics.deltaStart/1000000.0;
14795 sprintf (deltastart, "%.*f", parser->pflag, dstart);
14796 } else {
14797 sprintf (deltastart, " ");
14798 }
14799
14800 if (parser->ArgusPrintXml) {
14801 sprintf (buf, " DeltaStartTime = \"%s\"", deltastart);
14802 } else {
14803 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
14804 len = strlen(deltastart);
14805 } else {
14806 if (strlen(deltastart) > len) {
14807 deltastart[len - 1] = '*';
14808 deltastart[len] = '\0';
14809 }
14810 }
14811 sprintf (buf, "%*.*s ", len, len, deltastart);
14812 }
14813
14814 #ifdef ARGUSDEBUG
14815 ArgusDebug (10, "ArgusPrintDeltaStartTime (%p, %p)", buf, argus);
14816 #endif
14817 }
14818
14819
14820 void
ArgusPrintDeltaLastTime(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)14821 ArgusPrintDeltaLastTime (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14822 {
14823 struct ArgusCorrelateStruct *cor = (void *)argus->dsrs[ARGUS_COR_INDEX];
14824 char deltalast[128];
14825 float dlast = 0.0;
14826
14827 bzero (deltalast, sizeof(deltalast));
14828 if (cor != NULL) {
14829 dlast = cor->metrics.deltaLast/1000000.0;
14830 sprintf (deltalast, "%.*f", parser->pflag, dlast);
14831 } else {
14832 sprintf (deltalast, " ");
14833 }
14834
14835 if (parser->ArgusPrintXml) {
14836 sprintf (buf, " DeltaLastTime = \"%s\"", deltalast);
14837 } else {
14838 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
14839 len = strlen(deltalast);
14840 } else {
14841 if (strlen(deltalast) > len) {
14842 deltalast[len - 1] = '*';
14843 deltalast[len] = '\0';
14844 }
14845 }
14846 sprintf (buf, "%*.*s ", len, len, deltalast);
14847 }
14848
14849 #ifdef ARGUSDEBUG
14850 ArgusDebug (10, "ArgusPrintDeltaLastTime (%p, %p)", buf, argus);
14851 #endif
14852 }
14853
14854
14855 void
ArgusPrintDeltaSrcPkts(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)14856 ArgusPrintDeltaSrcPkts (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14857 {
14858 struct ArgusCorrelateStruct *cor = (void *)argus->dsrs[ARGUS_COR_INDEX];
14859 char deltaspkts[128];
14860 int dspkts = 0;
14861
14862 bzero (deltaspkts, sizeof(deltaspkts));
14863 if (cor != NULL) {
14864 dspkts = cor->metrics.deltaSrcPkts;
14865 sprintf (deltaspkts, "%d", dspkts);
14866 } else {
14867 sprintf (deltaspkts, " ");
14868 }
14869
14870 if (parser->ArgusPrintXml) {
14871 sprintf (buf, " DeltaSrcPkts = \"%s\"", deltaspkts);
14872 } else {
14873 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
14874 len = strlen(deltaspkts);
14875 } else {
14876 if (strlen(deltaspkts) > len) {
14877 deltaspkts[len - 1] = '*';
14878 deltaspkts[len] = '\0';
14879 }
14880 }
14881 sprintf (buf, "%*.*s ", len, len, deltaspkts);
14882 }
14883
14884 #ifdef ARGUSDEBUG
14885 ArgusDebug (10, "ArgusPrintDeltaSrcPkts (%p, %p)", buf, argus);
14886 #endif
14887 }
14888
14889 void
ArgusPrintDeltaDstPkts(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)14890 ArgusPrintDeltaDstPkts (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14891 {
14892 struct ArgusCorrelateStruct *cor = (void *)argus->dsrs[ARGUS_COR_INDEX];
14893 char deltadpkts[128];
14894 int ddpkts = 0;
14895
14896 bzero (deltadpkts, sizeof(deltadpkts));
14897 if (cor != NULL) {
14898 ddpkts = cor->metrics.deltaDstPkts;
14899 sprintf (deltadpkts, "%d", ddpkts);
14900 } else {
14901 sprintf (deltadpkts, " ");
14902 }
14903
14904 if (parser->ArgusPrintXml) {
14905 sprintf (buf, " DeltaSrcPkts = \"%s\"", deltadpkts);
14906 } else {
14907 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
14908 len = strlen(deltadpkts);
14909 } else {
14910 if (strlen(deltadpkts) > len) {
14911 deltadpkts[len - 1] = '*';
14912 deltadpkts[len] = '\0';
14913 }
14914 }
14915 sprintf (buf, "%*.*s ", len, len, deltadpkts);
14916 }
14917
14918 #ifdef ARGUSDEBUG
14919 ArgusDebug (10, "ArgusPrintDeltaSrcPkts (%p, %p)", buf, argus);
14920 #endif
14921 }
14922
14923
14924 void
ArgusPrintDeltaSrcBytes(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)14925 ArgusPrintDeltaSrcBytes (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14926 {
14927
14928 if (parser->ArgusPrintXml) {
14929 sprintf (buf, " DeltaSrcBytes = \"%s\"", " ");
14930 } else
14931 sprintf (buf, "%*.*s ", len, len, " ");
14932
14933 #ifdef ARGUSDEBUG
14934 ArgusDebug (10, "ArgusPrintDeltaSrcBytes (%p, %p)", buf, argus);
14935 #endif
14936 }
14937
14938
14939 void
ArgusPrintDeltaDstBytes(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)14940 ArgusPrintDeltaDstBytes (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14941 {
14942
14943 if (parser->ArgusPrintXml) {
14944 sprintf (buf, " DeltaDstBytes = \"%s\"", " ");
14945 } else
14946 sprintf (buf, "%*.*s ", len, len, " ");
14947
14948 #ifdef ARGUSDEBUG
14949 ArgusDebug (10, "ArgusPrintDeltaDstBytes (%p, %p)", buf, argus);
14950 #endif
14951 }
14952
14953 void
ArgusPrintPercentDeltaSrcPkts(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)14954 ArgusPrintPercentDeltaSrcPkts (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14955 {
14956
14957 if (parser->ArgusPrintXml) {
14958 sprintf (buf, " PctDeltaSrcPkts = \"%s\"", " ");
14959 } else
14960 sprintf (buf, "%*.*s ", len, len, " ");
14961
14962 #ifdef ARGUSDEBUG
14963 ArgusDebug (10, "ArgusPrintPercentDeltaSrcPkts (%p, %p)", buf, argus);
14964 #endif
14965 }
14966
14967 void
ArgusPrintPercentDeltaDstPkts(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)14968 ArgusPrintPercentDeltaDstPkts (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14969 {
14970
14971 if (parser->ArgusPrintXml) {
14972 sprintf (buf, " PctDeltaDstPkts = \"%s\"", " ");
14973 } else
14974 sprintf (buf, "%*.*s ", len, len, " ");
14975
14976 #ifdef ARGUSDEBUG
14977 ArgusDebug (10, "ArgusPrintPercentDeltaDstPkts (%p, %p)", buf, argus);
14978 #endif
14979 }
14980
14981
14982 void
ArgusPrintPercentDeltaSrcBytes(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)14983 ArgusPrintPercentDeltaSrcBytes (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14984 {
14985
14986 if (parser->ArgusPrintXml) {
14987 sprintf (buf, " PctDeltaSrcBytes = \"%s\"", " ");
14988 } else
14989 sprintf (buf, "%*.*s ", len, len, " ");
14990
14991 #ifdef ARGUSDEBUG
14992 ArgusDebug (10, "ArgusPrintPercentDeltaSrcBytes (%p, %p)", buf, argus);
14993 #endif
14994 }
14995
14996
14997 void
ArgusPrintPercentDeltaDstBytes(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)14998 ArgusPrintPercentDeltaDstBytes (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
14999 {
15000
15001 if (parser->ArgusPrintXml) {
15002 sprintf (buf, " PctDeltaDstBytes = \"%s\"", " ");
15003 } else
15004 sprintf (buf, "%*.*s ", len, len, " ");
15005
15006 #ifdef ARGUSDEBUG
15007 ArgusDebug (10, "ArgusPrintPercentDeltaDstBytes (%p, %p)", buf, argus);
15008 #endif
15009 }
15010
15011
15012 char ArgusIPStatus[32];
15013
15014 void
ArgusPrintIPStatus(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)15015 ArgusPrintIPStatus (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
15016 {
15017
15018 if (parser->ArgusPrintXml) {
15019 sprintf (buf, " IPStatus = \"%s\"", " ");
15020 } else
15021 sprintf (buf, "%*.*s ", len, len, " ");
15022
15023 #ifdef ARGUSDEBUG
15024 ArgusDebug (10, "ArgusPrintIPStatus (%p, %p)", buf, argus);
15025 #endif
15026 }
15027
15028 void
ArgusPrintManStatus(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)15029 ArgusPrintManStatus (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
15030 {
15031 if (parser->ArgusPrintMan) {
15032 if (parser->ArgusPrintJson) {
15033 struct ArgusRecord *rec = (struct ArgusRecord *)argus->dsrs[ARGUS_MAR_INDEX];
15034 struct timeval tvpbuf, *tvp = &tvpbuf;
15035
15036 if (rec != NULL) {
15037 struct ArgusMarStruct mar = rec->ar_un.mar;
15038 char tbuf[256], *cptr;
15039 int l = 0, dlen = 0;
15040
15041 // srcid is the "safe" version of argusid/thisid
15042 ArgusPrintSourceID(parser, tbuf, argus, dlen);
15043 cptr = ArgusTrimString(tbuf);
15044 l = strlen(buf);
15045 dlen = len - l;
15046 l += sprintf(buf + l, " \"srcid\":\"%s\",", cptr);
15047 dlen--;
15048
15049 // Cause
15050 bzero(tbuf, 256);
15051 ArgusPrintCause(parser, tbuf, argus, 64);
15052 cptr = ArgusTrimString(tbuf);
15053 l = strlen(buf);
15054 dlen = len - l;
15055 l += sprintf(buf + l, " \"cause\":\"%s\",", cptr);
15056 dlen--;
15057
15058 // starttime
15059 bzero(tbuf, 256);
15060 tvp->tv_sec = mar.startime.tv_sec;
15061 tvp->tv_usec = mar.startime.tv_usec;
15062 ArgusPrintTime(parser, tbuf, tvp);
15063 if (parser->uflag) {
15064 l += sprintf(buf + l, " \"starttime\":%s,", tbuf);
15065 } else {
15066 l += sprintf(buf + l, " \"starttime\":\"%s\",", tbuf);
15067 }
15068
15069 // "now"
15070 bzero(tbuf, 256);
15071 tvp->tv_sec = mar.now.tv_sec;
15072 tvp->tv_usec = mar.now.tv_usec;
15073 ArgusPrintTime(parser, tbuf, tvp);
15074 if (parser->uflag) {
15075 l += sprintf(buf + l, " \"now\":%s,", tbuf);
15076 } else {
15077 l += sprintf(buf + l, " \"now\":\"%s\",", tbuf);
15078 }
15079
15080 // l += sprintf(buf+l," \"status\":%u,", mar.status);
15081 if (mar.localnet != 0 || mar.netmask != 0)
15082 {
15083 l += sprintf(buf + l, " \"localnet\":\"%s\",", intoa(mar.localnet));
15084 l += sprintf(buf + l, " \"netmask\":\"%s\",", intoa(mar.netmask));
15085 }
15086 l += sprintf(buf + l, " \"nextMrSequenceNum\":%u,", mar.nextMrSequenceNum);
15087 l += sprintf(buf + l, " \"version\":\"%hhu.%hhu\",", mar.major_version, mar.minor_version);
15088 l += sprintf(buf + l, " \"interfaceType\":%hhu,", mar.interfaceType);
15089 l += sprintf(buf + l, " \"interfaceStatus\":%hhu,", mar.interfaceStatus);
15090 l += sprintf(buf + l, " \"reportInterval\":%hu,", mar.reportInterval);
15091 l += sprintf(buf + l, " \"argusMrInterval\":%hu,", mar.argusMrInterval);
15092 l += sprintf(buf + l, " \"pktsRcvd\":%llu,", mar.pktsRcvd);
15093 l += sprintf(buf + l, " \"bytesRcvd\":%llu,", mar.bytesRcvd);
15094 l += sprintf(buf + l, " \"drift\":%lli,", mar.drift);
15095 l += sprintf(buf + l, " \"records\":%u,", mar.records);
15096 l += sprintf(buf + l, " \"flows\":%u,", mar.flows);
15097 l += sprintf(buf + l, " \"dropped\":%u,", mar.dropped);
15098 l += sprintf(buf + l, " \"queue\":%u,", mar.queue);
15099 l += sprintf(buf + l, " \"output\":%u,", mar.output);
15100 l += sprintf(buf + l, " \"clients\":%u,", mar.clients);
15101 l += sprintf(buf + l, " \"bufs\":%u,", mar.bufs);
15102 l += sprintf(buf + l, " \"bytes\":%u,", mar.bytes);
15103
15104 l += sprintf(buf + l, " \"suserlen\":%hu,", mar.suserlen);
15105 l += sprintf(buf + l, " \"duserlen\":%hu,", mar.duserlen);
15106 }
15107
15108 } else {
15109 // "Normal" printing mode... shouldn't usually be reached due to other gates in printing routines
15110 ArgusPrintRecord(parser, buf, argus, len);
15111 sprintf(buf, "%*.*s ", len, len, " ");
15112 }
15113
15114 } else {
15115 if (parser->ArgusPrintXml) {
15116 sprintf (buf, " ManStatus = \"%s\"", " ");
15117 } else
15118 sprintf (buf, "%*.*s ", len, len, " ");
15119 }
15120
15121 #ifdef ARGUSDEBUG
15122 ArgusDebug (10, "ArgusPrintManStatus (%p, %p)", buf, argus);
15123 #endif
15124 }
15125
15126 void
ArgusPrintIGMPStatus(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)15127 ArgusPrintIGMPStatus (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
15128 {
15129
15130 if (parser->ArgusPrintXml) {
15131 sprintf (buf, " IGMPStatus = \"%s\"", " ");
15132 } else
15133 sprintf (buf, "%*.*s ", len, len, " ");
15134
15135 #ifdef ARGUSDEBUG
15136 ArgusDebug (10, "ArgusPrintIGMPStatus (%p, %p)", buf, argus);
15137 #endif
15138 }
15139
15140 void
ArgusPrintICMPStatus(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)15141 ArgusPrintICMPStatus (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
15142 {
15143
15144 if (parser->ArgusPrintXml) {
15145 sprintf (buf, " ICMPStatus = \"%s\"", " ");
15146 } else
15147 sprintf (buf, "%*.*s ", len, len, " ");
15148
15149 #ifdef ARGUSDEBUG
15150 ArgusDebug (10, "ArgusPrintICMPStatus (%p, %p)", buf, argus);
15151 #endif
15152 }
15153
15154
15155 void
ArgusPrintSrcEncaps(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)15156 ArgusPrintSrcEncaps (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
15157 {
15158 struct ArgusEncapsStruct *encaps = NULL;
15159 char ebuf[32];
15160
15161 bzero(ebuf, sizeof(ebuf));
15162 if ((encaps = (struct ArgusEncapsStruct *)argus->dsrs[ARGUS_ENCAPS_INDEX]) != NULL) {
15163 unsigned int i, types = encaps->src, ind = 0;
15164
15165 for (i = 0; i < ARGUS_ENCAPS_TYPE; i++) {
15166 if (types & (0x01 << i)) {
15167 switch (0x01 << i) {
15168 case ARGUS_ENCAPS_ETHER: ebuf[ind++] = 'e'; break;
15169 case ARGUS_ENCAPS_LLC: ebuf[ind++] = 'l'; break;
15170 case ARGUS_ENCAPS_MPLS: ebuf[ind++] = 'm'; break;
15171 case ARGUS_ENCAPS_8021Q: ebuf[ind++] = 'v'; break;
15172 case ARGUS_ENCAPS_PPP: ebuf[ind++] = 'p'; break;
15173 case ARGUS_ENCAPS_ISL: ebuf[ind++] = 'i'; break;
15174 case ARGUS_ENCAPS_GRE: ebuf[ind++] = 'G'; break;
15175 case ARGUS_ENCAPS_AH: ebuf[ind++] = 'a'; break;
15176 case ARGUS_ENCAPS_IP: ebuf[ind++] = 'P'; break;
15177 case ARGUS_ENCAPS_IPV6: ebuf[ind++] = '6'; break;
15178 case ARGUS_ENCAPS_HDLC: ebuf[ind++] = 'H'; break;
15179 case ARGUS_ENCAPS_CHDLC: ebuf[ind++] = 'C'; break;
15180 case ARGUS_ENCAPS_ATM: ebuf[ind++] = 'A'; break;
15181 case ARGUS_ENCAPS_SLL: ebuf[ind++] = 'S'; break;
15182 case ARGUS_ENCAPS_FDDI: ebuf[ind++] = 'F'; break;
15183 case ARGUS_ENCAPS_SLIP: ebuf[ind++] = 's'; break;
15184 case ARGUS_ENCAPS_ARCNET: ebuf[ind++] = 'R'; break;
15185 case ARGUS_ENCAPS_802_11: ebuf[ind++] = 'w'; break;
15186 case ARGUS_ENCAPS_PRISM: ebuf[ind++] = 'z'; break;
15187 case ARGUS_ENCAPS_AVS: ebuf[ind++] = 'a'; break;
15188 case ARGUS_ENCAPS_TEREDO: ebuf[ind++] = 'T'; break;
15189 case ARGUS_ENCAPS_JUNIPER: ebuf[ind++] = 'J'; break;
15190 case ARGUS_ENCAPS_ERSPAN_II: ebuf[ind++] = 'E'; break;
15191 }
15192 }
15193 }
15194 }
15195
15196 if (parser->ArgusPrintXml) {
15197 sprintf (buf, " SrcEncaps = \"%s\"", ebuf);
15198 } else {
15199 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
15200 len = strlen(ebuf);
15201 } else {
15202 if (strlen(ebuf) > len) {
15203 ebuf[len - 1] = '*';
15204 ebuf[len] = '\0';
15205 }
15206 }
15207 sprintf (buf, "%*.*s ", len, len, ebuf);
15208 }
15209
15210 #ifdef ARGUSDEBUG
15211 ArgusDebug (10, "ArgusPrintSrcEncaps (%p, %p)", buf, argus);
15212 #endif
15213 }
15214
15215 void
ArgusPrintDstEncaps(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)15216 ArgusPrintDstEncaps (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
15217 {
15218 struct ArgusEncapsStruct *encaps = NULL;
15219 char ebuf[32];
15220
15221 bzero(ebuf, sizeof(ebuf));
15222 if ((encaps = (struct ArgusEncapsStruct *)argus->dsrs[ARGUS_ENCAPS_INDEX]) != NULL) {
15223 unsigned int i, types = encaps->dst, ind = 0;
15224
15225 for (i = 0; i < ARGUS_ENCAPS_TYPE; i++) {
15226 if (types & (0x01 << i)) {
15227 switch (0x01 << i) {
15228 case ARGUS_ENCAPS_ETHER: ebuf[ind++] = 'e'; break;
15229 case ARGUS_ENCAPS_LLC: ebuf[ind++] = 'l'; break;
15230 case ARGUS_ENCAPS_MPLS: ebuf[ind++] = 'm'; break;
15231 case ARGUS_ENCAPS_8021Q: ebuf[ind++] = 'v'; break;
15232 case ARGUS_ENCAPS_PPP: ebuf[ind++] = 'p'; break;
15233 case ARGUS_ENCAPS_ISL: ebuf[ind++] = 'i'; break;
15234 case ARGUS_ENCAPS_GRE: ebuf[ind++] = 'G'; break;
15235 case ARGUS_ENCAPS_AH: ebuf[ind++] = 'a'; break;
15236 case ARGUS_ENCAPS_IP: ebuf[ind++] = 'P'; break;
15237 case ARGUS_ENCAPS_IPV6: ebuf[ind++] = '6'; break;
15238 case ARGUS_ENCAPS_HDLC: ebuf[ind++] = 'H'; break;
15239 case ARGUS_ENCAPS_CHDLC: ebuf[ind++] = 'C'; break;
15240 case ARGUS_ENCAPS_ATM: ebuf[ind++] = 'A'; break;
15241 case ARGUS_ENCAPS_SLL: ebuf[ind++] = 'S'; break;
15242 case ARGUS_ENCAPS_FDDI: ebuf[ind++] = 'F'; break;
15243 case ARGUS_ENCAPS_SLIP: ebuf[ind++] = 's'; break;
15244 case ARGUS_ENCAPS_ARCNET: ebuf[ind++] = 'R'; break;
15245 case ARGUS_ENCAPS_802_11: ebuf[ind++] = 'w'; break;
15246 case ARGUS_ENCAPS_PRISM: ebuf[ind++] = 'z'; break;
15247 case ARGUS_ENCAPS_AVS: ebuf[ind++] = 'a'; break;
15248 case ARGUS_ENCAPS_TEREDO: ebuf[ind++] = 'T'; break;
15249 case ARGUS_ENCAPS_JUNIPER: ebuf[ind++] = 'J'; break;
15250 case ARGUS_ENCAPS_ERSPAN_II: ebuf[ind++] = 'E'; break;
15251 }
15252 }
15253 }
15254 }
15255
15256 if (parser->ArgusPrintXml) {
15257 sprintf (buf, " DstEncaps = \"%s\"", ebuf);
15258 } else {
15259 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
15260 len = strlen(ebuf);
15261 } else {
15262 if (strlen(ebuf) > len) {
15263 ebuf[len - 1] = '*';
15264 ebuf[len] = '\0';
15265 }
15266 }
15267 sprintf (buf, "%*.*s ", len, len, ebuf);
15268 }
15269
15270 #ifdef ARGUSDEBUG
15271 ArgusDebug (10, "ArgusPrintDstEncaps (%p, %p)", buf, argus);
15272 #endif
15273 }
15274
15275
15276 char RaPrecisionPad[128], RaTimePad[128], RaDateBuf[128];
15277
15278
15279 char *
ArgusGenerateLabel(struct ArgusParserStruct * parser,struct ArgusRecordStruct * argus)15280 ArgusGenerateLabel(struct ArgusParserStruct *parser, struct ArgusRecordStruct *argus)
15281 {
15282 int i, x;
15283
15284 bzero (RaDateBuf, sizeof (RaDateBuf));
15285 bzero (RaTimePad, sizeof (RaTimePad));
15286 bzero (RaPrecisionPad, sizeof (RaPrecisionPad));
15287 bzero (parser->RaLabelStr, sizeof(parser->RaLabelStr));
15288
15289 parser->RaLabel = parser->RaLabelStr;
15290
15291 for (i = 0; i < MAX_PRINT_ALG_TYPES; i++) {
15292 if (parser->RaPrintAlgorithmList[i] != NULL) {
15293 for (x = 0; x < MAX_PRINT_ALG_TYPES; x++) {
15294 if (((void *) parser->RaPrintAlgorithmList[i]->print != NULL) &&
15295 ((void *) parser->RaPrintAlgorithmList[i]->print == (void *) RaPrintAlgorithmTable[x].print)) {
15296 char labelbuf[MAXSTRLEN], *lptr = labelbuf;
15297 bzero(labelbuf, sizeof(labelbuf));
15298 RaPrintAlgorithmTable[x].label(parser, labelbuf, parser->RaPrintAlgorithmList[i]->length);
15299 if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
15300 lptr = ArgusTrimString(labelbuf);
15301 sprintf(&parser->RaLabel[strlen(parser->RaLabel)], "%s ", lptr);
15302 } else
15303 sprintf(&parser->RaLabel[strlen(parser->RaLabel)], "%s", lptr);
15304 break;
15305 }
15306 }
15307 } else
15308 break;
15309
15310 }
15311
15312 if (parser->ArgusPrintXml) {
15313 } else
15314 if ((parser->RaFieldDelimiter != ' ') && (parser->RaFieldDelimiter != '\0')) {
15315 switch (parser->RaFieldWidth) {
15316 case RA_FIXED_WIDTH: {
15317 char tmpbuf[128], *ptr = tmpbuf, *str = parser->RaLabel, lastchr = ' ';
15318 bzero (tmpbuf, sizeof(tmpbuf));
15319 lastchr = parser->RaFieldDelimiter;
15320 while (*str) {
15321 if (*str == ' ') {
15322 if (lastchr != parser->RaFieldDelimiter)
15323 *ptr++ = parser->RaFieldDelimiter;
15324 while (isspace((int)*str)) str++;
15325 }
15326 lastchr = *str;
15327 *ptr++ = *str++;
15328 }
15329 bzero (parser->RaLabel, MAXSTRLEN);
15330 if (tmpbuf[strlen(tmpbuf) - 1] == parser->RaFieldDelimiter)
15331 tmpbuf[strlen(tmpbuf) - 1] = '\0';
15332 if (parser->RaFieldQuoted) {
15333 char *ptr = parser->RaLabel, sepbuf[8], *sep = sepbuf;
15334 char *ap, *tstr = tmpbuf;
15335 int i = 0;
15336 bzero(sep, 8);
15337 sep[0] = parser->RaFieldDelimiter;
15338 while ((ap = strtok(tstr, sep)) != NULL) {
15339 if (i++)
15340 *ptr++ = parser->RaFieldDelimiter;
15341 if (*ap != '\0') {
15342 sprintf (ptr, "%c%s%c", parser->RaFieldQuoted, ap, parser->RaFieldQuoted);
15343 ptr += strlen(ptr);
15344 } else {
15345 sprintf (ptr, "%c%c", parser->RaFieldQuoted, parser->RaFieldQuoted);
15346 }
15347 tstr = NULL;
15348 }
15349 } else
15350 bcopy (tmpbuf, parser->RaLabel, strlen(tmpbuf));
15351 }
15352 break;
15353
15354 default: {
15355 char tmpbuf[0x10000], *ptr = tmpbuf, *str = parser->RaLabel, lastchr = ' ';
15356 bzero (tmpbuf, sizeof(tmpbuf));
15357 lastchr = parser->RaFieldDelimiter;
15358 while (*str) {
15359 if (*str == ' ') {
15360 if (lastchr != parser->RaFieldDelimiter)
15361 *ptr++ = parser->RaFieldDelimiter;
15362 while (isspace((int)*str)) str++;
15363 }
15364 lastchr = *str;
15365 *ptr++ = *str++;
15366 }
15367 bzero (parser->RaLabel, sizeof(parser->RaLabelStr));
15368 if (tmpbuf[strlen(tmpbuf) - 1] == parser->RaFieldDelimiter)
15369 tmpbuf[strlen(tmpbuf) - 1] = '\0';
15370 if (parser->RaFieldQuoted) {
15371 char *ptr = parser->RaLabel, sepbuf[8], *sep = sepbuf;
15372 char *ap, *tstr = tmpbuf;
15373 int i = 0;
15374 bzero(sep, 8);
15375 sep[0] = parser->RaFieldDelimiter;
15376 while ((ap = strtok(tstr, sep)) != NULL) {
15377 if (i++)
15378 *ptr++ = parser->RaFieldDelimiter;
15379 if (*ap != '\0') {
15380 sprintf (ptr, "%c%s%c", parser->RaFieldQuoted, ap, parser->RaFieldQuoted);
15381 ptr += strlen(ptr);
15382 } else {
15383 sprintf (ptr, "%c%c", parser->RaFieldQuoted, parser->RaFieldQuoted);
15384 }
15385 tstr = NULL;
15386 }
15387 } else
15388 bcopy (tmpbuf, parser->RaLabel, strlen(tmpbuf));
15389 }
15390 }
15391 }
15392 return (parser->RaLabel);
15393 }
15394
15395 void
ArgusPrintCauseLabel(struct ArgusParserStruct * parser,char * buf,int len)15396 ArgusPrintCauseLabel (struct ArgusParserStruct *parser, char *buf, int len)
15397 {
15398 sprintf (buf, "%*.*s ", len, len, "Cause");
15399 }
15400
15401 void
ArgusPrintBssidLabel(struct ArgusParserStruct * parser,char * buf,int len)15402 ArgusPrintBssidLabel (struct ArgusParserStruct *parser, char *buf, int len)
15403 {
15404 sprintf (buf, "%*.*s ", len, len, "Bssid");
15405 }
15406
15407 void
ArgusPrintSsidLabel(struct ArgusParserStruct * parser,char * buf,int len)15408 ArgusPrintSsidLabel (struct ArgusParserStruct *parser, char *buf, int len)
15409 {
15410 sprintf (buf, "%*.*s ", len, len, "Ssid");
15411 }
15412
15413 void
ArgusPrintStartDateLabel(struct ArgusParserStruct * parser,char * buf,int len)15414 ArgusPrintStartDateLabel (struct ArgusParserStruct *parser, char *buf, int len)
15415 {
15416 if (parser->ArgusFractionalDate)
15417 len += parser->pflag;
15418 sprintf (buf, "%*.*s ", len, len, "StartTime");
15419 }
15420
15421 void
ArgusPrintLastDateLabel(struct ArgusParserStruct * parser,char * buf,int len)15422 ArgusPrintLastDateLabel (struct ArgusParserStruct *parser, char *buf, int len)
15423 {
15424 if (parser->ArgusFractionalDate)
15425 len += parser->pflag;
15426 sprintf (buf, "%*.*s ", len, len, "LastTime");
15427 }
15428
15429 void
ArgusPrintSrcStartDateLabel(struct ArgusParserStruct * parser,char * buf,int len)15430 ArgusPrintSrcStartDateLabel (struct ArgusParserStruct *parser, char *buf, int len)
15431 {
15432 if (parser->ArgusFractionalDate)
15433 len += (parser->pflag + 1);
15434 sprintf (buf, "%*.*s ", len, len, "SrcStartTime");
15435 }
15436
15437 void
ArgusPrintSrcLastDateLabel(struct ArgusParserStruct * parser,char * buf,int len)15438 ArgusPrintSrcLastDateLabel (struct ArgusParserStruct *parser, char *buf, int len)
15439 {
15440 if (parser->ArgusFractionalDate)
15441 len += (parser->pflag + 1);
15442 sprintf (buf, "%*.*s ", len, len, "SrcLastTime");
15443 }
15444 void
ArgusPrintDstStartDateLabel(struct ArgusParserStruct * parser,char * buf,int len)15445 ArgusPrintDstStartDateLabel (struct ArgusParserStruct *parser, char *buf, int len)
15446 {
15447 if (parser->ArgusFractionalDate)
15448 len += (parser->pflag + 1);
15449 sprintf (buf, "%*.*s ", len, len, "DstStartTime");
15450 }
15451
15452 void
ArgusPrintDstLastDateLabel(struct ArgusParserStruct * parser,char * buf,int len)15453 ArgusPrintDstLastDateLabel (struct ArgusParserStruct *parser, char *buf, int len)
15454 {
15455 if (parser->ArgusFractionalDate)
15456 len += (parser->pflag + 1);
15457 sprintf (buf, "%*.*s ", len, len, "DstLastTime");
15458 }
15459
15460 void
ArgusPrintRelativeDateLabel(struct ArgusParserStruct * parser,char * buf,int len)15461 ArgusPrintRelativeDateLabel (struct ArgusParserStruct *parser, char *buf, int len)
15462 {
15463 sprintf (buf, "%*.*s ", len, len, "RelTime");
15464 }
15465
15466 void
ArgusPrintSourceIDLabel(struct ArgusParserStruct * parser,char * buf,int len)15467 ArgusPrintSourceIDLabel (struct ArgusParserStruct *parser, char *buf, int len)
15468 {
15469 sprintf (buf, "%*.*s ", len, len, "SrcId");
15470 }
15471
15472 void
ArgusPrintFlagsLabel(struct ArgusParserStruct * parser,char * buf,int len)15473 ArgusPrintFlagsLabel (struct ArgusParserStruct *parser, char *buf, int len)
15474 {
15475 sprintf (buf, "%*.*s ", len, len, "Flgs");
15476 }
15477
15478 void
ArgusPrintSrcMacAddressLabel(struct ArgusParserStruct * parser,char * buf,int len)15479 ArgusPrintSrcMacAddressLabel (struct ArgusParserStruct *parser, char *buf, int len)
15480 {
15481 if (parser->RaMonMode) {
15482 sprintf (buf, "%*.*s ", len, len, "Mac");
15483 } else {
15484 sprintf (buf, "%*.*s ", len, len, "SrcMac");
15485 }
15486 }
15487
15488 void
ArgusPrintDstMacAddressLabel(struct ArgusParserStruct * parser,char * buf,int len)15489 ArgusPrintDstMacAddressLabel (struct ArgusParserStruct *parser, char *buf, int len)
15490 {
15491 sprintf (buf, "%*.*s ", len, len, "DstMac");
15492 }
15493
15494 void
ArgusPrintSrcOuiLabel(struct ArgusParserStruct * parser,char * buf,int len)15495 ArgusPrintSrcOuiLabel (struct ArgusParserStruct *parser, char *buf, int len)
15496 {
15497 if (parser->RaMonMode) {
15498 sprintf (buf, "%*.*s ", len, len, "Oui");
15499 } else {
15500 sprintf (buf, "%*.*s ", len, len, "SrcOui");
15501 }
15502 }
15503
15504 void
ArgusPrintDstOuiLabel(struct ArgusParserStruct * parser,char * buf,int len)15505 ArgusPrintDstOuiLabel (struct ArgusParserStruct *parser, char *buf, int len)
15506 {
15507 sprintf (buf, "%*.*s ", len, len, "DstOui");
15508 }
15509
15510 void
ArgusPrintProtoLabel(struct ArgusParserStruct * parser,char * buf,int len)15511 ArgusPrintProtoLabel (struct ArgusParserStruct *parser, char *buf, int len)
15512 {
15513 sprintf (buf, "%*.*s ", len, len, "Proto");
15514 }
15515
15516 void
ArgusPrintSrcNetLabel(struct ArgusParserStruct * parser,char * buf,int len)15517 ArgusPrintSrcNetLabel (struct ArgusParserStruct *parser, char *buf, int len)
15518 {
15519 if (parser->RaMonMode) {
15520 sprintf (buf, "%*.*s ", len, len, "Net");
15521 } else {
15522 sprintf (buf, "%*.*s ", len, len, "SrcNet");
15523 }
15524 }
15525
15526 void
ArgusPrintSrcAddrLabel(struct ArgusParserStruct * parser,char * buf,int len)15527 ArgusPrintSrcAddrLabel (struct ArgusParserStruct *parser, char *buf, int len)
15528 {
15529 if (parser->RaMonMode) {
15530 sprintf (buf, "%*.*s ", len, len, "Host");
15531 } else {
15532 if (parser->domainonly && (!parser->nflag)) {
15533 sprintf (buf, "%*.*s ", len, len, "SrcDomain");
15534 } else {
15535 sprintf (buf, "%*.*s ", len, len, "SrcAddr");
15536 }
15537 }
15538 }
15539
15540 void
ArgusPrintDstNetLabel(struct ArgusParserStruct * parser,char * buf,int len)15541 ArgusPrintDstNetLabel (struct ArgusParserStruct *parser, char *buf, int len)
15542 {
15543 sprintf (buf, "%*.*s ", len, len, "DstNet");
15544 }
15545
15546 void
ArgusPrintDstAddrLabel(struct ArgusParserStruct * parser,char * buf,int len)15547 ArgusPrintDstAddrLabel (struct ArgusParserStruct *parser, char *buf, int len)
15548 {
15549 if (parser->domainonly && (!parser->nflag)) {
15550 sprintf (buf, "%*.*s ", len, len, "DstDomain");
15551 } else {
15552 sprintf (buf, "%*.*s ", len, len, "DstAddr");
15553 }
15554 }
15555
15556 void
ArgusPrintLocalNetLabel(struct ArgusParserStruct * parser,char * buf,int len)15557 ArgusPrintLocalNetLabel (struct ArgusParserStruct *parser, char *buf, int len)
15558 {
15559 if (parser->RaMonMode) {
15560 sprintf (buf, "%*.*s ", len, len, "Net");
15561 } else {
15562 sprintf (buf, "%*.*s ", len, len, "LocalNet");
15563 }
15564 }
15565
15566 void
ArgusPrintLocalAddrLabel(struct ArgusParserStruct * parser,char * buf,int len)15567 ArgusPrintLocalAddrLabel (struct ArgusParserStruct *parser, char *buf, int len)
15568 {
15569 if (parser->RaMonMode) {
15570 sprintf (buf, "%*.*s ", len, len, "Host");
15571 } else {
15572 if (parser->domainonly && (!parser->nflag)) {
15573 sprintf (buf, "%*.*s ", len, len, "LocalDomain");
15574 } else {
15575 sprintf (buf, "%*.*s ", len, len, "LocalAddr");
15576 }
15577 }
15578 }
15579
15580 void
ArgusPrintRemoteNetLabel(struct ArgusParserStruct * parser,char * buf,int len)15581 ArgusPrintRemoteNetLabel (struct ArgusParserStruct *parser, char *buf, int len)
15582 {
15583 sprintf (buf, "%*.*s ", len, len, "RemoteNet");
15584 }
15585
15586 void
ArgusPrintRemoteAddrLabel(struct ArgusParserStruct * parser,char * buf,int len)15587 ArgusPrintRemoteAddrLabel (struct ArgusParserStruct *parser, char *buf, int len)
15588 {
15589 if (parser->domainonly && (!parser->nflag)) {
15590 sprintf (buf, "%*.*s ", len, len, "RemoteDomain");
15591 } else {
15592 sprintf (buf, "%*.*s ", len, len, "RemoteAddr");
15593 }
15594 }
15595
15596 void
ArgusPrintSrcPortLabel(struct ArgusParserStruct * parser,char * buf,int len)15597 ArgusPrintSrcPortLabel (struct ArgusParserStruct *parser, char *buf, int len)
15598 {
15599 sprintf (buf, "%*.*s ", len, len, "Sport");
15600 }
15601
15602 void
ArgusPrintDstPortLabel(struct ArgusParserStruct * parser,char * buf,int len)15603 ArgusPrintDstPortLabel (struct ArgusParserStruct *parser, char *buf, int len)
15604 {
15605 sprintf (buf, "%*.*s ", len, len, "Dport");
15606 }
15607
15608 void
ArgusPrintSrcIpIdLabel(struct ArgusParserStruct * parser,char * buf,int len)15609 ArgusPrintSrcIpIdLabel (struct ArgusParserStruct *parser, char *buf, int len)
15610 {
15611 sprintf (buf, "%*.*s ", len, len, "sIpId");
15612 }
15613
15614 void
ArgusPrintDstIpIdLabel(struct ArgusParserStruct * parser,char * buf,int len)15615 ArgusPrintDstIpIdLabel (struct ArgusParserStruct *parser, char *buf, int len)
15616 {
15617 sprintf (buf, "%*.*s ", len, len, "dIpId");
15618 }
15619 /*
15620 ArgusPrintIpIdLabel (struct ArgusParserStruct *parser, char *buf, int len)
15621 {
15622 ArgusPrintSrcIpIdLabel (parser, buf);
15623 ArgusPrintDstIpIdLabel (parser, buf);
15624 }
15625 */
15626 void
ArgusPrintSrcDSByteLabel(struct ArgusParserStruct * parser,char * buf,int len)15627 ArgusPrintSrcDSByteLabel (struct ArgusParserStruct *parser, char *buf, int len)
15628 {
15629 sprintf (buf, "%*.*s ", len, len, "sDSb");
15630 }
15631
15632 void
ArgusPrintDstDSByteLabel(struct ArgusParserStruct * parser,char * buf,int len)15633 ArgusPrintDstDSByteLabel (struct ArgusParserStruct *parser, char *buf, int len)
15634 {
15635 sprintf (buf, "%*.*s ", len, len, "dDSb");
15636 }
15637
15638 void
ArgusPrintSrcTosLabel(struct ArgusParserStruct * parser,char * buf,int len)15639 ArgusPrintSrcTosLabel (struct ArgusParserStruct *parser, char *buf, int len)
15640 {
15641 sprintf (buf, "%*.*s ", len, len, "sTos");
15642 }
15643
15644 void
ArgusPrintDstTosLabel(struct ArgusParserStruct * parser,char * buf,int len)15645 ArgusPrintDstTosLabel (struct ArgusParserStruct *parser, char *buf, int len)
15646 {
15647 sprintf (buf, "%*.*s ", len, len, "dTos");
15648 }
15649
15650 void
ArgusPrintSrcTtlLabel(struct ArgusParserStruct * parser,char * buf,int len)15651 ArgusPrintSrcTtlLabel (struct ArgusParserStruct *parser, char *buf, int len)
15652 {
15653 sprintf (buf, "%*.*s ", len, len, "sTtl");
15654 }
15655
15656 void
ArgusPrintDstTtlLabel(struct ArgusParserStruct * parser,char * buf,int len)15657 ArgusPrintDstTtlLabel (struct ArgusParserStruct *parser, char *buf, int len)
15658 {
15659 sprintf (buf, "%*.*s ", len, len, "dTtl");
15660 }
15661
15662 void
ArgusPrintSrcHopCountLabel(struct ArgusParserStruct * parser,char * buf,int len)15663 ArgusPrintSrcHopCountLabel (struct ArgusParserStruct *parser, char *buf, int len)
15664 {
15665 sprintf (buf, "%*.*s ", len, len, "sHops");
15666 }
15667
15668 void
ArgusPrintDstHopCountLabel(struct ArgusParserStruct * parser,char * buf,int len)15669 ArgusPrintDstHopCountLabel (struct ArgusParserStruct *parser, char *buf, int len)
15670 {
15671 sprintf (buf, "%*.*s ", len, len, "dHops");
15672 }
15673
15674 void
ArgusPrintDirectionLabel(struct ArgusParserStruct * parser,char * buf,int len)15675 ArgusPrintDirectionLabel (struct ArgusParserStruct *parser, char *buf, int len)
15676 {
15677 sprintf (buf, "%*.*s ", len, len, "Dir");
15678 }
15679
15680 void
ArgusPrintInodeLabel(struct ArgusParserStruct * parser,char * buf,int len)15681 ArgusPrintInodeLabel (struct ArgusParserStruct *parser, char *buf, int len)
15682 {
15683 sprintf (buf, "%*.*s ", len, len, "Inode");
15684 }
15685
15686 void
ArgusPrintKeyStrokeNStrokeLabel(struct ArgusParserStruct * parser,char * buf,int len)15687 ArgusPrintKeyStrokeNStrokeLabel (struct ArgusParserStruct *parser, char *buf, int len)
15688 {
15689 sprintf (buf, "%*.*s ", len, len, "NStrok");
15690 }
15691
15692 void
ArgusPrintKeyStrokeSrcNStrokeLabel(struct ArgusParserStruct * parser,char * buf,int len)15693 ArgusPrintKeyStrokeSrcNStrokeLabel (struct ArgusParserStruct *parser, char *buf, int len)
15694 {
15695 sprintf (buf, "%*.*s ", len, len, "sNStrok");
15696 }
15697
15698 void
ArgusPrintKeyStrokeDstNStrokeLabel(struct ArgusParserStruct * parser,char * buf,int len)15699 ArgusPrintKeyStrokeDstNStrokeLabel (struct ArgusParserStruct *parser, char *buf, int len)
15700 {
15701 sprintf (buf, "%*.*s ", len, len, "dNStrok");
15702 }
15703
15704
15705 void
ArgusPrintPacketsLabel(struct ArgusParserStruct * parser,char * buf,int len)15706 ArgusPrintPacketsLabel (struct ArgusParserStruct *parser, char *buf, int len)
15707 {
15708 if (parser->Pctflag)
15709 sprintf (buf, "%*.*s ", len, len, "pTotPkts");
15710 else
15711 sprintf (buf, "%*.*s ", len, len, "TotPkts");
15712 }
15713
15714 void
ArgusPrintSrcPacketsLabel(struct ArgusParserStruct * parser,char * buf,int len)15715 ArgusPrintSrcPacketsLabel (struct ArgusParserStruct *parser, char *buf, int len)
15716 {
15717 if (parser->Pctflag) {
15718 if (parser->RaMonMode)
15719 sprintf (buf, "%*.*s ", len, len, "pOutPkts");
15720 else
15721 sprintf (buf, "%*.*s ", len, len, "pSrcPkts");
15722 } else {
15723 if (parser->RaMonMode)
15724 sprintf (buf, "%*.*s ", len, len, "OutPkts");
15725 else
15726 sprintf (buf, "%*.*s ", len, len, "SrcPkts");
15727 }
15728 }
15729
15730 void
ArgusPrintDstPacketsLabel(struct ArgusParserStruct * parser,char * buf,int len)15731 ArgusPrintDstPacketsLabel (struct ArgusParserStruct *parser, char *buf, int len)
15732 {
15733 if (parser->Pctflag) {
15734 if (parser->RaMonMode)
15735 sprintf (buf, "%*.*s ", len, len, "pInPkts");
15736 else
15737 sprintf (buf, "%*.*s ", len, len, "pDstPkts");
15738 } else {
15739 if (parser->RaMonMode)
15740 sprintf (buf, "%*.*s ", len, len, "InPkts");
15741 else
15742 sprintf (buf, "%*.*s ", len, len, "DstPkts");
15743 }
15744 }
15745
15746 void
ArgusPrintBytesLabel(struct ArgusParserStruct * parser,char * buf,int len)15747 ArgusPrintBytesLabel (struct ArgusParserStruct *parser, char *buf, int len)
15748 {
15749 if (parser->Pctflag)
15750 sprintf (buf, "%*.*s ", len, len, "pTotBytes");
15751 else
15752 sprintf (buf, "%*.*s ", len, len, "TotBytes");
15753 }
15754
15755 void
ArgusPrintSrcBytesLabel(struct ArgusParserStruct * parser,char * buf,int len)15756 ArgusPrintSrcBytesLabel (struct ArgusParserStruct *parser, char *buf, int len)
15757 {
15758 if (parser->RaMonMode) {
15759 if (parser->Pctflag) {
15760 sprintf (buf, "%*.*s ", len, len, "pOutBytes");
15761 } else {
15762 sprintf (buf, "%*.*s ", len, len, "OutBytes");
15763 }
15764 } else {
15765 if (parser->Pctflag) {
15766 sprintf (buf, "%*.*s ", len, len, "pSrcBytes");
15767 } else {
15768 sprintf (buf, "%*.*s ", len, len, "SrcBytes");
15769 }
15770 }
15771 }
15772
15773 void
ArgusPrintDstBytesLabel(struct ArgusParserStruct * parser,char * buf,int len)15774 ArgusPrintDstBytesLabel (struct ArgusParserStruct *parser, char *buf, int len)
15775 {
15776 if (parser->RaMonMode) {
15777 if (parser->Pctflag) {
15778 sprintf (buf, "%*.*s ", len, len, "pInBytes");
15779 } else {
15780 sprintf (buf, "%*.*s ", len, len, "InBytes");
15781 }
15782 } else {
15783 if (parser->Pctflag) {
15784 sprintf (buf, "%*.*s ", len, len, "pDstBytes");
15785 } else {
15786 sprintf (buf, "%*.*s ", len, len, "DstBytes");
15787 }
15788 }
15789 }
15790
15791 void
ArgusPrintAppBytesLabel(struct ArgusParserStruct * parser,char * buf,int len)15792 ArgusPrintAppBytesLabel (struct ArgusParserStruct *parser, char *buf, int len)
15793 {
15794 if (parser->Pctflag)
15795 sprintf (buf, "%*.*s ", len, len, "pAppBytes");
15796 else
15797 sprintf (buf, "%*.*s ", len, len, "TotAppBytes");
15798 }
15799
15800 void
ArgusPrintSrcAppBytesLabel(struct ArgusParserStruct * parser,char * buf,int len)15801 ArgusPrintSrcAppBytesLabel (struct ArgusParserStruct *parser, char *buf, int len)
15802 {
15803 if (parser->RaMonMode) {
15804 if (parser->Pctflag) {
15805 sprintf (buf, "%*.*s ", len, len, "pOAppBytes");
15806 } else {
15807 sprintf (buf, "%*.*s ", len, len, "OAppBytes");
15808 }
15809 } else {
15810 if (parser->Pctflag) {
15811 sprintf (buf, "%*.*s ", len, len, "pSAppBytes");
15812 } else {
15813 sprintf (buf, "%*.*s ", len, len, "SAppBytes");
15814 }
15815 }
15816 }
15817
15818 void
ArgusPrintDstAppBytesLabel(struct ArgusParserStruct * parser,char * buf,int len)15819 ArgusPrintDstAppBytesLabel (struct ArgusParserStruct *parser, char *buf, int len)
15820 {
15821 if (parser->RaMonMode) {
15822 if (parser->Pctflag) {
15823 sprintf (buf, "%*.*s ", len, len, "pIAppBytes");
15824 } else {
15825 sprintf (buf, "%*.*s ", len, len, "IAppBytes");
15826 }
15827 } else {
15828 if (parser->Pctflag) {
15829 sprintf (buf, "%*.*s ", len, len, "pDAppBytes");
15830 } else {
15831 sprintf (buf, "%*.*s ", len, len, "DAppBytes");
15832 }
15833 }
15834 }
15835
15836 void
ArgusPrintProducerConsumerRatioLabel(struct ArgusParserStruct * parser,char * buf,int len)15837 ArgusPrintProducerConsumerRatioLabel (struct ArgusParserStruct *parser, char *buf, int len)
15838 {
15839 sprintf (buf, "%*.*s ", len, len, "PCRatio");
15840 }
15841
15842 void
ArgusPrintAppByteRatioLabel(struct ArgusParserStruct * parser,char * buf,int len)15843 ArgusPrintAppByteRatioLabel (struct ArgusParserStruct *parser, char *buf, int len)
15844 {
15845 sprintf (buf, "%*.*s ", len, len, "ABRatio");
15846 }
15847
15848 void
ArgusPrintTransEfficiencyLabel(struct ArgusParserStruct * parser,char * buf,int len)15849 ArgusPrintTransEfficiencyLabel (struct ArgusParserStruct *parser, char *buf, int len)
15850 {
15851 sprintf (buf, "%*.*s ", len, len, "TF");
15852 }
15853
15854 void
ArgusPrintSrcTransEfficiencyLabel(struct ArgusParserStruct * parser,char * buf,int len)15855 ArgusPrintSrcTransEfficiencyLabel (struct ArgusParserStruct *parser, char *buf, int len)
15856 {
15857 sprintf (buf, "%*.*s ", len, len, "STF");
15858 }
15859
15860 void
ArgusPrintDstTransEfficiencyLabel(struct ArgusParserStruct * parser,char * buf,int len)15861 ArgusPrintDstTransEfficiencyLabel (struct ArgusParserStruct *parser, char *buf, int len)
15862 {
15863 sprintf (buf, "%*.*s ", len, len, "DTF");
15864 }
15865
15866 void
ArgusPrintSrcIntPktLabel(struct ArgusParserStruct * parser,char * buf,int len)15867 ArgusPrintSrcIntPktLabel (struct ArgusParserStruct *parser, char *buf, int len)
15868 {
15869 sprintf (buf, "%*.*s ", len, len, "SIntPkt");
15870 }
15871
15872 void
ArgusPrintSrcIntPktDistLabel(struct ArgusParserStruct * parser,char * buf,int len)15873 ArgusPrintSrcIntPktDistLabel (struct ArgusParserStruct *parser, char *buf, int len)
15874 {
15875 sprintf (buf, "%*.*s ", len, len, "SIntDist");
15876 }
15877
15878 void
ArgusPrintDstIntPktLabel(struct ArgusParserStruct * parser,char * buf,int len)15879 ArgusPrintDstIntPktLabel (struct ArgusParserStruct *parser, char *buf, int len)
15880 {
15881 sprintf (buf, "%*.*s ", len, len, "DIntPkt");
15882 }
15883
15884 void
ArgusPrintDstIntPktDistLabel(struct ArgusParserStruct * parser,char * buf,int len)15885 ArgusPrintDstIntPktDistLabel (struct ArgusParserStruct *parser, char *buf, int len)
15886 {
15887 sprintf (buf, "%*.*s ", len, len, "DIntDist");
15888 }
15889
15890 void
ArgusPrintActiveSrcIntPktLabel(struct ArgusParserStruct * parser,char * buf,int len)15891 ArgusPrintActiveSrcIntPktLabel (struct ArgusParserStruct *parser, char *buf, int len)
15892 {
15893 sprintf (buf, "%*.*s ", len, len, "SIntPktAct");
15894 }
15895
15896 void
ArgusPrintActiveSrcIntPktDistLabel(struct ArgusParserStruct * parser,char * buf,int len)15897 ArgusPrintActiveSrcIntPktDistLabel (struct ArgusParserStruct *parser, char *buf, int len)
15898 {
15899 sprintf (buf, "%*.*s ", len, len, "SIntActDist");
15900 }
15901
15902 void
ArgusPrintActiveDstIntPktLabel(struct ArgusParserStruct * parser,char * buf,int len)15903 ArgusPrintActiveDstIntPktLabel (struct ArgusParserStruct *parser, char *buf, int len)
15904 {
15905 sprintf (buf, "%*.*s ", len, len, "DIntPktAct");
15906 }
15907
15908 void
ArgusPrintActiveDstIntPktDistLabel(struct ArgusParserStruct * parser,char * buf,int len)15909 ArgusPrintActiveDstIntPktDistLabel (struct ArgusParserStruct *parser, char *buf, int len)
15910 {
15911 sprintf (buf, "%*.*s ", len, len, "DIntActDist");
15912 }
15913
15914 void
ArgusPrintIdleSrcIntPktLabel(struct ArgusParserStruct * parser,char * buf,int len)15915 ArgusPrintIdleSrcIntPktLabel (struct ArgusParserStruct *parser, char *buf, int len)
15916 {
15917 sprintf (buf, "%*.*s ", len, len, "SIntPktIdl");
15918 }
15919
15920 void
ArgusPrintIdleSrcIntPktDistLabel(struct ArgusParserStruct * parser,char * buf,int len)15921 ArgusPrintIdleSrcIntPktDistLabel (struct ArgusParserStruct *parser, char *buf, int len)
15922 {
15923 sprintf (buf, "%*.*s ", len, len, "SIntIdlDist");
15924 }
15925
15926 void
ArgusPrintIdleDstIntPktLabel(struct ArgusParserStruct * parser,char * buf,int len)15927 ArgusPrintIdleDstIntPktLabel (struct ArgusParserStruct *parser, char *buf, int len)
15928 {
15929 sprintf (buf, "%*.*s ", len, len, "DIntPktIdl");
15930 }
15931
15932 void
ArgusPrintIdleDstIntPktDistLabel(struct ArgusParserStruct * parser,char * buf,int len)15933 ArgusPrintIdleDstIntPktDistLabel (struct ArgusParserStruct *parser, char *buf, int len)
15934 {
15935 sprintf (buf, "%*.*s ", len, len, "DIntIdlDist");
15936 }
15937
15938 void
ArgusPrintSrcIntPktMaxLabel(struct ArgusParserStruct * parser,char * buf,int len)15939 ArgusPrintSrcIntPktMaxLabel (struct ArgusParserStruct *parser, char *buf, int len)
15940 {
15941 sprintf (buf, "%*.*s ", len, len, "SIntPktMax");
15942 }
15943
15944 void
ArgusPrintSrcIntPktMinLabel(struct ArgusParserStruct * parser,char * buf,int len)15945 ArgusPrintSrcIntPktMinLabel (struct ArgusParserStruct *parser, char *buf, int len)
15946 {
15947 sprintf (buf, "%*.*s ", len, len, "SIntPktMin");
15948 }
15949
15950 void
ArgusPrintDstIntPktMaxLabel(struct ArgusParserStruct * parser,char * buf,int len)15951 ArgusPrintDstIntPktMaxLabel (struct ArgusParserStruct *parser, char *buf, int len)
15952 {
15953 sprintf (buf, "%*.*s ", len, len, "DIntPktMax");
15954 }
15955
15956 void
ArgusPrintDstIntPktMinLabel(struct ArgusParserStruct * parser,char * buf,int len)15957 ArgusPrintDstIntPktMinLabel (struct ArgusParserStruct *parser, char *buf, int len)
15958 {
15959 sprintf (buf, "%*.*s ", len, len, "DIntPktMin");
15960 }
15961
15962 void
ArgusPrintActiveSrcIntPktMaxLabel(struct ArgusParserStruct * parser,char * buf,int len)15963 ArgusPrintActiveSrcIntPktMaxLabel (struct ArgusParserStruct *parser, char *buf, int len)
15964 {
15965 sprintf (buf, "%*.*s ", len, len, "SIPActMax");
15966 }
15967
15968 void
ArgusPrintActiveSrcIntPktMinLabel(struct ArgusParserStruct * parser,char * buf,int len)15969 ArgusPrintActiveSrcIntPktMinLabel (struct ArgusParserStruct *parser, char *buf, int len)
15970 {
15971 sprintf (buf, "%*.*s ", len, len, "SIPActMin");
15972 }
15973
15974 void
ArgusPrintActiveDstIntPktMaxLabel(struct ArgusParserStruct * parser,char * buf,int len)15975 ArgusPrintActiveDstIntPktMaxLabel (struct ArgusParserStruct *parser, char *buf, int len)
15976 {
15977 sprintf (buf, "%*.*s ", len, len, "DIPActMax");
15978 }
15979
15980 void
ArgusPrintActiveDstIntPktMinLabel(struct ArgusParserStruct * parser,char * buf,int len)15981 ArgusPrintActiveDstIntPktMinLabel (struct ArgusParserStruct *parser, char *buf, int len)
15982 {
15983 sprintf (buf, "%*.*s ", len, len, "DIPActMin");
15984 }
15985
15986 void
ArgusPrintIdleSrcIntPktMaxLabel(struct ArgusParserStruct * parser,char * buf,int len)15987 ArgusPrintIdleSrcIntPktMaxLabel (struct ArgusParserStruct *parser, char *buf, int len)
15988 {
15989 sprintf (buf, "%*.*s ", len, len, "SIPIdlMax");
15990 }
15991
15992 void
ArgusPrintIdleSrcIntPktMinLabel(struct ArgusParserStruct * parser,char * buf,int len)15993 ArgusPrintIdleSrcIntPktMinLabel (struct ArgusParserStruct *parser, char *buf, int len)
15994 {
15995 sprintf (buf, "%*.*s ", len, len, "SIPIdlMin");
15996 }
15997
15998 void
ArgusPrintIdleDstIntPktMaxLabel(struct ArgusParserStruct * parser,char * buf,int len)15999 ArgusPrintIdleDstIntPktMaxLabel (struct ArgusParserStruct *parser, char *buf, int len)
16000 {
16001 sprintf (buf, "%*.*s ", len, len, "DIPIdlMax");
16002 }
16003
16004 void
ArgusPrintIdleDstIntPktMinLabel(struct ArgusParserStruct * parser,char * buf,int len)16005 ArgusPrintIdleDstIntPktMinLabel (struct ArgusParserStruct *parser, char *buf, int len)
16006 {
16007 sprintf (buf, "%*.*s ", len, len, "DIPIdlMin");
16008 }
16009
16010 void
ArgusPrintSrcJitterLabel(struct ArgusParserStruct * parser,char * buf,int len)16011 ArgusPrintSrcJitterLabel (struct ArgusParserStruct *parser, char *buf, int len)
16012 {
16013 sprintf (buf, "%*.*s ", len, len, "SrcJitter");
16014 }
16015
16016 void
ArgusPrintDstJitterLabel(struct ArgusParserStruct * parser,char * buf,int len)16017 ArgusPrintDstJitterLabel (struct ArgusParserStruct *parser, char *buf, int len)
16018 {
16019 sprintf (buf, "%*.*s ", len, len, "DstJitter");
16020 }
16021
16022 void
ArgusPrintActiveSrcJitterLabel(struct ArgusParserStruct * parser,char * buf,int len)16023 ArgusPrintActiveSrcJitterLabel (struct ArgusParserStruct *parser, char *buf, int len)
16024 {
16025 sprintf (buf, "%*.*s ", len, len, "SrcJitAct");
16026 }
16027
16028 void
ArgusPrintActiveDstJitterLabel(struct ArgusParserStruct * parser,char * buf,int len)16029 ArgusPrintActiveDstJitterLabel (struct ArgusParserStruct *parser, char *buf, int len)
16030 {
16031 sprintf (buf, "%*.*s ", len, len, "DstJitAct");
16032 }
16033
16034 void
ArgusPrintIdleSrcJitterLabel(struct ArgusParserStruct * parser,char * buf,int len)16035 ArgusPrintIdleSrcJitterLabel (struct ArgusParserStruct *parser, char *buf, int len)
16036 {
16037 sprintf (buf, "%*.*s ", len, len, "SrcJitIdl");
16038 }
16039
16040 void
ArgusPrintIdleDstJitterLabel(struct ArgusParserStruct * parser,char * buf,int len)16041 ArgusPrintIdleDstJitterLabel (struct ArgusParserStruct *parser, char *buf, int len)
16042 {
16043 sprintf (buf, "%*.*s ", len, len, "DstJitIdl");
16044 }
16045
16046 void
ArgusPrintStateLabel(struct ArgusParserStruct * parser,char * buf,int len)16047 ArgusPrintStateLabel (struct ArgusParserStruct *parser, char *buf, int len)
16048 {
16049 sprintf (buf, "%*.*s ", len, len, "State");
16050 }
16051
16052 void
ArgusPrintTCPSrcBaseLabel(struct ArgusParserStruct * parser,char * buf,int len)16053 ArgusPrintTCPSrcBaseLabel (struct ArgusParserStruct *parser, char *buf, int len)
16054 {
16055 sprintf (buf, "%*.*s ", len, len, "SrcTCPBase");
16056 }
16057
16058 void
ArgusPrintTCPDstBaseLabel(struct ArgusParserStruct * parser,char * buf,int len)16059 ArgusPrintTCPDstBaseLabel (struct ArgusParserStruct *parser, char *buf, int len)
16060 {
16061 sprintf (buf, "%*.*s ", len, len, "DstTCPBase");
16062 }
16063
16064 void
ArgusPrintTCPRTTLabel(struct ArgusParserStruct * parser,char * buf,int len)16065 ArgusPrintTCPRTTLabel (struct ArgusParserStruct *parser, char *buf, int len)
16066 {
16067 sprintf (buf, "%*.*s ", len, len, "TcpRtt");
16068 }
16069
16070 void
ArgusPrintTCPSynAckLabel(struct ArgusParserStruct * parser,char * buf,int len)16071 ArgusPrintTCPSynAckLabel (struct ArgusParserStruct *parser, char *buf, int len)
16072 {
16073 sprintf (buf, "%*.*s ", len, len, "SynAck");
16074 }
16075
16076 void
ArgusPrintTCPAckDatLabel(struct ArgusParserStruct * parser,char * buf,int len)16077 ArgusPrintTCPAckDatLabel (struct ArgusParserStruct *parser, char *buf, int len)
16078 {
16079 sprintf (buf, "%*.*s ", len, len, "AckDat");
16080 }
16081
16082 void
ArgusPrintTCPSrcMaxLabel(struct ArgusParserStruct * parser,char * buf,int len)16083 ArgusPrintTCPSrcMaxLabel (struct ArgusParserStruct *parser, char *buf, int len)
16084 {
16085 sprintf (buf, "%*.*s ", len, len, "STcpMax");
16086 }
16087
16088 void
ArgusPrintTCPDstMaxLabel(struct ArgusParserStruct * parser,char * buf,int len)16089 ArgusPrintTCPDstMaxLabel (struct ArgusParserStruct *parser, char *buf, int len)
16090 {
16091 sprintf (buf, "%*.*s ", len, len, "DTcpMax");
16092 }
16093
16094 void
ArgusPrintSrcGapLabel(struct ArgusParserStruct * parser,char * buf,int len)16095 ArgusPrintSrcGapLabel (struct ArgusParserStruct *parser, char *buf, int len)
16096 {
16097 sprintf (buf, "%*.*s ", len, len, "SrcGap");
16098 }
16099
16100 void
ArgusPrintDstGapLabel(struct ArgusParserStruct * parser,char * buf,int len)16101 ArgusPrintDstGapLabel (struct ArgusParserStruct *parser, char *buf, int len)
16102 {
16103 sprintf (buf, "%*.*s ", len, len, "DstGap");
16104 }
16105
16106 /*
16107 void
16108 ArgusPrintSrcDupLabel (struct ArgusParserStruct *parser, char *buf, int len)
16109 {
16110 sprintf (buf, "%*.*s ", len, len, "SrcDup");
16111 }
16112
16113 void
16114 ArgusPrintDstDupLabel (struct ArgusParserStruct *parser, char *buf, int len)
16115 {
16116 sprintf (buf, "%*.*s ", len, len, "DstDup");
16117 }
16118 */
16119
16120 void
ArgusPrintDeltaDurationLabel(struct ArgusParserStruct * parser,char * buf,int len)16121 ArgusPrintDeltaDurationLabel (struct ArgusParserStruct *parser, char *buf, int len)
16122 {
16123 sprintf (buf, "%*.*s ", len, len, "dlDur");
16124 }
16125
16126 void
ArgusPrintDeltaStartTimeLabel(struct ArgusParserStruct * parser,char * buf,int len)16127 ArgusPrintDeltaStartTimeLabel (struct ArgusParserStruct *parser, char *buf, int len)
16128 {
16129 sprintf (buf, "%*.*s ", len, len, "dlsTime");
16130 }
16131
16132 void
ArgusPrintDeltaLastTimeLabel(struct ArgusParserStruct * parser,char * buf,int len)16133 ArgusPrintDeltaLastTimeLabel (struct ArgusParserStruct *parser, char *buf, int len)
16134 {
16135 sprintf (buf, "%*.*s ", len, len, "dllTime");
16136 }
16137
16138 void
ArgusPrintDeltaSrcPktsLabel(struct ArgusParserStruct * parser,char * buf,int len)16139 ArgusPrintDeltaSrcPktsLabel (struct ArgusParserStruct *parser, char *buf, int len)
16140 {
16141 sprintf (buf, "%*.*s ", len, len, "dsPkts");
16142 }
16143
16144 void
ArgusPrintDeltaDstPktsLabel(struct ArgusParserStruct * parser,char * buf,int len)16145 ArgusPrintDeltaDstPktsLabel (struct ArgusParserStruct *parser, char *buf, int len)
16146 {
16147 sprintf (buf, "%*.*s ", len, len, "ddPkts");
16148 }
16149
16150 void
ArgusPrintDeltaSrcBytesLabel(struct ArgusParserStruct * parser,char * buf,int len)16151 ArgusPrintDeltaSrcBytesLabel (struct ArgusParserStruct *parser, char *buf, int len)
16152 {
16153 sprintf (buf, "%*.*s ", len, len, "dsBytes");
16154 }
16155
16156 void
ArgusPrintDeltaDstBytesLabel(struct ArgusParserStruct * parser,char * buf,int len)16157 ArgusPrintDeltaDstBytesLabel (struct ArgusParserStruct *parser, char *buf, int len)
16158 {
16159 sprintf (buf, "%*.*s ", len, len, "ddBytes");
16160 }
16161
16162 void
ArgusPrintPercentDeltaSrcPktsLabel(struct ArgusParserStruct * parser,char * buf,int len)16163 ArgusPrintPercentDeltaSrcPktsLabel (struct ArgusParserStruct *parser, char *buf, int len)
16164 {
16165 sprintf (buf, "%*.*s ", len, len, "pdsPkt");
16166 }
16167
16168 void
ArgusPrintPercentDeltaDstPktsLabel(struct ArgusParserStruct * parser,char * buf,int len)16169 ArgusPrintPercentDeltaDstPktsLabel (struct ArgusParserStruct *parser, char *buf, int len)
16170 {
16171 sprintf (buf, "%*.*s ", len, len, "pddPkt");
16172 }
16173
16174 void
ArgusPrintPercentDeltaSrcBytesLabel(struct ArgusParserStruct * parser,char * buf,int len)16175 ArgusPrintPercentDeltaSrcBytesLabel (struct ArgusParserStruct *parser, char *buf, int len)
16176 {
16177 sprintf (buf, "%*.*s ", len, len, "pdsByte");
16178 }
16179
16180 void
ArgusPrintPercentDeltaDstBytesLabel(struct ArgusParserStruct * parser,char * buf,int len)16181 ArgusPrintPercentDeltaDstBytesLabel (struct ArgusParserStruct *parser, char *buf, int len)
16182 {
16183 sprintf (buf, "%*.*s ", len, len, "pddByte");
16184 }
16185
16186 void
ArgusPrintSrcUserDataLabel(struct ArgusParserStruct * parser,char * buf,int len)16187 ArgusPrintSrcUserDataLabel (struct ArgusParserStruct *parser, char *buf, int len)
16188 {
16189 int slen = 0;
16190
16191 if (len > 0) {
16192 switch (parser->eflag) {
16193 case ARGUS_HEXDUMP:
16194 case ARGUS_ENCODE_OBFUSCATE:
16195 case ARGUS_ENCODE_ASCII:
16196 slen = len;
16197 break;
16198
16199 case ARGUS_ENCODE_32:
16200 case ARGUS_ENCODE_64:
16201 slen = len * 2;
16202 break;
16203 }
16204
16205 if (len > 10) slen++;
16206 sprintf (buf, "%*ssrcUdata%*s ", (slen)/2, " ", (slen)/2, " ");
16207 if (slen & 0x01)
16208 sprintf (&buf[strlen(buf)], " ");
16209 }
16210 }
16211
16212 void
ArgusPrintDstUserDataLabel(struct ArgusParserStruct * parser,char * buf,int len)16213 ArgusPrintDstUserDataLabel (struct ArgusParserStruct *parser, char *buf, int len)
16214 {
16215 int slen = 0;
16216
16217 if (len > 0) {
16218 switch (parser->eflag) {
16219 case ARGUS_HEXDUMP:
16220 case ARGUS_ENCODE_OBFUSCATE:
16221 case ARGUS_ENCODE_ASCII:
16222 slen = len;
16223 break;
16224
16225 case ARGUS_ENCODE_32:
16226 case ARGUS_ENCODE_64:
16227 slen = len * 2;
16228 break;
16229 }
16230
16231 if (len > 10) slen++;
16232 sprintf (buf, "%*sdstUdata%*s ", (slen)/2, " ", (slen)/2, " ");
16233 if (slen & 0x01)
16234 sprintf (&buf[strlen(buf)], " ");
16235 }
16236 }
16237
16238 /*
16239 void
16240 ArgusPrintUserDataLabel (struct ArgusParserStruct *parser, char *buf, int len)
16241 {
16242 ArgusPrintSrcUserDataLabel (parser, buf);
16243 ArgusPrintDstUserDataLabel (parser, buf);
16244 }
16245 */
16246
16247 void
ArgusPrintTCPOptionsLabel(struct ArgusParserStruct * parser,char * buf,int len)16248 ArgusPrintTCPOptionsLabel (struct ArgusParserStruct *parser, char *buf, int len)
16249 {
16250 sprintf (buf, "%*.*s ", len, len, "TcpOpt");
16251 }
16252
16253 void
ArgusPrintTCPExtensionsLabel(struct ArgusParserStruct * parser,char * buf,int len)16254 ArgusPrintTCPExtensionsLabel (struct ArgusParserStruct *parser, char *buf, int len)
16255 {
16256 }
16257
16258 void
ArgusPrintSrcRateLabel(struct ArgusParserStruct * parser,char * buf,int len)16259 ArgusPrintSrcRateLabel (struct ArgusParserStruct *parser, char *buf, int len)
16260 {
16261 sprintf (buf, "%*.*s ", len, len, "SrcRate");
16262 }
16263
16264 void
ArgusPrintDstRateLabel(struct ArgusParserStruct * parser,char * buf,int len)16265 ArgusPrintDstRateLabel (struct ArgusParserStruct *parser, char *buf, int len)
16266 {
16267 sprintf (buf, "%*.*s ", len, len, "DstRate");
16268 }
16269
16270 void
ArgusPrintRateLabel(struct ArgusParserStruct * parser,char * buf,int len)16271 ArgusPrintRateLabel (struct ArgusParserStruct *parser, char *buf, int len)
16272 {
16273 sprintf (buf, "%*.*s ", len, len, "Rate");
16274 }
16275
16276
16277 void
ArgusPrintSrcLossLabel(struct ArgusParserStruct * parser,char * buf,int len)16278 ArgusPrintSrcLossLabel (struct ArgusParserStruct *parser, char *buf, int len)
16279 {
16280 if (parser->Pctflag)
16281 sprintf (buf, "%*.*s ", len, len, "pSrcLoss");
16282 else
16283 sprintf (buf, "%*.*s ", len, len, "SrcLoss");
16284 }
16285
16286 void
ArgusPrintDstLossLabel(struct ArgusParserStruct * parser,char * buf,int len)16287 ArgusPrintDstLossLabel (struct ArgusParserStruct *parser, char *buf, int len)
16288 {
16289 if (parser->Pctflag)
16290 sprintf (buf, "%*.*s ", len, len, "pDstLoss");
16291 else
16292 sprintf (buf, "%*.*s ", len, len, "DstLoss");
16293 }
16294
16295 void
ArgusPrintLossLabel(struct ArgusParserStruct * parser,char * buf,int len)16296 ArgusPrintLossLabel (struct ArgusParserStruct *parser, char *buf, int len)
16297 {
16298 if (parser->Pctflag)
16299 sprintf (buf, "%*.*s ", len, len, "pLoss");
16300 else
16301 sprintf (buf, "%*.*s ", len, len, "Loss");
16302 }
16303
16304 void
ArgusPrintSrcRetransLabel(struct ArgusParserStruct * parser,char * buf,int len)16305 ArgusPrintSrcRetransLabel (struct ArgusParserStruct *parser, char *buf, int len)
16306 {
16307 if (parser->Pctflag)
16308 sprintf (buf, "%*.*s ", len, len, "pSrcRetrans");
16309 else
16310 sprintf (buf, "%*.*s ", len, len, "SrcRetrans");
16311 }
16312
16313 void
ArgusPrintDstRetransLabel(struct ArgusParserStruct * parser,char * buf,int len)16314 ArgusPrintDstRetransLabel (struct ArgusParserStruct *parser, char *buf, int len)
16315 {
16316 if (parser->Pctflag)
16317 sprintf (buf, "%*.*s ", len, len, "pDstRetrans");
16318 else
16319 sprintf (buf, "%*.*s ", len, len, "DstRetrans");
16320 }
16321
16322 void
ArgusPrintRetransLabel(struct ArgusParserStruct * parser,char * buf,int len)16323 ArgusPrintRetransLabel (struct ArgusParserStruct *parser, char *buf, int len)
16324 {
16325 if (parser->Pctflag)
16326 sprintf (buf, "%*.*s ", len, len, "pRetrans");
16327 else
16328 sprintf (buf, "%*.*s ", len, len, "Retrans");
16329 }
16330
16331 void
ArgusPrintSrcSoloLabel(struct ArgusParserStruct * parser,char * buf,int len)16332 ArgusPrintSrcSoloLabel (struct ArgusParserStruct *parser, char *buf, int len)
16333 {
16334 if (parser->Pctflag)
16335 sprintf (buf, "%*.*s ", len, len, "pSrcSolo");
16336 else
16337 sprintf (buf, "%*.*s ", len, len, "SrcSolo");
16338 }
16339
16340 void
ArgusPrintDstSoloLabel(struct ArgusParserStruct * parser,char * buf,int len)16341 ArgusPrintDstSoloLabel (struct ArgusParserStruct *parser, char *buf, int len)
16342 {
16343 if (parser->Pctflag)
16344 sprintf (buf, "%*.*s ", len, len, "pDstSolo");
16345 else
16346 sprintf (buf, "%*.*s ", len, len, "DstSolo");
16347 }
16348
16349 void
ArgusPrintSoloLabel(struct ArgusParserStruct * parser,char * buf,int len)16350 ArgusPrintSoloLabel (struct ArgusParserStruct *parser, char *buf, int len)
16351 {
16352 if (parser->Pctflag)
16353 sprintf (buf, "%*.*s ", len, len, "pSolo");
16354 else
16355 sprintf (buf, "%*.*s ", len, len, "Solo");
16356 }
16357
16358 void
ArgusPrintPercentSrcSoloLabel(struct ArgusParserStruct * parser,char * buf,int len)16359 ArgusPrintPercentSrcSoloLabel (struct ArgusParserStruct *parser, char *buf, int len)
16360 {
16361 sprintf (buf, "%*.*s ", len, len, "pSrcSolo");
16362 }
16363
16364 void
ArgusPrintPercentDstSoloLabel(struct ArgusParserStruct * parser,char * buf,int len)16365 ArgusPrintPercentDstSoloLabel (struct ArgusParserStruct *parser, char *buf, int len)
16366 {
16367 sprintf (buf, "%*.*s ", len, len, "pDstSolo");
16368 }
16369
16370
16371 void
ArgusPrintPercentSoloLabel(struct ArgusParserStruct * parser,char * buf,int len)16372 ArgusPrintPercentSoloLabel (struct ArgusParserStruct *parser, char *buf, int len)
16373 {
16374 sprintf (buf, "%*.*s ", len, len, "pSolo");
16375 }
16376
16377
16378 void
ArgusPrintSrcFirstLabel(struct ArgusParserStruct * parser,char * buf,int len)16379 ArgusPrintSrcFirstLabel (struct ArgusParserStruct *parser, char *buf, int len)
16380 {
16381 if (parser->Pctflag)
16382 sprintf (buf, "%*.*s ", len, len, "pSrcFirst");
16383 else
16384 sprintf (buf, "%*.*s ", len, len, "SrcFirst");
16385 }
16386
16387 void
ArgusPrintDstFirstLabel(struct ArgusParserStruct * parser,char * buf,int len)16388 ArgusPrintDstFirstLabel (struct ArgusParserStruct *parser, char *buf, int len)
16389 {
16390 if (parser->Pctflag)
16391 sprintf (buf, "%*.*s ", len, len, "pDstFirst");
16392 else
16393 sprintf (buf, "%*.*s ", len, len, "DstFirst");
16394 }
16395
16396 void
ArgusPrintFirstLabel(struct ArgusParserStruct * parser,char * buf,int len)16397 ArgusPrintFirstLabel (struct ArgusParserStruct *parser, char *buf, int len)
16398 {
16399 if (parser->Pctflag)
16400 sprintf (buf, "%*.*s ", len, len, "pFirst");
16401 else
16402 sprintf (buf, "%*.*s ", len, len, "First");
16403 }
16404
16405 void
ArgusPrintPercentSrcFirstLabel(struct ArgusParserStruct * parser,char * buf,int len)16406 ArgusPrintPercentSrcFirstLabel (struct ArgusParserStruct *parser, char *buf, int len)
16407 {
16408 sprintf (buf, "%*.*s ", len, len, "pSrcFirst");
16409 }
16410
16411 void
ArgusPrintPercentDstFirstLabel(struct ArgusParserStruct * parser,char * buf,int len)16412 ArgusPrintPercentDstFirstLabel (struct ArgusParserStruct *parser, char *buf, int len)
16413 {
16414 sprintf (buf, "%*.*s ", len, len, "pDstFirst");
16415 }
16416
16417
16418 void
ArgusPrintPercentFirstLabel(struct ArgusParserStruct * parser,char * buf,int len)16419 ArgusPrintPercentFirstLabel (struct ArgusParserStruct *parser, char *buf, int len)
16420 {
16421 sprintf (buf, "%*.*s ", len, len, "pFirst");
16422 }
16423
16424 void
ArgusPrintPercentSrcLossLabel(struct ArgusParserStruct * parser,char * buf,int len)16425 ArgusPrintPercentSrcLossLabel (struct ArgusParserStruct *parser, char *buf, int len)
16426 {
16427 sprintf (buf, "%*.*s ", len, len, "pSrcLoss");
16428 }
16429
16430 void
ArgusPrintPercentDstLossLabel(struct ArgusParserStruct * parser,char * buf,int len)16431 ArgusPrintPercentDstLossLabel (struct ArgusParserStruct *parser, char *buf, int len)
16432 {
16433 sprintf (buf, "%*.*s ", len, len, "pDstLoss");
16434 }
16435
16436
16437 void
ArgusPrintPercentLossLabel(struct ArgusParserStruct * parser,char * buf,int len)16438 ArgusPrintPercentLossLabel (struct ArgusParserStruct *parser, char *buf, int len)
16439 {
16440 sprintf (buf, "%*.*s ", len, len, "pLoss");
16441 }
16442
16443 void
ArgusPrintPercentSrcRetransLabel(struct ArgusParserStruct * parser,char * buf,int len)16444 ArgusPrintPercentSrcRetransLabel (struct ArgusParserStruct *parser, char *buf, int len)
16445 {
16446 sprintf (buf, "%*.*s ", len, len, "pSrcRetrans");
16447 }
16448
16449 void
ArgusPrintPercentDstRetransLabel(struct ArgusParserStruct * parser,char * buf,int len)16450 ArgusPrintPercentDstRetransLabel (struct ArgusParserStruct *parser, char *buf, int len)
16451 {
16452 sprintf (buf, "%*.*s ", len, len, "pDstRetrans");
16453 }
16454
16455
16456 void
ArgusPrintPercentRetransLabel(struct ArgusParserStruct * parser,char * buf,int len)16457 ArgusPrintPercentRetransLabel (struct ArgusParserStruct *parser, char *buf, int len)
16458 {
16459 sprintf (buf, "%*.*s ", len, len, "pRetrans");
16460 }
16461
16462
16463 void
ArgusPrintSrcNacksLabel(struct ArgusParserStruct * parser,char * buf,int len)16464 ArgusPrintSrcNacksLabel (struct ArgusParserStruct *parser, char *buf, int len)
16465 {
16466 if (parser->Pctflag)
16467 sprintf (buf, "%*.*s ", len, len, "pSrcNacks");
16468 else
16469 sprintf (buf, "%*.*s ", len, len, "SrcNacks");
16470 }
16471
16472 void
ArgusPrintDstNacksLabel(struct ArgusParserStruct * parser,char * buf,int len)16473 ArgusPrintDstNacksLabel (struct ArgusParserStruct *parser, char *buf, int len)
16474 {
16475 if (parser->Pctflag)
16476 sprintf (buf, "%*.*s ", len, len, "pDstNacks");
16477 else
16478 sprintf (buf, "%*.*s ", len, len, "DstNacks");
16479 }
16480
16481 void
ArgusPrintNacksLabel(struct ArgusParserStruct * parser,char * buf,int len)16482 ArgusPrintNacksLabel (struct ArgusParserStruct *parser, char *buf, int len)
16483 {
16484 if (parser->Pctflag)
16485 sprintf (buf, "%*.*s ", len, len, "pNacks");
16486 else
16487 sprintf (buf, "%*.*s ", len, len, "Nacks");
16488 }
16489
16490
16491 void
ArgusPrintPercentSrcNacksLabel(struct ArgusParserStruct * parser,char * buf,int len)16492 ArgusPrintPercentSrcNacksLabel (struct ArgusParserStruct *parser, char *buf, int len)
16493 {
16494 sprintf (buf, "%*.*s ", len, len, "pSrcNacks");
16495 }
16496
16497 void
ArgusPrintPercentDstNacksLabel(struct ArgusParserStruct * parser,char * buf,int len)16498 ArgusPrintPercentDstNacksLabel (struct ArgusParserStruct *parser, char *buf, int len)
16499 {
16500 sprintf (buf, "%*.*s ", len, len, "pDstNacks");
16501 }
16502
16503
16504 void
ArgusPrintPercentNacksLabel(struct ArgusParserStruct * parser,char * buf,int len)16505 ArgusPrintPercentNacksLabel (struct ArgusParserStruct *parser, char *buf, int len)
16506 {
16507 sprintf (buf, "%*.*s ", len, len, "pNacks");
16508 }
16509
16510
16511 void
ArgusPrintSrcLoadLabel(struct ArgusParserStruct * parser,char * buf,int len)16512 ArgusPrintSrcLoadLabel (struct ArgusParserStruct *parser, char *buf, int len)
16513 {
16514 char *ptr;
16515 if (parser->Aflag)
16516 ptr = "SrcAppLoad";
16517 else
16518 ptr = "SrcLoad";
16519
16520 sprintf (buf, "%*.*s ", len, len, ptr);
16521 }
16522
16523 void
ArgusPrintDstLoadLabel(struct ArgusParserStruct * parser,char * buf,int len)16524 ArgusPrintDstLoadLabel (struct ArgusParserStruct *parser, char *buf, int len)
16525 {
16526 char *ptr;
16527 if (parser->Aflag)
16528 ptr = "DstAppLoad";
16529 else
16530 ptr = "DstLoad";
16531
16532 sprintf (buf, "%*.*s ", len, len, ptr);
16533 }
16534
16535 void
ArgusPrintLoadLabel(struct ArgusParserStruct * parser,char * buf,int len)16536 ArgusPrintLoadLabel (struct ArgusParserStruct *parser, char *buf, int len)
16537 {
16538 char *ptr;
16539 if (parser->Aflag)
16540 ptr = "AppLoad";
16541 else
16542 ptr = "Load";
16543 sprintf (buf, "%*.*s ", len, len, ptr);
16544 }
16545
16546 void
ArgusPrintSrcMplsLabel(struct ArgusParserStruct * parser,char * buf,int len)16547 ArgusPrintSrcMplsLabel (struct ArgusParserStruct *parser, char *buf, int len)
16548 {
16549 sprintf (buf, "%*.*s ", len, len, "sMpls");
16550 }
16551
16552 void
ArgusPrintDstMplsLabel(struct ArgusParserStruct * parser,char * buf,int len)16553 ArgusPrintDstMplsLabel (struct ArgusParserStruct *parser, char *buf, int len)
16554 {
16555 sprintf (buf, "%*.*s ", len, len, "dMpls");
16556 }
16557
16558 void
ArgusPrintSrcVlanLabel(struct ArgusParserStruct * parser,char * buf,int len)16559 ArgusPrintSrcVlanLabel (struct ArgusParserStruct *parser, char *buf, int len)
16560 {
16561 sprintf (buf, "%*.*s ", len, len, "sVlan");
16562 }
16563
16564 void
ArgusPrintDstVlanLabel(struct ArgusParserStruct * parser,char * buf,int len)16565 ArgusPrintDstVlanLabel (struct ArgusParserStruct *parser, char *buf, int len)
16566 {
16567 sprintf (buf, "%*.*s ", len, len, "dVlan");
16568 }
16569
16570
16571 void
ArgusPrintSrcVIDLabel(struct ArgusParserStruct * parser,char * buf,int len)16572 ArgusPrintSrcVIDLabel (struct ArgusParserStruct *parser, char *buf, int len)
16573 {
16574 sprintf (buf, "%*.*s ", len, len, "sVid");
16575 }
16576
16577 void
ArgusPrintDstVIDLabel(struct ArgusParserStruct * parser,char * buf,int len)16578 ArgusPrintDstVIDLabel (struct ArgusParserStruct *parser, char *buf, int len)
16579 {
16580 sprintf (buf, "%*.*s ", len, len, "dVid");
16581 }
16582
16583
16584 void
ArgusPrintSrcVPRILabel(struct ArgusParserStruct * parser,char * buf,int len)16585 ArgusPrintSrcVPRILabel (struct ArgusParserStruct *parser, char *buf, int len)
16586 {
16587 sprintf (buf, "%*.*s ", len, len, "sVpri");
16588 }
16589
16590 void
ArgusPrintDstVPRILabel(struct ArgusParserStruct * parser,char * buf,int len)16591 ArgusPrintDstVPRILabel (struct ArgusParserStruct *parser, char *buf, int len)
16592 {
16593 sprintf (buf, "%*.*s ", len, len, "dVpri");
16594 }
16595
16596 void
ArgusPrintJoinDelayLabel(struct ArgusParserStruct * parser,char * buf,int len)16597 ArgusPrintJoinDelayLabel (struct ArgusParserStruct *parser, char *buf, int len)
16598 {
16599 sprintf (buf, "%*.*s ", len, len, "JDelay");
16600 }
16601
16602 void
ArgusPrintLeaveDelayLabel(struct ArgusParserStruct * parser,char * buf,int len)16603 ArgusPrintLeaveDelayLabel (struct ArgusParserStruct *parser, char *buf, int len)
16604 {
16605 sprintf (buf, "%*.*s ", len, len, "LDelay");
16606 }
16607
16608
16609 void
ArgusPrintSrcWindowLabel(struct ArgusParserStruct * parser,char * buf,int len)16610 ArgusPrintSrcWindowLabel (struct ArgusParserStruct *parser, char *buf, int len)
16611 {
16612 sprintf (buf, "%*.*s ", len, len, "SrcWin");
16613 }
16614
16615 void
ArgusPrintDstWindowLabel(struct ArgusParserStruct * parser,char * buf,int len)16616 ArgusPrintDstWindowLabel (struct ArgusParserStruct *parser, char *buf, int len)
16617 {
16618 sprintf (buf, "%*.*s ", len, len, "DstWin");
16619 }
16620
16621 void
ArgusPrintDurationLabel(struct ArgusParserStruct * parser,char * buf,int len)16622 ArgusPrintDurationLabel (struct ArgusParserStruct *parser, char *buf, int len)
16623 {
16624 sprintf (buf, "%*.*s ", len, len, "Dur");
16625 }
16626
16627 void
ArgusPrintSrcDurationLabel(struct ArgusParserStruct * parser,char * buf,int len)16628 ArgusPrintSrcDurationLabel (struct ArgusParserStruct *parser, char *buf, int len)
16629 {
16630 sprintf (buf, "%*.*s ", len, len, "SrcDur");
16631 }
16632
16633 void
ArgusPrintDstDurationLabel(struct ArgusParserStruct * parser,char * buf,int len)16634 ArgusPrintDstDurationLabel (struct ArgusParserStruct *parser, char *buf, int len)
16635 {
16636 sprintf (buf, "%*.*s ", len, len, "DstDur");
16637 }
16638
16639 void
ArgusPrintMeanLabel(struct ArgusParserStruct * parser,char * buf,int len)16640 ArgusPrintMeanLabel (struct ArgusParserStruct *parser, char *buf, int len)
16641 {
16642 sprintf (buf, "%*.*s ", len, len, "Mean");
16643 }
16644
16645 void
ArgusPrintSumLabel(struct ArgusParserStruct * parser,char * buf,int len)16646 ArgusPrintSumLabel (struct ArgusParserStruct *parser, char *buf, int len)
16647 {
16648 sprintf (buf, "%*.*s ", len, len, "Sum");
16649 }
16650
16651 void
ArgusPrintIdleTimeLabel(struct ArgusParserStruct * parser,char * buf,int len)16652 ArgusPrintIdleTimeLabel (struct ArgusParserStruct *parser, char *buf, int len)
16653 {
16654 sprintf (buf, "%*.*s ", len, len, "IdleTime");
16655 }
16656
16657 void
ArgusPrintRunTimeLabel(struct ArgusParserStruct * parser,char * buf,int len)16658 ArgusPrintRunTimeLabel (struct ArgusParserStruct *parser, char *buf, int len)
16659 {
16660 sprintf (buf, "%*.*s ", len, len, "RunTime");
16661 }
16662
16663 void
ArgusPrintMinLabel(struct ArgusParserStruct * parser,char * buf,int len)16664 ArgusPrintMinLabel (struct ArgusParserStruct *parser, char *buf, int len)
16665 {
16666 sprintf (buf, "%*.*s ", len, len, "Min");
16667 }
16668
16669 void
ArgusPrintMaxLabel(struct ArgusParserStruct * parser,char * buf,int len)16670 ArgusPrintMaxLabel (struct ArgusParserStruct *parser, char *buf, int len)
16671 {
16672 sprintf (buf, "%*.*s ", len, len, "Max");
16673 }
16674
16675 void
ArgusPrintStdDeviationLabel(struct ArgusParserStruct * parser,char * buf,int len)16676 ArgusPrintStdDeviationLabel (struct ArgusParserStruct *parser, char *buf, int len)
16677 {
16678 sprintf (buf, "%*.*s ", len, len, "StdDev");
16679 }
16680
16681 void
ArgusPrintStartRangeLabel(struct ArgusParserStruct * parser,char * buf,int len)16682 ArgusPrintStartRangeLabel (struct ArgusParserStruct *parser, char *buf, int len)
16683 {
16684 sprintf (buf, "%*.*s ", len, len, "SRange");
16685 }
16686
16687 void
ArgusPrintEndRangeLabel(struct ArgusParserStruct * parser,char * buf,int len)16688 ArgusPrintEndRangeLabel (struct ArgusParserStruct *parser, char *buf, int len)
16689 {
16690 sprintf (buf, "%*.*s ", len, len, "ERange");
16691 }
16692
16693 void
ArgusPrintTransactionsLabel(struct ArgusParserStruct * parser,char * buf,int len)16694 ArgusPrintTransactionsLabel (struct ArgusParserStruct *parser, char *buf, int len)
16695 {
16696 char *ptr;
16697 if (parser->Pctflag)
16698 ptr = "pTrans";
16699 else
16700 ptr = "Trans";
16701 sprintf (buf, "%*.*s ", len, len, ptr);
16702 }
16703
16704 void
ArgusPrintCorLabel(struct ArgusParserStruct * parser,char * buf,int len)16705 ArgusPrintCorLabel (struct ArgusParserStruct *parser, char *buf, int len)
16706 {
16707 sprintf (buf, "%*.*s ", len, len, "Cor");
16708 }
16709
16710 void
ArgusPrintSequenceNumberLabel(struct ArgusParserStruct * parser,char * buf,int len)16711 ArgusPrintSequenceNumberLabel (struct ArgusParserStruct *parser, char *buf, int len)
16712 {
16713 sprintf (buf, "%*sSeq%*s ", (len - 3)/2, " ", (len - 3)/2, " ");
16714 if (!(len & 0x01)) sprintf (&buf[strlen(buf)], " ");
16715 }
16716
16717 void
ArgusPrintRankLabel(struct ArgusParserStruct * parser,char * buf,int len)16718 ArgusPrintRankLabel (struct ArgusParserStruct *parser, char *buf, int len)
16719 {
16720 sprintf (buf, "%*sRank%*s", (len - 4)/2, " ", (len - 4)/2, " ");
16721 if (!(len & 0x01)) sprintf (&buf[strlen(buf)], " ");
16722 }
16723
16724 void
ArgusPrintBinNumberLabel(struct ArgusParserStruct * parser,char * buf,int len)16725 ArgusPrintBinNumberLabel (struct ArgusParserStruct *parser, char *buf, int len)
16726 {
16727 sprintf (buf, "%*sBin%*s ", (len - 3)/2, " ", (len - 3)/2, " ");
16728 if (!(len & 0x01)) sprintf (&buf[strlen(buf)], " ");
16729 }
16730
16731 void
ArgusPrintBinsLabel(struct ArgusParserStruct * parser,char * buf,int len)16732 ArgusPrintBinsLabel (struct ArgusParserStruct *parser, char *buf, int len)
16733 {
16734 sprintf (buf, "%*sBins%*s ", (len - 4)/2, " ", (len - 4)/2, " ");
16735 if (!(len & 0x01)) sprintf (&buf[strlen(buf)], " ");
16736 }
16737
16738 void
ArgusPrintByteOffsetLabel(struct ArgusParserStruct * parser,char * buf,int len)16739 ArgusPrintByteOffsetLabel (struct ArgusParserStruct *parser, char *buf, int len)
16740 {
16741 sprintf (buf, "%*.*s ", len, len, "Offset");
16742 }
16743
16744 void
ArgusPrintAutoIdLabel(struct ArgusParserStruct * parser,char * buf,int len)16745 ArgusPrintAutoIdLabel (struct ArgusParserStruct *parser, char *buf, int len)
16746 {
16747 sprintf (buf, "%*.*s ", len, len, "AutoId");
16748 }
16749
16750 void
ArgusPrintSrcEncapsLabel(struct ArgusParserStruct * parser,char * buf,int len)16751 ArgusPrintSrcEncapsLabel (struct ArgusParserStruct *parser, char *buf, int len)
16752 {
16753 sprintf (buf, "%*.*s ", len, len, "sEnc");
16754 }
16755
16756 void
ArgusPrintDstEncapsLabel(struct ArgusParserStruct * parser,char * buf,int len)16757 ArgusPrintDstEncapsLabel (struct ArgusParserStruct *parser, char *buf, int len)
16758 {
16759 sprintf (buf, "%*.*s ", len, len, "dEnc");
16760 }
16761
16762 void
ArgusPrintSrcPktSizeLabel(struct ArgusParserStruct * parser,char * buf,int len)16763 ArgusPrintSrcPktSizeLabel (struct ArgusParserStruct *parser, char *buf, int len)
16764 {
16765 sprintf (buf, "%*.*s ", len, len, "sPktSz");
16766 }
16767
16768 void
ArgusPrintSrcMaxPktSizeLabel(struct ArgusParserStruct * parser,char * buf,int len)16769 ArgusPrintSrcMaxPktSizeLabel (struct ArgusParserStruct *parser, char *buf, int len)
16770 {
16771 sprintf (buf, "%*.*s ", len, len, "sMaxPktSz");
16772 }
16773
16774 void
ArgusPrintSrcMinPktSizeLabel(struct ArgusParserStruct * parser,char * buf,int len)16775 ArgusPrintSrcMinPktSizeLabel (struct ArgusParserStruct *parser, char *buf, int len)
16776 {
16777 sprintf (buf, "%*.*s ", len, len, "sMinPktSz");
16778 }
16779
16780 void
ArgusPrintSrcMeanPktSizeLabel(struct ArgusParserStruct * parser,char * buf,int len)16781 ArgusPrintSrcMeanPktSizeLabel (struct ArgusParserStruct *parser, char *buf, int len)
16782 {
16783 sprintf (buf, "%*.*s ", len, len, "sMeanPktSz");
16784 }
16785
16786
16787 void
ArgusPrintDstPktSizeLabel(struct ArgusParserStruct * parser,char * buf,int len)16788 ArgusPrintDstPktSizeLabel (struct ArgusParserStruct *parser, char *buf, int len)
16789 {
16790 sprintf (buf, "%*.*s ", len, len, "dPktSz");
16791 }
16792
16793 void
ArgusPrintDstMaxPktSizeLabel(struct ArgusParserStruct * parser,char * buf,int len)16794 ArgusPrintDstMaxPktSizeLabel (struct ArgusParserStruct *parser, char *buf, int len)
16795 {
16796 sprintf (buf, "%*.*s ", len, len, "dMaxPktSz");
16797 }
16798
16799 void
ArgusPrintDstMinPktSizeLabel(struct ArgusParserStruct * parser,char * buf,int len)16800 ArgusPrintDstMinPktSizeLabel (struct ArgusParserStruct *parser, char *buf, int len)
16801 {
16802 sprintf (buf, "%*.*s ", len, len, "dMinPktSz");
16803 }
16804
16805 void
ArgusPrintDstMeanPktSizeLabel(struct ArgusParserStruct * parser,char * buf,int len)16806 ArgusPrintDstMeanPktSizeLabel (struct ArgusParserStruct *parser, char *buf, int len)
16807 {
16808 sprintf (buf, "%*.*s ", len, len, "dMeanPktSz");
16809 }
16810
16811 void
ArgusPrintSrcCountryCodeLabel(struct ArgusParserStruct * parser,char * buf,int len)16812 ArgusPrintSrcCountryCodeLabel (struct ArgusParserStruct *parser, char *buf, int len)
16813 {
16814 sprintf (buf, "%*.*s ", len, len, "sCo");
16815 }
16816
16817 void
ArgusPrintDstCountryCodeLabel(struct ArgusParserStruct * parser,char * buf,int len)16818 ArgusPrintDstCountryCodeLabel (struct ArgusParserStruct *parser, char *buf, int len)
16819 {
16820 sprintf (buf, "%*.*s ", len, len, "dCo");
16821 }
16822
16823 void
ArgusPrintInodeCountryCodeLabel(struct ArgusParserStruct * parser,char * buf,int len)16824 ArgusPrintInodeCountryCodeLabel (struct ArgusParserStruct *parser, char *buf, int len)
16825 {
16826 sprintf (buf, "%*.*s ", len, len, "iCo");
16827 }
16828
16829 void
ArgusPrintSrcAsnLabel(struct ArgusParserStruct * parser,char * buf,int len)16830 ArgusPrintSrcAsnLabel (struct ArgusParserStruct *parser, char *buf, int len)
16831 {
16832 sprintf (buf, "%*.*s ", len, len, "sAS");
16833 }
16834
16835 void
ArgusPrintDstAsnLabel(struct ArgusParserStruct * parser,char * buf,int len)16836 ArgusPrintDstAsnLabel (struct ArgusParserStruct *parser, char *buf, int len)
16837 {
16838 sprintf (buf, "%*.*s ", len, len, "dAS");
16839 }
16840
16841 void
ArgusPrintInodeAsnLabel(struct ArgusParserStruct * parser,char * buf,int len)16842 ArgusPrintInodeAsnLabel (struct ArgusParserStruct *parser, char *buf, int len)
16843 {
16844 sprintf (buf, "%*.*s ", len, len, "iAS");
16845 }
16846
16847 void
ArgusPrintIcmpIdLabel(struct ArgusParserStruct * parser,char * buf,int len)16848 ArgusPrintIcmpIdLabel (struct ArgusParserStruct *parser, char *buf, int len)
16849 {
16850 sprintf (buf, "%*.*s ", len, len, "IcmpId");
16851 }
16852
16853 void
ArgusPrintResponseLabel(struct ArgusParserStruct * parser,char * buf,int len)16854 ArgusPrintResponseLabel (struct ArgusParserStruct *parser, char *buf, int len)
16855 {
16856 sprintf (buf, "%*.*s ", len, len, "Response");
16857 }
16858
16859 void
ArgusPrintLabelLabel(struct ArgusParserStruct * parser,char * buf,int len)16860 ArgusPrintLabelLabel (struct ArgusParserStruct *parser, char *buf, int len)
16861 {
16862 sprintf (buf, "%*.*s ", len, len, "Label");
16863 }
16864
16865
16866 void ArgusDump (const u_char *, int, char *);
16867
16868 void
ArgusPrintSrcUserData(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)16869 ArgusPrintSrcUserData (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
16870 {
16871 struct ArgusDataStruct *user = NULL;
16872 char strbuf[MAXSTRLEN], *str = strbuf;
16873 char conbuf[MAXSTRLEN], *con = conbuf;
16874 int slen = 0, exlen = len;
16875 // char delim = ' ';
16876
16877 // if ((parser->RaFieldDelimiter != ' ') && (parser->RaFieldDelimiter != '\0'))
16878 // delim = parser->RaFieldDelimiter;
16879
16880 bzero (conbuf, sizeof(conbuf));
16881 bzero (strbuf, sizeof(strbuf));
16882 bzero (buf, len);
16883
16884 if (len > 0) {
16885 switch (parser->eflag) {
16886 case ARGUS_HEXDUMP:
16887 return;
16888 break;
16889
16890 case ARGUS_ENCODE_ASCII:
16891 case ARGUS_ENCODE_OBFUSCATE:
16892 exlen = len;
16893 break;
16894
16895 case ARGUS_ENCODE_32:
16896 case ARGUS_ENCODE_64:
16897 exlen = len * 2;
16898 break;
16899 }
16900 exlen += 8;
16901 if (len >= 10) exlen++;
16902 if (len >= 100) exlen++;
16903
16904 if ((user = (struct ArgusDataStruct *)argus->dsrs[ARGUS_SRCUSERDATA_INDEX]) != NULL) {
16905 unsigned short *sptr = &user->hdr.argus_dsrvl16.len;
16906 slen = (*sptr - 2 ) * 4;
16907
16908 slen = (user->count < len) ? user->count : slen;
16909 slen = (slen > len) ? len : slen;
16910
16911 bzero (strbuf, sizeof(strbuf));
16912
16913 if ((slen = ArgusEncode (parser, (const char *)&user->array, NULL, slen, str, sizeof(strbuf))) > 0) {
16914 if (parser->ArgusPrintXml) {
16915 switch (parser->eflag) {
16916 case ARGUS_ENCODE_OBFUSCATE:
16917 case ARGUS_ENCODE_ASCII: {
16918 char xmlbuf[MAXSTRLEN], *dptr = str;
16919 int i, dlen;
16920
16921 bzero(xmlbuf, sizeof(xmlbuf));
16922 for (i = 0; i < slen; i++) {
16923 if (*dptr == '&')
16924 sprintf(&xmlbuf[strlen(xmlbuf)], "&");
16925 else if (*dptr == '"')
16926 sprintf(&xmlbuf[strlen(xmlbuf)], """);
16927 else if (*dptr == '\'')
16928 sprintf(&xmlbuf[strlen(xmlbuf)], "'");
16929 else if (*dptr == '<')
16930 sprintf(&xmlbuf[strlen(xmlbuf)], "<");
16931 else if (*dptr == '>')
16932 sprintf(&xmlbuf[strlen(xmlbuf)], ">");
16933 else
16934 sprintf(&xmlbuf[strlen(xmlbuf)], "%c", *dptr);
16935 dptr++;
16936 }
16937 dlen = strlen(xmlbuf);
16938 sprintf (con, "%*.*s", dlen, dlen, xmlbuf);
16939 break;
16940 }
16941 default:
16942 sprintf (con, "%s", str);
16943 break;
16944 }
16945 } else {
16946 sprintf (con, "s[%d]=%s", slen, str);
16947 }
16948 }
16949 }
16950 }
16951
16952 if (parser->ArgusPrintXml) {
16953 sprintf (buf, " SrcUserData = \"%s\"", con);
16954 } else {
16955 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
16956 exlen = strlen(con);
16957 sprintf (buf, "%-*.*s ", exlen, exlen, con);
16958 }
16959
16960 #ifdef ARGUSDEBUG
16961 ArgusDebug (10, "ArgusPrintSrcUserData (%p, %p)", buf, argus);
16962 #endif
16963 }
16964
16965 void
ArgusPrintDstUserData(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)16966 ArgusPrintDstUserData (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
16967 {
16968 struct ArgusDataStruct *user = NULL;
16969 char strbuf[MAXSTRLEN], *str = strbuf;
16970 char conbuf[MAXSTRLEN], *con = conbuf;
16971 int slen = 0, exlen = len;
16972 // char delim = ' ';
16973
16974 // if ((parser->RaFieldDelimiter != ' ') && (parser->RaFieldDelimiter != '\0'))
16975 // delim = parser->RaFieldDelimiter;
16976
16977 bzero (conbuf, sizeof(conbuf));
16978 bzero (buf, len);
16979
16980 if (len > 0) {
16981 switch (parser->eflag) {
16982 case ARGUS_HEXDUMP:
16983 return;
16984 break;
16985
16986 case ARGUS_ENCODE_OBFUSCATE:
16987 case ARGUS_ENCODE_ASCII:
16988 exlen = len;
16989 break;
16990
16991 case ARGUS_ENCODE_32:
16992 case ARGUS_ENCODE_64:
16993 exlen = len * 2;
16994 break;
16995 }
16996 exlen += 8;
16997 if (len > 10) exlen++;
16998
16999 if ((user = (struct ArgusDataStruct *)argus->dsrs[ARGUS_DSTUSERDATA_INDEX]) != NULL) {
17000 unsigned short *sptr = &user->hdr.argus_dsrvl16.len;
17001 slen = (*sptr - 2 ) * 4;
17002 slen = (user->count < slen) ? user->count : slen;
17003 slen = (slen > len) ? len : slen;
17004
17005 bzero (strbuf, sizeof(strbuf));
17006
17007 if ((slen = ArgusEncode (parser, (const char *)&user->array, NULL, slen, str, sizeof(strbuf))) > 0) {
17008 if (parser->ArgusPrintXml) {
17009 switch (parser->eflag) {
17010 case ARGUS_ENCODE_OBFUSCATE:
17011 case ARGUS_ENCODE_ASCII: {
17012 char xmlbuf[MAXSTRLEN], *dptr = str;
17013 int i, dlen;
17014
17015 bzero(xmlbuf, sizeof(xmlbuf));
17016 for (i = 0; i < slen; i++) {
17017 if (*dptr == '&')
17018 sprintf(&xmlbuf[strlen(xmlbuf)], "&");
17019 else if (*dptr == '<')
17020 sprintf(&xmlbuf[strlen(xmlbuf)], "<");
17021 else if (*dptr == '>')
17022 sprintf(&xmlbuf[strlen(xmlbuf)], ">");
17023 else
17024 sprintf(&xmlbuf[strlen(xmlbuf)], "%c", *dptr);
17025 dptr++;
17026 }
17027 dlen = strlen(xmlbuf);
17028 sprintf (con, "%*.*s", dlen, dlen, xmlbuf);
17029 break;
17030 }
17031 default:
17032 sprintf (con, "%s", str);
17033 break;
17034 }
17035 } else {
17036 sprintf (con, "d[%d]=%s", slen, str);
17037 }
17038 }
17039 }
17040 }
17041
17042 if (parser->ArgusPrintXml) {
17043 sprintf (buf, " DstUserData = \"%s\"", con);
17044 } else {
17045 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
17046 exlen = strlen(con);
17047 sprintf (buf, "%-*.*s ", exlen, exlen, con);
17048 }
17049
17050 #ifdef ARGUSDEBUG
17051 ArgusDebug (10, "ArgusPrintDstUserData (%p, %p)", buf, argus);
17052 #endif
17053 }
17054
17055 /*
17056 void
17057 ArgusPrintUserData (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
17058 {
17059 ArgusPrintSrcUserData(parser, buf, argus);
17060 ArgusPrintDstUserData(parser, buf, argus);
17061
17062 #ifdef ARGUSDEBUG
17063 ArgusDebug (10, "ArgusPrintUserData (%p, %p)", buf, argus);
17064 #endif
17065 }
17066 */
17067
17068
17069 static char basis_64[] =
17070 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????";
17071
17072
17073 int
ArgusEncode(struct ArgusParserStruct * parser,const char * ptr,const char * mask,int len,char * str,int slen)17074 ArgusEncode (struct ArgusParserStruct *parser, const char *ptr, const char *mask, int len, char *str, int slen)
17075 {
17076 int retn = 0, i;
17077
17078 switch (parser->eflag) {
17079 case ARGUS_ENCODE_32:
17080 retn = ArgusEncode32(parser, ptr, len, &str[strlen(str)], slen - strlen(str));
17081 if (mask != NULL) {
17082 for (i = 0; i < len; i++) {
17083 if ((mask[i/8] & (0x80 >> (i % 8)))) {
17084 str[((2*i))] = ' ';
17085 str[((2*i)) + 1] = ' ';
17086 }
17087 }
17088 }
17089 break;
17090
17091 case ARGUS_ENCODE_64:
17092 retn = ArgusEncode64(parser, ptr, len, &str[strlen(str)], slen - strlen(str));
17093 break;
17094
17095 case ARGUS_ENCODE_OBFUSCATE:
17096 case ARGUS_ENCODE_ASCII:
17097 retn = ArgusEncodeAscii(parser, ptr, len, &str[strlen(str)], slen - strlen(str));
17098 if (mask != NULL) {
17099 for (i = 0; i < len; i++)
17100 if ((mask[i/8] & (0x80 >> (i % 8))))
17101 str[i] = ' ';
17102 }
17103 break;
17104
17105 default:
17106 break;
17107 }
17108
17109
17110 return (retn);
17111 }
17112
17113 static char basis_16[] = "0123456789ABCDEF";
17114
17115 int
ArgusEncode32(struct ArgusParserStruct * parser,const char * ptr,int len,char * str,int slen)17116 ArgusEncode32 (struct ArgusParserStruct *parser, const char *ptr, int len, char *str, int slen)
17117 {
17118 int retn = 0, i;
17119 u_char *buf = (u_char *) str;
17120 unsigned newlen;
17121
17122 if (ptr && ((newlen = (((len + 1) & ~0x01) * 2)) < slen)) {
17123 for (i = 0; i < len; i++) {
17124 *buf++ = basis_16[((ptr[i] & 0xF0) >> 4)];
17125 *buf++ = basis_16[((ptr[i] & 0x0F))];
17126 }
17127
17128 retn = newlen;
17129 }
17130
17131 return (retn);
17132 }
17133
17134
17135 int
ArgusEncode64(struct ArgusParserStruct * parser,const char * ptr,int len,char * str,int slen)17136 ArgusEncode64 (struct ArgusParserStruct *parser, const char *ptr, int len, char *str, int slen)
17137 {
17138 int retn = 0;
17139 const u_char *in = (const u_char *)ptr;
17140 u_char *buf = (u_char *) str;
17141 u_char oval;
17142 unsigned newlen;
17143
17144 if (ptr && ((newlen = (len + 2) / 3 * 4) < slen)) {
17145 while (len >= 3) {
17146 *buf++ = basis_64[in[0] >> 2];
17147 *buf++ = basis_64[((in[0] << 4) & 0x30) | (in[1] >> 4)];
17148 *buf++ = basis_64[((in[1] << 2) & 0x3c) | (in[2] >> 6)];
17149 *buf++ = basis_64[in[2] & 0x3f];
17150 in += 3;
17151 len -= 3;
17152 }
17153 if (len > 0) {
17154 *buf++ = basis_64[in[0] >> 2];
17155 oval = (in[0] << 4) & 0x30;
17156 if (len > 1) oval |= in[1] >> 4;
17157 *buf++ = basis_64[oval];
17158 *buf++ = (len < 2) ? '=' : basis_64[(in[1] << 2) & 0x3c];
17159 *buf++ = '=';
17160 }
17161
17162 retn = newlen;
17163 }
17164
17165 return (retn);
17166 }
17167
17168 #include <ctype.h>
17169
17170 int
ArgusEncodeAscii(struct ArgusParserStruct * parser,const char * ptr,int len,char * str,int slen)17171 ArgusEncodeAscii (struct ArgusParserStruct *parser, const char *ptr, int len, char *str, int slen)
17172 {
17173 int retn = 0, newlen = len;
17174 u_char *buf = (u_char *) str;
17175
17176 if (ptr && (len < slen)) {
17177 int blen = len;
17178 while (blen > 0) {
17179 if (isascii((int)*ptr) && isprint((int)*ptr))
17180 *buf = *ptr;
17181 else
17182 *buf = '.';
17183 buf++;
17184 ptr++;
17185 blen--;
17186 }
17187
17188 if (parser->eflag == ARGUS_ENCODE_OBFUSCATE) {
17189 int blen = len;
17190 while ((blen > 0) && ((buf = (u_char *) strstr (str, "PASS")) != NULL)) {
17191 buf += 5;
17192 blen -= 5;
17193 while (((void *)(str + newlen) > (void *) buf) && ((*buf != ' ') && (*buf != '.'))) {
17194 *buf++ = 'x';
17195 blen--;
17196 }
17197 str = (char *) buf;
17198 }
17199 }
17200
17201 retn = newlen;
17202 }
17203
17204 return (retn);
17205 }
17206
17207
17208 struct ArgusQueueStruct *
ArgusNewQueue()17209 ArgusNewQueue ()
17210 {
17211 struct ArgusQueueStruct *retn = NULL;
17212
17213 if ((retn = (struct ArgusQueueStruct *) ArgusCalloc (1, sizeof (struct ArgusQueueStruct))) != NULL) {
17214 retn->count = 0;
17215 #if defined(ARGUS_THREADS)
17216 pthread_mutex_init(&retn->lock, NULL);
17217 #endif
17218 retn->start = NULL;
17219 retn->end = NULL;
17220 }
17221
17222 #ifdef ARGUSDEBUG
17223 ArgusDebug (4, "ArgusNewQueue () returning %p\n", retn);
17224 #endif
17225
17226 return (retn);
17227 }
17228
17229 void
ArgusDeleteQueue(struct ArgusQueueStruct * queue)17230 ArgusDeleteQueue (struct ArgusQueueStruct *queue)
17231 {
17232 struct ArgusQueueHeader *obj = NULL;
17233
17234 if (queue != NULL) {
17235 #if defined(ARGUS_THREADS)
17236 pthread_mutex_lock(&queue->lock);
17237 #endif
17238
17239 while ((obj = ArgusPopQueue(queue, ARGUS_NOLOCK)))
17240 ArgusFree(obj);
17241
17242 if (queue->array != NULL) {
17243 ArgusFree(queue->array);
17244 queue->array = NULL;
17245 }
17246
17247 #if defined(ARGUS_THREADS)
17248 pthread_mutex_destroy(&queue->lock);
17249 #endif
17250 ArgusFree(queue);
17251 }
17252
17253 #ifdef ARGUSDEBUG
17254 ArgusDebug (4, "ArgusDeleteQueue (%p) returning\n", queue);
17255 #endif
17256 }
17257
17258
17259
17260 int
ArgusGetQueueCount(struct ArgusQueueStruct * queue)17261 ArgusGetQueueCount(struct ArgusQueueStruct *queue)
17262 {
17263
17264 #ifdef ARGUSDEBUG
17265 ArgusDebug (10, "ArgusGetQueueCount (%p) returning %d\n", queue, queue->count);
17266 #endif
17267
17268 return (queue->count);
17269 }
17270
17271
17272 // Add object to start of queue
17273
17274 void
ArgusPushQueue(struct ArgusQueueStruct * queue,struct ArgusQueueHeader * obj,int type)17275 ArgusPushQueue(struct ArgusQueueStruct *queue, struct ArgusQueueHeader *obj, int type)
17276 {
17277 int retn = 0;
17278
17279 #if defined(ARGUS_THREADS)
17280 if (type == ARGUS_LOCK)
17281 pthread_mutex_lock(&queue->lock);
17282 #endif
17283 if ((retn = ArgusAddToQueue (queue, obj, ARGUS_NOLOCK)) > 0) {
17284 queue->start = queue->start->prv;
17285 queue->end = queue->start->prv;
17286 }
17287
17288 #if defined(ARGUS_THREADS)
17289 if (type == ARGUS_LOCK)
17290 pthread_mutex_unlock(&queue->lock);
17291 #endif
17292
17293 #ifdef ARGUSDEBUG
17294 ArgusDebug (10, "ArgusPushQueue (%p, %p, %d) returning\n", queue, obj, type);
17295 #endif
17296 }
17297
17298
17299 // Add object to end of queue
17300
17301 int
ArgusAddToQueue(struct ArgusQueueStruct * queue,struct ArgusQueueHeader * obj,int type)17302 ArgusAddToQueue(struct ArgusQueueStruct *queue, struct ArgusQueueHeader *obj, int type)
17303 {
17304 int retn = 0;
17305
17306 if (queue && obj) {
17307 if (obj->queue == NULL) {
17308 #if defined(ARGUS_THREADS)
17309 if (type == ARGUS_LOCK)
17310 pthread_mutex_lock(&queue->lock);
17311 #endif
17312 if (queue->start != NULL) {
17313 obj->prv = queue->start->prv;
17314 queue->start->prv = obj;
17315 obj->nxt = queue->start;
17316 obj->prv->nxt = obj;
17317 } else {
17318 queue->start = obj;
17319 obj->nxt = obj;
17320 obj->prv = obj;
17321 }
17322 queue->end = obj;
17323 queue->count++;
17324 #if defined(ARGUS_THREADS)
17325 if (type == ARGUS_LOCK)
17326 pthread_mutex_unlock(&queue->lock);
17327 #endif
17328 obj->queue = queue;
17329
17330 if (ArgusParser->status & ARGUS_REAL_TIME_PROCESS) {
17331 obj->lasttime = ArgusParser->ArgusGlobalTime;
17332 } else {
17333 gettimeofday(&obj->lasttime, 0L);
17334 }
17335 retn = 1;
17336
17337 queue->status |= RA_MODIFIED;
17338
17339 } else
17340 ArgusLog (LOG_ERR, "ArgusAddToQueue (%p, %p) obj in queue %p\n", queue, obj, obj->queue);
17341 } else
17342 ArgusLog (LOG_ERR, "ArgusAddToQueue (%p, %p) parameter error\n", queue, obj);
17343
17344 #ifdef ARGUSDEBUG
17345 ArgusDebug (10, "ArgusAddToQueue (%p, %p) returning %d\n", queue, obj, retn);
17346 #endif
17347
17348 return (retn);
17349 }
17350
17351
17352 struct ArgusQueueHeader *
ArgusPopQueue(struct ArgusQueueStruct * queue,int type)17353 ArgusPopQueue (struct ArgusQueueStruct *queue, int type)
17354 {
17355 struct ArgusQueueHeader *retn = NULL;
17356 struct ArgusQueueHeader *obj = NULL;
17357
17358 if (queue) {
17359 #if defined(ARGUS_THREADS)
17360 if (type == ARGUS_LOCK)
17361 pthread_mutex_lock(&queue->lock);
17362 #endif
17363 if (queue->count) {
17364 if ((obj = (struct ArgusQueueHeader *) queue->start) != NULL) {
17365 queue->count--;
17366
17367 if (queue->count) {
17368 if (queue->start == obj)
17369 queue->start = obj->nxt;
17370
17371 obj->prv->nxt = obj->nxt;
17372 obj->nxt->prv = obj->prv;
17373
17374 queue->end = queue->start->prv;
17375
17376 } else {
17377 queue->start = NULL;
17378 queue->end = NULL;
17379 }
17380 }
17381 if (obj != NULL) {
17382 obj->prv = NULL;
17383 obj->nxt = NULL;
17384 obj->queue = NULL;
17385 retn = obj;
17386 }
17387 }
17388
17389 queue->status |= RA_MODIFIED;
17390
17391 #if defined(ARGUS_THREADS)
17392 if (type == ARGUS_LOCK)
17393 pthread_mutex_unlock(&queue->lock);
17394 #endif
17395 }
17396
17397 #ifdef ARGUSDEBUG
17398 ArgusDebug (10, "ArgusPopQueue (%p) returning %p\n", queue, retn);
17399 #endif
17400
17401 return(retn);
17402 }
17403
17404
17405 struct ArgusQueueHeader *
ArgusRemoveFromQueue(struct ArgusQueueStruct * queue,struct ArgusQueueHeader * obj,int type)17406 ArgusRemoveFromQueue(struct ArgusQueueStruct *queue, struct ArgusQueueHeader *obj, int type)
17407 {
17408 struct ArgusQueueHeader *retn = NULL;
17409
17410 if ((queue != NULL) && (obj != NULL)) {
17411 if (obj->queue == queue) {
17412 #if defined(ARGUS_THREADS)
17413 if (type == ARGUS_LOCK)
17414 pthread_mutex_lock(&queue->lock);
17415 #endif
17416 if (queue->count) {
17417 queue->count--;
17418
17419 if (queue->count) {
17420 if (queue->start == obj)
17421 queue->start = obj->nxt;
17422
17423 obj->prv->nxt = obj->nxt;
17424 obj->nxt->prv = obj->prv;
17425
17426 queue->end = queue->start->prv;
17427
17428 } else {
17429 queue->start = NULL;
17430 queue->end = NULL;
17431 }
17432 }
17433
17434 queue->status |= RA_MODIFIED;
17435
17436 #if defined(ARGUS_THREADS)
17437 if (type == ARGUS_LOCK)
17438 pthread_mutex_unlock(&queue->lock);
17439 #endif
17440 obj->prv = NULL;
17441 obj->nxt = NULL;
17442 obj->queue = NULL;
17443 retn = obj;
17444
17445 } else
17446 ArgusLog (LOG_ERR, "ArgusRemoveFromQueue(%p, %p) obj not in queue\n", queue, obj);
17447 } else
17448 ArgusLog (LOG_ERR, "ArgusRemoveFromQueue(%p, %p) parameter error\n", queue, obj);
17449
17450 #ifdef ARGUSDEBUG
17451 ArgusDebug (10, "ArgusRemoveFromQueue (%p, %p) returning %p\n", queue, obj, obj);
17452 #endif
17453
17454 return (retn);
17455 }
17456
17457
17458 struct ArgusListStruct *
ArgusNewList()17459 ArgusNewList ()
17460 {
17461 struct ArgusListStruct *retn = NULL;
17462
17463 if ((retn = (struct ArgusListStruct *) ArgusCalloc (1, sizeof (struct ArgusListStruct))) != NULL) {
17464 #if defined(ARGUS_THREADS)
17465 pthread_mutex_init(&retn->lock, NULL);
17466 pthread_cond_init(&retn->cond, NULL);
17467 #endif
17468 }
17469
17470 #ifdef ARGUSDEBUG
17471 ArgusDebug (4, "ArgusNewList () returning %p\n", retn);
17472 #endif
17473
17474 return (retn);
17475 }
17476
17477 void
ArgusDeleteList(struct ArgusListStruct * list,int type)17478 ArgusDeleteList (struct ArgusListStruct *list, int type)
17479 {
17480 if (list) {
17481 while (list->start) {
17482 struct ArgusListRecord *retn = ArgusPopFrontList(list, ARGUS_LOCK);
17483 switch (type) {
17484 case ARGUS_RFILE_LIST: {
17485 struct ArgusRfileStruct *rfile = (struct ArgusRfileStruct *) retn;
17486 if (rfile->name != NULL)
17487 free(rfile->name);
17488 ArgusFree(retn);
17489 break;
17490 }
17491
17492 case ARGUS_WFILE_LIST: {
17493 struct ArgusWfileStruct *wfile = (struct ArgusWfileStruct *) retn;
17494 if (wfile->filename != NULL)
17495 free(wfile->filename);
17496 if (wfile->filterstr != NULL)
17497 free(wfile->filterstr);
17498 if (wfile->fd != NULL)
17499 fclose(wfile->fd);
17500 ArgusFree(retn);
17501 break;
17502 }
17503
17504 case ARGUS_OUTPUT_LIST:
17505 ArgusDeleteRecordStruct(ArgusParser, (struct ArgusRecordStruct *)retn);
17506 break;
17507 }
17508 }
17509
17510 #if defined(ARGUS_THREADS)
17511 pthread_mutex_destroy(&list->lock);
17512 pthread_cond_destroy(&list->cond);
17513 #endif
17514 ArgusFree (list);
17515 }
17516
17517 #ifdef ARGUSDEBUG
17518 ArgusDebug (3, "ArgusDeleteList (%p, %d) returning\n", list, type);
17519 #endif
17520 }
17521
17522 int
ArgusListEmpty(struct ArgusListStruct * list)17523 ArgusListEmpty (struct ArgusListStruct *list)
17524 {
17525 return (list->start == NULL);
17526 }
17527
17528 int
ArgusGetListCount(struct ArgusListStruct * list)17529 ArgusGetListCount(struct ArgusListStruct *list)
17530 {
17531 return (list->count);
17532 }
17533
17534
17535 int
ArgusPushFrontList(struct ArgusListStruct * list,struct ArgusListRecord * rec,int lstat)17536 ArgusPushFrontList(struct ArgusListStruct *list, struct ArgusListRecord *rec, int lstat)
17537 {
17538 int retn = 0;
17539
17540 if (list && rec) {
17541 #if defined(ARGUS_THREADS)
17542 if (lstat)
17543 pthread_mutex_lock(&list->lock);
17544 #endif
17545 if (list->start) {
17546 rec->nxt = list->start;
17547 } else {
17548 rec->nxt = NULL;
17549 }
17550 list->start = (struct ArgusListObjectStruct *) rec;
17551 if (list->end == NULL)
17552 list->end = (struct ArgusListObjectStruct *) rec;
17553 list->count++;
17554 #if defined(ARGUS_THREADS)
17555 if (lstat)
17556 pthread_mutex_unlock(&list->lock);
17557 #endif
17558 retn++;
17559 }
17560
17561 #ifdef ARGUSDEBUG
17562 ArgusDebug (6, "ArgusPushFrontList (%p, %p, %d) returning 0x%x\n", list, rec, lstat);
17563 #endif
17564
17565 return (retn);
17566 }
17567
17568 int
ArgusPushBackList(struct ArgusListStruct * list,struct ArgusListRecord * rec,int lstat)17569 ArgusPushBackList(struct ArgusListStruct *list, struct ArgusListRecord *rec, int lstat)
17570 {
17571 int retn = 0;
17572
17573 if (list && rec) {
17574 rec->nxt = NULL;
17575
17576 #if defined(ARGUS_THREADS)
17577 if (lstat)
17578 pthread_mutex_lock(&list->lock);
17579 #endif
17580 if (list->end) {
17581 list->end->nxt = (struct ArgusListObjectStruct *) rec;
17582 } else {
17583 list->start = (struct ArgusListObjectStruct *) rec;
17584 }
17585 list->end = (struct ArgusListObjectStruct *) rec;
17586 list->count++;
17587 #if defined(ARGUS_THREADS)
17588 if (lstat)
17589 pthread_mutex_unlock(&list->lock);
17590 #endif
17591 retn++;
17592 }
17593 #ifdef ARGUSDEBUG
17594 ArgusDebug (6, "ArgusPushBackList (%p, %p, %d) returning %d\n", list, rec, lstat, retn);
17595 #endif
17596
17597 return (retn);
17598 }
17599
17600 void ArgusLoadList(struct ArgusListStruct *, struct ArgusListStruct *);
17601
17602
17603 void
ArgusLoadList(struct ArgusListStruct * l1,struct ArgusListStruct * l2)17604 ArgusLoadList(struct ArgusListStruct *l1, struct ArgusListStruct *l2)
17605 {
17606 if (l1 && l2) {
17607 #if defined(ARGUS_THREADS)
17608 pthread_mutex_lock(&l1->lock);
17609 pthread_mutex_lock(&l2->lock);
17610 #endif
17611
17612 if (l2->start == NULL)
17613 l2->start = l1->start;
17614 else
17615 l2->end->nxt = l1->start;
17616
17617 l2->end = l1->end;
17618 l2->count += l1->count;
17619
17620 l1->start = NULL;
17621 l1->end = NULL;
17622 l1->count = 0;
17623
17624 #if defined(ARGUS_THREADS)
17625 pthread_mutex_unlock(&l2->lock);
17626 pthread_mutex_unlock(&l1->lock);
17627 #endif
17628 }
17629 }
17630
17631 struct ArgusListRecord *
ArgusFrontList(struct ArgusListStruct * list)17632 ArgusFrontList(struct ArgusListStruct *list)
17633 {
17634 return ((struct ArgusListRecord *) list->start);
17635 }
17636
17637 struct ArgusListRecord *
ArgusPopFrontList(struct ArgusListStruct * list,int lstat)17638 ArgusPopFrontList(struct ArgusListStruct *list, int lstat)
17639 {
17640 struct ArgusListRecord *retn = NULL;
17641
17642 #if defined(ARGUS_THREADS)
17643 if (lstat)
17644 pthread_mutex_lock(&list->lock);
17645 #endif
17646 if ((retn = (struct ArgusListRecord *) list->start)) {
17647 if (--list->count == 0) {
17648 list->start = NULL;
17649 list->end = NULL;
17650 } else
17651 list->start = retn->nxt;
17652 }
17653 #if defined(ARGUS_THREADS)
17654 if (lstat)
17655 pthread_mutex_unlock(&list->lock);
17656 #endif
17657
17658 #ifdef ARGUSDEBUG
17659 ArgusDebug (9, "ArgusPopFrontList (%p, %d) returning %p\n", list, lstat, retn);
17660 #endif
17661
17662 return (retn);
17663 }
17664
17665
17666 #ifdef NOVFPRINTF
17667 /*
17668 * Stock 4.3 doesn't have vfprintf.
17669 * This routine is due to Chris Torek.
17670 */
17671
17672 int
vfprintf(f,fmt,args)17673 vfprintf(f, fmt, args)
17674 FILE *f;
17675 char *fmt;
17676 va_list args;
17677 {
17678 int ret;
17679
17680 if ((f->_flag & _IOWRT) == 0) {
17681 if (f->_flag & _IORW)
17682 f->_flag |= _IOWRT;
17683 else
17684 return EOF;
17685 }
17686 ret = _doprnt(fmt, args, f);
17687 return ferror(f) ? EOF : ret;
17688 }
17689 #endif
17690
17691
17692 /* A replacement for strdup() that cuts down on malloc() overhead */
17693 char *
savestr(const char * str)17694 savestr(const char *str)
17695 {
17696 u_int size;
17697 char *p;
17698 static char *strptr = NULL;
17699 static u_int strsize = 0;
17700
17701 size = strlen(str) + 1;
17702 if (size > strsize) {
17703 strsize = 1024;
17704 if (strsize < size)
17705 strsize = size;
17706 strptr = (char *) malloc(strsize);
17707 if (strptr == NULL)
17708 ArgusLog(LOG_ERR, "savestr: malloc %s", strerror(errno));
17709 }
17710 (void)strncpy(strptr, str, size);
17711 p = strptr;
17712 strptr += size;
17713 strsize -= size;
17714 return (p);
17715 }
17716
17717
17718
17719 /*
17720 * Copy arg vector into a new argus_strbuffer, concatenating arguments with spaces.
17721 */
17722 char *
copy_argv(argv)17723 copy_argv(argv)
17724 char **argv;
17725 {
17726 char **p;
17727 int len = 0;
17728 char *argus_strbuf;
17729 char *src, *dst;
17730
17731 p = argv;
17732 if (*p == 0)
17733 return 0;
17734
17735 while (*p)
17736 len += strlen(*p++) + 1;
17737
17738 argus_strbuf = (char *) malloc (len);
17739
17740 p = argv;
17741 dst = argus_strbuf;
17742 while ((src = *p++) != NULL) {
17743 while ((*dst++ = *src++) != '\0')
17744 ;
17745 dst[-1] = ' ';
17746 }
17747 dst[-1] = '\0';
17748
17749 return argus_strbuf;
17750 }
17751
17752
17753 /*
17754 * Left justify 'addr' and return its resulting network mask.
17755
17756 u_int
17757 net_mask(addr)
17758 u_int *addr;
17759 {
17760 u_int m = 0xffffffff;
17761
17762 if (*addr)
17763 while ((*addr & 0xff000000) == 0)
17764 *addr <<= 8, m <<= 8;
17765
17766 return m;
17767 }
17768 */
17769
17770 u_int
ipaddrtonetmask(addr)17771 ipaddrtonetmask(addr)
17772 u_int addr;
17773 {
17774 if (IN_CLASSA (addr)) return IN_CLASSA_NET;
17775 if (IN_CLASSB (addr)) return IN_CLASSB_NET;
17776 if (IN_CLASSC (addr)) return IN_CLASSC_NET;
17777 if (IN_CLASSD (addr)) return 0xFFFFFFFF;
17778 else return 0;
17779 }
17780
17781
17782 u_int
getnetnumber(addr)17783 getnetnumber(addr)
17784 u_int addr;
17785 {
17786 if (IN_CLASSA (addr)) return (addr >> 24 );
17787 if (IN_CLASSB (addr)) return (addr >> 16 );
17788 if (IN_CLASSC (addr)) return (addr >> 8 );
17789 if (IN_CLASSD (addr)) return (addr >> 0 );
17790 else return 0;
17791 }
17792
17793
17794 #ifndef ArgusAddrtoName
17795 #define ArgusAddrtoName
17796 #endif
17797
17798 #include <sys/socket.h>
17799 #include <signal.h>
17800 #include <netdb.h>
17801
17802 #include <argus_namedb.h>
17803 #include <argus_ethernames.h>
17804
17805 static SIGRET nohostname(int);
17806 #ifdef ETHER_SERVICE
17807 struct ether_addr;
17808
17809 #if HAVE_ETHER_HOSTTON && !defined(__OpenBSD__)
17810 extern int ether_ntohost(char *, const struct ether_addr *);
17811 #else
17812 #if defined(ARGUS_SOLARIS)
17813 /*
17814 extern int ether_ntohost(char *, struct ether_addr *);
17815 extern int ether_hostton(char *, struct ether_addr *);
17816 */
17817 #endif
17818 #endif
17819 #endif
17820
17821 struct enamemem enametable[HASHNAMESIZE];
17822 struct enamemem nsaptable[HASHNAMESIZE];
17823 struct enamemem bytestringtable[HASHNAMESIZE];
17824
17825 struct protoidmem protoidtable[HASHNAMESIZE];
17826
17827 /*
17828 * A faster replacement for inet_ntoa().
17829 */
17830 char *
intoa(u_int addr)17831 intoa(u_int addr)
17832 {
17833 char *cp;
17834 u_int byte;
17835 int n;
17836 static char buf[sizeof(".xxx.xxx.xxx.xxx")];
17837 /*
17838 addr = htonl(addr);
17839 */
17840 cp = &buf[sizeof buf];
17841 *--cp = '\0';
17842
17843 n = 4;
17844 do {
17845 byte = addr & 0xff;
17846 *--cp = byte % 10 + '0';
17847 byte /= 10;
17848 if (byte > 0) {
17849 *--cp = byte % 10 + '0';
17850 byte /= 10;
17851 if (byte > 0)
17852 *--cp = byte + '0';
17853 }
17854 *--cp = '.';
17855 addr >>= 8;
17856 } while (--n > 0);
17857
17858 return cp + 1;
17859 }
17860
17861 static u_int f_netmask;
17862 static u_int f_localnet;
17863 u_int netmask;
17864
17865 /*
17866 * "ArgusGetName" is written in this atrocious way to make sure we don't
17867 * wait at all trying to get hostnames from any facility.
17868 */
17869
17870 #define ARGUS_PENDING 1
17871 #include <setjmp.h>
17872
17873 jmp_buf getname_env;
17874
17875 static SIGRET
nohostname(int signo)17876 nohostname(int signo)
17877 {
17878 longjmp(getname_env, 1);
17879 }
17880
17881 #if defined(ARGUS_THREADS)
17882 void * ArgusDNSProcess (void *);
17883
17884 void *
ArgusDNSProcess(void * arg)17885 ArgusDNSProcess (void *arg)
17886 {
17887 struct timespec tsbuf = {1, 0}, *ts = &tsbuf;
17888 sigset_t blocked_signals;
17889
17890 sigfillset(&blocked_signals);
17891 pthread_sigmask(SIG_BLOCK, &blocked_signals, NULL);
17892
17893 #ifdef ARGUSDEBUG
17894 ArgusDebug (2, "ArgusDNSProcess() starting");
17895 #endif
17896
17897 while (!(ArgusParser->RaParseDone)) {
17898 if (ArgusParser->ArgusNameList == NULL) {
17899 nanosleep(ts, NULL);
17900
17901 } else {
17902 struct timespec sts = {0, 250000000};
17903 struct timeval nowbuf, *now = &nowbuf;
17904
17905
17906 while (!ArgusListEmpty(ArgusParser->ArgusNameList)) {
17907 struct ArgusListObjectStruct *list = ArgusParser->ArgusNameList->start;
17908
17909 gettimeofday(now, NULL);
17910
17911 if (list != NULL) {
17912 u_int addr = list->list_val;
17913 static struct hnamemem *p; /* static for longjmp() */
17914 struct hostent *hp;
17915 int found = 0;
17916
17917 ArgusPopFrontList(ArgusParser->ArgusNameList, ARGUS_LOCK);
17918 ArgusFree(list);
17919
17920 p = &hnametable[addr % (HASHNAMESIZE-1)];
17921 for (; p->nxt; p = p->nxt) {
17922 if (p->addr == addr) {
17923 found++;
17924 if ((p->name != NULL) && (ArgusParser->RaDNSNameCacheTimeout >= 0)) {
17925 if ((p->sec + ArgusParser->RaDNSNameCacheTimeout) >= now->tv_sec) {
17926 if (p->name != (char *)-1)
17927 free(p->name);
17928 p->name = NULL;
17929 }
17930 }
17931 break;
17932 }
17933 }
17934
17935 if (found && (p->name == NULL)) {
17936 addr = htonl(addr);
17937 #ifdef ARGUSDEBUG
17938 ArgusDebug (2, "ArgusDNSProcess() query %s pending requests %d", p->nname, ArgusParser->ArgusNameList->count);
17939 #endif
17940 hp = gethostbyaddr((char *)&addr, 4, AF_INET);
17941 if (hp) {
17942 p->name = strdup(hp->h_name);
17943 p->sec = now->tv_sec;
17944 #ifdef ARGUSDEBUG
17945 ArgusDebug (2, "ArgusDNSProcess() query %s returned %s", p->nname, p->name);
17946 #endif
17947 } else {
17948 switch (h_errno) {
17949 case TRY_AGAIN:
17950 break;
17951
17952 case HOST_NOT_FOUND:
17953 case NO_RECOVERY:
17954 case NO_DATA:
17955 p->name = (char *)-1;
17956 p->sec = now->tv_sec;
17957 break;
17958 }
17959 #ifdef ARGUSDEBUG
17960 ArgusDebug (2, "ArgusDNSProcess() query %s not resolved", p->nname);
17961 #endif
17962 }
17963
17964 p->status = 0;
17965 }
17966 }
17967 }
17968
17969 nanosleep(&sts, NULL);
17970 }
17971 }
17972
17973 #ifdef ARGUSDEBUG
17974 ArgusDebug (2, "ArgusDNSProcess() done!");
17975 #endif
17976
17977 #if defined(ARGUS_THREADS)
17978 pthread_exit (NULL);
17979 #else
17980 return (NULL);
17981 #endif
17982 }
17983 #endif
17984
17985
17986 /*
17987 * Return a name for the IP address pointed to by ap. This address
17988 * is assumed to be in network byte order.
17989 */
17990 char *
ArgusGetName(struct ArgusParserStruct * parser,u_char * ap)17991 ArgusGetName(struct ArgusParserStruct *parser, u_char *ap)
17992 {
17993 static struct hnamemem *p; /* static for longjmp() */
17994 struct hostent *hp;
17995 int found = 0;
17996 u_int addr;
17997
17998 #ifndef TCPDUMP_ALIGN
17999 addr = *(const u_int *)ap;
18000 #else
18001 /*
18002 * Deal with alignment.
18003 */
18004 switch ((int)ap & 3) {
18005
18006 case 0:
18007 addr = *(u_int *)ap;
18008 break;
18009
18010 case 2:
18011 addr = ((u_int)*(u_short *)ap << 16) |
18012 (u_int)*(u_short *)(ap + 2);
18013 break;
18014
18015 default:
18016 addr = ((u_int)ap[3] << 24) |
18017 ((u_int)ap[2] << 16) |
18018 ((u_int)ap[1] << 8) |
18019 (u_int)ap[0];
18020 break;
18021 }
18022 #endif
18023 p = &hnametable[addr % (HASHNAMESIZE-1)];
18024 for (; p->nxt; p = p->nxt) {
18025 if (p->addr == addr) {
18026 found++;
18027 break;
18028 }
18029 }
18030 if (!found) {
18031 p->addr = addr;
18032 addr = htonl(addr);
18033 p->nname = strdup(inet_ntoa(*(struct in_addr *)&addr));
18034 addr = ntohl(addr);
18035 p->nxt = (struct hnamemem *)calloc(1, sizeof (*p));
18036 }
18037
18038 /*
18039 * Only print names when:
18040 * (1) -n was not given.
18041 * (3) The host portion is not 0 (i.e., a network address).
18042 * (4) The host portion is not broadcast.
18043 */
18044
18045 if (!(parser->nflag)) {
18046 if ((addr & f_netmask) == f_localnet) {
18047 if ((addr &~ netmask) != 0) {
18048 if ((addr | netmask) != 0xffffffff) {
18049 #if defined(ARGUS_THREADS)
18050 if (ArgusParser->NonBlockingDNS) {
18051 if (ArgusParser->ArgusNameList == NULL) {
18052 pthread_attr_t attrbuf, *attr = &attrbuf;
18053
18054 pthread_attr_init(attr);
18055 pthread_attr_setdetachstate(attr, PTHREAD_CREATE_JOINABLE);
18056
18057 if (getuid() == 0)
18058 pthread_attr_setschedpolicy(attr, SCHED_RR);
18059 else
18060 attr = NULL;
18061
18062 ArgusParser->ArgusNameList = ArgusNewList();
18063 if ((pthread_create(&ArgusParser->dns, attr, ArgusDNSProcess, NULL)) != 0)
18064 ArgusLog (LOG_ERR, "ArgusGetName() pthread_create error %s\n", strerror(errno));
18065 }
18066
18067 } else
18068 #endif
18069 {
18070 if (p->name == NULL) {
18071 #ifdef ARGUSDEBUG
18072 ArgusDebug (2, "ArgusDNSProcess() query %s ", p->nname);
18073 #endif
18074 addr = htonl(addr);
18075 hp = gethostbyaddr((char *)&addr, 4, AF_INET);
18076 addr = ntohl(addr);
18077
18078 if (hp && (hp->h_name != NULL)) {
18079 if (parser->domainonly) {
18080 char *tptr, *dptr, *hptr, *hstr = strdup(hp->h_name);
18081 int periods = 0;
18082
18083 hptr = hstr;
18084 while ((tptr = strrchr(hptr, (int) '.')) != NULL) {
18085 *tptr = ' ';
18086 dptr = tptr + 1;
18087 periods++;
18088 }
18089
18090 if (periods > 0) {
18091 char *sptr = dptr;
18092 while (*sptr != '\0') {
18093 if (*sptr == ' ')
18094 *sptr = '.';
18095 sptr++;
18096 }
18097 p->name = strdup(dptr);
18098 free(hstr);
18099 } else
18100 p->name = strdup(hp->h_name);
18101 } else
18102 p->name = strdup(hp->h_name);
18103 #ifdef ARGUSDEBUG
18104 ArgusDebug (2, "ArgusDNSProcess() query %s returned %s", p->nname, p->name);
18105 #endif
18106 } else {
18107 p->name = (char *)-1;
18108 #ifdef ARGUSDEBUG
18109 ArgusDebug (2, "ArgusDNSProcess() query %s not resolved", p->nname);
18110 #endif
18111 }
18112 p->status = 0;
18113 }
18114 }
18115
18116 if (p->name) {
18117 if (p->name != (char *) -1)
18118 return (p->name);
18119 } else {
18120 if (ArgusParser->NonBlockingDNS) {
18121 if (p->status != ARGUS_PENDING) {
18122 struct ArgusListObjectStruct *list;
18123 if ((list = ArgusCalloc(1, sizeof(*list))) == NULL)
18124 ArgusLog(LOG_ERR, "ArgusCalloc: error %s", strerror(errno));
18125
18126 list->list_val = addr;
18127 ArgusPushBackList(ArgusParser->ArgusNameList, (struct ArgusListRecord *)list, ARGUS_LOCK);
18128 p->status = ARGUS_PENDING;
18129 }
18130 }
18131 }
18132 }
18133 }
18134 }
18135 }
18136
18137 if (parser->domainonly && !(parser->nflag))
18138 return ("not resolved");
18139 else
18140 return (p->nname);
18141 }
18142
18143 /*
18144 * Return a null terminated string buffer, for the buf pointed to by ap, no longer than len.
18145 * The *ap is not assumed to be null terminated.
18146 *
18147 */
18148
18149 char *
ArgusGetString(struct ArgusParserStruct * parser,u_char * ap,int len)18150 ArgusGetString(struct ArgusParserStruct *parser, u_char *ap, int len)
18151 {
18152 char *retn = NULL;
18153
18154 if ((ap != NULL) && (len > 0)) {
18155 char buf[MAXSTRLEN];
18156 int slen = strlen((const char *)ap);
18157
18158 slen = (slen > len) ? len : slen;
18159 bcopy(ap, buf, slen);
18160 buf[slen] = 0;
18161 if (strlen(buf) > 0)
18162 retn = strdup(buf);
18163 }
18164
18165 return (retn);
18166 }
18167
18168
18169 #include <sys/socket.h>
18170 #include <arpa/inet.h>
18171
18172 char *
ArgusGetV6Name(struct ArgusParserStruct * parser,u_char * ap)18173 ArgusGetV6Name(struct ArgusParserStruct *parser, u_char *ap)
18174 {
18175 struct hostent *hp;
18176 struct in6_addr addr;
18177 char ntop_buf[INET6_ADDRSTRLEN];
18178 struct h6namemem *p; /* static for longjmp() */
18179 const char *cp;
18180
18181 memcpy(&addr, ap, sizeof(addr));
18182
18183 p = &h6nametable[*(unsigned short *)&addr.s6_addr[14] & (HASHNAMESIZE-1)];
18184 for (; p->nxt; p = p->nxt) {
18185 if (memcmp(&p->addr, &addr, sizeof(addr)) == 0)
18186 return (p->name);
18187 }
18188 p->addr = addr;
18189 p->nxt = (struct h6namemem *)calloc(1, sizeof (*p));
18190
18191 /*
18192 * Only print names when:
18193 * (1) -n was not given.
18194 * (2) Address is foreign and -f was given. If -f was not
18195 * present, f_netmask and f_local are 0 and the second
18196 * test will succeed.
18197 * (3) The host portion is not 0 (i.e., a network address).
18198 * (4) The host portion is not broadcast.
18199 */
18200 if (!(parser->nflag)) {
18201 if (!setjmp(getname_env)) {
18202 (void)signal(SIGALRM, nohostname);
18203 (void)alarm(5);
18204 hp = gethostbyaddr((char *)&addr, sizeof(addr), AF_INET6);
18205 (void)alarm(0);
18206 if (hp) {
18207 if ((p->name = strdup(hp->h_name)) != NULL)
18208 return (p->name);
18209 }
18210 }
18211 }
18212
18213 if ((cp = inet_ntop(AF_INET6, (const void *) &addr, ntop_buf, sizeof(ntop_buf))) != NULL)
18214 p->name = strdup(cp);
18215
18216 return (p->name);
18217 }
18218
18219 static char hex[] = "0123456789abcdef";
18220
18221
18222 /* Find the hash node that corresponds the ether address 'ep'. */
18223
18224 struct enamemem *lookup_emem(struct enamemem *table, const u_char *ep);
18225
18226 struct enamemem *
lookup_emem(struct enamemem * table,const u_char * ep)18227 lookup_emem(struct enamemem *table, const u_char *ep)
18228 {
18229 u_int i, j, k;
18230 struct enamemem *tp;
18231
18232 k = (ep[0] << 8) | ep[1];
18233 j = (ep[2] << 8) | ep[3];
18234 i = (ep[4] << 8) | ep[5];
18235
18236 tp = &table[(i ^ j) % (HASHNAMESIZE-1)];
18237 while (tp->e_nxt)
18238 if (tp->e_addr0 == i &&
18239 tp->e_addr1 == j &&
18240 tp->e_addr2 == k)
18241 return tp;
18242 else
18243 tp = tp->e_nxt;
18244 tp->e_addr0 = i;
18245 tp->e_addr1 = j;
18246 tp->e_addr2 = k;
18247 tp->e_nxt = (struct enamemem *)calloc(1, sizeof(*tp));
18248
18249 return tp;
18250 }
18251
18252 /*
18253 * Find the hash node that corresponds to the bytestring 'bs'
18254 * with length 'nlen'
18255 */
18256
18257 static inline struct enamemem *
lookup_bytestring(register const u_char * bs,const unsigned int nlen)18258 lookup_bytestring(register const u_char *bs, const unsigned int nlen)
18259 {
18260 struct enamemem *tp;
18261 register u_int i, j, k;
18262
18263 if (nlen >= 6) {
18264 k = (bs[0] << 8) | bs[1];
18265 j = (bs[2] << 8) | bs[3];
18266 i = (bs[4] << 8) | bs[5];
18267 } else if (nlen >= 4) {
18268 k = (bs[0] << 8) | bs[1];
18269 j = (bs[2] << 8) | bs[3];
18270 i = 0;
18271 } else
18272 i = j = k = 0;
18273
18274 tp = &bytestringtable[(i ^ j) & (HASHNAMESIZE-1)];
18275 while (tp->e_nxt)
18276 if (tp->e_addr0 == i && tp->e_addr1 == j && tp->e_addr2 == k &&
18277 memcmp((const char *)bs, (const char *)(tp->e_bs), nlen) == 0)
18278 return tp;
18279 else
18280 tp = tp->e_nxt;
18281
18282 tp->e_addr0 = i;
18283 tp->e_addr1 = j;
18284 tp->e_addr2 = k;
18285
18286 tp->e_bs = (u_char *) calloc(1, nlen + 1);
18287 memcpy(tp->e_bs, bs, nlen);
18288 tp->e_nxt = (struct enamemem *)calloc(1, sizeof(*tp));
18289
18290 return tp;
18291 }
18292
18293
18294 /* Find the hash node that corresponds the NSAP 'nsap'. */
18295
18296 static inline struct enamemem *
lookup_nsap(const u_char * nsap)18297 lookup_nsap(const u_char *nsap)
18298 {
18299 u_int i, j, k;
18300 int nlen = *nsap;
18301 struct enamemem *tp;
18302 const u_char *ensap = nsap + nlen - 6;
18303
18304 if (nlen > 6) {
18305 k = (ensap[0] << 8) | ensap[1];
18306 j = (ensap[2] << 8) | ensap[3];
18307 i = (ensap[4] << 8) | ensap[5];
18308 }
18309 else
18310 i = j = k = 0;
18311
18312 tp = &nsaptable[(i ^ j) % (HASHNAMESIZE-1)];
18313 while (tp->e_nxt)
18314 if (tp->e_addr0 == i &&
18315 tp->e_addr1 == j &&
18316 tp->e_addr2 == k &&
18317 tp->e_nsap[0] == nlen &&
18318 bcmp((char *)&(nsap[1]),
18319 (char *)&(tp->e_nsap[1]), nlen) == 0)
18320 return tp;
18321 else
18322 tp = tp->e_nxt;
18323 tp->e_addr0 = i;
18324 tp->e_addr1 = j;
18325 tp->e_addr2 = k;
18326 tp->e_nsap = (u_char *) calloc(1, nlen + 1);
18327 bcopy(nsap, tp->e_nsap, nlen + 1);
18328 tp->e_nxt = (struct enamemem *)calloc(1, sizeof(*tp));
18329
18330 return tp;
18331 }
18332
18333 /* Find the hash node that corresponds the protoid 'pi'. */
18334
18335 static inline struct protoidmem *
lookup_protoid(const u_char * pi)18336 lookup_protoid(const u_char *pi)
18337 {
18338 u_int i, j;
18339 struct protoidmem *tp = NULL;
18340
18341 /* 5 octets won't be aligned */
18342 i = (((pi[0] << 8) + pi[1]) << 8) + pi[2];
18343 j = (pi[3] << 8) + pi[4];
18344 /* XXX should be endian-insensitive, but do big-endian testing XXX */
18345
18346 tp = &protoidtable[(i ^ j) % (HASHNAMESIZE-1)];
18347 if (tp->p_nxt != NULL) {
18348 while (tp->p_nxt)
18349 if (tp->p_oui == i && tp->p_proto == j)
18350 return tp;
18351 else
18352 tp = tp->p_nxt;
18353 }
18354 tp->p_oui = i;
18355 tp->p_proto = j;
18356 tp->p_nxt = (struct protoidmem *)calloc(1, sizeof(*tp));
18357
18358 return tp;
18359 }
18360
18361 char *
etheraddr_string(struct ArgusParserStruct * parser,u_char * ep)18362 etheraddr_string(struct ArgusParserStruct *parser, u_char *ep)
18363 {
18364 char *retn = NULL;
18365 struct enamemem *tp;
18366 u_char *lp = ep;
18367 char *cp, *oui;
18368 u_int i, j;
18369
18370 tp = lookup_emem(enametable, ep);
18371 if (tp->e_name) {
18372 if (parser->ArgusPrintEthernetVendors)
18373 return (tp->e_ouiname);
18374 else
18375 return (tp->e_name);
18376 }
18377
18378 #if defined(ETHER_SERVICE) && !defined(linux) && !defined(CYGWIN)
18379 if (!parser->nflag) {
18380 char buf[128];
18381 if (ether_ntohost(buf, (struct ether_addr *)ep) == 0) {
18382 tp->e_name = strdup(buf);
18383 return (tp->e_name);
18384 }
18385 }
18386 #endif
18387 tp->e_name = cp = (char *)calloc(1, sizeof("00:00:00:00:00:00"));
18388
18389 j = *lp >> 4;
18390 *cp++ = hex[j];
18391 *cp++ = hex[*lp++ & 0xf];
18392 for (i = 5; (int)--i >= 0;) {
18393 *cp++ = ':';
18394 j = *lp >> 4;
18395 *cp++ = hex[j];
18396 *cp++ = hex[*lp++ & 0xf];
18397 }
18398 *cp = '\0';
18399
18400 oui = etheraddr_oui(parser, ep);
18401 if (oui != NULL) {
18402 char vendor[16];
18403 sprintf (vendor, "%*.*s", 8, 8, oui);
18404
18405 if (tp->e_oui == NULL)
18406 tp->e_oui = oui;
18407
18408 if (tp->e_ouiname != NULL)
18409 free(tp->e_ouiname);
18410
18411 tp->e_ouiname = strdup(tp->e_name);
18412 bcopy(vendor, tp->e_ouiname, 8);
18413 tp->e_ouiname[8] = '_';
18414
18415 } else
18416 tp->e_ouiname = strdup(tp->e_name);
18417
18418 retn = (parser->ArgusPrintEthernetVendors) ? tp->e_ouiname : tp->e_name;
18419 return (retn);
18420 }
18421
18422 char *
linkaddr_string(struct ArgusParserStruct * parser,const unsigned char * ep,unsigned int len)18423 linkaddr_string(struct ArgusParserStruct *parser, const unsigned char *ep, unsigned int len)
18424 {
18425 register u_int i;
18426 register char *cp;
18427 register struct enamemem *tp;
18428
18429 if (len == 6) /* XXX not totally correct... */
18430 return etheraddr_string(parser, (u_char *) ep);
18431
18432 tp = lookup_bytestring(ep, len);
18433 if (tp->e_name)
18434 return (tp->e_name);
18435
18436 tp->e_name = cp = (char *)malloc(len*3);
18437 *cp++ = hex[*ep >> 4];
18438 *cp++ = hex[*ep++ & 0xf];
18439 for (i = len-1; i > 0 ; --i) {
18440 *cp++ = ':';
18441 *cp++ = hex[*ep >> 4];
18442 *cp++ = hex[*ep++ & 0xf];
18443 }
18444 *cp = '\0';
18445 return (tp->e_name);
18446 }
18447
18448 char *
etheraddr_oui(struct ArgusParserStruct * parser,u_char * ep)18449 etheraddr_oui(struct ArgusParserStruct *parser, u_char *ep)
18450 {
18451 int i, addr = 0;
18452 struct evendmem *p = NULL;
18453 int found = 0;
18454 struct enamemem *tp;
18455
18456 tp = lookup_emem(enametable, ep);
18457 if (tp->e_oui != NULL)
18458 return(tp->e_oui);
18459
18460 if (tp->e_name == NULL)
18461 etheraddr_string(parser, ep);
18462
18463 for (i = 0; i < 3; i++)
18464 addr |= ep[i] << (8 * (2 - i));
18465
18466 p = ðervendor[addr % (HASHNAMESIZE-1)];
18467 for (; p->nxt; p = p->nxt) {
18468 if (p->addr == addr) {
18469 found++;
18470 break;
18471 }
18472 }
18473
18474 if (found)
18475 tp->e_oui = p->name;
18476
18477 return (tp->e_oui);
18478 }
18479
18480
18481 #define ARGUS_MAXEPROTODB 0x10000
18482
18483 struct ArgusEtherTypeStruct *argus_eproto_db[ARGUS_MAXEPROTODB];
18484
18485 char *
ArgusEtherProtoString(struct ArgusParserStruct * parser,u_short port)18486 ArgusEtherProtoString(struct ArgusParserStruct *parser, u_short port)
18487 {
18488 struct ArgusEtherTypeStruct *p;
18489 char *retn = NULL, *cp = NULL;
18490
18491 if ((p = argus_eproto_db[port]) != NULL) {
18492 retn = p->tag;
18493 } else {
18494 if ((p = (struct ArgusEtherTypeStruct *) calloc (1, sizeof(*p))) != NULL) {
18495 if (parser->nflag < 2)
18496 p->tag = "unknown";
18497 else {
18498 if ((cp = (char *)malloc(sizeof("000000"))) == NULL)
18499 ArgusLog (LOG_ERR, "ArgusEtherProtoString malloc error %s", strerror(errno));
18500
18501 sprintf (cp, "%d", port);
18502 p->tag = cp;
18503 }
18504
18505 p->range = cp;
18506
18507 argus_eproto_db[port] = p;
18508 retn = p->tag;
18509 }
18510 }
18511
18512 return (retn);
18513 }
18514
18515 char *
protoid_string(const u_char * pi)18516 protoid_string(const u_char *pi)
18517 {
18518 u_int i, j;
18519 char *cp;
18520 struct protoidmem *tp;
18521
18522 tp = lookup_protoid(pi);
18523 if (tp->p_name)
18524 return tp->p_name;
18525
18526 tp->p_name = cp = (char *)malloc(sizeof("00:00:00:00:00"));
18527
18528 if ((j = *pi >> 4) != 0)
18529 *cp++ = hex[j];
18530 *cp++ = hex[*pi++ & 0xf];
18531 for (i = 4; (int)--i >= 0;) {
18532 *cp++ = ':';
18533 if ((j = *pi >> 4) != 0)
18534 *cp++ = hex[j];
18535 *cp++ = hex[*pi++ & 0xf];
18536 }
18537 *cp = '\0';
18538 return (tp->p_name);
18539 }
18540
18541 char *
llcsap_string(u_char sap)18542 llcsap_string(u_char sap)
18543 {
18544 char *cp;
18545 struct hnamemem *tp;
18546 u_int i = sap;
18547
18548 if (sap != '\0') {
18549 for (tp = &llcsaptable[i % (HASHNAMESIZE-1)]; tp->nxt; tp = tp->nxt)
18550 if (tp->addr == i)
18551 return (tp->name);
18552
18553 tp->name = cp = (char *)malloc(sizeof("00000"));
18554 tp->addr = i;
18555 tp->nxt = (struct hnamemem *)calloc(1, sizeof (*tp));
18556
18557 *cp++ = '0';
18558 *cp++ = 'x';
18559 *cp++ = hex[sap >> 4 & 0xf];
18560 *cp++ = hex[sap & 0xf];
18561 *cp++ = '\0';
18562 return (tp->name);
18563 } else
18564 return (" ");
18565 }
18566
18567 #define ISONSAP_MAX_LENGTH 20
18568 char *
isonsap_string(const u_char * nsap,int nsap_length)18569 isonsap_string(const u_char *nsap, int nsap_length)
18570 {
18571 register u_int nsap_idx;
18572 register char *cp;
18573 register struct enamemem *tp;
18574
18575 if (nsap_length < 1 || nsap_length > ISONSAP_MAX_LENGTH)
18576 return ("isonsap_string: illegal length");
18577
18578 tp = lookup_nsap(nsap);
18579 if (tp->e_name)
18580 return tp->e_name;
18581
18582 tp->e_name = cp = (char *)malloc(sizeof("xx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xx"));
18583
18584 for (nsap_idx = 0; nsap_idx < nsap_length; nsap_idx++) {
18585 *cp++ = hex[*nsap >> 4];
18586 *cp++ = hex[*nsap++ & 0xf];
18587 if (((nsap_idx & 1) == 0) && (nsap_idx + 1 < nsap_length)) {
18588 *cp++ = '.';
18589 }
18590 }
18591 *cp = '\0';
18592 return (tp->e_name);
18593 }
18594
18595 char *
tcpport_string(arg_uint16 port)18596 tcpport_string(arg_uint16 port)
18597 {
18598 struct hnamemem *tp;
18599 u_int i = port;
18600
18601 if ((ArgusParser->nflag < 2) && (ArgusParser->ArgusSrvInit == 0))
18602 ArgusInitServarray(ArgusParser);
18603
18604 if (port) {
18605 for (tp = &tporttable[i % (HASHNAMESIZE-1)]; tp->nxt; tp = tp->nxt)
18606 if (tp->addr == i)
18607 return ((ArgusParser->nflag > 1) ? tp->nname : (tp->name ? tp->name : tp->nname));
18608
18609 tp->nname = (char *)malloc(sizeof("00000"));
18610 tp->addr = i;
18611 tp->nxt = (struct hnamemem *)calloc(1, sizeof (*tp));
18612
18613 (void)sprintf (tp->nname, "%d", i);
18614 return (tp->nname);
18615 } else
18616 return ("*");
18617 }
18618
18619 char *
udpport_string(u_short port)18620 udpport_string(u_short port)
18621 {
18622 struct hnamemem *tp;
18623 u_int i = port;
18624
18625 if ((ArgusParser->nflag < 2) && (ArgusParser->ArgusSrvInit == 0))
18626 ArgusInitServarray(ArgusParser);
18627
18628 if (port) {
18629 for (tp = &uporttable[i % (HASHNAMESIZE-1)]; tp->nxt; tp = tp->nxt)
18630 if (tp->addr == i)
18631 return ((ArgusParser->nflag > 1) ? tp->nname : (tp->name ? tp->name : tp->nname));
18632
18633 tp->nname = (char *)calloc(1, sizeof("000000"));
18634 tp->addr = i;
18635 tp->nxt = (struct hnamemem *)calloc(1, sizeof(*tp));
18636 (void)sprintf (tp->nname, "%d", i);
18637
18638 return (tp->nname);
18639 } else
18640 return ("*");
18641 }
18642
18643 void
ArgusInitServarray(struct ArgusParserStruct * parser)18644 ArgusInitServarray(struct ArgusParserStruct *parser)
18645 {
18646 #if !defined(CYGWIN)
18647 struct servent *sv = NULL;
18648 struct hnamemem *table = NULL;
18649 int i = 0;
18650
18651 if (parser->ArgusSrvInit > 0)
18652 return;
18653
18654 setservent(1);
18655
18656 while ((sv = getservent()) != NULL) {
18657 int port = ntohs(sv->s_port);
18658 i = port % (HASHNAMESIZE-1);
18659 if (strcmp(sv->s_proto, "tcp") == 0)
18660 table = &tporttable[i];
18661 else if (strcmp(sv->s_proto, "udp") == 0)
18662 table = &uporttable[i];
18663 else
18664 continue;
18665
18666 if (table) {
18667 char buf[32];
18668 while (table->name)
18669 table = table->nxt;
18670
18671 (void)sprintf (buf, "%d", port);
18672 table->nname = strdup(buf);
18673
18674 table->name = strdup(sv->s_name);
18675
18676 table->addr = port;
18677 table->nxt = (struct hnamemem *)calloc(1, sizeof(*table));
18678 }
18679 }
18680 endservent();
18681
18682 parser->ArgusSrvInit = 1;
18683 #endif
18684 }
18685
18686 void
ArgusFreeServarray(struct ArgusParserStruct * parser)18687 ArgusFreeServarray(struct ArgusParserStruct *parser)
18688 {
18689 int i, x;
18690
18691 for (i = 0; i < HASHNAMESIZE; i++) {
18692 struct hnamemem *table;
18693
18694 for (x = 0; x < 2; x++) {
18695 switch (x) {
18696 case 0: table = tporttable; break;
18697 case 1: table = uporttable; break;
18698 }
18699
18700 if ((struct hnamemem *)&table[i].name != NULL) {
18701 struct hnamemem *tp, *sp;
18702
18703 free(table[i].name);
18704 free(table[i].nname);
18705
18706 if ((tp = (struct hnamemem *)table[i].nxt) != NULL) {
18707 do {
18708 sp = tp->nxt;
18709 if (tp->name != NULL) free(tp->name);
18710 if (tp->nname != NULL) free(tp->nname);
18711 free(tp);
18712 } while ((tp = sp) != NULL);
18713 }
18714 }
18715 }
18716 }
18717 }
18718
18719 void
ArgusInitEprotoarray(void)18720 ArgusInitEprotoarray(void)
18721 {
18722 struct ArgusEtherTypeStruct *p = argus_ethertype_names;
18723
18724 bzero ((char *)argus_eproto_db, sizeof (argus_eproto_db));
18725
18726 while (p->range != NULL) {
18727 int i, start, end;
18728 char *ptr;
18729
18730 start = atoi(p->range);
18731
18732 if ((ptr = strchr(p->range, '-')) != NULL)
18733 end = atoi(ptr + 1);
18734 else
18735 end = start;
18736
18737 for (i = start; i < (end + 1); i++)
18738 argus_eproto_db[i] = p;
18739
18740 p++;
18741 }
18742 }
18743
18744
18745 /*
18746 * SNAP proto IDs with org code 0:0:0 are actually encapsulated Ethernet
18747 * types.
18748 */
18749 void
ArgusInitProtoidarray(void)18750 ArgusInitProtoidarray(void)
18751 {
18752 struct ArgusEtherTypeStruct *p;
18753 struct protoidmem *tp;
18754 u_char protoid[5];
18755 int i;
18756
18757 bzero ((char *)protoidtable, sizeof (protoidtable));
18758 bzero (protoid, sizeof(protoid));
18759
18760 for (i = 0; i < ARGUS_MAXEPROTODB; i++) {
18761 if ((p = argus_eproto_db[i]) != NULL) {
18762 protoid[3] = i;
18763 tp = lookup_protoid(protoid);
18764 tp->p_name = p->tag;
18765 }
18766 }
18767 }
18768
18769 void
ArgusFreeProtoidarray(void)18770 ArgusFreeProtoidarray(void)
18771 {
18772 int i;
18773
18774 for (i = 0; i < HASHNAMESIZE; i++) {
18775 struct protoidmem *sp = &protoidtable[i], *tp;
18776
18777 if ((tp = sp->p_nxt) != NULL) {
18778 do {
18779 sp = tp->p_nxt;
18780 free(tp);
18781 } while ((tp = sp) != NULL);
18782 }
18783 }
18784 }
18785
18786 static struct etherlist {
18787 u_char addr[6];
18788 char *name;
18789 } etherlist[] = {
18790 {{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, "Broadcast" },
18791 {{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, NULL }
18792 };
18793
18794 /*
18795 * Initialize the ethers hash table. We take two different approaches
18796 * depending on whether or not the system provides the ethers name
18797 * service. If it does, we just wire in a few names at startup,
18798 * and etheraddr_string() fills in the table on demand. If it doesn't,
18799 * then we suck in the entire /etc/ethers file at startup. The idea
18800 * is that parsing the local file will be fast, but spinning through
18801 * all the ethers entries via NIS & next_etherent might be very slow.
18802 *
18803 * XXX argus_next_etherent doesn't belong in the pcap interface, but
18804 * since the pcap module already does name-to-address translation,
18805 * it's already does most of the work for the ethernet address-to-name
18806 * translation, so we just argus_next_etherent as a convenience.
18807 */
18808
18809 void
ArgusInitEtherarray(void)18810 ArgusInitEtherarray(void)
18811 {
18812 int i, found = 0;
18813
18814 if (ArgusParser != NULL) {
18815 for (i = 0; !found && (i < ARGUS_MAX_PRINT_ALG); i++) {
18816 struct ArgusPrintFieldStruct *pfield;
18817 if ((pfield = ArgusParser->RaPrintAlgorithmList[i]) != NULL) {
18818 if ((pfield->print == ArgusPrintSrcMacAddress) || (pfield->print == ArgusPrintDstMacAddress))
18819 found++;
18820 } else
18821 break;
18822 }
18823 }
18824
18825 if (found) {
18826 struct etherlist *el;
18827 struct enamemem *tp;
18828 #ifndef ETHER_SERVICE
18829 struct argus_etherent *ep;
18830 FILE *fp;
18831
18832 /* Suck in entire ethers file */
18833 fp = fopen(PCAP_ETHERS_FILE, "r");
18834 if (fp != NULL) {
18835 while ((ep = argus_next_etherent(fp)) != NULL) {
18836 tp = lookup_emem(enametable, ep->addr);
18837 tp->e_name = strdup(ep->name);
18838 }
18839 (void)fclose(fp);
18840 }
18841 #endif
18842 /* Hardwire some ethernet names */
18843 for (el = etherlist; el->name != NULL; ++el) {
18844 #if defined(ETHER_SERVICE) && !defined(linux) && !defined(CYGWIN)
18845 /* Use yp/nis version of name if available */
18846 char wrk[256];
18847 if (ether_ntohost(wrk, (struct ether_addr *)el->addr) == 0) {
18848 tp = lookup_emem(enametable, el->addr);
18849 tp->e_name = strdup(wrk);
18850 }
18851 #else
18852 /* install if not already present */
18853 tp = lookup_emem(enametable, el->addr);
18854 if (tp->e_name == NULL)
18855 tp->e_name = el->name;
18856 #endif
18857 }
18858 }
18859
18860 if (ArgusParser->ArgusEthernetVendorFile != NULL)
18861 ArgusParserWiresharkManufFile(ArgusParser, ArgusParser->ArgusEthernetVendorFile);
18862 }
18863
18864 void
ArgusFreeEtherarray(void)18865 ArgusFreeEtherarray(void)
18866 {
18867 int i;
18868
18869 for (i = 0; i < HASHNAMESIZE; i++) {
18870 struct enamemem *tp, *sp;
18871 if ((tp = (struct enamemem *)enametable[i].e_nxt) != NULL) {
18872 do {
18873 sp = tp->e_nxt;
18874 if (tp->e_name != NULL) free(tp->e_name);
18875 free(tp);
18876 tp = sp;
18877 } while ((tp = sp) != NULL);
18878 }
18879 }
18880
18881 if (ArgusParser->ArgusEthernetVendorFile != NULL) {
18882 int i;
18883
18884 for (i = 0; i < HASHNAMESIZE; i++) {
18885 struct evendmem *p, *np;
18886 p = ðervendor[i];
18887 if (p->name != NULL) free(p->name);
18888
18889 np = p->nxt;
18890 while (np != NULL) {
18891 p = np;
18892 if (p->name != NULL) free(p->name);
18893 np = p->nxt;
18894 free(p);
18895 }
18896 }
18897 }
18898 }
18899
18900
18901 void
ArgusInitLlcsaparray(void)18902 ArgusInitLlcsaparray(void)
18903 {
18904 int i;
18905 struct hnamemem *table;
18906
18907 for (i = 0; llcsap_db[i].s != NULL; i++) {
18908 table = &llcsaptable[llcsap_db[i].v];
18909 while (table->name)
18910 table = table->nxt;
18911 table->name = llcsap_db[i].s;
18912 table->addr = llcsap_db[i].v;
18913 table->nxt = (struct hnamemem *)calloc(1, sizeof(*table));
18914 }
18915 }
18916
18917 void
ArgusFreeLlcsaparray(void)18918 ArgusFreeLlcsaparray(void)
18919 {
18920 int i;
18921 struct hnamemem *table;
18922
18923 for (i = 0; llcsap_db[i].s != NULL; i++) {
18924 struct hnamemem *ttbl;
18925 table = &llcsaptable[llcsap_db[i].v];
18926 if ((table = table->nxt) != NULL) {
18927 do {
18928 ttbl = table;
18929 table = table->nxt;
18930 free(ttbl);
18931 } while (table);
18932 }
18933 }
18934 }
18935
18936
18937 char *argus_dscodes[0x100];
18938 void ArgusInitDSCodepointarray(void);
18939 struct ArgusDSCodePointStruct *ArgusSelectDSCodesTable(struct ArgusParserStruct *);
18940
18941 struct ArgusDSCodePointStruct *
ArgusSelectDSCodesTable(struct ArgusParserStruct * parser)18942 ArgusSelectDSCodesTable(struct ArgusParserStruct *parser)
18943 {
18944 struct ArgusDSCodePointStruct *retn = NULL;
18945
18946 switch (parser->ArgusDSCodePoints) {
18947 case ARGUS_IANA_DSCODES: retn = argus_dscodepoints; break;
18948 case ARGUS_DISA_DSCODES: retn = argus_disa_dscodepoints; break;
18949 }
18950 return (retn);
18951 }
18952
18953 void
ArgusInitDSCodepointarray()18954 ArgusInitDSCodepointarray()
18955 {
18956 struct ArgusDSCodePointStruct *argus_dsctable = argus_dscodepoints;
18957 int i;
18958
18959 bzero (&argus_dscodes, sizeof(argus_dscodes));
18960
18961 if ((argus_dsctable = ArgusSelectDSCodesTable(ArgusParser)) != NULL) {
18962 for (i = 0; argus_dsctable[i].label != NULL; i++)
18963 argus_dscodes[(int)argus_dsctable[i].code] = argus_dsctable[i].label;
18964 }
18965 }
18966
18967 /*
18968 * Initialize the address to name translation machinery. We map all
18969 * non-local IP addresses to numeric addresses if fflag is true (i.e.,
18970 * to prevent blocking on the nameserver). localnet is the IP address
18971 * of the local network. mask is its subnet mask.
18972 */
18973
18974 void ArgusInitAddrtoname(struct ArgusParserStruct *, u_int, u_int);
18975
18976 void
ArgusInitAddrtoname(struct ArgusParserStruct * parser,u_int localnet,u_int mask)18977 ArgusInitAddrtoname(struct ArgusParserStruct *parser, u_int localnet, u_int mask)
18978 {
18979 netmask = mask;
18980 if (parser->fflag) {
18981 f_localnet = localnet;
18982 f_netmask = mask;
18983 }
18984
18985 if (parser->nflag > 2)
18986 return;
18987
18988 ArgusInitEtherarray();
18989 ArgusInitServarray(parser);
18990 ArgusInitEprotoarray();
18991 ArgusInitLlcsaparray();
18992
18993 ArgusInitProtoidarray();
18994 ArgusInitDSCodepointarray();
18995
18996 #ifdef ARGUSDEBUG
18997 ArgusDebug (1, "ArgusInitAddrtoname (%p, 0x%x, 0x%x)\n", parser, localnet, mask);
18998 #endif
18999 }
19000
19001
19002 #ifndef __GNUC__
19003 #define inline
19004 #endif
19005
19006 /*
19007 * Convert a port name to its port and protocol numbers.
19008 * We assume only TCP or UDP.
19009 * Return 0 upon failure.
19010 */
19011 int
argus_nametoport(char * name,int * port,int * proto)19012 argus_nametoport(char *name, int *port, int *proto)
19013 {
19014 struct protoent *pp = NULL;
19015 struct servent *sp = NULL;
19016 char *pname = NULL, *other;
19017
19018 #ifdef ARGUSDEBUG
19019 ArgusDebug (8, "argus_nametoport (%s, .., ..) starting\n", name);
19020 #endif
19021
19022 if ((proto != NULL) && (*proto != -1)) {
19023 #ifdef ARGUSDEBUG
19024 ArgusDebug (8, "argus_nametoport (%s, .., %d) calling getprotobynumber\n", name, *proto);
19025 #endif
19026 if ((pp = getprotobynumber(*proto)) != NULL) {
19027 pname = pp->p_name;
19028 } else
19029 return 0;
19030 }
19031
19032 if (name != NULL) {
19033 #ifdef ARGUSDEBUG
19034 ArgusDebug (8, "argus_nametoport: calling getservbyname(%s, %s)\n", name, pname);
19035 #endif
19036 sp = getservbyname(name, pname);
19037
19038 #ifdef ARGUSDEBUG
19039 ArgusDebug (8, "argus_nametoport: getservbyname() returned %p\n", sp);
19040 #endif
19041 }
19042
19043 if (sp != NULL) {
19044 #ifdef ARGUSDEBUG
19045 ArgusDebug (8, "argus_nametoport: sp is %p\n", sp);
19046 #endif
19047 *port = ntohs(sp->s_port);
19048
19049 #ifdef ARGUSDEBUG
19050 ArgusDebug (8, "argus_nametoport (%s, .., ..) calling argus_nametoproto(%s)\n", sp->s_proto);
19051 #endif
19052
19053 *proto = argus_nametoproto(sp->s_proto);
19054 /*
19055 * We need to check /etc/services for ambiguous entries.
19056 * If we find the ambiguous entry, and it has the
19057 * same port number, change the proto to PROTO_UNDEF
19058 * so both TCP and UDP will be checked.
19059 */
19060 if (*proto == IPPROTO_TCP)
19061 other = "udp";
19062 else
19063 other = "tcp";
19064
19065 sp = getservbyname(name, other);
19066 if (sp != 0) {
19067 if (*port != ntohs(sp->s_port))
19068 return 0;
19069 *proto = PROTO_UNDEF;
19070 }
19071
19072 #ifdef ARGUSDEBUG
19073 ArgusDebug (8, "argus_nametoport (%s, %d, %d)\n", name, *port, *proto);
19074 #endif
19075 return 1;
19076 }
19077
19078 #if defined(ultrix) || defined(__osf__)
19079 /* Special hack in case NFS isn't in /etc/services */
19080 if (strcmp(name, "nfs") == 0) {
19081 *port = 2049;
19082 *proto = PROTO_UNDEF;
19083 return 1;
19084 }
19085 #endif
19086
19087 #ifdef ARGUSDEBUG
19088 ArgusDebug (8, "argus_nametoport (%s, %d, %d)\n", name, *port, *proto);
19089 #endif
19090
19091 return 0;
19092 }
19093
19094 int
argus_nametoproto(char * str)19095 argus_nametoproto(char *str)
19096 {
19097 struct protoent *p;
19098
19099 p = getprotobyname(str);
19100 if (p != 0)
19101 return p->p_proto;
19102 else
19103 return PROTO_UNDEF;
19104 }
19105
19106
19107 int
argus_nametoeproto(char * s)19108 argus_nametoeproto(char *s)
19109 {
19110 struct ArgusEtherTypeStruct *p = argus_ethertype_names;
19111
19112 while (p->tag != 0) {
19113 if (strcmp(p->tag, s) == 0) {
19114 return atoi(p->range);
19115 }
19116 p += 1;
19117 }
19118
19119 return PROTO_UNDEF;
19120 }
19121
19122 unsigned int
__argus_atoin(char * s,unsigned int * addr)19123 __argus_atoin(char *s, unsigned int *addr)
19124 {
19125 int n, len;
19126
19127 *addr = 0;
19128 len = 0;
19129 while (1) {
19130 n = 0;
19131 while (*s && *s != '.')
19132 n = n * 10 + *s++ - '0';
19133 *addr <<= 8;
19134 *addr |= n & 0xff;
19135 len += 8;
19136 if (*s == '\0') {
19137 *addr = *addr;
19138 return len;
19139 }
19140 ++s;
19141 }
19142 /* NOTREACHED */
19143 }
19144
19145 u_int
__argus_atodn(char * s)19146 __argus_atodn(char *s)
19147 {
19148 #define AREASHIFT 10
19149 #define AREAMASK 0176000
19150 #define NODEMASK 01777
19151
19152 u_int addr = 0;
19153 u_int node, area;
19154
19155 if (sscanf((char *)s, "%d.%d", (int *) &area, (int *) &node) != 2)
19156 ArgusLog (LOG_ERR,"malformed decnet address '%s'", s);
19157
19158 addr = (area << AREASHIFT) & AREAMASK;
19159 addr |= (node & NODEMASK);
19160
19161 return(addr);
19162 }
19163
19164 /*
19165 * Convert 's' which has the form "xx:xx:xx:xx:xx:xx" into a new
19166 * ethernet address. Assumes 's' is well formed.
19167 */
19168
19169 extern int xdtoi(int);
19170
19171 u_char *
argus_ether_aton(char * s)19172 argus_ether_aton(char *s)
19173 {
19174 register u_char *ep, *e;
19175 register u_int d;
19176
19177 e = ep = (u_char *)malloc(6);
19178
19179 while (*s) {
19180 if (*s == ':')
19181 s += 1;
19182 d = xdtoi(*s++);
19183 if (isxdigit((int)*s)) {
19184 d <<= 4;
19185 d |= xdtoi(*s++);
19186 }
19187 *ep++ = d;
19188 }
19189
19190 return (e);
19191 }
19192
19193 #if !defined(ETHER_SERVICE) || defined(linux) || defined(CYGWIN)
19194 /* Roll our own */
19195
19196 u_char *
argus_ether_hostton(char * name)19197 argus_ether_hostton(char *name)
19198 {
19199 register struct argus_etherent *ep;
19200 register u_char *ap;
19201 static FILE *fp = NULL;
19202 static int init = 0;
19203
19204 if (!init) {
19205 fp = fopen(PCAP_ETHERS_FILE, "r");
19206 ++init;
19207 if (fp == NULL)
19208 return (NULL);
19209 } else if (fp == NULL)
19210 return (NULL);
19211 else
19212 rewind(fp);
19213
19214 while ((ep = argus_next_etherent(fp)) != NULL) {
19215 if (strcmp(ep->name, name) == 0) {
19216 ap = (u_char *)malloc(6);
19217 if (ap != NULL) {
19218 memcpy(ap, ep->addr, 6);
19219 return (ap);
19220 }
19221 break;
19222 }
19223 }
19224 return (NULL);
19225 }
19226 #else
19227
19228 #if HAVE_ETHER_HOSTTON && !defined(__APPLE_CC__) && !defined(__APPLE__)
19229 extern int ether_hostton(const char *, struct ether_addr *);
19230 #endif
19231
19232 /* Use the os supplied routines */
19233 u_char *
argus_ether_hostton(char * name)19234 argus_ether_hostton(char *name)
19235 {
19236 register u_char *ap;
19237 u_char a[6];
19238
19239 ap = NULL;
19240 if (ether_hostton((char*)name, (struct ether_addr *)a) == 0) {
19241 ap = (u_char *)malloc(6);
19242 if (ap != NULL)
19243 memcpy(ap, a, 6);
19244 }
19245 return (ap);
19246 }
19247 #endif
19248
19249 u_short
__argus_nametodnaddr(char * name)19250 __argus_nametodnaddr(char *name)
19251 {
19252 #ifndef DECNETLIB
19253 return(0);
19254 #else
19255 struct nodeent *getnodebyname();
19256 struct nodeent *nep;
19257 u_short res = 0;
19258
19259 if ((nep = getnodebyname(name)) != NULL)
19260 memcpy((char *)&res, (char *)nep->n_addr, sizeof(u_short));
19261
19262 return(res);
19263 #endif
19264 }
19265
19266
19267
19268 #include <stdarg.h>
19269
19270 void
ArgusPrintTime(struct ArgusParserStruct * parser,char * buf,struct timeval * tvp)19271 ArgusPrintTime(struct ArgusParserStruct *parser, char *buf, struct timeval *tvp)
19272 {
19273 char timeFormatBuf[128], *tstr = timeFormatBuf;
19274 char timeZoneBuf[32], *ptr;
19275 struct tm tmbuf, *tm = &tmbuf;
19276 time_t tsec = tvp->tv_sec;
19277
19278 bzero (timeZoneBuf, sizeof(timeZoneBuf));
19279 bzero (timeFormatBuf, sizeof(timeFormatBuf));
19280
19281 if ((tm = localtime_r (&tsec, &tmbuf)) == NULL)
19282 return;
19283
19284 if (parser->uflag) {
19285 sprintf (tstr, "%u", (int) tvp->tv_sec);
19286 if (parser->pflag) {
19287 ptr = &tstr[strlen(tstr)];
19288 sprintf (ptr, ".%06u", (int) tvp->tv_usec);
19289 ptr[parser->pflag + 1] = '\0';
19290 }
19291 sprintf (buf, "%s", tstr);
19292 return;
19293 }
19294
19295 strncpy(timeFormatBuf, parser->RaTimeFormat, sizeof(timeFormatBuf));
19296
19297 for (ptr=tstr; *ptr; ptr++) {
19298 if (*ptr != '%') {
19299 buf[strlen(buf)] = *ptr;
19300 } else {
19301 switch (*++ptr) {
19302 case 'f': {
19303 if (parser->pflag) {
19304 char *p;
19305 int i;
19306
19307 while (isspace((int)buf[strlen(buf) - 1]))
19308 buf[strlen(buf) - 1] = '\0';
19309 p = &buf[strlen(buf)];
19310 sprintf (p, "%06u", (int) tvp->tv_usec);
19311 for (i = parser->pflag; i < 6; i++)
19312 p[i] = '\0';
19313 } else {
19314 if (buf[strlen(buf) - 1] == '.')
19315 buf[strlen(buf) - 1] = '\0';
19316 }
19317 break;
19318 }
19319
19320 case '%': {
19321 buf[strlen(buf)] = '%';
19322 break;
19323 }
19324
19325 case 'E':
19326 case 'O': {
19327 char sbuf[8];
19328 sprintf (sbuf, "%%%.2s", ptr++);
19329 strftime (&buf[strlen(buf)], 64, sbuf, tm);
19330 break;
19331 }
19332
19333 case 'z': {
19334 if (parser->ArgusPrintXml) {
19335 char sbuf[16];
19336 int len, i;
19337 bzero (sbuf, 16);
19338 if ((strftime ((char *) sbuf, 16, "%z", tm)) == 0)
19339 ArgusLog (LOG_ERR, "ArgusPrintTime: strftime() error\n");
19340 if (strstr(sbuf, "0000")) {
19341 sprintf (sbuf, "Z");
19342 } else {
19343 if ((len = strlen(sbuf)) > 0) {
19344 for (i = 0; i < 2; i++)
19345 sbuf[len - i] = sbuf[len - (i + 1)];
19346 sbuf[len - 2] = ':';
19347 }
19348 }
19349 sprintf(&buf[strlen(buf)], "%s", sbuf);
19350 break;
19351 }
19352 /* Fall through to default if %z and not parser->ArgusPrintXml */
19353 }
19354 default: {
19355 char sbuf[8];
19356 sprintf (sbuf, "%%%c", *ptr);
19357 strftime (&buf[strlen(buf)], 64, sbuf, tm);
19358 break;
19359 }
19360 }
19361 }
19362 }
19363 /*
19364 if (tvp->tv_sec == 0) {
19365 int len = strlen(buf);
19366 sprintf (buf, "%*.*s", len, len, " ");
19367 }
19368 */
19369 }
19370
19371 void ArgusPrintCountryCode (struct ArgusParserStruct *, struct ArgusRecordStruct *, unsigned int *, int, int, char *);
19372 extern struct RaAddressStruct *RaFindAddress (struct ArgusParserStruct *, struct RaAddressStruct *, struct RaAddressStruct *, int);
19373
19374 void
ArgusPrintCountryCode(struct ArgusParserStruct * parser,struct ArgusRecordStruct * argus,unsigned int * addr,int type,int len,char * buf)19375 ArgusPrintCountryCode (struct ArgusParserStruct *parser, struct ArgusRecordStruct *argus, unsigned int *addr, int type, int len, char *buf)
19376 {
19377 struct ArgusLabelerStruct *labeler;
19378 struct RaAddressStruct *raddr;
19379
19380 if ((labeler = parser->ArgusLabeler) == NULL) {
19381 parser->ArgusLabeler = ArgusNewLabeler(parser, ARGUS_LABELER_COCODE);
19382 labeler = parser->ArgusLabeler;
19383 } else {
19384 if (labeler->ArgusAddrTree == NULL) {
19385 if (parser->ArgusDelegatedIPFile) {
19386 if (!(RaReadAddressConfig (parser, parser->ArgusLabeler, parser->ArgusDelegatedIPFile) > 0))
19387 ArgusLog (LOG_ERR, "ArgusNewLabeler: RaReadAddressConfig error");
19388 }
19389 }
19390 }
19391
19392 if (labeler->ArgusAddrTree != NULL) {
19393 switch (type) {
19394 case ARGUS_TYPE_IPV4: {
19395 struct RaAddressStruct **ArgusAddrTree = labeler->ArgusAddrTree;
19396 struct RaAddressStruct node;
19397 bzero ((char *)&node, sizeof(node));
19398
19399 node.addr.type = AF_INET;
19400 node.addr.len = 4;
19401 node.addr.addr[0] = *addr;
19402 node.addr.masklen = 32;
19403
19404 if ((raddr = RaFindAddress (parser, ArgusAddrTree[AF_INET], &node, ARGUS_LONGEST_MATCH)) != NULL) {
19405 struct RaAddressStruct *caddr = raddr;
19406
19407 while (caddr && strlen(caddr->cco) == 0) caddr = caddr->p;
19408
19409 if (caddr != NULL)
19410 snprintf (buf, 4, "%s", caddr->cco);
19411 else
19412 snprintf (buf, 3, "ZZ");
19413 }
19414 break;
19415 }
19416
19417 case ARGUS_TYPE_IPV6:
19418 break;
19419 }
19420
19421 } else
19422 snprintf (buf, 3, " ");
19423
19424 #ifdef ARGUSDEBUG
19425 ArgusDebug (5, "ArgusPrintCountryCode (%p, %p, %p, %d, %d, %p) returning\n", parser, argus, addr, type, len, buf);
19426 #endif
19427 }
19428
19429
19430 void
ArgusPrintSrcCountryCode(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)19431 ArgusPrintSrcCountryCode (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
19432 {
19433 char ccbuf[4];
19434 struct ArgusFlow *flow;
19435 void *addr = NULL;
19436 int type = 0;
19437
19438 bzero(ccbuf, sizeof(ccbuf));
19439
19440 if (argus->hdr.type & ARGUS_MAR) {
19441 if (parser->ArgusPrintXml) {
19442 } else
19443 sprintf (buf, "%*.*s ", len, len, " ");
19444
19445 } else {
19446 struct ArgusCountryCodeStruct *cocode = (void *)argus->dsrs[ARGUS_COCODE_INDEX];
19447
19448 if (cocode != NULL) {
19449 bcopy((char *)&cocode->src, ccbuf, 2);
19450 } else
19451 if (((flow = (void *)argus->dsrs[ARGUS_FLOW_INDEX]) != NULL)) {
19452 switch (flow->hdr.subtype & 0x3F) {
19453
19454 case ARGUS_FLOW_CLASSIC5TUPLE:
19455 case ARGUS_FLOW_LAYER_3_MATRIX: {
19456 switch (type = (flow->hdr.argus_dsrvl8.qual & 0x1F)) {
19457 case ARGUS_TYPE_IPV4:
19458 addr = &flow->ip_flow.ip_src;
19459 break;
19460 case ARGUS_TYPE_IPV6:
19461 addr = &flow->ipv6_flow.ip_src;
19462 break;
19463
19464 case ARGUS_TYPE_RARP:
19465 type = ARGUS_TYPE_ETHER;
19466 addr = &flow->lrarp_flow.tareaddr;
19467 break;
19468 case ARGUS_TYPE_ARP:
19469 type = ARGUS_TYPE_IPV4;
19470 addr = &flow->larp_flow.arp_spa;
19471 break;
19472
19473 case ARGUS_TYPE_ETHER:
19474 addr = &flow->mac_flow.mac_union.ether.ehdr.ether_shost;
19475 break;
19476 }
19477 break;
19478 }
19479
19480 case ARGUS_FLOW_ARP: {
19481 switch (type = (flow->hdr.argus_dsrvl8.qual & 0x1F)) {
19482 case ARGUS_TYPE_RARP:
19483 type = ARGUS_TYPE_ETHER;
19484 addr = &flow->rarp_flow.dhaddr;
19485 break;
19486
19487 case ARGUS_TYPE_ARP:
19488 type = ARGUS_TYPE_IPV4;
19489 addr = &flow->arp_flow.arp_spa;
19490 break;
19491 }
19492 break;
19493 }
19494
19495 default:
19496 break;
19497 }
19498
19499 ArgusPrintCountryCode (parser, argus, addr, type, len, ccbuf);
19500 }
19501
19502 if (parser->ArgusPrintXml) {
19503 sprintf (buf, " SrcCoCode = \"%s\"", ccbuf);
19504 } else {
19505 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
19506 len = strlen(ccbuf);
19507
19508 if (len != 0) {
19509 if (len < strlen(ccbuf))
19510 sprintf (buf, "%*.*s* ", len-1, len-1, ccbuf);
19511 else
19512 sprintf (buf, "%*.*s ", len, len, ccbuf);
19513 } else
19514 sprintf (buf, "%s ", ccbuf);
19515 }
19516 }
19517
19518 #ifdef ARGUSDEBUG
19519 ArgusDebug (10, "ArgusPrintSrcCountryCode (%p, %p)", buf, argus);
19520 #endif
19521 }
19522
19523 void
ArgusPrintDstCountryCode(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)19524 ArgusPrintDstCountryCode (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
19525 {
19526 char ccbuf[4];
19527
19528 if (argus->hdr.type & ARGUS_MAR) {
19529 if (parser->ArgusPrintXml) {
19530 } else {
19531 sprintf (buf, "%*.*s ", len, len, " ");
19532 }
19533
19534 } else {
19535 struct ArgusCountryCodeStruct *cocode = (void *)argus->dsrs[ARGUS_COCODE_INDEX];
19536 struct ArgusFlow *flow;
19537 void *addr = NULL;
19538 int type = 0;
19539
19540 bzero(ccbuf, sizeof(ccbuf));
19541
19542 if (cocode != NULL) {
19543 bcopy((char *)&cocode->dst, ccbuf, 2);
19544 } else
19545 if (((flow = (void *)argus->dsrs[ARGUS_FLOW_INDEX]) != NULL)) {
19546 switch (flow->hdr.subtype & 0x3F) {
19547
19548 case ARGUS_FLOW_CLASSIC5TUPLE:
19549 case ARGUS_FLOW_LAYER_3_MATRIX: {
19550 switch (type = (flow->hdr.argus_dsrvl8.qual & 0x1F)) {
19551 case ARGUS_TYPE_IPV4:
19552 addr = &flow->ip_flow.ip_dst;
19553 break;
19554 case ARGUS_TYPE_IPV6:
19555 addr = &flow->ipv6_flow.ip_dst;
19556 break;
19557
19558 case ARGUS_TYPE_RARP:
19559 type = ARGUS_TYPE_ETHER;
19560 addr = &flow->lrarp_flow.tareaddr;
19561 break;
19562 case ARGUS_TYPE_ARP:
19563 type = ARGUS_TYPE_IPV4;
19564 addr = &flow->larp_flow.arp_tpa;
19565 break;
19566
19567 case ARGUS_TYPE_ETHER:
19568 addr = &flow->mac_flow.mac_union.ether.ehdr.ether_dhost;
19569 break;
19570 }
19571 break;
19572 }
19573
19574 case ARGUS_FLOW_ARP: {
19575 switch (type = (flow->hdr.argus_dsrvl8.qual & 0x1F)) {
19576 case ARGUS_TYPE_RARP:
19577 type = ARGUS_TYPE_ETHER;
19578 addr = &flow->rarp_flow.dhaddr;
19579 break;
19580
19581 case ARGUS_TYPE_ARP:
19582 type = ARGUS_TYPE_IPV4;
19583 addr = &flow->arp_flow.arp_tpa;
19584 break;
19585 }
19586 break;
19587 }
19588
19589 default:
19590 break;
19591 }
19592
19593 ArgusPrintCountryCode (parser, argus, addr, type, len, ccbuf);
19594 }
19595
19596 if (parser->ArgusPrintXml) {
19597 sprintf (buf, " DstCoCode = \"%s\"", ccbuf);
19598 } else {
19599 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
19600 len = strlen(ccbuf);
19601
19602 if (len != 0) {
19603 if (len < strlen(ccbuf))
19604 sprintf (buf, "%*.*s* ", len-1, len-1, ccbuf);
19605 else
19606 sprintf (buf, "%*.*s ", len, len, ccbuf);
19607 } else
19608 sprintf (buf, "%s ", ccbuf);
19609 }
19610 }
19611
19612 #ifdef ARGUSDEBUG
19613 ArgusDebug (10, "ArgusPrintDstCountryCode (%p, %p)", buf, argus);
19614 #endif
19615 }
19616
19617
19618 void
ArgusPrintInodeCountryCode(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)19619 ArgusPrintInodeCountryCode (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
19620 {
19621 int objlen = 0;
19622 char ccbuf[4];
19623
19624 bzero(ccbuf, sizeof(ccbuf));
19625 if (argus->hdr.type & ARGUS_MAR) {
19626 if (parser->ArgusPrintXml) {
19627 } else {
19628 sprintf (buf, "%*.*s ", len, len, " ");
19629 }
19630
19631 } else {
19632 struct ArgusIcmpStruct *icmp = (void *)argus->dsrs[ARGUS_ICMP_INDEX];
19633
19634 if (icmp != NULL) {
19635 if (icmp->hdr.argus_dsrvl8.qual & ARGUS_ICMP_MAPPED) {
19636 struct ArgusFlow *flow = (void *)argus->dsrs[ARGUS_FLOW_INDEX];
19637 void *addr = NULL;
19638 int type = 0;
19639
19640 if (flow != NULL) {
19641 switch (flow->hdr.subtype & 0x3F) {
19642 case ARGUS_FLOW_CLASSIC5TUPLE:
19643 case ARGUS_FLOW_LAYER_3_MATRIX: {
19644 switch (type = (flow->hdr.argus_dsrvl8.qual & 0x1F)) {
19645 case ARGUS_TYPE_IPV4:
19646 objlen = 4;
19647 break;
19648 case ARGUS_TYPE_IPV6:
19649 objlen = 16;
19650 break;
19651 }
19652 break;
19653 }
19654
19655 default:
19656 break;
19657 }
19658 }
19659
19660 if (objlen > 0)
19661 addr = &icmp->osrcaddr;
19662
19663 ArgusPrintCountryCode (parser, argus, addr, type, len, ccbuf);
19664 }
19665 }
19666
19667 if (parser->ArgusPrintXml) {
19668 sprintf (buf, " DstCoCode = \"%s\"", ccbuf);
19669 } else {
19670 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
19671 len = strlen(ccbuf);
19672
19673 if (len != 0) {
19674 if (len < strlen(ccbuf))
19675 sprintf (buf, "%*.*s* ", len-1, len-1, ccbuf);
19676 else
19677 sprintf (buf, "%*.*s ", len, len, ccbuf);
19678 } else
19679 sprintf (buf, "%s ", ccbuf);
19680 }
19681 }
19682
19683 #ifdef ARGUSDEBUG
19684 ArgusDebug (10, "ArgusPrintInodeCountryCode (%p, %p)", buf, argus);
19685 #endif
19686 }
19687
19688
19689
19690 void
ArgusPrintSrcAsn(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)19691 ArgusPrintSrcAsn (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
19692 {
19693 char asnbuf[16];
19694
19695 bzero(asnbuf, sizeof(asnbuf));
19696 if (argus->hdr.type & ARGUS_MAR) {
19697 if (parser->ArgusPrintXml) {
19698 } else
19699 sprintf (buf, "%*.*s ", len, len, " ");
19700
19701 } else {
19702 struct ArgusAsnStruct *asn = (void *)argus->dsrs[ARGUS_ASN_INDEX];
19703
19704 if ((asn != NULL) && (asn->src_as != 0)) {
19705 switch (parser->ArgusAsnFormat) {
19706 case ARGUS_ASN_ASPLAIN: {
19707 sprintf(asnbuf, "%d", asn->src_as);
19708 break;
19709 }
19710
19711 case ARGUS_ASN_ASDOTPLUS: {
19712 unsigned short sasn[2];
19713 sasn[0] = (asn->src_as & 0x0000FFFF);
19714 sasn[1] = (asn->src_as >> 16);
19715 sprintf(asnbuf, "%d.%d", sasn[1], sasn[0]);
19716 break;
19717 }
19718
19719 case ARGUS_ASN_ASDOT: {
19720 if (asn->src_as > 65535) {
19721 unsigned short sasn[2];
19722 sasn[0] = (asn->src_as & 0x0000FFFF);
19723 sasn[1] = (asn->src_as >> 16);
19724 sprintf(asnbuf, "%d.%d", sasn[1], sasn[0]);
19725 } else
19726 sprintf(asnbuf, "%d", asn->src_as);
19727 break;
19728 }
19729 }
19730
19731 } else
19732 sprintf(asnbuf, " ");
19733
19734 if (parser->ArgusPrintXml) {
19735 sprintf (buf, " SrcASNum = \"%s\"", asnbuf);
19736 } else {
19737 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
19738 len = strlen(asnbuf);
19739
19740 if (len != 0) {
19741 if (len < strlen(asnbuf))
19742 sprintf (buf, "%*.*s* ", len-1, len-1, asnbuf);
19743 else
19744 sprintf (buf, "%*.*s ", len, len, asnbuf);
19745 } else
19746 sprintf (buf, "%s ", asnbuf);
19747 }
19748 }
19749 #ifdef ARGUSDEBUG
19750 ArgusDebug (10, "ArgusPrintSrcAsn (%p, %p)", buf, argus);
19751 #endif
19752 }
19753
19754 void
ArgusPrintDstAsn(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)19755 ArgusPrintDstAsn (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
19756 {
19757 char asnbuf[16];
19758
19759 bzero(asnbuf, sizeof(asnbuf));
19760 if (argus->hdr.type & ARGUS_MAR) {
19761 if (parser->ArgusPrintXml) {
19762 } else
19763 sprintf (buf, "%*.*s ", len, len, " ");
19764
19765 } else {
19766 struct ArgusAsnStruct *asn = (void *)argus->dsrs[ARGUS_ASN_INDEX];
19767
19768 if ((asn != NULL) && (asn->dst_as != 0)) {
19769 switch (parser->ArgusAsnFormat) {
19770 case ARGUS_ASN_ASPLAIN: {
19771 sprintf(asnbuf, "%d", asn->dst_as);
19772 break;
19773 }
19774
19775 case ARGUS_ASN_ASDOTPLUS: {
19776 unsigned short dasn[2];
19777 dasn[0] = (asn->dst_as & 0x0000FFFF);
19778 dasn[1] = (asn->dst_as >> 16);
19779 sprintf(asnbuf, "%d.%d", dasn[1], dasn[0]);
19780 break;
19781 }
19782
19783 case ARGUS_ASN_ASDOT: {
19784 if (asn->dst_as > 65535) {
19785 unsigned short dasn[2];
19786 dasn[0] = (asn->dst_as & 0x0000FFFF);
19787 dasn[1] = (asn->dst_as >> 16);
19788 sprintf(asnbuf, "%d.%d", dasn[1], dasn[0]);
19789 } else
19790 sprintf(asnbuf, "%d", asn->dst_as);
19791 break;
19792 }
19793 }
19794
19795 } else
19796 sprintf(asnbuf, " ");
19797
19798 if (parser->ArgusPrintXml) {
19799 sprintf (buf, " DstASNum = \"%s\"", asnbuf);
19800 } else {
19801 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
19802 len = strlen(asnbuf);
19803
19804 if (len != 0) {
19805 if (len < strlen(asnbuf))
19806 sprintf (buf, "%*.*s* ", len-1, len-1, asnbuf);
19807 else
19808 sprintf (buf, "%*.*s ", len, len, asnbuf);
19809 } else
19810 sprintf (buf, "%s ", asnbuf);
19811 }
19812 }
19813
19814 #ifdef ARGUSDEBUG
19815 ArgusDebug (10, "ArgusPrintDstAsn (%p, %p)", buf, argus);
19816 #endif
19817 }
19818
19819 void
ArgusPrintInodeAsn(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)19820 ArgusPrintInodeAsn (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
19821 {
19822 char asnbuf[16];
19823
19824 bzero(asnbuf, sizeof(asnbuf));
19825 if (argus->hdr.type & ARGUS_MAR) {
19826 if (parser->ArgusPrintXml) {
19827 } else
19828 sprintf (buf, "%*.*s ", len, len, " ");
19829
19830 } else {
19831 struct ArgusAsnStruct *asn = (void *)argus->dsrs[ARGUS_ASN_INDEX];
19832
19833 if (asn != NULL) {
19834 int alen = asn->hdr.argus_dsrvl8.len;
19835 if ((alen > 3) && (asn->inode_as != 0)) {
19836 if (asn->inode_as > 65535) {
19837 unsigned short sasn[2];
19838 sasn[0] = (asn->inode_as & 0x0000FFFF);
19839 sasn[1] = (asn->inode_as >> 16);
19840 sprintf(asnbuf, "%d.%d", sasn[1], sasn[0]);
19841 } else
19842 sprintf(asnbuf, "%d", asn->inode_as);
19843 }
19844 } else
19845 sprintf(asnbuf, " ");
19846
19847 if (parser->ArgusPrintXml) {
19848 sprintf (buf, " InodeASNum = \"%s\"", asnbuf);
19849 } else {
19850 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
19851 len = strlen(asnbuf);
19852
19853 if (len != 0) {
19854 if (len < strlen(asnbuf))
19855 sprintf (buf, "%*.*s* ", len-1, len-1, asnbuf);
19856 else
19857 sprintf (buf, "%*.*s ", len, len, asnbuf);
19858 } else
19859 sprintf (buf, "%s ", asnbuf);
19860 }
19861 }
19862
19863 #ifdef ARGUSDEBUG
19864 ArgusDebug (10, "ArgusPrintInodeAsn (%p, %p)", buf, argus);
19865 #endif
19866 }
19867
19868
19869 void
ArgusPrintIcmpId(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)19870 ArgusPrintIcmpId (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
19871 {
19872 struct ArgusFlow *flow;
19873 char idbuf[12];
19874 int type = 0;
19875
19876 bzero(idbuf, sizeof(idbuf));
19877 if (argus->hdr.type & ARGUS_MAR) {
19878 if (parser->ArgusPrintXml) {
19879 } else
19880 sprintf (buf, "%*.*s ", len, len, " ");
19881
19882 } else {
19883 unsigned short id = 0;
19884 int found = 0;
19885
19886 if (((flow = (void *)argus->dsrs[ARGUS_FLOW_INDEX]) != NULL)) {
19887 switch (flow->hdr.subtype & 0x3F) {
19888 case ARGUS_FLOW_CLASSIC5TUPLE:
19889 case ARGUS_FLOW_LAYER_3_MATRIX: {
19890 switch (type = (flow->hdr.argus_dsrvl8.qual & 0x1F)) {
19891 case ARGUS_TYPE_IPV4:
19892 if (flow->ip_flow.ip_p == IPPROTO_ICMP) {
19893 id = flow->icmp_flow.id;
19894 found++;
19895 }
19896 break;
19897 case ARGUS_TYPE_IPV6:
19898 if (flow->ipv6_flow.ip_p == IPPROTO_ICMPV6) {
19899 id = flow->icmpv6_flow.id;
19900 found++;
19901 }
19902 break;
19903 }
19904 break;
19905 }
19906 }
19907 }
19908
19909 if (found) {
19910 sprintf (idbuf, "%d", id);
19911 } else {
19912 sprintf (idbuf, " ");
19913 }
19914
19915 if (parser->ArgusPrintXml) {
19916 sprintf (buf, " IcmpId = \"%s\"", idbuf);
19917 } else {
19918 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
19919 len = strlen(idbuf);
19920
19921 if (len != 0) {
19922 if (len < strlen(idbuf))
19923 sprintf (buf, "%*.*s* ", len-1, len-1, idbuf);
19924 else
19925 sprintf (buf, "%*.*s ", len, len, idbuf);
19926 } else
19927 sprintf (buf, "%s ", idbuf);
19928 }
19929 }
19930
19931 #ifdef ARGUSDEBUG
19932 ArgusDebug (10, "ArgusPrintIcmpId (%p, %p)", buf, argus);
19933 #endif
19934 }
19935
19936 void
ArgusPrintResponse(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)19937 ArgusPrintResponse (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
19938 {
19939 struct ArgusFlow *flow;
19940 char *resp = NULL;
19941
19942 if (argus->hdr.type & ARGUS_MAR) {
19943 if (parser->ArgusPrintXml) {
19944 } else
19945 sprintf (buf, "%*.*s ", len, len, " ");
19946
19947 } else {
19948 if (((flow = (void *)argus->dsrs[ARGUS_FLOW_INDEX]) != NULL)) {
19949 switch (flow->hdr.subtype & 0x3F) {
19950 case ARGUS_FLOW_CLASSIC5TUPLE:
19951 case ARGUS_FLOW_LAYER_3_MATRIX: {
19952 int type;
19953 switch (type = (flow->hdr.argus_dsrvl8.qual & 0x1F)) {
19954 case ARGUS_TYPE_RARP: {
19955 break;
19956 }
19957
19958 case ARGUS_TYPE_ARP: {
19959 break;
19960 }
19961 }
19962 break;
19963 }
19964
19965 case ARGUS_FLOW_ARP: {
19966 switch (flow->hdr.argus_dsrvl8.qual & 0x1F) {
19967 case ARGUS_TYPE_RARP: {
19968 break;
19969 }
19970 case ARGUS_TYPE_ARP: {
19971 struct ArgusNetworkStruct *net = (struct ArgusNetworkStruct *)argus->dsrs[ARGUS_NETWORK_INDEX];
19972 if (net != NULL)
19973 resp = etheraddr_string(parser, (unsigned char *)&net->net_union.arp.respaddr);
19974 break;
19975 }
19976 }
19977 break;
19978 }
19979 }
19980 }
19981
19982 if (resp != NULL) {
19983 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
19984 len = strlen(resp);
19985
19986 if (len != 0) {
19987 if (len < strlen(resp))
19988 sprintf (buf, "%*.*s* ", len-1, len-1, resp);
19989 else
19990 sprintf (buf, "%*.*s ", len, len, resp);
19991 } else
19992 sprintf (buf, "%s ", resp);
19993 }
19994 }
19995
19996 #ifdef ARGUSDEBUG
19997 ArgusDebug (10, "ArgusPrintResponse (%p, %p)", buf, argus);
19998 #endif
19999 }
20000
20001
20002 void
ArgusPrintLabel(struct ArgusParserStruct * parser,char * buf,struct ArgusRecordStruct * argus,int len)20003 ArgusPrintLabel (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus, int len)
20004 {
20005 struct ArgusLabelStruct *label;
20006 char *labelbuf = "";
20007
20008 if (argus->hdr.type & ARGUS_MAR) {
20009 if (parser->ArgusPrintXml) {
20010 } else
20011 sprintf (buf, "%*.*s ", len, len, " ");
20012
20013 } else {
20014 if (((label = (void *)argus->dsrs[ARGUS_LABEL_INDEX]) != NULL))
20015 labelbuf = label->l_un.label;
20016
20017 if (parser->ArgusPrintXml) {
20018 sprintf (buf, " Label = \"%s\"", labelbuf);
20019 } else {
20020 if (parser->RaFieldWidth != RA_FIXED_WIDTH)
20021 len = strlen(labelbuf);
20022
20023 if (len != 0) {
20024 if (len < strlen(labelbuf))
20025 sprintf (buf, "%*.*s* ", len-1, len-1, labelbuf);
20026 else
20027 sprintf (buf, "%*.*s ", len, len, labelbuf);
20028 } else
20029 sprintf (buf, "%s ", labelbuf);
20030 }
20031 }
20032
20033 #ifdef ARGUSDEBUG
20034 ArgusDebug (10, "ArgusPrintLabel (%p, %p)", buf, argus);
20035 #endif
20036 }
20037
20038 static char ArgusStatusBuf[32];
20039
20040 char *
ArgusGetManStatus(struct ArgusParserStruct * parser,struct ArgusRecordStruct * argus)20041 ArgusGetManStatus (struct ArgusParserStruct *parser, struct ArgusRecordStruct *argus)
20042 {
20043 bzero (ArgusStatusBuf, 32);
20044
20045 switch (argus->hdr.cause & 0xF0) {
20046 case ARGUS_START: sprintf (ArgusStatusBuf, "STA"); break;
20047 case ARGUS_STATUS: sprintf (ArgusStatusBuf, "CON"); break;
20048 case ARGUS_STOP: sprintf (ArgusStatusBuf, "STP"); break;
20049 case ARGUS_SHUTDOWN: sprintf (ArgusStatusBuf, "SHT"); break;
20050 case ARGUS_ERROR: {
20051 switch (argus->hdr.cause & 0x0F) {
20052 case ARGUS_ACCESSDENIED: sprintf (ArgusStatusBuf, "ADN"); break;
20053 case ARGUS_MAXLISTENEXCD: sprintf (ArgusStatusBuf, "MAX"); break;
20054 default: sprintf (ArgusStatusBuf, "ERR"); break;
20055 }
20056 }
20057 }
20058
20059 return(ArgusStatusBuf);
20060 }
20061
20062
20063 char *
ArgusGetTCPStatus(struct ArgusParserStruct * parser,struct ArgusRecordStruct * argus)20064 ArgusGetTCPStatus (struct ArgusParserStruct *parser, struct ArgusRecordStruct *argus)
20065 {
20066 struct ArgusMetricStruct *metric;
20067 struct ArgusNetworkStruct *net;
20068 unsigned int status = 0;
20069 unsigned char sflags, dflags;
20070
20071 if ((net = (struct ArgusNetworkStruct *)argus->dsrs[ARGUS_NETWORK_INDEX]) != NULL) {
20072 switch (net->hdr.subtype) {
20073 case ARGUS_TCP_INIT:
20074 case ARGUS_TCP_STATUS:
20075 case ARGUS_TCP_PERF: {
20076 struct ArgusTCPObject *tcp = (struct ArgusTCPObject *)&net->net_union.tcp;
20077 status = tcp->status;
20078 sflags = tcp->src.flags;
20079 dflags = tcp->dst.flags;
20080 break;
20081 }
20082 }
20083 }
20084
20085 *ArgusStatusBuf = '\0';
20086
20087 if (parser->zflag || parser->Zflag) {
20088 if (parser->zflag) {
20089 if (status & ARGUS_SAW_SYN) strncat (ArgusStatusBuf, "s", (32 - strlen(ArgusStatusBuf)));
20090 if (status & ARGUS_SAW_SYN_SENT) strncat (ArgusStatusBuf, "S", (32 - strlen(ArgusStatusBuf)));
20091 if (status & ARGUS_CON_ESTABLISHED) strncat (ArgusStatusBuf, "E", (32 - strlen(ArgusStatusBuf)));
20092 if (status & ARGUS_FIN) strncat (ArgusStatusBuf, "f", (32 - strlen(ArgusStatusBuf)));
20093 if (status & ARGUS_FIN_ACK) strncat (ArgusStatusBuf, "F", (32 - strlen(ArgusStatusBuf)));
20094 if (status & ARGUS_NORMAL_CLOSE) strncat (ArgusStatusBuf, "C", (32 - strlen(ArgusStatusBuf)));
20095 if (status & ARGUS_RESET) strncat (ArgusStatusBuf, "R", (32 - strlen(ArgusStatusBuf)));
20096
20097 } else {
20098 if (parser->Zflag) {
20099 char SrcTCPFlagsStr[16], DstTCPFlagsStr[16], tmp[16];
20100 int i, index;
20101
20102 bzero(SrcTCPFlagsStr, sizeof(SrcTCPFlagsStr));
20103 bzero(DstTCPFlagsStr, sizeof(DstTCPFlagsStr));
20104 bzero(tmp, sizeof(tmp));
20105
20106 for (i = 0, index = 1; i < 8; i++) {
20107 if (sflags & index) {
20108 strncat (SrcTCPFlagsStr, ArgusTCPFlags[i], (16 - strlen(SrcTCPFlagsStr)));
20109 }
20110 if (dflags & index) {
20111 strncat (DstTCPFlagsStr, ArgusTCPFlags[i], (16 - strlen(SrcTCPFlagsStr)));
20112 }
20113 index <<= 1;
20114 }
20115
20116 if ((metric = (void *)argus->dsrs[ARGUS_METRIC_INDEX]) != NULL) {
20117 if ((strlen(SrcTCPFlagsStr) && (metric->src.pkts == 0)) ||
20118 (strlen(DstTCPFlagsStr) && (metric->dst.pkts == 0))) {
20119 bcopy(SrcTCPFlagsStr, tmp, sizeof(tmp));
20120 bcopy(DstTCPFlagsStr, SrcTCPFlagsStr, sizeof(tmp));
20121 bcopy(tmp, DstTCPFlagsStr, sizeof(tmp));
20122 }
20123 }
20124
20125 switch (parser->Zflag) {
20126 case 'b':
20127 sprintf (ArgusStatusBuf, "%s_%s", SrcTCPFlagsStr, DstTCPFlagsStr);
20128 break;
20129 case 's':
20130 sprintf (ArgusStatusBuf, "%s", SrcTCPFlagsStr);
20131 break;
20132 case 'd':
20133 sprintf (ArgusStatusBuf, "%s", DstTCPFlagsStr);
20134 break;
20135 }
20136 }
20137 }
20138
20139 } else {
20140 if (status) {
20141 if (status & ARGUS_RESET) sprintf (ArgusStatusBuf, "RST"); else
20142 if (status & ARGUS_FIN) sprintf (ArgusStatusBuf, "FIN"); else
20143 if (status & ARGUS_FIN_ACK) sprintf (ArgusStatusBuf, "FIN"); else
20144 if (status & ARGUS_NORMAL_CLOSE) sprintf (ArgusStatusBuf, "CLO"); else
20145 if (argus->hdr.cause & ARGUS_TIMEOUT) sprintf (ArgusStatusBuf, "TIM"); else
20146 if (status & ARGUS_CON_ESTABLISHED) sprintf (ArgusStatusBuf, "CON"); else
20147 if (status & ARGUS_SAW_SYN_SENT) sprintf (ArgusStatusBuf, "ACC"); else
20148 if (status & ARGUS_SAW_SYN) sprintf (ArgusStatusBuf, "REQ"); else
20149 sprintf (ArgusStatusBuf, "CON");
20150 } else {
20151 if ((metric = (void *)argus->dsrs[ARGUS_METRIC_INDEX]) != NULL) {
20152 if (metric->src.pkts && metric->dst.pkts)
20153 sprintf (ArgusStatusBuf, "CON");
20154 else
20155 sprintf (ArgusStatusBuf, "INT");
20156 } else
20157 sprintf (ArgusStatusBuf, "INT");
20158 }
20159 }
20160 return (ArgusStatusBuf);
20161 }
20162
20163 char *
ArgusGetIGMPStatus(struct ArgusParserStruct * parser,struct ArgusRecordStruct * argus)20164 ArgusGetIGMPStatus (struct ArgusParserStruct *parser, struct ArgusRecordStruct *argus)
20165 {
20166 return (ArgusStatusBuf);
20167 }
20168
20169 char *
ArgusGetICMPv6Status(struct ArgusParserStruct * parser,struct ArgusRecordStruct * argus)20170 ArgusGetICMPv6Status (struct ArgusParserStruct *parser, struct ArgusRecordStruct *argus)
20171 {
20172 struct ArgusFlow *flow;
20173 char *retn = "UNK";
20174
20175 if ((flow = (struct ArgusFlow *)argus->dsrs[ARGUS_FLOW_INDEX]) != NULL) {
20176 struct ArgusICMPv6Flow *icmp = (void *) &flow->icmpv6_flow;
20177
20178 if (icmp->type < ICMP6_INFOMSG_MASK) {
20179 switch (icmp->type) {
20180 case ICMP6_DST_UNREACH:
20181
20182 switch (icmp->code) {
20183 case ICMP6_DST_UNREACH_NOROUTE:
20184 retn = "URNR";
20185 break;
20186 case ICMP6_DST_UNREACH_ADMIN:
20187 retn = "URAD";
20188 break;
20189 case ICMP6_DST_UNREACH_BEYONDSCOPE:
20190 retn = "URBS";
20191 break;
20192 case ICMP6_DST_UNREACH_ADDR:
20193 retn = "URAR";
20194 break;
20195 case ICMP6_DST_UNREACH_NOPORT:
20196 retn = "URP";
20197 break;
20198 case ICMP6_DST_UNREACH_SRC_FAIL:
20199 retn = "URSF";
20200 break;
20201 case ICMP6_DST_UNREACH_REJECT_ROUTE:
20202 retn = "URRR";
20203 break;
20204 case ICMP6_DST_UNREACH_ERROR_SRC_ROUTE:
20205 retn = "URES";
20206 break;
20207 }
20208 break;
20209 case ICMP6_PACKET_TOO_BIG:
20210 retn = icmptypestr[45];
20211 break;
20212 case ICMP6_TIME_EXCEEDED:
20213 switch (icmp->code) {
20214 case ICMP6_TIME_EXCEED_TRANSIT:
20215 retn = "TXT";
20216 break;
20217 case ICMP6_TIME_EXCEED_REASSEMBLY:
20218 retn = "TXR";
20219 break;
20220 }
20221 break;
20222 case ICMP6_PARAM_PROB:
20223 switch (icmp->code) {
20224 case ICMP6_PARAMPROB_HEADER:
20225 retn = "PPH";
20226 break;
20227 case ICMP6_PARAMPROB_NEXTHEADER:
20228 retn = "PPNH";
20229 break;
20230 case ICMP6_PARAMPROB_OPTION:
20231 retn = "PPO";
20232 break;
20233 }
20234 break;
20235 }
20236
20237 } else {
20238 switch (icmp->type) {
20239 case ICMP6_ECHO_REQUEST:
20240 retn = icmptypestr[8];
20241 break;
20242 case ICMP6_ECHO_REPLY:
20243 retn = icmptypestr[0];
20244 break;
20245 case ICMP6_MEMBERSHIP_QUERY:
20246 retn = icmptypestr[35];
20247 break;
20248 case ICMP6_MEMBERSHIP_REPORT:
20249 retn = icmptypestr[32];
20250 break;
20251 case ICMP6_MEMBERSHIP_REPORT_V2:
20252 retn = icmptypestr[32];
20253 break;
20254 case ND_ROUTER_SOLICIT:
20255 retn = icmptypestr[41];
20256 break;
20257 case ND_ROUTER_ADVERT:
20258 retn = icmptypestr[42];
20259 break;
20260 case ND_NEIGHBOR_SOLICIT:
20261 retn = icmptypestr[43];
20262 break;
20263 case ND_NEIGHBOR_ADVERT:
20264 retn = icmptypestr[44];
20265 break;
20266 case ND_REDIRECT:
20267 retn = icmptypestr[5];
20268 break;
20269
20270 case ICMP6_MEMBERSHIP_REDUCTION:
20271 case ICMP6_HOME_AGENT_ADDR_REQUEST:
20272 case ICMP6_HOME_AGENT_ADDR_REPLY:
20273 case ICMP6_MOBILE_PREFIX_SOL:
20274 case ICMP6_MOBILE_PREFIX_ADV:
20275 case ICMP6_CERT_PATH_SOL:
20276 case ICMP6_CERT_PATH_ADV:
20277 case ICMP6_EXPER_MOBILITY:
20278 case ICMP6_MULTICAST_ROUTER_ADV:
20279 case ICMP6_MULTICAST_ROUTER_SOL:
20280 break;
20281 }
20282 }
20283 }
20284
20285 return (retn);
20286 }
20287
20288 char *
ArgusGetICMPStatus(struct ArgusParserStruct * parser,struct ArgusRecordStruct * argus)20289 ArgusGetICMPStatus (struct ArgusParserStruct *parser, struct ArgusRecordStruct *argus)
20290 {
20291 struct ArgusFlow *flow;
20292 char ArgusResponseString[256];
20293 char icmptype[32];
20294
20295 bzero (ArgusResponseString, 256);
20296 bzero (icmptype, 32);
20297
20298 if ((flow = (struct ArgusFlow *)argus->dsrs[ARGUS_FLOW_INDEX]) != NULL) {
20299 struct ArgusMetricStruct *metric = (void *)argus->dsrs[ARGUS_METRIC_INDEX];
20300 struct ArgusIcmpStruct *icmp = (void *)argus->dsrs[ARGUS_ICMP_INDEX];
20301 struct ArgusICMPFlow *icmpFlow = &flow->icmp_flow;
20302
20303 unsigned char ra_icmp_type = 0, ra_icmp_code = 0;
20304 unsigned short ra_icmp_data = 0;
20305 unsigned int ra_src_addr = 0, ra_dst_addr = 0, ra_gw_addr = 0;
20306 char *typestr = "UNK";
20307
20308 if (icmp) {
20309 ra_src_addr = icmp->isrcaddr;
20310 ra_dst_addr = icmp->idstaddr;
20311 ra_gw_addr = icmp->igwaddr;
20312 ra_icmp_type = icmp->icmp_type;
20313 ra_icmp_code = icmp->icmp_code;
20314 } else {
20315 ra_icmp_type = icmpFlow->type;
20316 ra_icmp_code = icmpFlow->code;
20317 }
20318
20319 ra_icmp_data = icmpFlow->id;
20320
20321 if (ra_icmp_type < (unsigned char) (ICMP_MAXTYPE + 1)) {
20322 if (icmptypestr[ra_icmp_type] != NULL)
20323 typestr = icmptypestr[ra_icmp_type];
20324 }
20325 strncpy (icmptype, typestr, 32);
20326
20327 switch (ra_icmp_type) {
20328 case ICMP_UNREACH:
20329 switch (ra_icmp_code) {
20330 case ICMP_UNREACH_NET:
20331 strncat (icmptype, "N", (32 - strlen(icmptype)));
20332 if (ra_dst_addr) {
20333 u_long addr = ra_dst_addr;
20334 snprintf (ArgusResponseString, 256, "net %s", ArgusGetName (ArgusParser, (unsigned char *)&addr));
20335 }
20336 break;
20337 case ICMP_UNREACH_HOST:
20338 strncat (icmptype, "H", (32 - strlen(icmptype)));
20339
20340 if (ra_dst_addr)
20341 snprintf (ArgusResponseString, 256, "host %s", ArgusGetName (ArgusParser, (unsigned char *)&ra_dst_addr));
20342 break;
20343
20344 case ICMP_UNREACH_PROTOCOL:
20345 strncat (icmptype, "O", (32 - strlen(icmptype)));
20346 if (ra_icmp_data && (ra_icmp_data < IPPROTOSTR))
20347 snprintf (ArgusResponseString, 256, "proto %s", ip_proto_string[ra_icmp_data]);
20348 break;
20349
20350 case ICMP_UNREACH_PORT: {
20351 int index = icmpFlow->tp_p;
20352 strncat (icmptype, "P", (32 - strlen(icmptype)));
20353
20354 if ((ra_icmp_data && ((index < IPPROTOSTR)) && (index > 0))) {
20355 snprintf (ArgusResponseString, 256, "%s_port %d", ip_proto_string[index], ra_icmp_data);
20356
20357 } else if (ra_icmp_data)
20358 snprintf (ArgusResponseString, 256, "port %d", ra_icmp_data);
20359 break;
20360 }
20361 case ICMP_UNREACH_NEEDFRAG:
20362 strncat (icmptype, "F", (32 - strlen(icmptype))); break;
20363 case ICMP_UNREACH_SRCFAIL:
20364 strncat (icmptype, "S", (32 - strlen(icmptype))); break;
20365
20366 #ifndef ICMP_UNREACH_NET_UNKNOWN
20367 #define ICMP_UNREACH_NET_UNKNOWN 6
20368 #endif
20369 case ICMP_UNREACH_NET_UNKNOWN:
20370 strncat (icmptype, "NU", (32 - strlen(icmptype)));
20371 snprintf (ArgusResponseString, 256, "dst_net unknown"); break;
20372
20373 #ifndef ICMP_UNREACH_HOST_UNKNOWN
20374 #define ICMP_UNREACH_HOST_UNKNOWN 7
20375 #endif
20376 case ICMP_UNREACH_HOST_UNKNOWN:
20377 strncat (icmptype, "HU", (32 - strlen(icmptype)));
20378 snprintf (ArgusResponseString, 256, "dst_host unknown"); break;
20379
20380 #ifndef ICMP_UNREACH_ISOLATED
20381 #define ICMP_UNREACH_ISOLATED 8
20382 #endif
20383 case ICMP_UNREACH_ISOLATED:
20384 strncat (icmptype, "ISO", (32 - strlen(icmptype)));
20385 snprintf (ArgusResponseString, 256, "src_host isolated"); break;
20386
20387 #ifndef ICMP_UNREACH_NET_PROHIB
20388 #define ICMP_UNREACH_NET_PROHIB 9
20389 #endif
20390 case ICMP_UNREACH_NET_PROHIB:
20391 strncat (icmptype, "NPRO", (32 - strlen(icmptype)));
20392 snprintf (ArgusResponseString, 256, "admin_net prohib"); break;
20393
20394 #ifndef ICMP_UNREACH_HOST_PROHIB
20395 #define ICMP_UNREACH_HOST_PROHIB 10
20396 #endif
20397 case ICMP_UNREACH_HOST_PROHIB:
20398 strncat (icmptype, "HPRO", (32 - strlen(icmptype)));
20399 snprintf (ArgusResponseString, 256, "admin_host prohib"); break;
20400
20401 #ifndef ICMP_UNREACH_TOSNET
20402 #define ICMP_UNREACH_TOSNET 11
20403 #endif
20404 case ICMP_UNREACH_TOSNET:
20405 strncat (icmptype, "NTOS", (32 - strlen(icmptype)));
20406 snprintf (ArgusResponseString, 256, "tos_net prohib"); break;
20407
20408 #ifndef ICMP_UNREACH_TOSHOST
20409 #define ICMP_UNREACH_TOSHOST 12
20410 #endif
20411 case ICMP_UNREACH_TOSHOST:
20412 strncat (icmptype, "HTOS", (32 - strlen(icmptype)));
20413 snprintf (ArgusResponseString, 256, "tos_host prohib"); break;
20414
20415 #ifndef ICMP_UNREACH_FILTER_PROHIB
20416 #define ICMP_UNREACH_FILTER_PROHIB 13
20417 #endif
20418 case ICMP_UNREACH_FILTER_PROHIB:
20419 strncat (icmptype, "FIL", (32 - strlen(icmptype)));
20420 snprintf (ArgusResponseString, 256, "admin_filter prohib"); break;
20421
20422 #ifndef ICMP_UNREACH_HOST_PRECEDENCE
20423 #define ICMP_UNREACH_HOST_PRECEDENCE 14
20424 #endif
20425 case ICMP_UNREACH_HOST_PRECEDENCE:
20426 strncat (icmptype, "PRE", (32 - strlen(icmptype)));
20427 snprintf (ArgusResponseString, 256, "precedence violation"); break;
20428
20429 #ifndef ICMP_UNREACH_PRECEDENCE_CUTOFF
20430 #define ICMP_UNREACH_PRECEDENCE_CUTOFF 15
20431 #endif
20432 case ICMP_UNREACH_PRECEDENCE_CUTOFF:
20433 strncat (icmptype, "CUT", (32 - strlen(icmptype)));
20434 snprintf (ArgusResponseString, 256, "precedence cutoff"); break;
20435
20436 }
20437 break;
20438
20439 case ICMP_MASKREPLY:
20440 if (ra_src_addr)
20441 snprintf (ArgusResponseString, 256, "mask 0x%08x", ra_src_addr);
20442 break;
20443
20444 case ICMP_REDIRECT:
20445 switch (ra_icmp_code) {
20446 case ICMP_REDIRECT_NET:
20447 (void) snprintf (ArgusResponseString, 256, "net %s", ArgusGetName (ArgusParser, (unsigned char *)&ra_gw_addr));
20448 break;
20449
20450 case ICMP_REDIRECT_HOST:
20451 (void) snprintf (ArgusResponseString, 256, "host %s", ArgusGetName (ArgusParser, (unsigned char *)&ra_gw_addr));
20452 break;
20453
20454 case ICMP_REDIRECT_TOSNET:
20455 (void) snprintf (ArgusResponseString, 256, "tosN %s", ArgusGetName (ArgusParser, (unsigned char *)&ra_gw_addr));
20456 break;
20457
20458 case ICMP_REDIRECT_TOSHOST:
20459 (void) snprintf (ArgusResponseString, 256, "tosH %s", ArgusGetName (ArgusParser, (unsigned char *)&ra_gw_addr));
20460 break;
20461 }
20462 break;
20463
20464 #ifndef ICMP_ROUTERADVERT
20465 #define ICMP_ROUTERADVERT 9
20466 #endif
20467 case ICMP_ROUTERADVERT:
20468 snprintf (ArgusResponseString, 256, "router advertisement"); break;
20469 #ifndef ICMP_ROUTERSOLICIT
20470 #define ICMP_ROUTERSOLICIT 10
20471 #endif
20472 case ICMP_ROUTERSOLICIT:
20473 snprintf (ArgusResponseString, 256, "router solicitation"); break;
20474
20475
20476 case ICMP_ECHOREPLY:
20477 case ICMP_TSTAMPREPLY:
20478 case ICMP_IREQREPLY: {
20479 long long sbytes = 0, dbytes = 0;
20480 if (metric != NULL) {
20481 sbytes = metric->src.bytes;
20482 dbytes = metric->dst.bytes;
20483 }
20484 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__APPLE_CC__) || defined(__APPLE__) || defined(ARGUS_SOLARIS)
20485 snprintf (ArgusResponseString, 256, "%-6lld %-6lld", sbytes, dbytes);
20486 #else
20487 snprintf (ArgusResponseString, 256, "%-6Ld %-6Ld", sbytes, dbytes);
20488 #endif
20489 break;
20490 }
20491
20492 case ICMP_TIMXCEED:
20493 (void) snprintf (ArgusResponseString, 256, "timexceed %s", ra_icmp_code ? "reassembly" : "in-transit");
20494 break;
20495
20496 case ICMP_PARAMPROB:
20497 case ICMP_SOURCEQUENCH:
20498 case ICMP_ECHO:
20499 case ICMP_TSTAMP:
20500 case ICMP_IREQ:
20501 case ICMP_MASKREQ:
20502 default: {
20503 long long sbytes = 0, dbytes = 0;
20504 if (metric != NULL) {
20505 sbytes = metric->src.bytes;
20506 dbytes = metric->dst.bytes;
20507 }
20508 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__APPLE_CC__) || defined(__APPLE__) || defined(ARGUS_SOLARIS)
20509 snprintf (ArgusResponseString, 256, "%-6lld %-6lld", sbytes, dbytes);
20510 #else
20511 snprintf (ArgusResponseString, 256, "%-6Ld %-6Ld", sbytes, dbytes);
20512 #endif
20513 break;
20514 }
20515 }
20516
20517 if (!(parser->Rflag)) {
20518 long long sbytes = 0, dbytes = 0;
20519 if (metric != NULL) {
20520 sbytes = metric->src.bytes;
20521 dbytes = metric->dst.bytes;
20522 }
20523 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__APPLE_CC__) || defined(__APPLE__) || defined(ARGUS_SOLARIS)
20524 snprintf (ArgusResponseString, 256, "%-6lld %-6lld", sbytes, dbytes);
20525 #else
20526 snprintf (ArgusResponseString, 256, "%-6Ld %-6Ld", sbytes, dbytes);
20527 #endif
20528 }
20529 }
20530
20531 strncpy (ArgusStatusBuf, icmptype, 32);
20532 return (ArgusStatusBuf);
20533 }
20534
20535
20536 char *
ArgusGetIPStatus(struct ArgusParserStruct * parser,struct ArgusRecordStruct * argus)20537 ArgusGetIPStatus (struct ArgusParserStruct *parser, struct ArgusRecordStruct *argus)
20538 {
20539 struct ArgusMetricStruct *metric;
20540
20541 if ((metric = (struct ArgusMetricStruct *)argus->dsrs[ARGUS_METRIC_INDEX]) != NULL) {
20542 if (metric->src.pkts && metric->dst.pkts)
20543 sprintf (ArgusStatusBuf, "CON");
20544 else {
20545 if ((metric->src.pkts) || (parser->RaMonMode)) {
20546 if (argus->hdr.cause & ARGUS_START)
20547 sprintf (ArgusStatusBuf, "INT");
20548 else
20549 sprintf (ArgusStatusBuf, "REQ");
20550 } else
20551 sprintf (ArgusStatusBuf, "RSP");
20552 }
20553 }
20554 return (ArgusStatusBuf);
20555 }
20556
20557
20558 void ArgusSetDebugString (char *, int, int);
20559 void ArgusCopyDebugString (char *, int);
20560 void ArgusZeroDebugString (void);
20561
20562 #ifdef ARGUSDEBUG
20563 void
ArgusDebug(int d,char * fmt,...)20564 ArgusDebug (int d, char *fmt, ...)
20565 {
20566 va_list ap;
20567 char buf[MAXSTRLEN], *ptr;
20568 struct timeval tvp;
20569
20570 if (ArgusParser && (d <= ArgusParser->debugflag)) {
20571 gettimeofday (&tvp, 0L);
20572 bzero(buf, MAXSTRLEN);
20573
20574 #if defined(ARGUS_THREADS)
20575 {
20576 pthread_t ptid;
20577 char pbuf[128];
20578 int i;
20579
20580 bzero(pbuf, sizeof(pbuf));
20581 ptid = pthread_self();
20582 for (i = 0; i < sizeof(ptid); i++)
20583 snprintf (&pbuf[i*2], 3, "%02hhx", ((char *)&ptid)[i]);
20584
20585 (void) snprintf (buf, MAXSTRLEN, "%s[%d.%s]: ", ArgusParser->ArgusProgramName, (int)getpid(), pbuf);
20586 }
20587 #else
20588 (void) snprintf (buf, MAXSTRLEN, "%s[%d]: ", ArgusParser->ArgusProgramName, (int)getpid());
20589 #endif
20590 ArgusPrintTime(ArgusParser, &buf[strlen(buf)], &tvp);
20591 ptr = &buf[strlen(buf)];
20592 *ptr++ = ' ';
20593
20594 #if defined(__STDC__)
20595 va_start(ap, fmt);
20596 #else
20597 va_start(ap);
20598 #endif
20599
20600 (void) vsnprintf (ptr, (MAXSTRLEN - strlen(buf)), fmt, ap);
20601 va_end (ap);
20602
20603 while (buf[strlen(buf) - 1] == '\n')
20604 buf[strlen(buf) - 1] = '\0';
20605
20606 ptr = &buf[strlen(buf)];
20607
20608 if (ArgusParser->RaCursesMode) {
20609 ArgusSetDebugString (buf, 0, ARGUS_LOCK);
20610 } else
20611 if (ArgusParser->dflag) {
20612 #ifdef ARGUS_SYSLOG
20613 #ifndef LOG_PERROR
20614 #define LOG_PERROR LOG_CONS
20615 #endif
20616 openlog (ArgusParser->ArgusProgramName, LOG_PERROR, LOG_DAEMON);
20617 if (strchr(buf, '%')) {
20618 char tbuf[MAXSTRLEN], *tptr = tbuf;
20619 int i, len = strlen(buf);
20620 memset(tbuf, 0, MAXSTRLEN);
20621 for (i = 0; i < len; i++) {
20622 if (buf[i] == '%')
20623 *tptr++ = '%';
20624 *tptr++ = buf[i];
20625 }
20626
20627 memset(buf, 0, MAXSTRLEN);
20628 strncpy(buf, tbuf, MAXSTRLEN);
20629 }
20630
20631 syslog (LOG_DEBUG, "%s", buf);
20632 closelog ();
20633 #endif
20634 } else
20635 fprintf (stderr, "%s\n", buf);
20636 }
20637 }
20638 #endif
20639
20640 void
ArgusSetDebugString(char * buf,int status,int lock)20641 ArgusSetDebugString (char *buf, int status, int lock)
20642 {
20643 #if defined(ARGUS_THREADS)
20644 if (lock == ARGUS_LOCK)
20645 pthread_mutex_lock(&ArgusParser->lock);
20646 #endif
20647 snprintf (ArgusParser->RaDebugString, MAXSTRLEN, "%s\n", buf);
20648 ArgusParser->RaDebugStatus = status;
20649
20650 #if defined(ARGUS_THREADS)
20651 if (lock == ARGUS_LOCK)
20652 pthread_mutex_unlock(&ArgusParser->lock);
20653 #endif
20654 }
20655
20656 void
ArgusCopyDebugString(char * buf,int len)20657 ArgusCopyDebugString (char *buf, int len)
20658 {
20659 #if defined(ARGUS_THREADS)
20660 pthread_mutex_lock(&ArgusParser->lock);
20661 #endif
20662 strncpy(buf, ArgusParser->RaDebugString, len);
20663
20664 #if defined(ARGUS_THREADS)
20665 pthread_mutex_unlock(&ArgusParser->lock);
20666 #endif
20667 }
20668
20669 void
ArgusZeroDebugString(void)20670 ArgusZeroDebugString (void)
20671 {
20672 #if defined(ARGUS_THREADS)
20673 pthread_mutex_lock(&ArgusParser->lock);
20674 #endif
20675 bzero (ArgusParser->RaDebugString, MAXSTRLEN);
20676 ArgusParser->RaDebugStatus = 0;
20677
20678 #if defined(ARGUS_THREADS)
20679 pthread_mutex_unlock(&ArgusParser->lock);
20680 #endif
20681 }
20682
20683
20684 #if !HAVE_STRTOF
20685 float strtof (char *, char **);
20686
20687 float
strtof(char * str,char ** ptr)20688 strtof (char *str, char **ptr)
20689 {
20690 double ipart = 0.0, fpart = 0.0, multi = 0.0;
20691 float retn = 0.0;
20692 char *dptr;
20693 int i;
20694
20695 if ((dptr = strchr (str, '.')) != NULL) {
20696 int len = 0;
20697 *dptr++ = 0;
20698 len = strlen(dptr);
20699 i = atoi(dptr);
20700 multi = pow(10.0, len * 1.0);
20701 fpart = i * 1.0/multi;
20702 }
20703
20704 ipart = atoi(str);
20705
20706 retn = ipart + fpart;
20707 return(retn);
20708 }
20709 #endif
20710
20711 #if !defined(ntohll)
20712 #if defined(_LITTLE_ENDIAN)
20713 #if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(__sun__)
20714 #include <argus/extract.h>
20715 #define ntohll(x) EXTRACT_64BITS(&x)
20716 #define htonll(x) EXTRACT_64BITS(&x)
20717 #else
20718 #include <byteswap.h>
20719 #define ntohll(x) bswap_64(x)
20720 #define htonll(x) bswap_64(x)
20721 #endif
20722 #else
20723 #define ntohll(x) x
20724 #define htonll(x) x
20725 #endif
20726 #endif
20727
20728 void
ArgusNtoH(struct ArgusRecord * argus)20729 ArgusNtoH (struct ArgusRecord *argus)
20730 {
20731 #if defined(_LITTLE_ENDIAN)
20732 struct ArgusRecordHeader *hdr = &argus->hdr;
20733 struct ArgusDSRHeader *dsr = (struct ArgusDSRHeader *) (hdr + 1);
20734
20735 hdr->len = ntohs(hdr->len);
20736
20737 switch (argus->hdr.type & 0xF0) {
20738 case ARGUS_MAR: {
20739 if (argus->hdr.len == sizeof (*argus)/4) {
20740 argus->argus_mar.status = ntohl(argus->argus_mar.status);
20741 argus->argus_mar.argusid = ntohl(argus->argus_mar.argusid);
20742 argus->argus_mar.localnet = ntohl(argus->argus_mar.localnet);
20743 argus->argus_mar.netmask = ntohl(argus->argus_mar.netmask);
20744 argus->argus_mar.nextMrSequenceNum = ntohl(argus->argus_mar.nextMrSequenceNum);
20745 argus->argus_mar.startime.tv_sec = ntohl(argus->argus_mar.startime.tv_sec);
20746 argus->argus_mar.startime.tv_usec = ntohl(argus->argus_mar.startime.tv_usec);
20747 argus->argus_mar.now.tv_sec = ntohl(argus->argus_mar.now.tv_sec);
20748 argus->argus_mar.now.tv_usec = ntohl(argus->argus_mar.now.tv_usec);
20749 argus->argus_mar.reportInterval = ntohs(argus->argus_mar.reportInterval);
20750 argus->argus_mar.argusMrInterval = ntohs(argus->argus_mar.argusMrInterval);
20751
20752 argus->argus_mar.pktsRcvd = ntohll(argus->argus_mar.pktsRcvd);
20753 argus->argus_mar.bytesRcvd = ntohll(argus->argus_mar.bytesRcvd);
20754 argus->argus_mar.drift = ntohll(argus->argus_mar.drift);
20755
20756 argus->argus_mar.records = ntohl(argus->argus_mar.records);
20757 argus->argus_mar.flows = ntohl(argus->argus_mar.flows);
20758 argus->argus_mar.dropped = ntohl(argus->argus_mar.dropped);
20759 argus->argus_mar.queue = ntohl(argus->argus_mar.queue);
20760 argus->argus_mar.output = ntohl(argus->argus_mar.output);
20761 argus->argus_mar.clients = ntohl(argus->argus_mar.clients);
20762 argus->argus_mar.bufs = ntohl(argus->argus_mar.bufs);
20763 argus->argus_mar.bytes = ntohl(argus->argus_mar.bytes);
20764
20765 argus->argus_mar.suserlen = ntohs(argus->argus_mar.suserlen);
20766 argus->argus_mar.duserlen = ntohs(argus->argus_mar.duserlen);
20767
20768 argus->argus_mar.thisid = ntohl(argus->argus_mar.thisid);
20769 argus->argus_mar.record_len = ntohl(argus->argus_mar.record_len);
20770 }
20771 break;
20772 }
20773
20774
20775 case ARGUS_EVENT:
20776 case ARGUS_NETFLOW:
20777 case ARGUS_FAR: {
20778 if (hdr->len > 1) {
20779 char *end = (char *)argus + (hdr->len * 4);
20780 int cnt;
20781 while ((char *) dsr < end) {
20782 cnt = (((dsr->type & ARGUS_IMMEDIATE_DATA) ? 1 :
20783 ((dsr->subtype & ARGUS_LEN_16BITS) ? ntohs(dsr->argus_dsrvl16.len) :
20784 dsr->argus_dsrvl8.len))) * 4;
20785 if (cnt == 0)
20786 break;
20787
20788 if (end < ((char *)dsr + cnt))
20789 break;
20790
20791 switch (dsr->type & 0x7F) {
20792 case ARGUS_FLOW_DSR: {
20793 struct ArgusFlow *flow = (struct ArgusFlow *) dsr;
20794
20795 switch (flow->hdr.subtype & 0x3F) {
20796 case ARGUS_FLOW_CLASSIC5TUPLE: {
20797 switch ((flow->hdr.argus_dsrvl8.qual & 0x1F)) {
20798 case ARGUS_TYPE_IPV4: {
20799 flow->ip_flow.ip_src = ntohl(flow->ip_flow.ip_src);
20800 flow->ip_flow.ip_dst = ntohl(flow->ip_flow.ip_dst);
20801 switch (flow->ip_flow.ip_p) {
20802 case IPPROTO_TCP:
20803 case IPPROTO_UDP:
20804 flow->ip_flow.sport = ntohs(flow->ip_flow.sport);
20805 flow->ip_flow.dport = ntohs(flow->ip_flow.dport);
20806 break;
20807 case IPPROTO_ESP:
20808 flow->esp_flow.spi = ntohl(flow->esp_flow.spi);
20809 break;
20810 case IPPROTO_IGMP:
20811 flow->igmp_flow.ip_id = ntohs(flow->igmp_flow.ip_id);
20812 break;
20813 case IPPROTO_ICMP:
20814 flow->icmp_flow.id = ntohs(flow->icmp_flow.id);
20815 flow->icmp_flow.ip_id = ntohs(flow->icmp_flow.ip_id);
20816 break;
20817 }
20818 break;
20819 }
20820
20821 case ARGUS_TYPE_IPV6: {
20822 unsigned int *iptr = (unsigned int *)&flow->ipv6_flow;
20823 iptr[8] = ntohl(iptr[8]);
20824 switch (flow->ipv6_flow.ip_p) {
20825 case IPPROTO_TCP:
20826 case IPPROTO_UDP:
20827 flow->ipv6_flow.sport = ntohs(flow->ipv6_flow.sport);
20828 flow->ipv6_flow.dport = ntohs(flow->ipv6_flow.dport);
20829 break;
20830
20831 case IPPROTO_ICMPV6:
20832 flow->icmpv6_flow.id = ntohs(flow->icmpv6_flow.id);
20833 break;
20834 }
20835 break;
20836 }
20837
20838 case ARGUS_TYPE_ETHER: {
20839 struct ArgusMacFlow *mac = (struct ArgusMacFlow *) &flow->mac_flow;
20840 mac->mac_union.ether.ehdr.ether_type = ntohs(mac->mac_union.ether.ehdr.ether_type);
20841 break;
20842 }
20843
20844 case ARGUS_TYPE_RARP: {
20845 struct ArgusLegacyRarpFlow *rarp = (struct ArgusLegacyRarpFlow *) &flow->rarp_flow;
20846 rarp->arp_tpa = ntohl(rarp->arp_tpa);
20847 break;
20848 }
20849
20850 case ARGUS_TYPE_ARP: {
20851 struct ArgusLegacyArpFlow *arp = (struct ArgusLegacyArpFlow *) &flow->flow_un;
20852 arp->arp_spa = ntohl(arp->arp_spa);
20853 arp->arp_tpa = ntohl(arp->arp_tpa);
20854 break;
20855 }
20856
20857 case ARGUS_TYPE_ISIS: {
20858 struct ArgusIsisFlow *isis = (struct ArgusIsisFlow *) &flow->isis_flow;
20859 switch (isis->pdu_type = ntohl(isis->pdu_type)) {
20860 case L1_LAN_IIH:
20861 case L2_LAN_IIH:
20862 break;
20863
20864 case L1_CSNP:
20865 case L2_CSNP:
20866 break;
20867
20868 case L1_PSNP:
20869 case L2_PSNP:
20870 break;
20871
20872 case L1_LSP:
20873 case L2_LSP:
20874 isis->isis_un.lsp.seqnum = ntohl(isis->isis_un.lsp.seqnum);
20875 break;
20876 }
20877 isis->chksum = ntohl(isis->chksum);
20878 break;
20879 }
20880 }
20881 break;
20882 }
20883
20884 case ARGUS_FLOW_ARP: {
20885 switch (flow->hdr.argus_dsrvl8.qual & 0x1F) {
20886 case ARGUS_TYPE_RARP: {
20887 struct ArgusRarpFlow *rarp = (struct ArgusRarpFlow *) &flow->rarp_flow;
20888 rarp->hrd = ntohs(rarp->hrd);
20889 rarp->pro = ntohs(rarp->pro);
20890 rarp->op = ntohs(rarp->op);
20891 if (rarp->pln == 4) {
20892 rarp->arp_tpa = ntohl(rarp->arp_tpa);
20893 }
20894 break;
20895 }
20896 case ARGUS_TYPE_ARP: {
20897 struct ArgusArpFlow *arp = (struct ArgusArpFlow *) &flow->arp_flow;
20898 arp->hrd = ntohs(arp->hrd);
20899 arp->pro = ntohs(arp->pro);
20900 arp->op = ntohs(arp->op);
20901 if (arp->pln == 4) {
20902 arp->arp_spa = ntohl(arp->arp_spa);
20903 arp->arp_tpa = ntohl(arp->arp_tpa);
20904 }
20905 break;
20906 }
20907 default: {
20908 struct ArgusInterimArpFlow *arp = (void *) &flow->iarp_flow;
20909 arp->pro = ntohs(arp->pro);
20910 arp->arp_spa = ntohl(arp->arp_spa);
20911 arp->arp_tpa = ntohl(arp->arp_tpa);
20912 }
20913 }
20914 break;
20915 }
20916 }
20917 break;
20918 }
20919
20920 case ARGUS_ENCAPS_DSR: {
20921 struct ArgusEncapsStruct *encaps = (struct ArgusEncapsStruct *) dsr;
20922 encaps->src = ntohl(encaps->src);
20923 encaps->dst = ntohl(encaps->dst);
20924 break;
20925 }
20926
20927 case ARGUS_ASN_DSR: {
20928 struct ArgusAsnStruct *asn = (struct ArgusAsnStruct *) dsr;
20929 asn->src_as = ntohl(asn->src_as);
20930 asn->dst_as = ntohl(asn->dst_as);
20931 if (cnt > 12)
20932 asn->inode_as = ntohl(asn->inode_as);
20933 break;
20934 }
20935
20936 case ARGUS_IPATTR_DSR: {
20937 struct ArgusIPAttrStruct *attr = (struct ArgusIPAttrStruct *) dsr;
20938 unsigned int *dsrptr = (unsigned int *)(dsr + 1);
20939
20940 if (attr->hdr.argus_dsrvl8.qual & ARGUS_IPATTR_SRC) {
20941 struct ArgusIPAttrObject *aobj = (struct ArgusIPAttrObject *) dsrptr;
20942 aobj->ip_id = ntohs(aobj->ip_id);
20943 dsrptr++;
20944 }
20945 if (attr->hdr.argus_dsrvl8.qual & ARGUS_IPATTR_SRC_OPTIONS) {
20946 *dsrptr = ntohl(*dsrptr);
20947 dsrptr++;
20948 }
20949 if (attr->hdr.argus_dsrvl8.qual & ARGUS_IPATTR_DST) {
20950 struct ArgusIPAttrObject *aobj = (struct ArgusIPAttrObject *) dsrptr;
20951 aobj->ip_id = ntohs(aobj->ip_id);
20952 dsrptr++;
20953 }
20954 if (attr->hdr.argus_dsrvl8.qual & ARGUS_IPATTR_DST_OPTIONS) {
20955 *dsrptr = ntohl(*dsrptr);
20956 dsrptr++;
20957 }
20958 break;
20959 }
20960
20961 case ARGUS_TRANSPORT_DSR: {
20962 struct ArgusTransportStruct *trans = (struct ArgusTransportStruct *) dsr;
20963
20964 if (trans->hdr.subtype & ARGUS_SEQ)
20965 trans->seqnum = ntohl(trans->seqnum);
20966
20967 if (trans->hdr.subtype & ARGUS_SRCID) {
20968 switch (trans->hdr.argus_dsrvl8.qual) {
20969 case ARGUS_TYPE_INT:
20970 trans->srcid.a_un.value = ntohl(trans->srcid.a_un.value);
20971 break;
20972 case ARGUS_TYPE_IPV4:
20973 trans->srcid.a_un.value = ntohl(trans->srcid.a_un.value);
20974 break;
20975
20976 case ARGUS_TYPE_IPV6:
20977 case ARGUS_TYPE_ETHER:
20978 case ARGUS_TYPE_STRING:
20979 break;
20980 }
20981 }
20982 break;
20983 }
20984
20985 case ARGUS_TIME_DSR: {
20986 unsigned int i, *dtime = (unsigned int *) dsr;
20987
20988 for (i = 1; i < dsr->argus_dsrvl8.len; i++)
20989 dtime[i] = ntohl(dtime[i]);
20990 break;
20991 }
20992
20993 case ARGUS_METER_DSR: {
20994 if (dsr->subtype & ARGUS_METER_PKTS_BYTES) {
20995 switch (dsr->argus_dsrvl8.qual & 0x0F) {
20996 case ARGUS_SRCDST_BYTE:
20997 case ARGUS_SRC_BYTE:
20998 case ARGUS_DST_BYTE:
20999 break;
21000 case ARGUS_SRCDST_SHORT:
21001 ((unsigned short *)(dsr + 1))[0] = ntohs(((unsigned short *)(dsr + 1))[0]);
21002 ((unsigned short *)(dsr + 1))[1] = ntohs(((unsigned short *)(dsr + 1))[1]);
21003 ((unsigned short *)(dsr + 1))[2] = ntohs(((unsigned short *)(dsr + 1))[2]);
21004 ((unsigned short *)(dsr + 1))[3] = ntohs(((unsigned short *)(dsr + 1))[3]);
21005 break;
21006 case ARGUS_SRCDST_INT:
21007 ((unsigned int *)(dsr + 1))[0] = ntohl(((unsigned int *)(dsr + 1))[0]);
21008 ((unsigned int *)(dsr + 1))[1] = ntohl(((unsigned int *)(dsr + 1))[1]);
21009 ((unsigned int *)(dsr + 1))[2] = ntohl(((unsigned int *)(dsr + 1))[2]);
21010 ((unsigned int *)(dsr + 1))[3] = ntohl(((unsigned int *)(dsr + 1))[3]);
21011 break;
21012 case ARGUS_SRCDST_LONGLONG:
21013 ((long long *)(dsr + 1))[0] = ntohll(((long long *)(dsr + 1))[0]);
21014 ((long long *)(dsr + 1))[1] = ntohll(((long long *)(dsr + 1))[1]);
21015 ((long long *)(dsr + 1))[2] = ntohll(((long long *)(dsr + 1))[2]);
21016 ((long long *)(dsr + 1))[3] = ntohll(((long long *)(dsr + 1))[3]);
21017 break;
21018 case ARGUS_SRC_SHORT:
21019 case ARGUS_DST_SHORT:
21020 ((unsigned short *)(dsr + 1))[0] = ntohs(((unsigned short *)(dsr + 1))[0]);
21021 ((unsigned short *)(dsr + 1))[1] = ntohs(((unsigned short *)(dsr + 1))[1]);
21022 break;
21023 case ARGUS_SRC_INT:
21024 case ARGUS_DST_INT:
21025 ((unsigned int *)(dsr + 1))[0] = ntohl(((unsigned int *)(dsr + 1))[0]);
21026 ((unsigned int *)(dsr + 1))[1] = ntohl(((unsigned int *)(dsr + 1))[1]);
21027 break;
21028 case ARGUS_SRC_LONGLONG:
21029 case ARGUS_DST_LONGLONG:
21030 ((long long *)(dsr + 1))[0] = ntohll(((long long *)(dsr + 1))[0]);
21031 ((long long *)(dsr + 1))[1] = ntohll(((long long *)(dsr + 1))[1]);
21032 break;
21033 }
21034
21035 } else
21036 if (dsr->subtype & ARGUS_METER_PKTS_BYTES_APP) {
21037 switch (dsr->argus_dsrvl8.qual & 0x0F) {
21038 case ARGUS_SRCDST_BYTE:
21039 case ARGUS_SRC_BYTE:
21040 case ARGUS_DST_BYTE:
21041 break;
21042 case ARGUS_SRCDST_SHORT:
21043 ((unsigned short *)(dsr + 1))[0] = ntohs(((unsigned short *)(dsr + 1))[0]);
21044 ((unsigned short *)(dsr + 1))[1] = ntohs(((unsigned short *)(dsr + 1))[1]);
21045 ((unsigned short *)(dsr + 1))[2] = ntohs(((unsigned short *)(dsr + 1))[2]);
21046 ((unsigned short *)(dsr + 1))[3] = ntohs(((unsigned short *)(dsr + 1))[3]);
21047 ((unsigned short *)(dsr + 1))[4] = ntohs(((unsigned short *)(dsr + 1))[4]);
21048 ((unsigned short *)(dsr + 1))[5] = ntohs(((unsigned short *)(dsr + 1))[5]);
21049 break;
21050 case ARGUS_SRCDST_INT:
21051 ((unsigned int *)(dsr + 1))[0] = ntohl(((unsigned int *)(dsr + 1))[0]);
21052 ((unsigned int *)(dsr + 1))[1] = ntohl(((unsigned int *)(dsr + 1))[1]);
21053 ((unsigned int *)(dsr + 1))[2] = ntohl(((unsigned int *)(dsr + 1))[2]);
21054 ((unsigned int *)(dsr + 1))[3] = ntohl(((unsigned int *)(dsr + 1))[3]);
21055 ((unsigned int *)(dsr + 1))[4] = ntohl(((unsigned int *)(dsr + 1))[4]);
21056 ((unsigned int *)(dsr + 1))[5] = ntohl(((unsigned int *)(dsr + 1))[5]);
21057 break;
21058 case ARGUS_SRCDST_LONGLONG:
21059 ((long long *)(dsr + 1))[0] = ntohll(((long long *)(dsr + 1))[0]);
21060 ((long long *)(dsr + 1))[1] = ntohll(((long long *)(dsr + 1))[1]);
21061 ((long long *)(dsr + 1))[2] = ntohll(((long long *)(dsr + 1))[2]);
21062 ((long long *)(dsr + 1))[3] = ntohll(((long long *)(dsr + 1))[3]);
21063 ((long long *)(dsr + 1))[4] = ntohll(((long long *)(dsr + 1))[4]);
21064 ((long long *)(dsr + 1))[5] = ntohll(((long long *)(dsr + 1))[5]);
21065 break;
21066
21067 case ARGUS_SRC_SHORT:
21068 case ARGUS_DST_SHORT:
21069 ((unsigned short *)(dsr + 1))[0] = ntohs(((unsigned short *)(dsr + 1))[0]);
21070 ((unsigned short *)(dsr + 1))[1] = ntohs(((unsigned short *)(dsr + 1))[1]);
21071 ((unsigned short *)(dsr + 1))[2] = ntohs(((unsigned short *)(dsr + 1))[2]);
21072 break;
21073 case ARGUS_SRC_INT:
21074 case ARGUS_DST_INT:
21075 ((unsigned int *)(dsr + 1))[0] = ntohl(((unsigned int *)(dsr + 1))[0]);
21076 ((unsigned int *)(dsr + 1))[1] = ntohl(((unsigned int *)(dsr + 1))[1]);
21077 ((unsigned int *)(dsr + 1))[2] = ntohl(((unsigned int *)(dsr + 1))[2]);
21078 break;
21079 case ARGUS_SRC_LONGLONG:
21080 case ARGUS_DST_LONGLONG:
21081 ((long long *)(dsr + 1))[0] = ntohll(((long long *)(dsr + 1))[0]);
21082 ((long long *)(dsr + 1))[1] = ntohll(((long long *)(dsr + 1))[1]);
21083 ((long long *)(dsr + 1))[2] = ntohll(((long long *)(dsr + 1))[2]);
21084 break;
21085 }
21086 }
21087 break;
21088 }
21089
21090 case ARGUS_PSIZE_DSR: {
21091 switch (dsr->argus_dsrvl8.qual & 0x0F) {
21092 case ARGUS_SRCDST_SHORT:
21093 ((unsigned short *)(dsr + 1))[0] = ntohs(((unsigned short *)(dsr + 1))[0]);
21094 ((unsigned short *)(dsr + 1))[1] = ntohs(((unsigned short *)(dsr + 1))[1]);
21095 ((unsigned short *)(dsr + 1))[2] = ntohs(((unsigned short *)(dsr + 1))[2]);
21096 ((unsigned short *)(dsr + 1))[3] = ntohs(((unsigned short *)(dsr + 1))[3]);
21097 break;
21098
21099 case ARGUS_SRC_SHORT:
21100 case ARGUS_DST_SHORT:
21101 ((unsigned short *)(dsr + 1))[0] = ntohs(((unsigned short *)(dsr + 1))[0]);
21102 ((unsigned short *)(dsr + 1))[1] = ntohs(((unsigned short *)(dsr + 1))[1]);
21103 break;
21104
21105 case ARGUS_SRCDST_INT:
21106 ((unsigned int *)(dsr + 1))[0] = ntohl(((unsigned int *)(dsr + 1))[0]);
21107 ((unsigned int *)(dsr + 1))[1] = ntohl(((unsigned int *)(dsr + 1))[1]);
21108 ((unsigned int *)(dsr + 1))[2] = ntohl(((unsigned int *)(dsr + 1))[2]);
21109 ((unsigned int *)(dsr + 1))[3] = ntohl(((unsigned int *)(dsr + 1))[3]);
21110 break;
21111
21112 case ARGUS_SRC_INT:
21113 case ARGUS_DST_INT:
21114 ((unsigned int *)(dsr + 1))[0] = ntohl(((unsigned int *)(dsr + 1))[0]);
21115 ((unsigned int *)(dsr + 1))[1] = ntohl(((unsigned int *)(dsr + 1))[1]);
21116 break;
21117 }
21118 break;
21119 }
21120
21121 case ARGUS_NETWORK_DSR: {
21122 struct ArgusNetworkStruct *net = (struct ArgusNetworkStruct *)dsr;
21123 switch (net->hdr.subtype) {
21124 case ARGUS_TCP_INIT: {
21125 struct ArgusTCPInitStatus *tcp = (void *)&net->net_union.tcpinit;
21126 tcp->status = ntohl(tcp->status);
21127 tcp->seqbase = ntohl(tcp->seqbase);
21128 tcp->options = ntohl(tcp->options);
21129 tcp->win = ntohs(tcp->win);
21130 break;
21131 }
21132 case ARGUS_TCP_STATUS: {
21133 struct ArgusTCPStatus *tcp = (struct ArgusTCPStatus *)&net->net_union.tcpstatus;
21134 tcp->status = ntohl(tcp->status);
21135 break;
21136 }
21137 case ARGUS_TCP_PERF: {
21138 struct ArgusTCPObject *tcp = (struct ArgusTCPObject *)&net->net_union.tcp;
21139 tcp->status = ntohl(tcp->status);
21140 tcp->state = ntohl(tcp->state);
21141 tcp->options = ntohl(tcp->options);
21142 tcp->synAckuSecs = ntohl(tcp->synAckuSecs);
21143 tcp->ackDatauSecs = ntohl(tcp->ackDatauSecs);
21144
21145 tcp->src.lasttime.tv_sec = ntohl(tcp->src.lasttime.tv_sec);
21146 tcp->src.lasttime.tv_usec = ntohl(tcp->src.lasttime.tv_usec);
21147 tcp->src.status = ntohl(tcp->src.status);
21148 tcp->src.seqbase = ntohl(tcp->src.seqbase);
21149 tcp->src.seq = ntohl(tcp->src.seq);
21150 tcp->src.ack = ntohl(tcp->src.ack);
21151 tcp->src.winnum = ntohl(tcp->src.winnum);
21152 tcp->src.bytes = ntohl(tcp->src.bytes);
21153 tcp->src.retrans = ntohl(tcp->src.retrans);
21154 tcp->src.ackbytes = ntohl(tcp->src.ackbytes);
21155 tcp->src.winbytes = ntohl(tcp->src.winbytes);
21156 tcp->src.win = ntohs(tcp->src.win);
21157
21158 if (dsr->argus_dsrvl8.len > (((sizeof(struct ArgusTCPObject) - sizeof(struct ArgusTCPObjectMetrics))+3)/4 + 1)) {
21159 tcp->dst.lasttime.tv_sec = ntohl(tcp->dst.lasttime.tv_sec);
21160 tcp->dst.lasttime.tv_usec = ntohl(tcp->dst.lasttime.tv_usec);
21161 tcp->dst.status = ntohl(tcp->dst.status);
21162 tcp->dst.seqbase = ntohl(tcp->dst.seqbase);
21163 tcp->dst.seq = ntohl(tcp->dst.seq);
21164 tcp->dst.ack = ntohl(tcp->dst.ack);
21165 tcp->dst.winnum = ntohl(tcp->dst.winnum);
21166 tcp->dst.bytes = ntohl(tcp->dst.bytes);
21167 tcp->dst.retrans = ntohl(tcp->dst.retrans);
21168 tcp->dst.ackbytes = ntohl(tcp->dst.ackbytes);
21169 tcp->dst.winbytes = ntohl(tcp->dst.winbytes);
21170 tcp->dst.win = ntohs(tcp->dst.win);
21171 }
21172 break;
21173 }
21174 case ARGUS_ICMP_DSR: {
21175 struct ArgusICMPObject *icmpObj = (void *)&net->net_union.icmp;
21176 icmpObj->iseq = ntohl(icmpObj->iseq);
21177 icmpObj->osrcaddr = ntohl(icmpObj->osrcaddr);
21178 icmpObj->isrcaddr = ntohl(icmpObj->isrcaddr);
21179 icmpObj->odstaddr = ntohl(icmpObj->odstaddr);
21180 icmpObj->idstaddr = ntohl(icmpObj->idstaddr);
21181 icmpObj->igwaddr = ntohl(icmpObj->igwaddr);
21182 break;
21183 }
21184 case ARGUS_ESP_DSR: {
21185 struct ArgusESPObject *espObj = (struct ArgusESPObject *)&net->net_union.esp;
21186 espObj->status = ntohl(espObj->status);
21187 espObj->spi = ntohl(espObj->spi);
21188 espObj->lastseq = ntohl(espObj->lastseq);
21189 espObj->lostseq = ntohl(espObj->lostseq);
21190 break;
21191 }
21192 case ARGUS_UDT_FLOW: {
21193 struct ArgusUDTObject *udtObj = (struct ArgusUDTObject *)&net->net_union.udt;
21194 udtObj->state = ntohl(udtObj->state);
21195 udtObj->status = ntohl(udtObj->status);
21196 udtObj->src.lasttime.tv_sec = ntohl(udtObj->src.lasttime.tv_sec);
21197 udtObj->src.lasttime.tv_usec = ntohl(udtObj->src.lasttime.tv_usec);
21198 udtObj->src.seq = ntohl(udtObj->src.seq);
21199 udtObj->src.tstamp = ntohl(udtObj->src.tstamp);
21200 udtObj->src.ack = ntohl(udtObj->src.ack);
21201 udtObj->src.rtt = ntohl(udtObj->src.rtt);
21202 udtObj->src.var = ntohl(udtObj->src.var);
21203 udtObj->src.bsize = ntohl(udtObj->src.bsize);
21204 udtObj->src.rate = ntohl(udtObj->src.rate);
21205 udtObj->src.lcap = ntohl(udtObj->src.lcap);
21206 udtObj->src.solo = ntohl(udtObj->src.solo);
21207 udtObj->src.first = ntohl(udtObj->src.first);
21208 udtObj->src.middle = ntohl(udtObj->src.middle);
21209 udtObj->src.last = ntohl(udtObj->src.last);
21210 udtObj->src.drops = ntohl(udtObj->src.drops);
21211 udtObj->src.retrans = ntohl(udtObj->src.retrans);
21212 udtObj->src.nacked = ntohl(udtObj->src.nacked);
21213 break;
21214 }
21215 case ARGUS_RTP_FLOW: {
21216 struct ArgusRTPObject *rtpObj = (struct ArgusRTPObject *)&net->net_union.rtp;
21217 rtpObj->state = ntohl(rtpObj->state);
21218 rtpObj->src.rh_seq = ntohs(rtpObj->src.rh_seq);
21219 rtpObj->src.rh_time = ntohl(rtpObj->src.rh_time);
21220 rtpObj->src.rh_ssrc = ntohl(rtpObj->src.rh_ssrc);
21221
21222 rtpObj->dst.rh_seq = ntohs(rtpObj->dst.rh_seq);
21223 rtpObj->dst.rh_time = ntohl(rtpObj->dst.rh_time);
21224 rtpObj->dst.rh_ssrc = ntohl(rtpObj->dst.rh_ssrc);
21225
21226 rtpObj->sdrop = ntohs(rtpObj->sdrop);
21227 rtpObj->ddrop = ntohs(rtpObj->ddrop);
21228 rtpObj->ssdev = ntohs(rtpObj->ssdev);
21229 rtpObj->dsdev = ntohs(rtpObj->dsdev);
21230 break;
21231 }
21232 case ARGUS_RTCP_FLOW: {
21233 struct ArgusRTCPObject *rtcpObj = (struct ArgusRTCPObject *)&net->net_union.rtcp;
21234 rtcpObj->src.rh_len = ntohs(rtcpObj->src.rh_len);
21235 rtcpObj->src.rh_ssrc = ntohl(rtcpObj->src.rh_ssrc);
21236
21237 rtcpObj->dst.rh_len = ntohs(rtcpObj->dst.rh_len);
21238 rtcpObj->dst.rh_ssrc = ntohl(rtcpObj->dst.rh_ssrc);
21239
21240 rtcpObj->sdrop = ntohs(rtcpObj->sdrop);
21241 rtcpObj->ddrop = ntohs(rtcpObj->ddrop);
21242 break;
21243 }
21244 }
21245 break;
21246 }
21247
21248 case ARGUS_ICMP_DSR: {
21249 struct ArgusIcmpStruct *icmp = (struct ArgusIcmpStruct *) dsr;
21250 icmp->iseq = ntohs(icmp->iseq);
21251 icmp->osrcaddr = ntohl(icmp->osrcaddr);
21252 icmp->isrcaddr = ntohl(icmp->isrcaddr);
21253 icmp->odstaddr = ntohl(icmp->odstaddr);
21254 icmp->idstaddr = ntohl(icmp->idstaddr);
21255 icmp->igwaddr = ntohl(icmp->igwaddr);
21256 break;
21257 }
21258
21259 case ARGUS_MAC_DSR: {
21260 struct ArgusMacStruct *mac = (struct ArgusMacStruct *) dsr;
21261 switch (mac->hdr.subtype & 0x3F) {
21262 }
21263 break;
21264 }
21265
21266 case ARGUS_VLAN_DSR: {
21267 struct ArgusVlanStruct *vlan = (struct ArgusVlanStruct *) dsr;
21268 vlan->sid = ntohs(vlan->sid);
21269 vlan->did = ntohs(vlan->did);
21270 break;
21271 }
21272
21273 case ARGUS_MPLS_DSR: {
21274 struct ArgusMplsStruct *mpls = (struct ArgusMplsStruct *) dsr;
21275 unsigned int *label = (unsigned int *)(dsr + 1);
21276 int num, i;
21277
21278 if ((num = ((mpls->hdr.argus_dsrvl8.qual & 0xF0) >> 4)) > 0) {
21279 for (i = 0; i < num; i++) {
21280 *label = ntohl(*label);
21281 label++;
21282 }
21283 }
21284 if ((num = (mpls->hdr.argus_dsrvl8.qual & 0x0F)) > 0) {
21285 for (i = 0; i < num; i++) {
21286 *label = ntohl(*label);
21287 label++;
21288 }
21289 }
21290 break;
21291 }
21292
21293 case ARGUS_AGR_DSR: {
21294 struct ArgusAgrStruct *agr = (struct ArgusAgrStruct *) dsr;
21295 agr->count = ntohl(agr->count);
21296 break;
21297 }
21298
21299 case ARGUS_JITTER_DSR:
21300 case ARGUS_COCODE_DSR:
21301 break;
21302
21303 case ARGUS_DATA_DSR: {
21304 struct ArgusDataStruct *data = (struct ArgusDataStruct *) dsr;
21305 data->size = ntohs(data->size);
21306 data->count = ntohs(data->count);
21307 break;
21308 }
21309
21310 case ARGUS_BEHAVIOR_DSR: {
21311 struct ArgusBehaviorStruct *actor = (struct ArgusBehaviorStruct *) dsr;
21312 actor->keyStroke.src.n_strokes = ntohl(actor->keyStroke.src.n_strokes);
21313 actor->keyStroke.dst.n_strokes = ntohl(actor->keyStroke.dst.n_strokes);
21314 break;
21315 }
21316 }
21317
21318 if (dsr->subtype & ARGUS_LEN_16BITS)
21319 dsr->argus_dsrvl16.len = ntohs(dsr->argus_dsrvl16.len);
21320
21321 dsr = (struct ArgusDSRHeader *)((char *)dsr + cnt);
21322 }
21323 }
21324 }
21325 }
21326 #endif
21327 }
21328
21329
21330 void
ArgusHtoN(struct ArgusRecord * argus)21331 ArgusHtoN (struct ArgusRecord *argus)
21332 {
21333 #if defined(_LITTLE_ENDIAN)
21334 struct ArgusRecordHeader *hdr = &argus->hdr;
21335 struct ArgusDSRHeader *dsr = (struct ArgusDSRHeader *) (hdr + 1);
21336
21337 switch (argus->hdr.type & 0xF0) {
21338 case ARGUS_MAR: {
21339 if (argus->hdr.len == sizeof (*argus)/4) {
21340 argus->argus_mar.status = htonl(argus->argus_mar.status);
21341 argus->argus_mar.argusid = htonl(argus->argus_mar.argusid);
21342 argus->argus_mar.localnet = htonl(argus->argus_mar.localnet);
21343 argus->argus_mar.netmask = htonl(argus->argus_mar.netmask);
21344 argus->argus_mar.nextMrSequenceNum = htonl(argus->argus_mar.nextMrSequenceNum);
21345 argus->argus_mar.startime.tv_sec = htonl(argus->argus_mar.startime.tv_sec);
21346 argus->argus_mar.startime.tv_usec = htonl(argus->argus_mar.startime.tv_usec);
21347 argus->argus_mar.now.tv_sec = htonl(argus->argus_mar.now.tv_sec);
21348 argus->argus_mar.now.tv_usec = htonl(argus->argus_mar.now.tv_usec);
21349 argus->argus_mar.reportInterval = htons(argus->argus_mar.reportInterval);
21350 argus->argus_mar.argusMrInterval = htons(argus->argus_mar.argusMrInterval);
21351
21352 argus->argus_mar.pktsRcvd = htonll(argus->argus_mar.pktsRcvd);
21353 argus->argus_mar.bytesRcvd = htonll(argus->argus_mar.bytesRcvd);
21354 argus->argus_mar.drift = htonll(argus->argus_mar.drift);
21355
21356 argus->argus_mar.records = htonl(argus->argus_mar.records);
21357 argus->argus_mar.flows = htonl(argus->argus_mar.flows);
21358 argus->argus_mar.dropped = htonl(argus->argus_mar.dropped);
21359 argus->argus_mar.queue = htonl(argus->argus_mar.queue);
21360 argus->argus_mar.output = htonl(argus->argus_mar.output);
21361 argus->argus_mar.clients = htonl(argus->argus_mar.clients);
21362 argus->argus_mar.bufs = htonl(argus->argus_mar.bufs);
21363 argus->argus_mar.bytes = htonl(argus->argus_mar.bytes);
21364
21365 argus->argus_mar.suserlen = htons(argus->argus_mar.suserlen);
21366 argus->argus_mar.duserlen = htons(argus->argus_mar.duserlen);
21367
21368 argus->argus_mar.thisid = htonl(argus->argus_mar.thisid);
21369 argus->argus_mar.record_len = htonl(argus->argus_mar.record_len);
21370 }
21371 break;
21372 }
21373
21374
21375 case ARGUS_EVENT:
21376 case ARGUS_NETFLOW:
21377 case ARGUS_FAR: {
21378 if (argus->hdr.len > 1) {
21379 int cnt;
21380 while ((char *) dsr < ((char *) argus + (hdr->len * 4))) {
21381 switch (dsr->type & 0x7F) {
21382 case ARGUS_FLOW_DSR: {
21383 struct ArgusFlow *flow = (struct ArgusFlow *) dsr;
21384
21385 switch (flow->hdr.subtype & 0x3F) {
21386 case ARGUS_FLOW_CLASSIC5TUPLE: {
21387 switch ((flow->hdr.argus_dsrvl8.qual & 0x1F)) {
21388 case ARGUS_TYPE_IPV4:
21389 flow->ip_flow.ip_src = htonl(flow->ip_flow.ip_src);
21390 flow->ip_flow.ip_dst = htonl(flow->ip_flow.ip_dst);
21391 switch (flow->ip_flow.ip_p) {
21392 case IPPROTO_TCP:
21393 case IPPROTO_UDP:
21394 flow->ip_flow.sport = htons(flow->ip_flow.sport);
21395 flow->ip_flow.dport = htons(flow->ip_flow.dport);
21396 break;
21397 case IPPROTO_ESP:
21398 flow->esp_flow.spi = htonl(flow->esp_flow.spi);
21399 break;
21400 case IPPROTO_IGMP:
21401 flow->igmp_flow.ip_id = htons(flow->igmp_flow.ip_id);
21402 break;
21403 case IPPROTO_ICMP:
21404 flow->icmp_flow.id = ntohs(flow->icmp_flow.id);
21405 flow->icmp_flow.ip_id = ntohs(flow->icmp_flow.ip_id);
21406 break;
21407 }
21408 break;
21409
21410 case ARGUS_TYPE_IPV6: {
21411 unsigned int *iptr = (unsigned int *)&flow->ipv6_flow;
21412 switch (flow->ipv6_flow.ip_p) {
21413 case IPPROTO_TCP:
21414 case IPPROTO_UDP:
21415 flow->ipv6_flow.sport = htons(flow->ipv6_flow.sport);
21416 flow->ipv6_flow.dport = htons(flow->ipv6_flow.dport);
21417 break;
21418
21419 case IPPROTO_ICMPV6:
21420 flow->icmpv6_flow.id = htons(flow->icmpv6_flow.id);
21421 break;
21422 }
21423 iptr[8] = htonl(iptr[8]);
21424 break;
21425 }
21426
21427 case ARGUS_TYPE_ETHER: {
21428 struct ArgusMacFlow *mac = (struct ArgusMacFlow *) &flow->mac_flow;
21429 mac->mac_union.ether.ehdr.ether_type = htons(mac->mac_union.ether.ehdr.ether_type);
21430 break;
21431 }
21432
21433 case ARGUS_TYPE_RARP: {
21434 struct ArgusRarpFlow *rarp = (struct ArgusRarpFlow *) &flow->rarp_flow;
21435 rarp->arp_tpa = htonl(rarp->arp_tpa);
21436 break;
21437 }
21438
21439 case ARGUS_TYPE_ARP: {
21440 struct ArgusLegacyArpFlow *arp = (struct ArgusLegacyArpFlow *) &flow->flow_un;
21441 arp->arp_spa = htonl(arp->arp_spa);
21442 arp->arp_tpa = htonl(arp->arp_tpa);
21443 break;
21444 }
21445
21446 case ARGUS_TYPE_ISIS: {
21447 struct ArgusIsisFlow *isis = (struct ArgusIsisFlow *) &flow->isis_flow;
21448 switch (isis->pdu_type) {
21449 case L1_LAN_IIH:
21450 case L2_LAN_IIH:
21451 break;
21452
21453 case L1_CSNP:
21454 case L2_CSNP:
21455 break;
21456
21457 case L1_PSNP:
21458 case L2_PSNP:
21459 break;
21460
21461 case L1_LSP:
21462 case L2_LSP:
21463 isis->isis_un.lsp.seqnum = htonl(isis->isis_un.lsp.seqnum);
21464 break;
21465 }
21466 isis->pdu_type = htonl(isis->pdu_type);
21467 isis->chksum = htonl(isis->chksum);
21468 break;
21469 }
21470 }
21471 break;
21472 }
21473
21474 case ARGUS_FLOW_ARP: {
21475 switch (flow->hdr.argus_dsrvl8.qual & 0x1F) {
21476 case ARGUS_TYPE_RARP: {
21477 struct ArgusRarpFlow *rarp = (struct ArgusRarpFlow *) &flow->rarp_flow;
21478 rarp->hrd = htons(rarp->hrd);
21479 rarp->pro = htons(rarp->pro);
21480 rarp->op = htons(rarp->op);
21481 if (rarp->pln == 4) {
21482 rarp->arp_tpa = htonl(rarp->arp_tpa);
21483 }
21484 break;
21485 }
21486 case ARGUS_TYPE_ARP: {
21487 struct ArgusArpFlow *arp = (struct ArgusArpFlow *) &flow->arp_flow;
21488 arp->hrd = htons(arp->hrd);
21489 arp->pro = htons(arp->pro);
21490 arp->op = htons(arp->op);
21491 if (arp->pln == 4) {
21492 arp->arp_spa = htonl(arp->arp_spa);
21493 arp->arp_tpa = htonl(arp->arp_tpa);
21494 }
21495 break;
21496 }
21497 default: {
21498 struct ArgusInterimArpFlow *arp = (void *) &flow->iarp_flow;
21499 arp->pro = htons(arp->pro);
21500 arp->arp_spa = htonl(arp->arp_spa);
21501 arp->arp_tpa = htonl(arp->arp_tpa);
21502 }
21503 }
21504 break;
21505 }
21506 }
21507 break;
21508 }
21509
21510 case ARGUS_ENCAPS_DSR: {
21511 struct ArgusEncapsStruct *encaps = (struct ArgusEncapsStruct *) dsr;
21512 encaps->src = htonl(encaps->src);
21513 encaps->dst = htonl(encaps->dst);
21514 break;
21515 }
21516
21517 case ARGUS_ASN_DSR: {
21518 struct ArgusAsnStruct *asn = (struct ArgusAsnStruct *) dsr;
21519 asn->src_as = htonl(asn->src_as);
21520 asn->dst_as = htonl(asn->dst_as);
21521 if (asn->hdr.argus_dsrvl8.len > 3)
21522 asn->inode_as = htonl(asn->inode_as);
21523 break;
21524 }
21525
21526 case ARGUS_IPATTR_DSR: {
21527 struct ArgusIPAttrStruct *attr = (struct ArgusIPAttrStruct *) dsr;
21528 unsigned int *dsrptr = (unsigned int *)(dsr + 1);
21529
21530 if (attr->hdr.argus_dsrvl8.qual & ARGUS_IPATTR_SRC) {
21531 struct ArgusIPAttrObject *aobj = (struct ArgusIPAttrObject *) dsrptr;
21532 aobj->ip_id = htons(aobj->ip_id);
21533 dsrptr++;
21534 }
21535 if (attr->hdr.argus_dsrvl8.qual & ARGUS_IPATTR_SRC_OPTIONS) {
21536 *dsrptr = htonl(*dsrptr);
21537 dsrptr++;
21538 }
21539 if (attr->hdr.argus_dsrvl8.qual & ARGUS_IPATTR_DST) {
21540 struct ArgusIPAttrObject *aobj = (struct ArgusIPAttrObject *) dsrptr;
21541 aobj->ip_id = htons(aobj->ip_id);
21542 dsrptr++;
21543 }
21544 if (attr->hdr.argus_dsrvl8.qual & ARGUS_IPATTR_DST_OPTIONS) {
21545 *dsrptr = htonl(*dsrptr);
21546 dsrptr++;
21547 }
21548 break;
21549 }
21550
21551 case ARGUS_TRANSPORT_DSR: {
21552 struct ArgusTransportStruct *trans = (struct ArgusTransportStruct *) dsr;
21553
21554 if (trans->hdr.subtype & ARGUS_SEQ)
21555 trans->seqnum = htonl(trans->seqnum);
21556
21557 if (trans->hdr.subtype & ARGUS_SRCID) {
21558 switch (trans->hdr.argus_dsrvl8.qual) {
21559 case ARGUS_TYPE_INT:
21560 trans->srcid.a_un.value = htonl(trans->srcid.a_un.value);
21561 break;
21562 case ARGUS_TYPE_IPV4:
21563 trans->srcid.a_un.value = htonl(trans->srcid.a_un.value);
21564 break;
21565
21566 case ARGUS_TYPE_IPV6:
21567 case ARGUS_TYPE_ETHER:
21568 case ARGUS_TYPE_STRING:
21569 break;
21570 }
21571 }
21572 break;
21573 }
21574
21575 case ARGUS_TIME_DSR: {
21576 unsigned int i, *dtime = (unsigned int *) dsr;
21577
21578 for (i = 1; i < dsr->argus_dsrvl8.len; i++)
21579 dtime[i] = htonl(dtime[i]);
21580 break;
21581 }
21582
21583 case ARGUS_METER_DSR: {
21584 if (dsr->subtype & ARGUS_METER_PKTS_BYTES) {
21585 switch (dsr->argus_dsrvl8.qual & 0x0F) {
21586 case ARGUS_SRCDST_BYTE:
21587 case ARGUS_SRC_BYTE:
21588 case ARGUS_DST_BYTE:
21589 break;
21590 case ARGUS_SRCDST_SHORT:
21591 ((unsigned short *)(dsr + 1))[0] = htons(((unsigned short *)(dsr + 1))[0]);
21592 ((unsigned short *)(dsr + 1))[1] = htons(((unsigned short *)(dsr + 1))[1]);
21593 ((unsigned short *)(dsr + 1))[2] = htons(((unsigned short *)(dsr + 1))[2]);
21594 ((unsigned short *)(dsr + 1))[3] = htons(((unsigned short *)(dsr + 1))[3]);
21595 break;
21596 case ARGUS_SRCDST_INT:
21597 ((unsigned int *)(dsr + 1))[0] = htonl(((unsigned int *)(dsr + 1))[0]);
21598 ((unsigned int *)(dsr + 1))[1] = htonl(((unsigned int *)(dsr + 1))[1]);
21599 ((unsigned int *)(dsr + 1))[2] = htonl(((unsigned int *)(dsr + 1))[2]);
21600 ((unsigned int *)(dsr + 1))[3] = htonl(((unsigned int *)(dsr + 1))[3]);
21601 break;
21602 case ARGUS_SRCDST_LONGLONG:
21603 ((long long *)(dsr + 1))[0] = htonll(((long long *)(dsr + 1))[0]);
21604 ((long long *)(dsr + 1))[1] = htonll(((long long *)(dsr + 1))[1]);
21605 ((long long *)(dsr + 1))[2] = htonll(((long long *)(dsr + 1))[2]);
21606 ((long long *)(dsr + 1))[3] = htonll(((long long *)(dsr + 1))[3]);
21607 break;
21608 case ARGUS_SRC_SHORT:
21609 case ARGUS_DST_SHORT:
21610 ((unsigned short *)(dsr + 1))[0] = htons(((unsigned short *)(dsr + 1))[0]);
21611 ((unsigned short *)(dsr + 1))[1] = htons(((unsigned short *)(dsr + 1))[1]);
21612 break;
21613 case ARGUS_SRC_INT:
21614 case ARGUS_DST_INT:
21615 ((unsigned int *)(dsr + 1))[0] = htonl(((unsigned int *)(dsr + 1))[0]);
21616 ((unsigned int *)(dsr + 1))[1] = htonl(((unsigned int *)(dsr + 1))[1]);
21617 break;
21618 case ARGUS_SRC_LONGLONG:
21619 case ARGUS_DST_LONGLONG:
21620 ((long long *)(dsr + 1))[0] = htonll(((long long *)(dsr + 1))[0]);
21621 ((long long *)(dsr + 1))[1] = htonll(((long long *)(dsr + 1))[1]);
21622 break;
21623 }
21624 } else
21625 if (dsr->subtype & ARGUS_METER_PKTS_BYTES_APP) {
21626 switch (dsr->argus_dsrvl8.qual & 0x0F) {
21627 case ARGUS_SRCDST_BYTE:
21628 case ARGUS_SRC_BYTE:
21629 case ARGUS_DST_BYTE:
21630 break;
21631 case ARGUS_SRCDST_SHORT:
21632 ((unsigned short *)(dsr + 1))[0] = htons(((unsigned short *)(dsr + 1))[0]);
21633 ((unsigned short *)(dsr + 1))[1] = htons(((unsigned short *)(dsr + 1))[1]);
21634 ((unsigned short *)(dsr + 1))[2] = htons(((unsigned short *)(dsr + 1))[2]);
21635 ((unsigned short *)(dsr + 1))[3] = htons(((unsigned short *)(dsr + 1))[3]);
21636 ((unsigned short *)(dsr + 1))[4] = htons(((unsigned short *)(dsr + 1))[4]);
21637 ((unsigned short *)(dsr + 1))[5] = htons(((unsigned short *)(dsr + 1))[5]);
21638 break;
21639 case ARGUS_SRCDST_INT:
21640 ((unsigned int *)(dsr + 1))[0] = htonl(((unsigned int *)(dsr + 1))[0]);
21641 ((unsigned int *)(dsr + 1))[1] = htonl(((unsigned int *)(dsr + 1))[1]);
21642 ((unsigned int *)(dsr + 1))[2] = htonl(((unsigned int *)(dsr + 1))[2]);
21643 ((unsigned int *)(dsr + 1))[3] = htonl(((unsigned int *)(dsr + 1))[3]);
21644 ((unsigned int *)(dsr + 1))[4] = htonl(((unsigned int *)(dsr + 1))[4]);
21645 ((unsigned int *)(dsr + 1))[5] = htonl(((unsigned int *)(dsr + 1))[5]);
21646 break;
21647 case ARGUS_SRCDST_LONGLONG:
21648 ((long long *)(dsr + 1))[0] = htonll(((long long *)(dsr + 1))[0]);
21649 ((long long *)(dsr + 1))[1] = htonll(((long long *)(dsr + 1))[1]);
21650 ((long long *)(dsr + 1))[2] = htonll(((long long *)(dsr + 1))[2]);
21651 ((long long *)(dsr + 1))[3] = htonll(((long long *)(dsr + 1))[3]);
21652 ((long long *)(dsr + 1))[4] = htonll(((long long *)(dsr + 1))[4]);
21653 ((long long *)(dsr + 1))[5] = htonll(((long long *)(dsr + 1))[5]);
21654 break;
21655 case ARGUS_SRC_SHORT:
21656 case ARGUS_DST_SHORT:
21657 ((unsigned short *)(dsr + 1))[0] = htons(((unsigned short *)(dsr + 1))[0]);
21658 ((unsigned short *)(dsr + 1))[1] = htons(((unsigned short *)(dsr + 1))[1]);
21659 ((unsigned short *)(dsr + 1))[2] = htons(((unsigned short *)(dsr + 1))[2]);
21660 break;
21661 case ARGUS_SRC_INT:
21662 case ARGUS_DST_INT:
21663 ((unsigned int *)(dsr + 1))[0] = htonl(((unsigned int *)(dsr + 1))[0]);
21664 ((unsigned int *)(dsr + 1))[1] = htonl(((unsigned int *)(dsr + 1))[1]);
21665 ((unsigned int *)(dsr + 1))[2] = htonl(((unsigned int *)(dsr + 1))[2]);
21666 break;
21667 case ARGUS_SRC_LONGLONG:
21668 case ARGUS_DST_LONGLONG:
21669 ((long long *)(dsr + 1))[0] = htonll(((long long *)(dsr + 1))[0]);
21670 ((long long *)(dsr + 1))[1] = htonll(((long long *)(dsr + 1))[1]);
21671 ((long long *)(dsr + 1))[2] = htonll(((long long *)(dsr + 1))[2]);
21672 break;
21673 }
21674 }
21675 break;
21676 }
21677
21678 case ARGUS_PSIZE_DSR: {
21679 switch (dsr->argus_dsrvl8.qual & 0x0F) {
21680 case ARGUS_SRCDST_SHORT:
21681 ((unsigned short *)(dsr + 1))[0] = htons(((unsigned short *)(dsr + 1))[0]);
21682 ((unsigned short *)(dsr + 1))[1] = htons(((unsigned short *)(dsr + 1))[1]);
21683 ((unsigned short *)(dsr + 1))[2] = htons(((unsigned short *)(dsr + 1))[2]);
21684 ((unsigned short *)(dsr + 1))[3] = htons(((unsigned short *)(dsr + 1))[3]);
21685 break;
21686
21687 case ARGUS_SRC_SHORT:
21688 case ARGUS_DST_SHORT:
21689 ((unsigned short *)(dsr + 1))[0] = htons(((unsigned short *)(dsr + 1))[0]);
21690 ((unsigned short *)(dsr + 1))[1] = htons(((unsigned short *)(dsr + 1))[1]);
21691 break;
21692
21693 case ARGUS_SRCDST_INT:
21694 ((unsigned int *)(dsr + 1))[0] = htonl(((unsigned int *)(dsr + 1))[0]);
21695 ((unsigned int *)(dsr + 1))[1] = htonl(((unsigned int *)(dsr + 1))[1]);
21696 ((unsigned int *)(dsr + 1))[2] = htonl(((unsigned int *)(dsr + 1))[2]);
21697 ((unsigned int *)(dsr + 1))[3] = htonl(((unsigned int *)(dsr + 1))[3]);
21698 break;
21699
21700 case ARGUS_SRC_INT:
21701 case ARGUS_DST_INT:
21702 ((unsigned int *)(dsr + 1))[0] = htonl(((unsigned int *)(dsr + 1))[0]);
21703 ((unsigned int *)(dsr + 1))[1] = htonl(((unsigned int *)(dsr + 1))[1]);
21704 break;
21705 }
21706 break;
21707 }
21708
21709 case ARGUS_NETWORK_DSR: {
21710 struct ArgusNetworkStruct *net = (struct ArgusNetworkStruct *)dsr;
21711 switch (net->hdr.subtype) {
21712 case ARGUS_TCP_INIT: {
21713 struct ArgusTCPInitStatus *tcp = (void *)&net->net_union.tcpinit;
21714 tcp->status = htonl(tcp->status);
21715 tcp->seqbase = htonl(tcp->seqbase);
21716 tcp->options = htonl(tcp->options);
21717 tcp->win = htons(tcp->win);
21718 break;
21719 }
21720 case ARGUS_TCP_STATUS: {
21721 struct ArgusTCPStatus *tcp = (struct ArgusTCPStatus *)&net->net_union.tcpstatus;
21722 tcp->status = htonl(tcp->status);
21723 break;
21724 }
21725 case ARGUS_TCP_PERF: {
21726 struct ArgusTCPObject *tcp = (struct ArgusTCPObject *)&net->net_union.tcp;
21727 tcp->status = htonl(tcp->status);
21728 tcp->state = htonl(tcp->state);
21729 tcp->options = htonl(tcp->options);
21730 tcp->synAckuSecs = htonl(tcp->synAckuSecs);
21731 tcp->ackDatauSecs = htonl(tcp->ackDatauSecs);
21732
21733 tcp->src.lasttime.tv_sec = htonl(tcp->src.lasttime.tv_sec);
21734 tcp->src.lasttime.tv_usec = htonl(tcp->src.lasttime.tv_usec);
21735 tcp->src.status = htonl(tcp->src.status);
21736 tcp->src.seqbase = htonl(tcp->src.seqbase);
21737 tcp->src.seq = htonl(tcp->src.seq);
21738 tcp->src.ack = htonl(tcp->src.ack);
21739 tcp->src.winnum = htonl(tcp->src.winnum);
21740 tcp->src.bytes = htonl(tcp->src.bytes);
21741 tcp->src.retrans = htonl(tcp->src.retrans);
21742 tcp->src.ackbytes = htonl(tcp->src.ackbytes);
21743 tcp->src.winbytes = htonl(tcp->src.winbytes);
21744 tcp->src.win = htons(tcp->src.win);
21745
21746 if (dsr->argus_dsrvl8.len > (((sizeof(struct ArgusTCPObject) - sizeof(struct ArgusTCPObjectMetrics))+3)/4 + 1)) {
21747 tcp->dst.lasttime.tv_sec = htonl(tcp->dst.lasttime.tv_sec);
21748 tcp->dst.lasttime.tv_usec = htonl(tcp->dst.lasttime.tv_usec);
21749 tcp->dst.status = htonl(tcp->dst.status);
21750 tcp->dst.seqbase = htonl(tcp->dst.seqbase);
21751 tcp->dst.seq = htonl(tcp->dst.seq);
21752 tcp->dst.ack = htonl(tcp->dst.ack);
21753 tcp->dst.winnum = htonl(tcp->dst.winnum);
21754 tcp->dst.bytes = htonl(tcp->dst.bytes);
21755 tcp->dst.retrans = htonl(tcp->dst.retrans);
21756 tcp->dst.ackbytes = htonl(tcp->dst.ackbytes);
21757 tcp->dst.winbytes = htonl(tcp->dst.winbytes);
21758 tcp->dst.win = htons(tcp->dst.win);
21759 }
21760 break;
21761 }
21762 case ARGUS_ICMP_DSR: {
21763 struct ArgusICMPObject *icmpObj = (void *)&net->net_union.icmp;
21764 icmpObj->iseq = htonl(icmpObj->iseq);
21765 icmpObj->osrcaddr = htonl(icmpObj->osrcaddr);
21766 icmpObj->isrcaddr = htonl(icmpObj->isrcaddr);
21767 icmpObj->odstaddr = htonl(icmpObj->odstaddr);
21768 icmpObj->idstaddr = htonl(icmpObj->idstaddr);
21769 icmpObj->igwaddr = htonl(icmpObj->igwaddr);
21770 break;
21771 }
21772 case ARGUS_ESP_DSR: {
21773 struct ArgusESPObject *espObj = (struct ArgusESPObject *)&net->net_union.esp;
21774 espObj->status = htonl(espObj->status);
21775 espObj->spi = htonl(espObj->spi);
21776 espObj->lastseq = htonl(espObj->lastseq);
21777 espObj->lostseq = htonl(espObj->lostseq);
21778 break;
21779 }
21780 case ARGUS_UDT_FLOW: {
21781 struct ArgusUDTObject *udtObj = (struct ArgusUDTObject *)&net->net_union.udt;
21782 udtObj->state = htonl(udtObj->state);
21783 udtObj->status = htonl(udtObj->status);
21784 udtObj->src.lasttime.tv_sec = htonl(udtObj->src.lasttime.tv_sec);
21785 udtObj->src.lasttime.tv_usec = htonl(udtObj->src.lasttime.tv_usec);
21786 udtObj->src.seq = htonl(udtObj->src.seq);
21787 udtObj->src.tstamp = htonl(udtObj->src.tstamp);
21788 udtObj->src.ack = htonl(udtObj->src.ack);
21789 udtObj->src.rtt = htonl(udtObj->src.rtt);
21790 udtObj->src.var = htonl(udtObj->src.var);
21791 udtObj->src.bsize = htonl(udtObj->src.bsize);
21792 udtObj->src.rate = htonl(udtObj->src.rate);
21793 udtObj->src.lcap = htonl(udtObj->src.lcap);
21794 udtObj->src.solo = htonl(udtObj->src.solo);
21795 udtObj->src.first = htonl(udtObj->src.first);
21796 udtObj->src.middle = htonl(udtObj->src.middle);
21797 udtObj->src.last = htonl(udtObj->src.last);
21798 udtObj->src.drops = htonl(udtObj->src.drops);
21799 udtObj->src.retrans = htonl(udtObj->src.retrans);
21800 udtObj->src.nacked = htonl(udtObj->src.nacked);
21801 break;
21802 }
21803 case ARGUS_RTP_FLOW: {
21804 struct ArgusRTPObject *rtpObj = (struct ArgusRTPObject *)&net->net_union.rtp;
21805 rtpObj->state = htonl(rtpObj->state);
21806 rtpObj->src.rh_seq = htons(rtpObj->src.rh_seq);
21807 rtpObj->src.rh_time = htonl(rtpObj->src.rh_time);
21808 rtpObj->src.rh_ssrc = htonl(rtpObj->src.rh_ssrc);
21809
21810 rtpObj->dst.rh_seq = htons(rtpObj->dst.rh_seq);
21811 rtpObj->dst.rh_time = htonl(rtpObj->dst.rh_time);
21812 rtpObj->dst.rh_ssrc = htonl(rtpObj->dst.rh_ssrc);
21813
21814 rtpObj->sdrop = htons(rtpObj->sdrop);
21815 rtpObj->ddrop = htons(rtpObj->ddrop);
21816 rtpObj->ssdev = htons(rtpObj->ssdev);
21817 rtpObj->dsdev = htons(rtpObj->dsdev);
21818 break;
21819 }
21820 case ARGUS_RTCP_FLOW: {
21821 struct ArgusRTCPObject *rtcpObj = (struct ArgusRTCPObject *)&net->net_union.rtcp;
21822 rtcpObj->src.rh_len = htons(rtcpObj->src.rh_len);
21823 rtcpObj->src.rh_ssrc = htonl(rtcpObj->src.rh_ssrc);
21824
21825 rtcpObj->dst.rh_len = htons(rtcpObj->dst.rh_len);
21826 rtcpObj->dst.rh_ssrc = htonl(rtcpObj->dst.rh_ssrc);
21827
21828 rtcpObj->sdrop = htons(rtcpObj->sdrop);
21829 rtcpObj->ddrop = htons(rtcpObj->ddrop);
21830 break;
21831 }
21832 }
21833 break;
21834 }
21835
21836 case ARGUS_ICMP_DSR: {
21837 struct ArgusIcmpStruct *icmp = (struct ArgusIcmpStruct *) dsr;
21838 icmp->iseq = htons(icmp->iseq);
21839 icmp->osrcaddr = htonl(icmp->osrcaddr);
21840 icmp->isrcaddr = htonl(icmp->isrcaddr);
21841 icmp->odstaddr = htonl(icmp->odstaddr);
21842 icmp->idstaddr = htonl(icmp->idstaddr);
21843 icmp->igwaddr = htonl(icmp->igwaddr);
21844 break;
21845 }
21846
21847 case ARGUS_MAC_DSR: {
21848 struct ArgusMacStruct *mac = (struct ArgusMacStruct *) dsr;
21849 switch (mac->hdr.subtype & 0x3F) {
21850 }
21851 break;
21852 }
21853
21854 case ARGUS_VLAN_DSR: {
21855 struct ArgusVlanStruct *vlan = (struct ArgusVlanStruct *) dsr;
21856 vlan->sid = htons(vlan->sid);
21857 vlan->did = htons(vlan->did);
21858 break;
21859 }
21860
21861 case ARGUS_MPLS_DSR: {
21862 struct ArgusMplsStruct *mpls = (struct ArgusMplsStruct *) dsr;
21863 unsigned int *label = (unsigned int *)(dsr + 1);
21864 int num, i;
21865
21866 if ((num = ((mpls->hdr.argus_dsrvl8.qual & 0xF0) >> 4)) > 0) {
21867 for (i = 0; i < num; i++) {
21868 *label = htonl(*label);
21869 label++;
21870 }
21871 }
21872 if ((num = (mpls->hdr.argus_dsrvl8.qual & 0x0F)) > 0) {
21873 for (i = 0; i < num; i++) {
21874 *label = htonl(*label);
21875 label++;
21876 }
21877 }
21878 break;
21879 }
21880
21881 case ARGUS_AGR_DSR: {
21882 struct ArgusAgrStruct *agr = (struct ArgusAgrStruct *) dsr;
21883 agr->count = htonl(agr->count);
21884 break;
21885 }
21886
21887 case ARGUS_JITTER_DSR:
21888 case ARGUS_COCODE_DSR:
21889 break;
21890
21891 case ARGUS_DATA_DSR: {
21892 struct ArgusDataStruct *data = (struct ArgusDataStruct *) dsr;
21893 data->size = htons(data->size);
21894 data->count = htons(data->count);
21895 break;
21896 }
21897
21898 case ARGUS_BEHAVIOR_DSR: {
21899 struct ArgusBehaviorStruct *actor = (struct ArgusBehaviorStruct *) dsr;
21900 actor->keyStroke.src.n_strokes = htonl(actor->keyStroke.src.n_strokes);
21901 actor->keyStroke.dst.n_strokes = htonl(actor->keyStroke.dst.n_strokes);
21902 break;
21903 }
21904 }
21905
21906 if ((cnt = (((dsr->type & ARGUS_IMMEDIATE_DATA) ? 1 :
21907 ((dsr->subtype & ARGUS_LEN_16BITS) ? dsr->argus_dsrvl16.len :
21908 dsr->argus_dsrvl8.len))) * 4) > 0) {
21909 if (dsr->subtype & ARGUS_LEN_16BITS)
21910 dsr->argus_dsrvl16.len = htons(dsr->argus_dsrvl16.len);
21911
21912 dsr = (struct ArgusDSRHeader *)((char *)dsr + cnt);
21913
21914 } else
21915 break;
21916 }
21917 }
21918 break;
21919 }
21920 }
21921
21922 hdr->len = htons(hdr->len);
21923 #endif
21924 }
21925
21926 void
ArgusV2NtoH(struct ArgusV2Record * argus)21927 ArgusV2NtoH (struct ArgusV2Record *argus)
21928 {
21929 #if defined(_LITTLE_ENDIAN)
21930 int farlen = 0;
21931
21932 argus->ahdr.length = ntohs(argus->ahdr.length);
21933 argus->ahdr.argusid = ntohl(argus->ahdr.argusid);
21934 argus->ahdr.seqNumber = ntohl(argus->ahdr.seqNumber);
21935 argus->ahdr.status = ntohl(argus->ahdr.status);
21936
21937 if (argus->ahdr.type & ARGUS_V2_MAR) {
21938
21939 argus->argus_mar.startime.tv_sec = ntohl(argus->argus_mar.startime.tv_sec);
21940 argus->argus_mar.startime.tv_usec = ntohl(argus->argus_mar.startime.tv_usec);
21941 argus->argus_mar.now.tv_sec = ntohl(argus->argus_mar.now.tv_sec);
21942 argus->argus_mar.now.tv_usec = ntohl(argus->argus_mar.now.tv_usec);
21943 argus->argus_mar.reportInterval = ntohs(argus->argus_mar.reportInterval);
21944 argus->argus_mar.argusMrInterval = ntohs(argus->argus_mar.argusMrInterval);
21945 argus->argus_mar.argusid = ntohl(argus->argus_mar.argusid);
21946 argus->argus_mar.localnet = ntohl(argus->argus_mar.localnet);
21947 argus->argus_mar.netmask = ntohl(argus->argus_mar.netmask);
21948 argus->argus_mar.nextMrSequenceNum = ntohl(argus->argus_mar.nextMrSequenceNum);
21949
21950 argus->argus_mar.pktsRcvd = ntohll(argus->argus_mar.pktsRcvd);
21951 argus->argus_mar.bytesRcvd = ntohll(argus->argus_mar.bytesRcvd);
21952
21953 argus->argus_mar.pktsDrop = ntohl(argus->argus_mar.pktsDrop);
21954 argus->argus_mar.flows = ntohl(argus->argus_mar.flows);
21955 argus->argus_mar.flowsClosed = ntohl(argus->argus_mar.flowsClosed);
21956
21957 argus->argus_mar.actIPcons = ntohl( argus->argus_mar.actIPcons);
21958 argus->argus_mar.cloIPcons = ntohl( argus->argus_mar.cloIPcons);
21959 argus->argus_mar.actICMPcons = ntohl( argus->argus_mar.actICMPcons);
21960 argus->argus_mar.cloICMPcons = ntohl( argus->argus_mar.cloICMPcons);
21961 argus->argus_mar.actIGMPcons = ntohl( argus->argus_mar.actIGMPcons);
21962 argus->argus_mar.cloIGMPcons = ntohl( argus->argus_mar.cloIGMPcons);
21963
21964 argus->argus_mar.inputs = ntohl( argus->argus_mar.inputs);
21965 argus->argus_mar.outputs = ntohl( argus->argus_mar.outputs);
21966 argus->argus_mar.qcount = ntohl( argus->argus_mar.qcount);
21967 argus->argus_mar.qtime = ntohl( argus->argus_mar.qtime);
21968
21969 argus->argus_mar.record_len = ntohl(argus->argus_mar.record_len);
21970
21971 } else {
21972 unsigned int status;
21973 int length = argus->ahdr.length - sizeof(argus->ahdr);
21974 struct ArgusV2FarHeaderStruct *farhdr = (struct ArgusV2FarHeaderStruct *) &argus->argus_far;
21975
21976 farhdr->status = ntohs(farhdr->status);
21977
21978 status = argus->ahdr.status;
21979
21980 while (length > 0) {
21981 switch (farhdr->type) {
21982 case ARGUS_V2_FAR: {
21983 struct ArgusV2FarStruct *far = (struct ArgusV2FarStruct *) farhdr;
21984
21985 far->ArgusV2TransRefNum = ntohl(far->ArgusV2TransRefNum);
21986
21987 switch (status & (ETHERTYPE_IP|ETHERTYPE_IPV6|ETHERTYPE_ARP)) {
21988 case ETHERTYPE_IP: {
21989 struct ArgusV2IPFlow *ipflow = &far->flow.flow_union.ip;
21990
21991 far->attr_ip.soptions = ntohs(far->attr_ip.soptions);
21992 far->attr_ip.doptions = ntohs(far->attr_ip.doptions);
21993
21994 switch (ipflow->ip_p) {
21995 case IPPROTO_UDP:
21996 case IPPROTO_TCP:
21997 ipflow->ip_src = ntohl(ipflow->ip_src);
21998 ipflow->ip_dst = ntohl(ipflow->ip_dst);
21999 ipflow->sport = ntohs(ipflow->sport);
22000 ipflow->dport = ntohs(ipflow->dport);
22001 ipflow->ip_id = ntohs(ipflow->ip_id);
22002 break;
22003
22004 case IPPROTO_ICMP: {
22005 struct ArgusV2ICMPFlow *icmpflow = &far->flow.flow_union.icmp;
22006
22007 icmpflow->ip_src = ntohl(icmpflow->ip_src);
22008 icmpflow->ip_dst = ntohl(icmpflow->ip_dst);
22009 icmpflow->id = ntohs(icmpflow->id);
22010 icmpflow->ip_id = ntohs(icmpflow->ip_id);
22011 break;
22012 }
22013
22014 case IPPROTO_IGMP: {
22015 struct ArgusV2IGMPFlow *igmpflow = &far->flow.flow_union.igmp;
22016
22017 igmpflow->ip_src = ntohl(igmpflow->ip_src);
22018 igmpflow->ip_dst = ntohl(igmpflow->ip_dst);
22019 igmpflow->ip_id = ntohs(igmpflow->ip_id);
22020 break;
22021 }
22022
22023 default: {
22024 ipflow->ip_src = ntohl(ipflow->ip_src);
22025 ipflow->ip_dst = ntohl(ipflow->ip_dst);
22026 break;
22027 }
22028 }
22029 break;
22030 }
22031
22032 case ETHERTYPE_IPV6:
22033 break;
22034
22035 case ETHERTYPE_ARP: {
22036 struct ArgusV2ArpFlow *arpflow = &far->flow.flow_union.arp;
22037
22038 arpflow->arp_tpa = ntohl(arpflow->arp_tpa);
22039 arpflow->arp_spa = ntohl(arpflow->arp_spa);
22040 break;
22041 }
22042
22043 default:
22044 break;
22045 }
22046
22047 far->time.start.tv_sec = ntohl(far->time.start.tv_sec);
22048 far->time.start.tv_usec = ntohl(far->time.start.tv_usec);
22049 far->time.last.tv_sec = ntohl(far->time.last.tv_sec);
22050 far->time.last.tv_usec = ntohl(far->time.last.tv_usec);
22051
22052 far->src.count = ntohl(far->src.count);
22053 far->src.bytes = ntohl(far->src.bytes);
22054 far->src.appbytes = ntohl(far->src.appbytes);
22055
22056 far->dst.count = ntohl(far->dst.count);
22057 far->dst.bytes = ntohl(far->dst.bytes);
22058 far->dst.appbytes = ntohl(far->dst.appbytes);
22059 break;
22060 }
22061
22062 case ARGUS_V2_MAC_DSR: {
22063 struct ArgusV2MacStruct *mac = (struct ArgusV2MacStruct *) farhdr;
22064 if (farhdr->length == sizeof(*mac)) {
22065 mac->status = ntohs(mac->status);
22066 }
22067 break;
22068 }
22069
22070
22071 case ARGUS_V2_VLAN_DSR: {
22072 struct ArgusV2VlanStruct *vlan = (struct ArgusV2VlanStruct *) farhdr;
22073
22074 if (vlan->length != sizeof (struct ArgusV2VlanStruct)) /* fix for pre 2.0.1 len problem */
22075 vlan->length = sizeof (struct ArgusV2VlanStruct);
22076
22077 vlan->status = ntohs(vlan->status);
22078 vlan->sid = ntohs(vlan->sid);
22079 vlan->did = ntohs(vlan->did);
22080 break;
22081 }
22082
22083 case ARGUS_V2_MPLS_DSR: {
22084 struct ArgusV2MplsStruct *mpls = (struct ArgusV2MplsStruct *) farhdr;
22085 mpls->status = ntohs(mpls->status);
22086 mpls->slabel = ntohl(mpls->slabel);
22087 mpls->dlabel = ntohl(mpls->dlabel);
22088 mpls->length = sizeof(*mpls); /* fix for V2 argus error */
22089 break;
22090 }
22091
22092 case ARGUS_V2_TCP_DSR: {
22093 struct ArgusV2TCPObject *tcp = (struct ArgusV2TCPObject *) farhdr;
22094
22095 if (farhdr->length == sizeof(*tcp)) {
22096 tcp->status = ntohs(tcp->status);
22097 tcp->state = ntohl(tcp->state);
22098 tcp->synAckuSecs = ntohl(tcp->synAckuSecs);
22099 tcp->ackDatauSecs = ntohl(tcp->ackDatauSecs);
22100 tcp->options = ntohl(tcp->options);
22101 tcp->src.seqbase = ntohl(tcp->src.seqbase);
22102 tcp->src.ackbytes = ntohl(tcp->src.ackbytes);
22103 tcp->src.rpkts = ntohl(tcp->src.rpkts);
22104 tcp->src.win = ntohs(tcp->src.win);
22105 tcp->dst.seqbase = ntohl(tcp->dst.seqbase);
22106 tcp->dst.ackbytes = ntohl(tcp->dst.ackbytes);
22107 tcp->dst.rpkts = ntohl(tcp->dst.rpkts);
22108 tcp->dst.win = ntohs(tcp->dst.win);
22109 }
22110 break;
22111 }
22112
22113 case ARGUS_V2_ICMP_DSR: {
22114 struct ArgusV2ICMPObject *icmp = (struct ArgusV2ICMPObject *) farhdr;
22115
22116 if (farhdr->length == sizeof(*icmp)) {
22117 icmp->status = ntohs(icmp->status);
22118 icmp->iseq = ntohs(icmp->iseq);
22119 icmp->osrcaddr = ntohl(icmp->osrcaddr);
22120 icmp->odstaddr = ntohl(icmp->odstaddr);
22121 icmp->isrcaddr = ntohl(icmp->isrcaddr);
22122 icmp->idstaddr = ntohl(icmp->idstaddr);
22123 icmp->igwaddr = ntohl(icmp->igwaddr);
22124 }
22125 break;
22126 }
22127
22128 case ARGUS_V2_IGMP_DSR: {
22129 struct ArgusV2IGMPObject *igmp = (struct ArgusV2IGMPObject *) farhdr;
22130
22131 igmp->status = ntohs(igmp->status);
22132 igmp->igmp_group = ntohl(igmp->igmp_group);
22133
22134 if (igmp->length == sizeof(struct ArgusV2IGMPObject)) {
22135 igmp->jdelay.tv_sec = ntohl(igmp->jdelay.tv_sec);
22136 igmp->jdelay.tv_usec = ntohl(igmp->jdelay.tv_usec);
22137 igmp->ldelay.tv_sec = ntohl(igmp->ldelay.tv_sec);
22138 igmp->ldelay.tv_usec = ntohl(igmp->ldelay.tv_usec);
22139 }
22140 break;
22141 }
22142
22143 case ARGUS_V2_RTP_DSR: {
22144 struct ArgusV2RTPObject *rtp = (void *) farhdr;
22145 if (farhdr->length == sizeof(*rtp)) {
22146 rtp->status = ntohs(rtp->status);
22147 rtp->state = ntohl(rtp->state);
22148 rtp->sdrop = ntohs(rtp->sdrop);
22149 rtp->ddrop = ntohs(rtp->ddrop);
22150 rtp->ssdev = ntohs(rtp->ssdev);
22151 rtp->dsdev = ntohs(rtp->dsdev);
22152 }
22153 break;
22154 }
22155
22156 case ARGUS_V2_TIME_DSR: {
22157 struct ArgusV2TimeStruct *time = (void *) farhdr;
22158
22159 if (farhdr->length == sizeof(*time)) {
22160 time->status = ntohs(time->status);
22161 time->src.act.n = ntohl(time->src.act.n);
22162 time->src.act.minval = ntohl(time->src.act.minval);
22163 time->src.act.meanval = ntohl(time->src.act.meanval);
22164 time->src.act.stdev = ntohl(time->src.act.stdev);
22165 time->src.act.maxval = ntohl(time->src.act.maxval);
22166 time->src.idle.n = ntohl(time->src.idle.n);
22167 time->src.idle.minval = ntohl(time->src.idle.minval);
22168 time->src.idle.meanval = ntohl(time->src.idle.meanval);
22169 time->src.idle.stdev = ntohl(time->src.idle.stdev);
22170 time->src.idle.maxval = ntohl(time->src.idle.maxval);
22171 time->dst.act.n = ntohl(time->dst.act.n);
22172 time->dst.act.minval = ntohl(time->dst.act.minval);
22173 time->dst.act.meanval = ntohl(time->dst.act.meanval);
22174 time->dst.act.stdev = ntohl(time->dst.act.stdev);
22175 time->dst.act.maxval = ntohl(time->dst.act.maxval);
22176 time->dst.idle.n = ntohl(time->dst.idle.n);
22177 time->dst.idle.minval = ntohl(time->dst.idle.minval);
22178 time->dst.idle.meanval = ntohl(time->dst.idle.meanval);
22179 time->dst.idle.stdev = ntohl(time->dst.idle.stdev);
22180 time->dst.idle.maxval = ntohl(time->dst.idle.maxval);
22181 }
22182 break;
22183 }
22184
22185 case ARGUS_V2_SRCUSRDATA_DSR: {
22186 struct ArgusV2UserStruct *user = (struct ArgusV2UserStruct *) farhdr;
22187 user->status = ntohs(user->status);
22188 break;
22189 }
22190
22191 case ARGUS_V2_DSTUSRDATA_DSR: {
22192 struct ArgusV2UserStruct *user = (struct ArgusV2UserStruct *) farhdr;
22193 user->status = ntohs(user->status);
22194 break;
22195 }
22196
22197 case ARGUS_V2_ESP_DSR: {
22198 struct ArgusV2ESPStruct *esp = (struct ArgusV2ESPStruct *) farhdr;
22199 if (farhdr->length == sizeof(*esp)) {
22200 esp->status = ntohs(esp->status);
22201 esp->src.spi = ntohl(esp->src.spi);
22202 esp->src.lastseq = ntohl(esp->src.lastseq);
22203 esp->src.lostseq = ntohl(esp->src.lostseq);
22204 esp->dst.spi = ntohl(esp->dst.spi);
22205 esp->dst.lastseq = ntohl(esp->dst.lastseq);
22206 esp->dst.lostseq = ntohl(esp->dst.lostseq);
22207 }
22208 break;
22209 }
22210
22211
22212 case ARGUS_V2_AGR_DSR: {
22213 struct ArgusV2AGRStruct *agr = (struct ArgusV2AGRStruct *) farhdr;
22214
22215 if (farhdr->length == sizeof(*agr)) {
22216 agr->status = ntohs(agr->status);
22217 agr->count = ntohl(agr->count);
22218 agr->laststartime.tv_sec = ntohl(agr->laststartime.tv_sec);
22219 agr->laststartime.tv_usec = ntohl(agr->laststartime.tv_usec);
22220 agr->lasttime.tv_sec = ntohl(agr->lasttime.tv_sec);
22221 agr->lasttime.tv_usec = ntohl(agr->lasttime.tv_usec);
22222 agr->act.minval = ntohl(agr->act.minval);
22223 agr->act.meanval = ntohl(agr->act.meanval);
22224 agr->act.stdev = ntohl(agr->act.stdev);
22225 agr->act.maxval = ntohl(agr->act.maxval);
22226 agr->idle.minval = ntohl(agr->idle.minval);
22227 agr->idle.meanval = ntohl(agr->idle.meanval);
22228 agr->idle.stdev = ntohl(agr->idle.stdev);
22229 agr->idle.maxval = ntohl(agr->idle.maxval);
22230 }
22231 break;
22232 }
22233
22234 default:
22235 break;
22236 }
22237 if ((farlen = farhdr->length) == 0)
22238 break;
22239
22240 if ((farhdr->type == ARGUS_V2_SRCUSRDATA_DSR) ||
22241 (farhdr->type == ARGUS_V2_DSTUSRDATA_DSR))
22242 farlen = farlen * 4;
22243
22244 length -= farlen;
22245 farhdr = (struct ArgusV2FarHeaderStruct *)((char *)farhdr + farlen);
22246 }
22247 }
22248
22249 #ifdef ARGUSDEBUG
22250 ArgusDebug (7, "ArgusV2NtoH (%p) returning.\n", argus);
22251 #endif
22252 #endif
22253 }
22254
22255
22256 void
ArgusV2HtoN(struct ArgusV2Record * argus)22257 ArgusV2HtoN (struct ArgusV2Record *argus)
22258 {
22259 #if defined(_LITTLE_ENDIAN)
22260
22261 #ifdef ARGUSDEBUG
22262 ArgusDebug (7, "ArgusV2HtoN (%p) returning.\n", argus);
22263 #endif
22264 #endif
22265 }
22266
22267
22268 void
ArgusPrintHex(const u_char * bp,u_int length)22269 ArgusPrintHex (const u_char *bp, u_int length)
22270 {
22271 const u_short *sp;
22272 u_int i;
22273 int nshorts;
22274
22275 sp = (u_short *)bp;
22276 nshorts = (u_int) length / sizeof(u_short);
22277 i = 0;
22278 while (--nshorts >= 0) {
22279 if ((i++ % 8) == 0) {
22280 (void)printf("\n\t");
22281 }
22282 (void)printf(" %04x", ntohs(*sp++));
22283 }
22284
22285 if (length & 1) {
22286 if ((i % 8) == 0)
22287 (void)printf("\n\t");
22288
22289 (void)printf(" %02x", *(u_char *)sp);
22290 }
22291 (void)printf("\n");
22292 fflush(stdout);
22293 }
22294
22295
22296 int ArgusAllocMax = 0;
22297 int ArgusAllocBytes = 0;
22298 int ArgusAllocTotal = 0;
22299 int ArgusFreeTotal = 0;
22300
22301 struct ArgusMemoryList memory = {NULL, 0};
22302
22303 #define ARGUS_ALLOC 0x45672381
22304 /*
22305 #define ARGUS_ALIGN 128
22306 */
22307
22308 void *
ArgusMalloc(int bytes)22309 ArgusMalloc (int bytes)
22310 {
22311 void *retn = NULL;
22312 int offset;
22313
22314 if (bytes) {
22315 if (ArgusAllocTotal++ == 0) {
22316 #if defined(ARGUS_THREADS)
22317 pthread_mutex_init(&memory.lock, NULL);
22318 #endif
22319 }
22320 ArgusAllocBytes += bytes;
22321 if (ArgusAllocMax < ArgusAllocBytes)
22322 ArgusAllocMax = ArgusAllocBytes;
22323
22324 #if defined(ARGUS_ALIGN)
22325 offset = ARGUS_ALIGN;
22326 #else
22327 offset = 0;
22328 #endif
22329
22330 #if !defined(ARGUSMEMDEBUG)
22331 retn = (void *) malloc (bytes + offset);
22332 #else
22333 if ((retn = (u_int *) malloc (bytes + sizeof(struct ArgusMemoryHeader) + offset)) != NULL) {
22334 struct ArgusMemoryHeader *mem = (struct ArgusMemoryHeader *)retn;
22335 mem->tag = ARGUS_ALLOC;
22336 mem->len = bytes;
22337 mem->offset = offset;
22338 #if defined(__GNUC__)
22339 mem->frame[0] = __builtin_return_address(0);
22340 mem->frame[1] = __builtin_return_address(1);
22341 mem->frame[2] = __builtin_return_address(2);
22342 #endif
22343 #if defined(ARGUS_THREADS)
22344 pthread_mutex_lock(&memory.lock);
22345 #endif
22346 if (memory.start) {
22347 mem->nxt = memory.start;
22348 mem->prv = memory.end;
22349 mem->prv->nxt = mem;
22350 mem->nxt->prv = mem;
22351 memory.end = mem;
22352 } else {
22353 memory.start = mem;
22354 memory.end = mem;
22355 mem->nxt = mem;
22356 mem->prv = mem;
22357 }
22358 memory.count++;
22359 memory.total++;
22360 #if defined(ARGUS_THREADS)
22361 pthread_mutex_unlock(&memory.lock);
22362 #endif
22363 retn = (void *)(mem + 1);
22364 }
22365 #endif
22366
22367 #if defined(ARGUS_ALIGN)
22368 if (retn != NULL) {
22369 unsigned short toff;
22370 toff = ((unsigned long)retn & (offset - 1));
22371 toff = offset - toff;
22372 retn = (void *)((char *)retn + toff);
22373 ((unsigned short *)retn)[-1] = toff;
22374 }
22375 #endif
22376 }
22377 #ifdef ARGUSDEBUG
22378 ArgusDebug (6, "ArgusMalloc (%d) returning %p\n", bytes, retn);
22379 #endif
22380 return (retn);
22381 }
22382
22383 void *
ArgusCalloc(int nitems,int bytes)22384 ArgusCalloc (int nitems, int bytes)
22385 {
22386 int offset, total = nitems * bytes;
22387 void *retn = NULL;
22388
22389 if (total) {
22390 if (ArgusAllocTotal++ == 0) {
22391 #if defined(ARGUS_THREADS)
22392 pthread_mutex_init(&memory.lock, NULL);
22393 #endif
22394 }
22395 ArgusAllocBytes += total;
22396 if (ArgusAllocMax < ArgusAllocBytes)
22397 ArgusAllocMax = ArgusAllocBytes;
22398
22399 #if defined(ARGUS_ALIGN)
22400 offset = ARGUS_ALIGN;
22401 #else
22402 offset = 0;
22403 #endif
22404
22405 #if !defined(ARGUSMEMDEBUG)
22406 if ((retn = calloc (1, total + offset)) == NULL)
22407 ArgusLog (LOG_ERR, "ArgusCalloc: malloc error %s", strerror(errno));
22408
22409 #else
22410 if ((retn = calloc (1, total + sizeof(struct ArgusMemoryHeader) + offset)) != NULL) {
22411 struct ArgusMemoryHeader *mem = retn;
22412 mem->tag = ARGUS_ALLOC;
22413 mem->len = total;
22414 mem->offset = offset;
22415 #if defined(__GNUC__)
22416 mem->frame[0] = __builtin_return_address(0);
22417 mem->frame[1] = __builtin_return_address(1);
22418 mem->frame[2] = __builtin_return_address(2);
22419 #endif
22420
22421 #if defined(ARGUS_THREADS)
22422 pthread_mutex_lock(&memory.lock);
22423 #endif
22424 if (memory.start) {
22425 mem->nxt = memory.start;
22426 mem->prv = memory.start->prv;
22427 mem->prv->nxt = mem;
22428 mem->nxt->prv = mem;
22429 memory.end = mem;
22430 } else {
22431 memory.start = mem;
22432 memory.end = mem;
22433 mem->nxt = mem;
22434 mem->prv = mem;
22435 }
22436 memory.total++;
22437 memory.count++;
22438 #if defined(ARGUS_THREADS)
22439 pthread_mutex_unlock(&memory.lock);
22440 #endif
22441 retn = (void *)(mem + 1);
22442 }
22443 #endif
22444
22445 #if defined(ARGUS_ALIGN)
22446 if (retn != NULL) {
22447 unsigned short toff;
22448 toff = ((unsigned long)retn & (offset - 1));
22449 toff = offset - toff;
22450 retn = (void *)((char *)retn + toff);
22451 ((unsigned short *)retn)[-1] = toff;
22452 }
22453 #endif
22454 }
22455
22456 #ifdef ARGUSDEBUG
22457 ArgusDebug (6, "ArgusCalloc (%d, %d) returning 0x%x\n", nitems, bytes, retn);
22458 #endif
22459 return (retn);
22460 }
22461
22462
22463 void
ArgusFree(void * buf)22464 ArgusFree (void *buf)
22465 {
22466 void *ptr = buf;
22467
22468 if (ptr) {
22469 ArgusFreeTotal++;
22470 #if defined(ARGUSMEMDEBUG)
22471 {
22472 struct ArgusMemoryHeader *mem = ptr;
22473 #if defined(ARGUS_ALIGN)
22474 unsigned short offset = ((unsigned short *)mem)[-1];
22475 mem = (void *)((char *)mem - offset);
22476 #endif
22477 mem--;
22478 if (mem->tag != ARGUS_ALLOC)
22479 ArgusLog (LOG_ERR, "ArgusFree: buffer error 0x%x", ptr);
22480
22481 #if defined(ARGUS_THREADS)
22482 pthread_mutex_lock(&memory.lock);
22483 #endif
22484 if (memory.count == 1) {
22485 memory.start = NULL;
22486 memory.end = NULL;
22487 } else {
22488 mem->prv->nxt = mem->nxt;
22489 mem->nxt->prv = mem->prv;
22490 if (mem == memory.start) {
22491 memory.start = mem->nxt;
22492 } else if (mem == memory.end) {
22493 memory.end = mem->prv;
22494 }
22495 }
22496 ArgusAllocBytes -= mem->len;
22497 memory.count--;
22498 #if defined(ARGUS_THREADS)
22499 pthread_mutex_unlock(&memory.lock);
22500 #endif
22501 ptr = mem;
22502 }
22503 #else
22504 #if defined(ARGUS_ALIGN)
22505 {
22506 unsigned short offset;
22507 if ((offset = ((unsigned short *)ptr)[-1]) > 0)
22508 ptr = (void *)((char *)ptr - offset);
22509 }
22510 #endif
22511 #endif
22512 free (ptr);
22513 }
22514 #ifdef ARGUSDEBUG
22515 if (buf != ArgusParser)
22516 ArgusDebug (6, "ArgusFree (%p)\n", buf);
22517 #endif
22518 }
22519
22520 /*
22521 the argus malloc list is the list of free MallocLists for the system.
22522 these are blocks that are used to convey flow data from the modeler
22523 to the output processor. They are fixed length blocks, and so no need
22524 to malloc and free, so just keep them in a list when they aren't being
22525 used. we keep 2000 in the list when demand goes below this, and we
22526 start with 20, when we initialize the modeler. no more than 1M records.
22527
22528 so, when something asks for one, we take it off the list if there is
22529 one, and if not we just create one and return the buffer. The buffer
22530 has a memory header in front so that the records can be put in the
22531 list when they are freed, without corrupting the headers that were
22532 in the last block. Be sure and respect that so other routines
22533 don't stomp on our header.
22534 */
22535
22536
22537 #define ARGUS_MEMORY_MAX 1000000
22538 #define ARGUS_MEMORY_HI_THRESH 2000
22539 #define ARGUS_MEMORY_LOW_THRESH 20
22540
22541 struct ArgusMemoryList *ArgusMallocList = NULL;
22542
22543 void ArgusInitMallocList (struct ArgusParserStruct *, int);
22544 void ArgusDeleteMallocList (struct ArgusParserStruct *);
22545
22546 void
ArgusInitMallocList(struct ArgusParserStruct * parser,int length)22547 ArgusInitMallocList (struct ArgusParserStruct *parser, int length)
22548 {
22549 struct ArgusMemoryList *retn = NULL;
22550 int memlen = length + sizeof(struct ArgusMemoryHeader);
22551
22552 if (ArgusMallocList != NULL) {
22553 if (length == ArgusMallocList->size)
22554 return;
22555 else
22556 ArgusLog(LOG_ERR, "ArgusInitMallocList called with multiple sizes");
22557 }
22558
22559 #if defined(ARGUS_THREADS)
22560 if (parser)
22561 pthread_mutex_lock(&parser->lock);
22562 #endif
22563
22564 if ((retn = (struct ArgusMemoryList *) ArgusCalloc(1, sizeof(*ArgusMallocList))) == NULL)
22565 ArgusLog(LOG_ERR, "ArgusInitMallocList ArgusCalloc %s", strerror(errno));
22566
22567 retn->size = length;
22568
22569 #if defined(ARGUS_THREADS)
22570 pthread_mutex_init(&retn->lock, NULL);
22571 pthread_mutex_lock(&retn->lock);
22572 #endif
22573
22574 ArgusMallocList = retn;
22575
22576 while (ArgusMallocList->count < ARGUS_MEMORY_LOW_THRESH) {
22577 struct ArgusMemoryHeader *mem;
22578 if ((mem = (struct ArgusMemoryHeader *) ArgusCalloc (1, memlen)) != NULL) {
22579 if (ArgusMallocList->end) {
22580 ArgusMallocList->end->nxt = mem;
22581 } else {
22582 ArgusMallocList->start = mem;
22583 ArgusMallocList->count = 0;
22584 }
22585 ArgusMallocList->end = mem;
22586 ArgusMallocList->count++;
22587 ArgusMallocList->total++;
22588 }
22589 }
22590
22591 #if defined(ARGUS_THREADS)
22592 pthread_mutex_unlock(&ArgusMallocList->lock);
22593 if (parser)
22594 pthread_mutex_unlock(&parser->lock);
22595 #endif
22596
22597 #ifdef ARGUSDEBUG
22598 ArgusDebug (6, "ArgusInitMallocList (%p, %d) returning\n", parser, length);
22599 #endif
22600 return;
22601 }
22602
22603 void
ArgusDeleteMallocList(struct ArgusParserStruct * parser)22604 ArgusDeleteMallocList (struct ArgusParserStruct *parser)
22605 {
22606 struct ArgusMemoryList *retn = NULL;
22607 struct ArgusMemoryHeader *crt, *rel;
22608
22609 if (ArgusMallocList != NULL) {
22610 #if defined(ARGUS_THREADS)
22611 pthread_mutex_lock(&ArgusMallocList->lock);
22612 #endif
22613 retn = ArgusMallocList;
22614 ArgusMallocList = NULL;
22615
22616 if ((crt = retn->start) != NULL) {
22617 while (crt != NULL) {
22618 rel = crt;
22619 crt = crt->nxt;
22620 ArgusFree(rel);
22621 }
22622 }
22623
22624 #if defined(ARGUS_THREADS)
22625 pthread_mutex_destroy(&retn->lock);
22626 #endif
22627 ArgusFree(retn);
22628 }
22629 }
22630
22631 void *
ArgusMallocListRecord(struct ArgusParserStruct * parser,int length)22632 ArgusMallocListRecord (struct ArgusParserStruct *parser, int length)
22633 {
22634 struct ArgusMemoryHeader *mem = NULL;
22635 int memlen = length + sizeof(struct ArgusMemoryHeader);
22636 void *retn = NULL;
22637
22638 if (ArgusMallocList == NULL)
22639 ArgusInitMallocList(parser, length);
22640
22641 if (length == ArgusMallocList->size) {
22642 #if defined(ARGUS_THREADS)
22643 pthread_mutex_lock(&ArgusMallocList->lock);
22644 #endif
22645 if (ArgusMallocList->start == NULL) {
22646 if (ArgusMallocList->total < ARGUS_MEMORY_MAX) {
22647 if ((mem = (struct ArgusMemoryHeader *) ArgusCalloc (1, memlen)) == NULL)
22648 ArgusLog(LOG_ERR, "ArgusMallocListRecord ArgusCalloc %s", strerror(errno));
22649
22650 mem->len = length;
22651 ArgusMallocList->total++;
22652 ArgusMallocList->out++;
22653
22654 }
22655
22656 } else {
22657 mem = ArgusMallocList->start;
22658 ArgusMallocList->start = mem->nxt;
22659 ArgusMallocList->out++;
22660 ArgusMallocList->count--;
22661
22662 if (ArgusMallocList->start == NULL) {
22663 ArgusMallocList->end = NULL;
22664 ArgusMallocList->count = 0;
22665 }
22666 }
22667 #if defined(ARGUS_THREADS)
22668 pthread_mutex_unlock(&ArgusMallocList->lock);
22669 #endif
22670 }
22671
22672 if (mem != NULL)
22673 retn = (void *)(mem + 1);
22674
22675 #ifdef ARGUSDEBUG
22676 ArgusDebug (8, "ArgusMallocListRecord (%d) returning %p total %d out %d\n", length, retn, ArgusMallocList->total, ArgusMallocList->out);
22677 #endif
22678 return (retn);
22679 }
22680
22681 void
ArgusFreeListRecord(struct ArgusParserStruct * parser,void * buf)22682 ArgusFreeListRecord (struct ArgusParserStruct *parser, void *buf)
22683 {
22684 struct ArgusMemoryHeader *mem = (struct ArgusMemoryHeader *)buf;
22685 struct ArgusRecordStruct *rec = buf;
22686 struct ArgusHashTableHdr *htblhdr;
22687 struct ArgusQueueStruct *nsq;
22688
22689 if ((htblhdr = rec->htblhdr) != NULL) {
22690 #ifdef ARGUSDEBUG
22691 ArgusDebug (5, "ArgusFreeListRecord (%p) htbldr %p\n", buf, htblhdr);
22692 #endif
22693 }
22694
22695 if ((nsq = rec->nsq) != NULL) {
22696 #ifdef ARGUSDEBUG
22697 ArgusDebug (5, "ArgusFreeListRecord (%p) nsq %p\n", buf, nsq);
22698 #endif
22699 }
22700
22701 if (rec->dsrs[ARGUS_SRCUSERDATA_INDEX] != NULL) {
22702 ArgusFree(rec->dsrs[ARGUS_SRCUSERDATA_INDEX]);
22703 rec->dsrs[ARGUS_SRCUSERDATA_INDEX] = NULL;
22704 }
22705
22706 if (rec->dsrs[ARGUS_DSTUSERDATA_INDEX] != NULL) {
22707 ArgusFree(rec->dsrs[ARGUS_DSTUSERDATA_INDEX]);
22708 rec->dsrs[ARGUS_DSTUSERDATA_INDEX] = NULL;
22709 }
22710
22711 mem = mem - 1;
22712
22713 if (ArgusMallocList == NULL) {
22714 ArgusFree(mem);
22715
22716 } else {
22717 #if defined(ARGUS_THREADS)
22718 if (pthread_mutex_lock(&ArgusMallocList->lock) == 0) {
22719 #endif
22720 if (ArgusMallocList->count < ARGUS_MEMORY_HI_THRESH) {
22721 mem->nxt = NULL;
22722 if (ArgusMallocList->end != NULL)
22723 ArgusMallocList->end->nxt = mem;
22724
22725 ArgusMallocList->end = mem;
22726
22727 if (ArgusMallocList->start == NULL)
22728 ArgusMallocList->start = mem;
22729
22730 ArgusMallocList->count++;
22731
22732 } else {
22733 ArgusMallocList->total--;
22734 ArgusFree(mem);
22735 }
22736
22737 ArgusMallocList->in++;
22738
22739 #if defined(ARGUS_THREADS)
22740 pthread_mutex_unlock(&ArgusMallocList->lock);
22741 }
22742 #endif
22743 }
22744
22745 #ifdef ARGUSDEBUG
22746 ArgusDebug (5, "ArgusFreeListRecord (%p, %p) returning\n", parser, buf);
22747 #endif
22748 return;
22749 }
22750
22751 #include <syslog.h>
22752
22753 struct ArgusLogPriorityStruct {
22754 int priority;
22755 char *label;
22756 };
22757
22758 #define ARGUSPRIORITYSTR 8
22759 struct ArgusLogPriorityStruct ArgusPriorityStr[ARGUSPRIORITYSTR] =
22760 {
22761 { LOG_EMERG, "ArgusEmergency" },
22762 { LOG_ALERT, "ArgusAlert" },
22763 { LOG_CRIT, "ArgusCritical" },
22764 { LOG_ERR, "ArgusError" },
22765 { LOG_WARNING, "ArgusWarning" },
22766 { LOG_NOTICE, "ArgusNotice" },
22767 { LOG_INFO, "ArgusInfo" },
22768 { LOG_DEBUG, "ArgusDebug" },
22769 };
22770
22771 extern char *print_time(struct timeval *);
22772
22773 void
ArgusLog(int priority,char * fmt,...)22774 ArgusLog (int priority, char *fmt, ...)
22775 {
22776 va_list ap;
22777 char *buf = NULL, *ptr = NULL;
22778 struct timeval now;
22779 char *label = NULL;
22780 int i, slen;
22781
22782 if ((buf = (char *)ArgusCalloc(1, MAXSTRLEN)) == NULL)
22783 ArgusLog(LOG_ERR, "ArgusLog ArgusCalloc: error %s", strerror(errno));
22784
22785 ptr = buf;
22786 gettimeofday (&now, 0L);
22787
22788 #if defined(ARGUS_THREADS)
22789 if (ArgusParser)
22790 pthread_mutex_lock(&ArgusParser->lock);
22791 #endif
22792
22793 #ifdef ARGUS_SYSLOG
22794 #ifndef LOG_PERROR
22795 #define LOG_PERROR LOG_CONS
22796 #endif
22797 openlog (ArgusParser->ArgusProgramName, LOG_PID | LOG_PERROR, LOG_DAEMON);
22798 ArgusPrintTime(ArgusParser, buf, &now);
22799 ptr = &buf[strlen(buf)];
22800 *ptr++ = ' ';
22801 #else
22802
22803 if (priority == LOG_NOTICE)
22804 return;
22805
22806 gettimeofday (&now, 0L);
22807
22808 #if defined(ARGUS_THREADS)
22809 {
22810 pthread_t ptid;
22811 char pbuf[128];
22812 int i;
22813
22814 bzero(pbuf, sizeof(pbuf));
22815 ptid = pthread_self();
22816 for (i = 0; i < sizeof(ptid); i++) {
22817 snprintf (&pbuf[i*2], 3, "%02hhx", ((char *)&ptid)[i]);
22818 }
22819 (void) sprintf (buf, "%s[%d.%s]: ", ArgusParser->ArgusProgramName, (int)getpid(), pbuf);
22820 }
22821 #else
22822 (void) sprintf (buf, "%s[%d]: ", ArgusParser->ArgusProgramName, (int)getpid());
22823 #endif
22824
22825 ArgusPrintTime(ArgusParser, &buf[strlen(buf)], &now);
22826 ptr = &buf[strlen(buf)];
22827 *ptr++ = ' ';
22828 #endif
22829
22830 #if defined(__STDC__)
22831 va_start(ap, fmt);
22832 #else
22833 va_start(ap);
22834 #endif
22835
22836 (void) vsnprintf (ptr, (MAXSTRLEN - strlen(buf)), fmt, ap);
22837 va_end (ap);
22838
22839 slen = strlen(buf);
22840 while (buf[slen] == '\n') {
22841 buf[slen - 1] = '\0';
22842 slen--;
22843 }
22844
22845 ptr = &buf[slen];
22846
22847 for (i = 0; i < ARGUSPRIORITYSTR; i++)
22848 if (ArgusPriorityStr[i].priority == priority) {
22849 label = ArgusPriorityStr[i].label;
22850 break;
22851 }
22852
22853 if (ArgusParser->RaCursesMode) {
22854 if (priority == LOG_ERR) {
22855 ArgusWindowClose();
22856 fprintf (stderr, "%s: %s", label, buf);
22857 } else {
22858 #if defined(ARGUS_THREADS)
22859 #endif
22860 snprintf (ArgusParser->RaDebugString, 1024, "%s: %s\n", label, buf);
22861 ArgusParser->RaDebugStatus = 0;
22862 }
22863
22864 #if defined(ARGUS_THREADS)
22865 #endif
22866 } else {
22867 #ifdef ARGUS_SYSLOG
22868 if (strchr(buf, '%')) {
22869 char tbuf[MAXSTRLEN], *tptr = tbuf;
22870 int i, len = strlen(buf);
22871 memset(tbuf, 0, MAXSTRLEN);
22872 for (i = 0; i < len; i++) {
22873 if (buf[i] == '%')
22874 *tptr++ = '%';
22875 *tptr++ = buf[i];
22876 }
22877
22878 memset(buf, 0, MAXSTRLEN);
22879 strncpy(buf, tbuf, MAXSTRLEN);
22880 }
22881
22882 syslog (priority, "%s", buf);
22883 closelog ();
22884
22885 #if defined(ARGUS_SOLARIS)
22886 fprintf (stderr, "%s: %s", label, buf);
22887 #endif
22888 #else
22889 fprintf (stderr, "%s: %s", label, buf);
22890 #endif
22891 }
22892
22893 #if defined(ARGUS_THREADS)
22894 if (ArgusParser)
22895 pthread_mutex_unlock(&ArgusParser->lock);
22896 #endif
22897
22898 switch (priority) {
22899 case LOG_ERR:
22900 ArgusShutDown(-1);
22901 break;
22902
22903 case LOG_ALERT:
22904 ArgusParser->ArgusExitStatus = 2;
22905 break;
22906
22907 default:
22908 break;
22909 }
22910
22911 if (buf != NULL)
22912 ArgusFree(buf);
22913 }
22914
22915
22916 struct timeval *
RaMinTime(struct timeval * s1,struct timeval * s2)22917 RaMinTime (struct timeval *s1, struct timeval *s2)
22918 {
22919 struct timeval *retn = s2;
22920
22921 if ((s1->tv_sec < s2->tv_sec) || ((s1->tv_sec == s2->tv_sec) && (s1->tv_usec < s2->tv_usec)))
22922 retn = s1;
22923
22924 return (retn);
22925 }
22926
22927
22928 struct timeval *
RaMaxTime(struct timeval * s1,struct timeval * s2)22929 RaMaxTime (struct timeval *s1, struct timeval *s2)
22930 {
22931 struct timeval *retn = s2;
22932
22933 if ((s1->tv_sec > s2->tv_sec) || ((s1->tv_sec == s2->tv_sec) && (s1->tv_usec > s2->tv_usec)))
22934 retn = s1;
22935
22936 return (retn);
22937 }
22938
22939 float
RaDeltaFloatTime(struct timeval * s1,struct timeval * s2)22940 RaDeltaFloatTime (struct timeval *s1, struct timeval *s2)
22941 {
22942 float retn = 0.0;
22943
22944 if (s1 && s2) {
22945 double v1 = (s1->tv_sec * 1.0) + (s1->tv_usec / 1000000.0);
22946 double v2 = (s2->tv_sec * 1.0) + (s2->tv_usec / 1000000.0);
22947
22948 retn = v1 - v2;
22949 }
22950
22951 return (retn);
22952 }
22953
22954 int
RaDiffTime(struct timeval * s1,struct timeval * s2,struct timeval * diff)22955 RaDiffTime (struct timeval *s1, struct timeval *s2, struct timeval *diff)
22956 {
22957 int retn = 0;
22958
22959 if (s1 && s2 && diff) {
22960 bzero ((char *)diff, sizeof(*diff));
22961
22962 double v1 = (s1->tv_sec * 1.0) + (s1->tv_usec / 1000000.0);
22963 double v2 = (s2->tv_sec * 1.0) + (s2->tv_usec / 1000000.0);
22964 double f, i;
22965
22966 v1 -= v2;
22967
22968 f = modf(v1, &i);
22969
22970 diff->tv_sec = i;
22971 diff->tv_usec = f * 1000000;
22972
22973 retn = 1;
22974 }
22975
22976 return (retn);
22977 }
22978
22979
22980 long long
ArgusDiffTime(struct ArgusTime * s1,struct ArgusTime * s2,struct timeval * diff)22981 ArgusDiffTime (struct ArgusTime *s1, struct ArgusTime *s2, struct timeval *diff)
22982 {
22983 long long v1 = 0, v2 = 0;
22984
22985 if (s1 && s2 && diff) {
22986 v1 = (s1->tv_sec * 1000000LL) + s1->tv_usec;
22987 v2 = (s2->tv_sec * 1000000LL) + s2->tv_usec;
22988
22989 v1 -= v2;
22990
22991 diff->tv_sec = v1 / 1000000;
22992 diff->tv_usec = v1 % 1000000;
22993 }
22994
22995 return (v1);
22996 }
22997
22998
22999 #include <ctype.h>
23000
23001
23002 #define ARGUS_INTERSECTS_TIME 1
23003 #define ARGUS_SPANS_TIME 2
23004 #define ARGUS_INCLUDES_TIME 2
23005 #define ARGUS_CONTAINS_TIME 3
23006
23007 int ArgusTimeRangeStrategy = ARGUS_INTERSECTS_TIME;
23008 int ArgusTimeRangeNegation = 0;
23009
23010 int
ArgusParseTimeArg(char ** argp,char * args[],int ind,struct tm * tm)23011 ArgusParseTimeArg (char **argp, char *args[], int ind, struct tm *tm)
23012 {
23013 char buf[64], *ptr = buf, *tmp, *end = NULL;
23014 char *arg = *argp;
23015 int retn = -1;
23016
23017 bzero (buf, 64);
23018
23019 if (!(isdigit((int)*arg))) {
23020 if (*arg == 'x') {
23021 ArgusTimeRangeNegation = 1;
23022 arg++;
23023 }
23024 switch (*arg) {
23025 case 'i': ArgusTimeRangeStrategy = ARGUS_INTERSECTS_TIME; ptr = &buf[1]; break; // intersects
23026 case 'c': ArgusTimeRangeStrategy = ARGUS_CONTAINS_TIME; ptr = &buf[1]; break; // contains the record
23027 case 'n': ArgusTimeRangeStrategy = ARGUS_SPANS_TIME; ptr = &buf[1]; break; // includes the specified time range
23028 case 's': ArgusTimeRangeStrategy = ARGUS_SPANS_TIME; ptr = &buf[1]; break;
23029 }
23030 }
23031
23032 strncpy (buf, arg, 64);
23033 end += strlen (buf);
23034 if ((tmp = strchr(arg, '+')) && (*(tmp + 1) != '\0')) {
23035 retn = 0;
23036 } else
23037 if ((tmp = strchr(arg, '-')) && (*(tmp + 1) != '\0')) {
23038 retn = 0;
23039 } else {
23040 if (args) {
23041 if (args[ind] && (*args[ind] == '-')) {
23042 if (strlen (args[ind]) == 1) {
23043 retn = 0;
23044 if (args[ind + 1] != NULL) {
23045 if (!(ArgusCheckTimeFormat (tm, args[ind + 1]))) {
23046 strncat (buf, "-", (64 - strlen(buf)));
23047 strncat (buf, args[ind + 1], (64 - strlen(buf)));
23048 if (ArgusParser->timearg != NULL)
23049 free(ArgusParser->timearg);
23050 ArgusParser->timearg = strdup(buf);
23051 retn = 2;
23052 }
23053 }
23054
23055 } else {
23056 tmp = args[ind];
23057 if (isdigit((int)*(tmp + 1))) {
23058 strncat (buf, args[ind], (64 - strlen(buf)));
23059 if (ArgusParser->timearg != NULL)
23060 free(ArgusParser->timearg);
23061 ArgusParser->timearg = strdup(buf);
23062 retn = 1;
23063 } else
23064 retn = 0;
23065 }
23066 } else
23067 retn = 0;
23068 }
23069 }
23070
23071 if (ArgusCheckTimeFormat (tm, ptr))
23072 ArgusLog (LOG_ERR, "time syntax error %s", buf);
23073
23074 #ifdef ARGUSDEBUG
23075 ArgusDebug (5, "ArgusParseTimeArg (%s, %d, %p)\n", buf, ind, tm);
23076 #endif
23077
23078 return (retn);
23079 }
23080
23081
23082 #define ARGUS_YEAR 1
23083 #define ARGUS_MONTH 2
23084 #define ARGUS_DAY 3
23085 #define ARGUS_HOUR 4
23086 #define ARGUS_MIN 5
23087 #define ARGUS_SEC 6
23088
23089 int RaDaysInAMonth[12] = {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31};
23090
23091 int
ArgusCheckTimeFormat(struct tm * tm,char * str)23092 ArgusCheckTimeFormat (struct tm *tm, char *str)
23093 {
23094 int retn = 0, startfrac = 0, lastfrac = 0;
23095 char *ptr, buf[128];
23096
23097 /* time - [time] explicit timestamp range */
23098 /* time + [time] explicit timestamp with range offset */
23099
23100 bzero (buf, sizeof(buf));
23101 strncpy (buf, str, 120);
23102
23103 if ((ptr = strpbrk (buf, "smhdMy")) != NULL) {
23104 if (tm->tm_year == 0) {
23105 time_t tsec = ArgusParser->ArgusGlobalTime.tv_sec;
23106 localtime_r(&tsec, tm);
23107 bcopy ((char *)tm, (char *)&ArgusParser->RaLastFilter, sizeof(struct tm));
23108 } else {
23109 bcopy ((char *)tm, (char *)&ArgusParser->RaLastFilter, sizeof(struct tm));
23110 }
23111 }
23112
23113 if (*buf == '-')
23114 *buf = '_';
23115
23116 if (((ptr = strchr(buf, '-')) != NULL) || ((ptr = strchr(buf, '+')) != NULL)) {
23117 char mode = *ptr;
23118 if (*buf == '_') *buf = '-';
23119
23120 *ptr++ = '\0';
23121
23122 while (isspace((int) buf[strlen(buf) - 1]))
23123 buf[strlen(buf) - 1] = 0;
23124 while (isspace((int) *ptr))
23125 ptr++;
23126
23127 if ((retn = ArgusParseTime (ArgusParser, &ArgusParser->RaStartFilter, tm, buf, ' ', &startfrac)) > 0)
23128 ArgusParseTime (ArgusParser, &ArgusParser->RaLastFilter, &ArgusParser->RaStartFilter, ptr, mode, &lastfrac);
23129
23130 if (retn >= 0)
23131 retn = 0;
23132
23133 } else {
23134
23135 /* this is a time stamp should be preceeded with a '-' (translated to '_' */
23136
23137 int len = strlen(buf);
23138
23139 if (len > 0) {
23140 char mode = ' ';
23141
23142 if (*buf == '_')
23143 *buf = '-';
23144
23145 bcopy ((char *)tm, (char *)&ArgusParser->RaStartFilter, sizeof(struct tm));
23146 bcopy ((char *)tm, (char *)&ArgusParser->RaLastFilter, sizeof(struct tm));
23147
23148 if ((retn = ArgusParseTime (ArgusParser, &ArgusParser->RaStartFilter, &ArgusParser->RaLastFilter, buf, mode, &startfrac)) > 0) {
23149 lastfrac = startfrac;
23150 if (*buf != '-') {
23151 bcopy ((char *)&ArgusParser->RaStartFilter, (char *)&ArgusParser->RaLastFilter, sizeof(struct tm));
23152
23153 if (buf[len - 1] != '.') {
23154 switch (retn) {
23155 case ARGUS_YEAR: ArgusParser->RaLastFilter.tm_year++; break;
23156 case ARGUS_MONTH: ArgusParser->RaLastFilter.tm_mon++; break;
23157 case ARGUS_DAY: ArgusParser->RaLastFilter.tm_mday++; break;
23158 case ARGUS_HOUR: ArgusParser->RaLastFilter.tm_hour++; break;
23159 case ARGUS_MIN: ArgusParser->RaLastFilter.tm_min++; break;
23160 case ARGUS_SEC: ArgusParser->RaLastFilter.tm_sec++; break;
23161 default: break;
23162 }
23163
23164 while (tm->tm_sec > 59) {tm->tm_min++; tm->tm_sec -= 60;}
23165 while (tm->tm_min > 59) {tm->tm_hour++; tm->tm_min -= 60;}
23166 while (tm->tm_hour > 23) {tm->tm_mday++; tm->tm_hour -= 24;}
23167 while (tm->tm_mday > RaDaysInAMonth[tm->tm_mon]) {tm->tm_mday -= RaDaysInAMonth[tm->tm_mon]; tm->tm_mon++;}
23168 while (tm->tm_mon > 11) {tm->tm_year++; tm->tm_mon -= 12;}
23169 }
23170
23171 } else
23172 ArgusParseTime (ArgusParser, &ArgusParser->RaLastFilter, &ArgusParser->RaStartFilter, &buf[1], '+', &lastfrac);
23173
23174 retn = 0;
23175 }
23176 }
23177 }
23178
23179 if (retn == 0) {
23180 ArgusParser->startime_t.tv_sec = mktime (&ArgusParser->RaStartFilter);
23181 ArgusParser->startime_t.tv_usec = startfrac;
23182 ArgusParser->lasttime_t.tv_sec = mktime (&ArgusParser->RaLastFilter);
23183 ArgusParser->lasttime_t.tv_usec = lastfrac;
23184
23185 if (!((ArgusParser->lasttime_t.tv_sec > ArgusParser->startime_t.tv_sec) ||
23186 ((ArgusParser->lasttime_t.tv_sec == ArgusParser->startime_t.tv_sec) &&
23187 ((ArgusParser->lasttime_t.tv_usec > ArgusParser->startime_t.tv_usec))))) {
23188 ArgusLog (LOG_ERR, "error: invalid time range startime_t %d.%06d lasttime_t %d.%06d\n",
23189 (int)ArgusParser->startime_t.tv_sec, (int)ArgusParser->startime_t.tv_usec,
23190 (int)ArgusParser->lasttime_t.tv_sec, (int)ArgusParser->lasttime_t.tv_usec);
23191 }
23192 }
23193
23194 #ifdef ARGUSDEBUG
23195 ArgusDebug (3, "ArgusCheckTimeFormat (%p, %s) %d.%06d-%d.%06d\n", tm, str,
23196 (int)ArgusParser->startime_t.tv_sec, (int)ArgusParser->startime_t.tv_usec,
23197 (int)ArgusParser->lasttime_t.tv_sec, (int)ArgusParser->lasttime_t.tv_usec);
23198 #endif
23199
23200 return (retn);
23201 }
23202
23203
23204 int
ArgusParseTime(struct ArgusParserStruct * parser,struct tm * tm,struct tm * ctm,char * buf,char mode,int * frac)23205 ArgusParseTime (struct ArgusParserStruct *parser, struct tm *tm, struct tm *ctm, char *buf, char mode, int *frac)
23206 {
23207 char *hptr = NULL, *dptr = NULL, *mptr = NULL, *yptr = NULL, *pptr = NULL;
23208 char *minptr = NULL, *secptr = NULL, *ptr;
23209 char strbuf[128], *str = strbuf;
23210 int retn = 0, year = 0, month = 0, day = 0, hour = 0, mins = 0, sec = 0, sign = 1;
23211 time_t thistime = 0;
23212 double i;
23213
23214 /*[[[yyyy/]mm/]dd].]hh[:mm[:ss]]*/
23215 /* yyyy/mm */
23216 /* yyyy */
23217 /* %d[yMdhms] */
23218 /* %d[yMdhms][[+]%d[yMdhms]] explict time range */
23219 /* -%d[yMdhms] explicit time range ending with now time in the range */
23220
23221 bzero(str, sizeof(strbuf));
23222 strncpy(str, buf, sizeof(strbuf));
23223
23224 if (!(isdigit((int)*str)) && !(*str == '-') && !(*str == '*')) {
23225 retn = -1;
23226 } else {
23227 if ((ptr = strpbrk (str, "yMdhms")) != NULL) {
23228 int status = 0;
23229
23230 if (mode == ' ') {
23231 if (tm != &ArgusParser->RaLastFilter)
23232 bcopy ((u_char *) ctm, (u_char *) tm, sizeof (struct tm));
23233 } else
23234 bcopy ((u_char *) ctm, (u_char *) tm, sizeof (struct tm));
23235
23236 thistime = mktime (tm);
23237
23238 do {
23239 int wildcard = 0;
23240 char *endptr;
23241
23242 if (*str == '*') {
23243 wildcard++;
23244 switch (*ptr) {
23245 case 'y': i = 1970; status |= (1 << RAWILDCARDYEAR); break;
23246 case 'M': i = 0; status |= (1 << RAWILDCARDMONTH); break;
23247 case 'd': i = 1; status |= (1 << RAWILDCARDDAY); break;
23248 case 'h': i = 0; status |= (1 << RAWILDCARDHOUR); break;
23249 case 'm': i = 0; status |= (1 << RAWILDCARDMIN); break;
23250 case 's': i = 0; status |= (1 << RAWILDCARDSEC); break;
23251 }
23252 parser->RaWildCardDate = status;
23253
23254 } else {
23255 i = strtod(str, &endptr);
23256 if (endptr == str)
23257 ArgusLog (LOG_ERR, "time syntax error %s", parser->timearg);
23258 }
23259
23260 if ((i >= 0) && (mode == ' ')) {
23261 switch (*ptr) {
23262 case 'y': tm->tm_year = (i - 1900); retn = ARGUS_YEAR; break;
23263 case 'M': tm->tm_mon = (i - 1); retn = ARGUS_MONTH; break;
23264 case 'd': tm->tm_mday = i; retn = ARGUS_DAY; break;
23265 case 'h': tm->tm_hour = i; retn = ARGUS_HOUR; break;
23266 case 'm': tm->tm_min = i; retn = ARGUS_MIN; break;
23267 case 's': tm->tm_sec = i; retn = ARGUS_SEC; break;
23268 }
23269
23270 } else {
23271 if (tm != &ArgusParser->RaLastFilter)
23272 i++;
23273
23274 if (wildcard)
23275 ArgusLog (LOG_ERR, "time syntax error %s", parser->timearg);
23276
23277 switch (mode) {
23278 case '-': sign = -1; break;
23279 case '+': break;
23280 }
23281
23282 switch (*ptr) {
23283 case 'y': tm->tm_year += (i * sign); retn = ARGUS_YEAR; break;
23284
23285 case 'M': {
23286 while (i > tm->tm_mon) {
23287 tm->tm_year += 1 * sign;
23288 i -= 12;
23289 }
23290 tm->tm_mon += i * sign;
23291 thistime = mktime (tm);
23292 retn = ARGUS_MONTH;
23293 break;
23294 }
23295
23296 case 'd':
23297 thistime += (i * ((60 * 60) * 24)) * sign;
23298 localtime_r (&thistime, tm);
23299 retn = ARGUS_DAY;
23300 break;
23301
23302 case 'h':
23303 thistime += (i * (60 * 60)) * sign;
23304 localtime_r (&thistime, tm);
23305 retn = ARGUS_HOUR;
23306 break;
23307
23308 case 'm':
23309 thistime += (i * 60) * sign;
23310 localtime_r (&thistime, tm);
23311 retn = ARGUS_MIN;
23312 break;
23313
23314 case 's':
23315 thistime += i * sign;
23316 localtime_r (&thistime, tm);
23317 retn = ARGUS_SEC;
23318 break;
23319
23320 default:
23321 retn = -1;
23322 break;
23323 }
23324 }
23325
23326 if (retn >= 0) {
23327 str = ptr + 1;
23328 if ((!(isdigit((int)*str))) && !(*str == '*'))
23329 break;
23330 } else
23331 break;
23332
23333 } while ((ptr = strpbrk (str, "yMdhms")) != NULL);
23334
23335 switch (retn) {
23336 case ARGUS_YEAR: tm->tm_mon = 0;
23337 case ARGUS_MONTH: tm->tm_mday = 1;
23338 case ARGUS_DAY: tm->tm_hour = 0;
23339 case ARGUS_HOUR: tm->tm_min = 0;
23340 case ARGUS_MIN: tm->tm_sec = 0;
23341 case ARGUS_SEC: break;
23342 }
23343
23344 if ((retn >= 0) && (sign < 0)) {
23345 struct tm tmbuf;
23346 bcopy ((u_char *) ctm, (u_char *)&tmbuf, sizeof (struct tm));
23347 bcopy ((u_char *) tm, (u_char *) ctm, sizeof (struct tm));
23348 bcopy ((u_char *)&tmbuf, (u_char *) tm, sizeof (struct tm));
23349 }
23350
23351 } else {
23352 int status = parser->RaWildCardDate;
23353
23354 bcopy ((u_char *) ctm, (u_char *) tm, sizeof (struct tm));
23355 year = tm->tm_year;
23356 month = tm->tm_mon;
23357 day = tm->tm_mday;
23358 hour = tm->tm_hour;
23359 mins = tm->tm_min;
23360 sec = tm->tm_sec;
23361
23362 #if HAVE_STRUCT_TM_TM_ZONE
23363 tm->tm_zone = NULL;
23364 tm->tm_gmtoff = 0;
23365 #endif
23366 thistime = mktime (tm);
23367
23368 if ((hptr = strchr (str, '.')) != NULL) {
23369 if ((hptr - str) != (strlen(str) - 1)) {
23370 *hptr++ = '\0';
23371 if (!(isdigit((int)*hptr)) && !(*hptr == '*'))
23372 return -1;
23373 } else {
23374 *hptr = '\0';
23375 pptr = hptr;
23376 hptr = NULL;
23377 }
23378 }
23379
23380 if ((dptr = strrchr (str, '/')) != NULL) { /* mm/dd || yyyy/mm || yyyy/mm/dd */
23381 /* ^ */
23382 *dptr++ = '\0';
23383 if ((mptr = strrchr (str, '/')) != NULL) { /* yyyy/mm/dd */
23384 *mptr++ = '\0';
23385 yptr = str;
23386
23387 } else {
23388 if (strlen(str) == 4) {
23389 yptr = str;
23390 mptr = dptr;
23391 dptr = NULL;
23392 tm->tm_mday = 1;
23393 } else
23394 mptr = str;
23395 }
23396
23397 } else {
23398 if (hptr != NULL)
23399 dptr = str;
23400 else {
23401 int value = atoi(str);
23402 if ((value > 1900) && (value <= (tm->tm_year + 1900))) {
23403 yptr = str;
23404 hour = 0;
23405 } else
23406 hptr = str;
23407 }
23408 }
23409
23410 if (yptr) {
23411 if (strlen(yptr) != 4)
23412 return -1;
23413
23414 for (ptr = yptr, i = 0; i < strlen(yptr); i++) {
23415 if (*ptr == '*') {
23416 status |= 1 << RAWILDCARDYEAR;
23417 break;
23418 }
23419 if (!(isdigit((int)*ptr++)))
23420 return -1;
23421 }
23422
23423 if (!(status & (1 << RAWILDCARDYEAR))) {
23424 tm->tm_year = atoi(yptr) - 1900;
23425 } else
23426 tm->tm_year = 70;
23427 retn = ARGUS_YEAR;
23428 year = tm->tm_year;
23429 }
23430
23431 if (mptr) {
23432 if (strlen(mptr) != 2)
23433 return -1;
23434 for (ptr = mptr, i = 0; i < strlen(mptr); i++) {
23435 if (*ptr == '*') {
23436 status |= 1 << RAWILDCARDMONTH;
23437 break;
23438 }
23439 if (!(isdigit((int)*ptr++)))
23440 return -1;
23441 }
23442 if (!(status & (1 << RAWILDCARDMONTH))) {
23443 tm->tm_mon = atoi(mptr) - 1;
23444 } else
23445 tm->tm_mon = 0;
23446 retn = ARGUS_MONTH;
23447 month = tm->tm_mon;
23448 }
23449
23450 if (dptr) {
23451 if (strlen(dptr) != 2)
23452 return -1;
23453 for (ptr = dptr, i = 0; i < strlen(dptr); i++) {
23454 if (*ptr == '*') {
23455 status |= 1 << RAWILDCARDDAY;
23456 break;
23457 }
23458 if (!(isdigit((int)*ptr++)))
23459 return -1;
23460 }
23461 if (!(status & (1 << RAWILDCARDDAY))) {
23462 tm->tm_mday = atoi(dptr);
23463 } else
23464 tm->tm_mday = 1;
23465 retn = ARGUS_DAY;
23466 day = tm->tm_mday;
23467 }
23468
23469 if (hptr) {
23470 if ((pptr = strchr (hptr, '.')) != NULL) {
23471 char *tptr = pptr + 1;
23472 float scale = 1000000.0;
23473 *pptr = '\0';
23474
23475 while(isdigit(*tptr++)) scale /= 10.0;
23476 *frac = atoi(&pptr[1]) * scale;
23477 }
23478 if ((minptr = strchr (hptr, ':')) != NULL) {
23479 *minptr++ = '\0';
23480 if ((secptr = strchr (minptr, ':')) != NULL) {
23481 *secptr++ = '\0';
23482 }
23483 }
23484
23485 for (ptr = hptr, i = 0; i < strlen(hptr); i++) {
23486 if (*ptr == '*') {
23487 status |= 1 << RAWILDCARDHOUR;
23488 break;
23489 }
23490 if (!(isdigit((int)*ptr++)))
23491 return -1;
23492 }
23493
23494 if (!(status & (1 << RAWILDCARDHOUR))) {
23495 hour = atoi(hptr);
23496 if (hour < 24) {
23497 retn = ARGUS_HOUR;
23498 }
23499 } else
23500 hour = 0;
23501
23502 if (minptr != NULL) {
23503 for (ptr = minptr, i = 0; i < strlen(minptr); i++) {
23504 if (*ptr == '*') {
23505 status |= 1 << RAWILDCARDMIN;
23506 break;
23507 }
23508 if (!(isdigit((int)*ptr++)))
23509 return -1;
23510 }
23511
23512 if (!(status & (1 << RAWILDCARDMIN))) {
23513 mins = atoi(minptr);
23514 retn = ARGUS_MIN;
23515 } else
23516 mins = 0;
23517 }
23518
23519 if (secptr != NULL) {
23520 for (ptr = secptr, i = 0; i < strlen(secptr); i++) {
23521 if (*ptr == '*') {
23522 status |= 1 << RAWILDCARDSEC;
23523 break;
23524 }
23525 if (!(isdigit((int)*ptr++)))
23526 return -1;
23527 }
23528
23529 if (!(status & (1 << RAWILDCARDSEC))) {
23530 sec = atoi(secptr);
23531 retn = ARGUS_SEC;
23532 } else
23533 sec = 0;
23534 }
23535 }
23536
23537 switch (retn) {
23538 case ARGUS_YEAR: tm->tm_mon = month = 0;
23539 case ARGUS_MONTH: tm->tm_mday = day = 1;
23540 case ARGUS_DAY: tm->tm_hour = hour = 0;
23541 case ARGUS_HOUR: tm->tm_min = mins = 0;
23542 case ARGUS_MIN: tm->tm_sec = sec = 0;
23543 case ARGUS_SEC: break;
23544 }
23545
23546 if (hour > 24) {
23547 time_t value = hour;
23548 bzero(tm, sizeof(*tm));
23549 localtime_r (&value, tm);
23550 year = tm->tm_year;
23551 month = tm->tm_mon;
23552 day = tm->tm_mday;
23553 hour = tm->tm_hour;
23554 mins = tm->tm_min;
23555 sec = tm->tm_sec;
23556 retn = 1;
23557 status = 0;
23558
23559 } else {
23560 tm->tm_hour = hour;
23561 tm->tm_min = mins;
23562 tm->tm_sec = sec;
23563
23564 if (tm->tm_year < 0)
23565 retn = -1;
23566 if ((tm->tm_mon > 11) || (tm->tm_mon < 0))
23567 retn = -1;
23568 if ((tm->tm_mday > 31) || (tm->tm_mday < 1))
23569 retn = -1;
23570 if ((tm->tm_hour > 23) || (tm->tm_hour < 0))
23571 retn = -1;
23572 if ((tm->tm_min > 60) || (tm->tm_min < 0))
23573 retn = -1;
23574 if ((tm->tm_sec > 60) || (tm->tm_sec < 0))
23575 retn = -1;
23576 }
23577
23578 parser->RaWildCardDate = status;
23579
23580 if (retn >= 0) {
23581 #if HAVE_STRUCT_TM_TM_ZONE
23582 tm->tm_isdst = 0;
23583 tm->tm_gmtoff = 0;
23584 tm->tm_zone = 0;
23585 #endif
23586 thistime = mktime (tm);
23587
23588 #if HAVE_STRUCT_TM_TM_ZONE
23589 if (tm->tm_zone != NULL) {
23590 char *tmzone = strdup(tm->tm_zone);
23591 localtime_r (&thistime, tm);
23592 if (strncpy(tmzone, tm->tm_zone, strlen(tmzone))) {
23593 tm->tm_year = year;
23594 tm->tm_mon = month;
23595 tm->tm_mday = day;
23596 tm->tm_hour = hour;
23597 thistime = mktime (tm);
23598 }
23599 free(tmzone);
23600 }
23601 #endif
23602 }
23603
23604 if (pptr != NULL)
23605 *pptr = '.';
23606 }
23607
23608 if (!(parser->RaWildCardDate))
23609 ArgusParser->RaExplicitDate = 1;
23610 }
23611
23612 #ifdef ARGUSDEBUG
23613 {
23614 char *rstr;
23615 switch (retn) {
23616 case ARGUS_YEAR: rstr = "year"; break;
23617 case ARGUS_MONTH: rstr = "mon"; break;
23618 case ARGUS_DAY: rstr = "day"; break;
23619 case ARGUS_HOUR: rstr = "hour"; break;
23620 case ARGUS_MIN: rstr = "min"; break;
23621 case ARGUS_SEC: rstr = "sec"; break;
23622 }
23623
23624 ArgusDebug (3, "ArgusParseTime (%p, %p, %p, \"%s\", '%c', 0.%06d) retn %s(%d)\n", parser, tm, ctm, buf, mode, *frac, rstr, thistime);
23625 }
23626 #endif
23627 return (retn);
23628 }
23629
23630
23631 int
ArgusCheckTime(struct ArgusParserStruct * parser,struct ArgusRecordStruct * ns)23632 ArgusCheckTime (struct ArgusParserStruct *parser, struct ArgusRecordStruct *ns)
23633 {
23634 struct ArgusTimeObject *dtime = NULL;
23635 struct timeval start, last, pstart, plast;
23636 struct tm tmbuf, *tm;
23637 int retn = 0;
23638
23639 if ((ns->hdr.type & 0xF0) == ARGUS_MAR) {
23640 struct ArgusRecord *rec = (void *)ns->dsrs[0];
23641 if (rec != NULL) {
23642 start.tv_sec = rec->argus_mar.startime.tv_sec;
23643 start.tv_usec = rec->argus_mar.startime.tv_usec;
23644
23645 last.tv_sec = rec->argus_mar.now.tv_sec;
23646 last.tv_usec = rec->argus_mar.now.tv_usec;
23647 } else {
23648 bzero(&start, sizeof(start));
23649 bzero(&last, sizeof(last));
23650 }
23651
23652 } else {
23653 if ((dtime = (struct ArgusTimeObject *) ns->dsrs[ARGUS_TIME_INDEX]) != NULL) {
23654 struct timeval sst, sdt, dst, ddt;
23655
23656 start.tv_sec = 0x7FFFFFFF, start.tv_usec = 0;
23657 bzero(&last, sizeof(last));
23658
23659 sst.tv_sec = dtime->src.start.tv_sec;
23660 sst.tv_usec = dtime->src.start.tv_usec;
23661 sdt.tv_sec = dtime->src.end.tv_sec;
23662 sdt.tv_usec = dtime->src.end.tv_usec;
23663 dst.tv_sec = dtime->dst.start.tv_sec;
23664 dst.tv_usec = dtime->dst.start.tv_usec;
23665 ddt.tv_sec = dtime->dst.end.tv_sec;
23666 ddt.tv_usec = dtime->dst.end.tv_usec;
23667
23668 if (sst.tv_sec && ((start.tv_sec > sst.tv_sec) ||
23669 ((start.tv_sec == sst.tv_sec) &&
23670 (start.tv_usec > sst.tv_usec))))
23671 start = sst;
23672 if (sdt.tv_sec && ((start.tv_sec > sdt.tv_sec) ||
23673 ((start.tv_sec == sdt.tv_sec) &&
23674 (start.tv_usec > sdt.tv_usec))))
23675 start = sdt;
23676 if (dst.tv_sec && ((start.tv_sec > dst.tv_sec) ||
23677 ((start.tv_sec == dst.tv_sec) &&
23678 (start.tv_usec > dst.tv_usec))))
23679 start = dst;
23680 if (ddt.tv_sec && ((start.tv_sec > ddt.tv_sec) ||
23681 ((start.tv_sec == ddt.tv_sec) &&
23682 (start.tv_usec > ddt.tv_usec))))
23683 start = ddt;
23684
23685 if (sst.tv_sec && ((last.tv_sec < sst.tv_sec) ||
23686 ((last.tv_sec == sst.tv_sec) &&
23687 (last.tv_usec < sst.tv_usec))))
23688 last = sst;
23689 if (sdt.tv_sec && ((last.tv_sec < sdt.tv_sec) ||
23690 ((last.tv_sec == sdt.tv_sec) &&
23691 (last.tv_usec < sdt.tv_usec))))
23692 last = sdt;
23693 if (dst.tv_sec && ((last.tv_sec < dst.tv_sec) ||
23694 ((last.tv_sec == dst.tv_sec) &&
23695 (last.tv_usec < dst.tv_usec))))
23696 last = dst;
23697 if (ddt.tv_sec && ((last.tv_sec < ddt.tv_sec) ||
23698 ((last.tv_sec == ddt.tv_sec) &&
23699 (last.tv_usec < ddt.tv_usec))))
23700 last = ddt;
23701 }
23702 }
23703
23704 if ((parser->RaStartTime.tv_sec > start.tv_sec) ||
23705 ((parser->RaStartTime.tv_sec == start.tv_sec) &&
23706 (parser->RaStartTime.tv_usec > start.tv_usec))) {
23707
23708 parser->RaStartTime.tv_sec = start.tv_sec;
23709 parser->RaStartTime.tv_usec = start.tv_usec;
23710 }
23711
23712 if ((parser->RaEndTime.tv_sec < last.tv_sec) ||
23713 ((parser->RaEndTime.tv_sec == last.tv_sec) &&
23714 (parser->RaEndTime.tv_usec < last.tv_usec))) {
23715
23716 parser->RaEndTime.tv_sec = last.tv_sec;
23717 parser->RaEndTime.tv_usec = last.tv_usec;
23718 }
23719
23720 if ((ns->hdr.type & 0xF0) == ARGUS_MAR)
23721 parser->ArgusGlobalTime = last;
23722 else
23723 parser->ArgusGlobalTime = start;
23724
23725 gettimeofday(&parser->ArgusRealTime, 0);
23726 ArgusAdjustGlobalTime (parser, &parser->ArgusRealTime);
23727
23728 if (parser->tflag) {
23729 #if HAVE_STRUCT_TM_TM_ZONE
23730 int tm_gmtoff = 0;
23731 #endif
23732 time_t tsec;
23733
23734 bzero((char *)&pstart, sizeof(pstart));
23735 bzero((char *)&plast, sizeof(plast));
23736
23737 if (!parser->RaExplicitDate) {
23738 char *timearg = parser->timearg;
23739
23740 tsec = start.tv_sec;
23741 tm = localtime_r(&tsec, &tmbuf);
23742
23743 #if HAVE_STRUCT_TM_TM_ZONE
23744 tm_gmtoff = tm->tm_gmtoff;
23745 #endif
23746 if ((!isdigit((int)*timearg)) && (*timearg != '*')) timearg++;
23747
23748 if (parser->RaWildCardDate) {
23749 struct tm stmbuf, *stm;
23750 struct tm ltmbuf, *ltm;
23751 int i;
23752
23753 tsec = start.tv_sec;
23754 stm = localtime_r (&tsec, &stmbuf);
23755
23756 tsec = last.tv_sec;
23757 ltm = localtime_r (&tsec, <mbuf);
23758
23759 for (i = 0; i < RAMAXWILDCARDFIELDS; i++) {
23760 if (parser->RaWildCardDate & (1 << i)) {
23761 switch (i) {
23762 case RAWILDCARDYEAR: {
23763 stm->tm_year = 70; ltm->tm_year = 70;
23764 break;
23765 }
23766 case RAWILDCARDMONTH: {
23767 stm->tm_mon = 0; ltm->tm_mon = 0;
23768 break;
23769 }
23770 case RAWILDCARDDAY: {
23771 stm->tm_mday = 1; ltm->tm_mday = 1;
23772 break;
23773 }
23774 case RAWILDCARDHOUR: {
23775 stm->tm_hour = 0; ltm->tm_hour = 0;
23776 break;
23777 }
23778 case RAWILDCARDMIN: {
23779 stm->tm_min = 0; ltm->tm_min = 0;
23780 break;
23781 }
23782 case RAWILDCARDSEC: {
23783 stm->tm_sec = 0; ltm->tm_sec = 0;
23784 break;
23785 }
23786 }
23787 }
23788 }
23789 #if HAVE_STRUCT_TM_TM_ZONE
23790 stm->tm_zone = NULL;
23791 ltm->tm_zone = NULL;
23792 #endif
23793 start.tv_sec = mktime (stm);
23794 last.tv_sec = mktime (ltm);
23795
23796 #if HAVE_STRUCT_TM_TM_ZONE
23797 if ((tm_gmtoff -= stm->tm_gmtoff) != 0) {
23798 start.tv_sec += tm_gmtoff;
23799 last.tv_sec += tm_gmtoff;
23800 }
23801 #endif
23802 }
23803 }
23804
23805 pstart = parser->startime_t;
23806 plast = parser->lasttime_t;
23807
23808 if ((ns->hdr.type & 0xF0) == ARGUS_MAR) {
23809 if ((ns->hdr.cause & 0xF0) == ARGUS_START) {
23810 if ((start.tv_sec >= pstart.tv_sec) && (last.tv_sec <= plast.tv_sec))
23811 retn++;
23812 } else {
23813 if ((last.tv_sec >= pstart.tv_sec) && (last.tv_sec <= plast.tv_sec))
23814 retn++;
23815 }
23816 } else {
23817 struct timeval tvbuf, *tvp = &tvbuf;
23818
23819 tvp->tv_sec = dtime->src.start.tv_sec;
23820 tvp->tv_usec = dtime->src.start.tv_usec;
23821 RaDiffTime (tvp, &start, &parser->ArgusTimeOffset);
23822
23823 // here we want to provide flexibility in the time matching
23824 // we should support all the set operations that make sense
23825 // 1. the records are completely in the range
23826 // 2. the records intersect in any way
23827 // 3. the records overlap or span the range
23828 // 4. negaton of the tests
23829
23830 // #define ARGUS_INTERSECTS_TIME 1
23831 // #define ARGUS_SPANS_TIME 2
23832 // #define ARGUS_INCLUDES_TIME 2
23833 // #define ARGUS_CONTAINS_TIME 3
23834
23835 switch (ArgusTimeRangeStrategy) {
23836 case ARGUS_INTERSECTS_TIME: // the record intersects the range in any way
23837 if ((((pstart.tv_sec < start.tv_sec) ||
23838 ((pstart.tv_sec == start.tv_sec) && (pstart.tv_usec <= start.tv_usec))) &&
23839 ((plast.tv_sec > start.tv_sec) ||
23840 ((plast.tv_sec == start.tv_sec) && (plast.tv_usec >= start.tv_usec)))) ||
23841
23842 (((pstart.tv_sec < last.tv_sec) ||
23843 ((pstart.tv_sec == last.tv_sec) && (pstart.tv_usec < last.tv_usec))) &&
23844 ((plast.tv_sec > last.tv_sec) ||
23845 ((plast.tv_sec == last.tv_sec) && (plast.tv_usec >= last.tv_usec)))))
23846
23847 retn++;
23848 break;
23849
23850 case ARGUS_CONTAINS_TIME: // the record is completely within the filter time range
23851 if (((pstart.tv_sec < start.tv_sec) ||
23852 ((pstart.tv_sec == start.tv_sec) && (pstart.tv_usec <= start.tv_usec))) &&
23853 ((plast.tv_sec > last.tv_sec) ||
23854 ((plast.tv_sec == last.tv_sec) && (plast.tv_usec >= last.tv_usec))))
23855 retn++;
23856 break;
23857
23858 case ARGUS_SPANS_TIME: { // the filter time is completely within the argus record
23859 if (((start.tv_sec < pstart.tv_sec) || ((start.tv_sec == pstart.tv_sec) && (start.tv_usec <= pstart.tv_usec))) &&
23860 ((last.tv_sec > plast.tv_sec) || ((last.tv_sec == plast.tv_sec) && (last.tv_usec >= plast.tv_usec))))
23861 retn++;
23862 }
23863 }
23864 }
23865
23866 } else
23867 retn++;
23868
23869 return (ArgusTimeRangeNegation ? (retn ? 0 : 1) : retn);
23870 }
23871
23872
23873 int
ArgusGenerateCanonRecord(struct ArgusRecordStruct * argus)23874 ArgusGenerateCanonRecord (struct ArgusRecordStruct *argus)
23875 {
23876 int retn = 1;
23877 /*
23878 int i, ind = 0;
23879 struct ArgusDSRHeader **dsrs = NULL;
23880 struct ArgusCanonRecord *canon = &argus->canon;
23881
23882 if (!(argus->hdr.type & ARGUS_MAR)) {
23883 bcopy ((char *)&argus->hdr, (char *)&canon->hdr, sizeof(canon->hdr));
23884
23885 for (i = 0; i < ARGUSMAXDSRTYPE; i++) {
23886 ind = (1 << i);
23887 switch (ind) {
23888 case ARGUS_FLOW_INDEX:
23889 if (argus->dsrindex & (0x1 << ARGUS_FLOW_INDEX))
23890 bcopy((char *) dsrs[ARGUS_FLOW_INDEX], (char *)&canon->flow, dsrs[ARGUS_FLOW_INDEX]->argus_dsrvl8.len);
23891 break;
23892 case ARGUS_TIME_INDEX:
23893 if (argus->dsrindex & (0x1 << ARGUS_TIME_INDEX))
23894 bcopy((char *) dsrs[ARGUS_TIME_INDEX], (char *)&canon->time, dsrs[ARGUS_TIME_INDEX]->argus_dsrvl8.len);
23895 break;
23896 case ARGUS_TRANSPORT_INDEX:
23897 if (argus->dsrindex & (0x1 << ARGUS_TRANSPORT_INDEX))
23898 bcopy((char *) dsrs[ARGUS_TRANSPORT_INDEX], (char *)&canon->trans, dsrs[ARGUS_TRANSPORT_INDEX]->argus_dsrvl8.len);
23899 break;
23900 case ARGUS_METRIC_INDEX:
23901 if (argus->dsrindex & (0x1 << ARGUS_METRIC_INDEX))
23902 bcopy((char *) dsrs[ARGUS_METRIC_INDEX], (char *)&canon->metric, dsrs[ARGUS_METRIC_INDEX]->argus_dsrvl8.len);
23903 break;
23904 case ARGUS_NETWORK_INDEX:
23905 if (argus->dsrindex & (0x1 << ARGUS_NETWORK_INDEX))
23906 bcopy((char *) dsrs[ARGUS_NETWORK_INDEX], (char *)&canon->net, dsrs[ARGUS_NETWORK_INDEX]->argus_dsrvl8.len);
23907 break;
23908 }
23909 }
23910 }
23911 */
23912
23913 #ifdef ARGUSDEBUG
23914 ArgusDebug (7, "ArgusGenerateCanonRecord (%p) returning\n", argus);
23915 #endif
23916
23917 return (retn);
23918 }
23919
23920
23921 unsigned int ArgusIndexV2Record (struct ArgusV2Record *, struct ArgusV2FarHeaderStruct **);
23922 unsigned char *ArgusConvertRecord (struct ArgusInput *, char *);
23923
23924
23925 unsigned char *
ArgusConvertRecord(struct ArgusInput * input,char * ptr)23926 ArgusConvertRecord (struct ArgusInput *input, char *ptr)
23927 {
23928 if (input->ArgusConvBuffer == NULL) {
23929 if ((input->ArgusConvBuffer = (u_char *)ArgusCalloc (1, MAXARGUSRECORD)) == NULL)
23930 ArgusLog (LOG_ERR, "ArgusCalloc error %s", strerror(errno));
23931 }
23932
23933 switch (input->type) {
23934 case ARGUS_V2_DATA_SOURCE: {
23935 struct ArgusV2Record *argus2 = (struct ArgusV2Record *) ptr;
23936 struct ArgusRecord *argus = (struct ArgusRecord *)input->ArgusConvBuffer;
23937 #ifdef _LITTLE_ENDIAN
23938 ArgusV2NtoH(argus2);
23939 #endif
23940 if (argus2->ahdr.type & ARGUS_V2_MAR) {
23941 argus->hdr.type = (ARGUS_MAR | ARGUS_VERSION);
23942 switch (argus2->ahdr.cause) {
23943 case ARGUS_V2_START: argus->hdr.cause = ARGUS_START; break;
23944 case ARGUS_V2_STATUS: argus->hdr.cause = ARGUS_STATUS; break;
23945 case ARGUS_V2_STOP: argus->hdr.cause = ARGUS_STOP; break;
23946 case ARGUS_V2_SHUTDOWN: argus->hdr.cause = ARGUS_SHUTDOWN; break;
23947 case ARGUS_V2_TIMEOUT: argus->hdr.cause = ARGUS_TIMEOUT; break;
23948 case ARGUS_V2_ERROR: argus->hdr.cause = ARGUS_ERROR; break;
23949 }
23950 argus->hdr.len = (unsigned short) sizeof(struct ArgusRecord)/4;
23951
23952 argus->argus_mar.status = argus2->ahdr.status;
23953 if (argus->hdr.cause == ARGUS_START) {
23954 argus->argus_mar.thisid = argus2->argus_mar.argusid;
23955 argus->argus_mar.argusid = ARGUS_COOKIE;
23956 } else
23957 argus->argus_mar.argusid = argus2->argus_mar.argusid;
23958
23959 argus->argus_mar.startime = argus2->argus_mar.startime;
23960 argus->argus_mar.now = argus2->argus_mar.now;
23961
23962 argus->argus_mar.major_version = VERSION_MAJOR;
23963 argus->argus_mar.minor_version = VERSION_MINOR;
23964 argus->argus_mar.reportInterval = argus2->argus_mar.reportInterval;
23965 argus->argus_mar.argusMrInterval = argus2->argus_mar.argusMrInterval;
23966
23967 argus->argus_mar.localnet = argus2->argus_mar.localnet;
23968 argus->argus_mar.netmask = argus2->argus_mar.netmask;
23969
23970 argus->argus_mar.nextMrSequenceNum = argus2->argus_mar.nextMrSequenceNum;
23971
23972 argus->argus_mar.pktsRcvd = argus2->argus_mar.pktsRcvd;
23973 argus->argus_mar.bytesRcvd = argus2->argus_mar.bytesRcvd;
23974 argus->argus_mar.record_len = argus2->argus_mar.record_len;
23975
23976 ArgusHtoN(argus);
23977
23978 } else {
23979 struct ArgusV2FarHeaderStruct *hdrs[32];
23980 unsigned int ArgusThisFarStatus = ArgusIndexV2Record (argus2, hdrs);
23981 struct ArgusDSRHeader *dsr = (struct ArgusDSRHeader *) argus;
23982 int i, ind;
23983
23984 argus->hdr.type = (ARGUS_FAR | ARGUS_VERSION);
23985 switch (argus2->ahdr.cause) {
23986 case ARGUS_V2_START: argus->hdr.cause = ARGUS_START; break;
23987 case ARGUS_V2_STATUS: argus->hdr.cause = ARGUS_STATUS; break;
23988 case ARGUS_V2_STOP: argus->hdr.cause = ARGUS_STOP; break;
23989 }
23990
23991 argus->hdr.len = 1;
23992 dsr++;
23993
23994 for (i = 0; i < 32; i++) {
23995 ind = (1 << i);
23996 if (ArgusThisFarStatus & ind) {
23997 switch (ind) {
23998 case ARGUS_V2_FAR_DSR_STATUS: {
23999 struct ArgusV2FarStruct *far = (struct ArgusV2FarStruct *)hdrs[ARGUS_V2_FAR_DSR_INDEX];
24000 struct ArgusTransportStruct *trans = (struct ArgusTransportStruct *) dsr;
24001 struct ArgusIPAttrStruct ipattrbuf, *ipattr = NULL;
24002 struct ArgusFlow *flow = NULL;
24003 struct ArgusTimeObject *dtime = NULL;
24004 struct ArgusMetricStruct *metric = NULL;
24005
24006 long long *ptr;
24007
24008 trans->hdr.type = ARGUS_TRANSPORT_DSR;
24009 trans->hdr.subtype = ARGUS_SEQ | ARGUS_SRCID;
24010 trans->hdr.argus_dsrvl8.qual = ARGUS_TYPE_IPV4;
24011 trans->hdr.argus_dsrvl8.len = 3;
24012 trans->srcid.a_un.ipv4 = argus2->ahdr.argusid;
24013 trans->seqnum = argus2->ahdr.seqNumber;
24014
24015 dsr += trans->hdr.argus_dsrvl8.len;
24016 argus->hdr.len += trans->hdr.argus_dsrvl8.len;
24017 flow = (struct ArgusFlow *) dsr;
24018
24019 flow->hdr.type = ARGUS_FLOW_DSR;
24020 flow->hdr.subtype = ARGUS_FLOW_CLASSIC5TUPLE;
24021
24022 switch (argus2->ahdr.status & 0xFFFF) {
24023 case ETHERTYPE_IP:
24024 flow->hdr.argus_dsrvl8.qual = ARGUS_TYPE_IPV4;
24025
24026 ipattr = &ipattrbuf;
24027 bzero (ipattr, sizeof(*ipattr));
24028
24029 ipattr->hdr.type = ARGUS_IPATTR_DSR;
24030 ipattr->hdr.argus_dsrvl8.len = 1;
24031
24032 if (far->src.count) {
24033 ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_SRC;
24034 ipattr->hdr.argus_dsrvl8.len++;
24035 switch (far->flow.flow_union.ip.ip_p) {
24036 default:
24037 case IPPROTO_UDP:
24038 case IPPROTO_TCP:
24039 ipattr->src.ip_id = far->flow.flow_union.ip.ip_id;
24040 break;
24041 case IPPROTO_ICMP:
24042 ipattr->src.ip_id = far->flow.flow_union.icmp.ip_id;
24043 break;
24044 case IPPROTO_IGMP:
24045 ipattr->src.ip_id = far->flow.flow_union.igmp.ip_id;
24046 break;
24047 }
24048 ipattr->src.ttl = far->attr_ip.sttl;
24049 ipattr->src.tos = far->attr_ip.stos;
24050
24051 if (far->attr_ip.soptions) {
24052 if (far->attr_ip.soptions & ARGUS_V2_FRAGMENTS) {
24053 ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_SRC_FRAGMENTS;
24054 flow->hdr.argus_dsrvl8.qual |= ARGUS_FRAGMENT;
24055 far->attr_ip.soptions &= ~ARGUS_V2_FRAGMENTS;
24056 }
24057 if (far->attr_ip.soptions & ARGUS_V2_TIMESTAMP) ipattr->src.options |= ARGUS_TIMESTAMP;
24058 if (far->attr_ip.soptions & ARGUS_V2_SECURITY) ipattr->src.options |= ARGUS_SECURITY;
24059 if (far->attr_ip.soptions & ARGUS_V2_LSRCROUTE) ipattr->src.options |= ARGUS_LSRCROUTE;
24060 if (far->attr_ip.soptions & ARGUS_V2_SSRCROUTE) ipattr->src.options |= ARGUS_SSRCROUTE;
24061 if (far->attr_ip.soptions & ARGUS_V2_RECORDROUTE) ipattr->src.options |= ARGUS_RECORDROUTE;
24062 if (far->attr_ip.soptions & ARGUS_V2_SATNETID) ipattr->src.options |= ARGUS_SATID;
24063 if (ipattr->src.options) {
24064 ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_SRC_OPTIONS;
24065 ipattr->hdr.argus_dsrvl8.len++;
24066 }
24067 }
24068 }
24069
24070 if (far->dst.count) {
24071 ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_DST;
24072 ipattr->hdr.argus_dsrvl8.len++;
24073 switch (far->flow.flow_union.ip.ip_p) {
24074 default:
24075 case IPPROTO_UDP:
24076 case IPPROTO_TCP:
24077 ipattr->dst.ip_id = far->flow.flow_union.ip.ip_id;
24078 break;
24079 case IPPROTO_ICMP:
24080 ipattr->dst.ip_id = far->flow.flow_union.icmp.ip_id;
24081 break;
24082 case IPPROTO_IGMP:
24083 ipattr->dst.ip_id = far->flow.flow_union.igmp.ip_id;
24084 break;
24085 }
24086 ipattr->dst.ttl = far->attr_ip.dttl;
24087 ipattr->dst.tos = far->attr_ip.dtos;
24088
24089 if (far->attr_ip.doptions) {
24090 if (far->attr_ip.doptions & ARGUS_V2_FRAGMENTS) {
24091 ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_DST_FRAGMENTS;
24092 flow->hdr.argus_dsrvl8.qual |= ARGUS_FRAGMENT;
24093 far->attr_ip.doptions &= ~ARGUS_V2_FRAGMENTS;
24094 }
24095 if (far->attr_ip.doptions & ARGUS_V2_TIMESTAMP) ipattr->dst.options |= ARGUS_TIMESTAMP;
24096 if (far->attr_ip.doptions & ARGUS_V2_SECURITY) ipattr->dst.options |= ARGUS_SECURITY;
24097 if (far->attr_ip.doptions & ARGUS_V2_LSRCROUTE) ipattr->dst.options |= ARGUS_LSRCROUTE;
24098 if (far->attr_ip.doptions & ARGUS_V2_SSRCROUTE) ipattr->dst.options |= ARGUS_SSRCROUTE;
24099 if (far->attr_ip.doptions & ARGUS_V2_RECORDROUTE) ipattr->dst.options |= ARGUS_RECORDROUTE;
24100 if (far->attr_ip.doptions & ARGUS_V2_SATNETID) ipattr->dst.options |= ARGUS_SATID;
24101 if (ipattr->dst.options) {
24102 ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_DST_OPTIONS;
24103 ipattr->hdr.argus_dsrvl8.len++;
24104 }
24105 }
24106 }
24107 break;
24108
24109 case ETHERTYPE_REVARP:
24110 flow->hdr.argus_dsrvl8.qual = ARGUS_TYPE_RARP;
24111 break;
24112 case ETHERTYPE_ARP:
24113 flow->hdr.argus_dsrvl8.qual = ARGUS_TYPE_ARP;
24114 break;
24115 default:
24116 flow->hdr.argus_dsrvl8.qual = ARGUS_TYPE_ETHER;
24117 far->flow.flow_union.mac.ehdr.ether_type = argus2->ahdr.status & 0xFFFF;
24118 break;
24119 }
24120 flow->hdr.argus_dsrvl8.len = 5;
24121 bcopy ((char *)&far->flow.flow_union.ip, (char *)&flow->ip_flow, sizeof(flow->ip_flow));
24122
24123 dsr += flow->hdr.argus_dsrvl8.len;
24124 argus->hdr.len += flow->hdr.argus_dsrvl8.len;
24125 dtime = (struct ArgusTimeObject *) dsr;
24126
24127 dtime->hdr.type = ARGUS_TIME_DSR;
24128 dtime->hdr.subtype = ARGUS_TIME_ABSOLUTE_RANGE;
24129 dtime->hdr.argus_dsrvl8.qual = ARGUS_TYPE_UTC_MICROSECONDS;
24130 dtime->hdr.argus_dsrvl8.len = 5;
24131 bcopy ((char *)&far->time.start, (char *)&dtime->src.start, 16);
24132
24133 dsr += dtime->hdr.argus_dsrvl8.len;
24134 argus->hdr.len += dtime->hdr.argus_dsrvl8.len;
24135 metric = (struct ArgusMetricStruct *) dsr;
24136
24137 metric->hdr.type = ARGUS_METER_DSR;
24138 metric->hdr.subtype = ARGUS_METER_PKTS_BYTES_APP;
24139
24140 if ((far->src.count > 0) && (far->dst.count > 0)) {
24141 metric->hdr.argus_dsrvl8.qual = ARGUS_SRCDST_LONGLONG;
24142 metric->hdr.argus_dsrvl8.len = 13;
24143 ptr = &metric->src.pkts;
24144 *ptr++ = far->src.count;
24145 *ptr++ = far->src.bytes;
24146 *ptr++ = far->src.appbytes;
24147 *ptr++ = far->dst.count;
24148 *ptr++ = far->dst.bytes;
24149 *ptr++ = far->dst.appbytes;
24150 } else
24151 if (far->src.count > 0) {
24152 metric->hdr.argus_dsrvl8.qual = ARGUS_SRC_LONGLONG;
24153 metric->hdr.argus_dsrvl8.len = 7;
24154 ptr = &metric->src.pkts;
24155 *ptr++ = far->src.count;
24156 *ptr++ = far->src.bytes;
24157 *ptr++ = far->src.appbytes;
24158 } else {
24159 metric->hdr.argus_dsrvl8.qual = ARGUS_DST_LONGLONG;
24160 metric->hdr.argus_dsrvl8.len = 7;
24161 ptr = &metric->src.pkts;
24162 *ptr++ = far->dst.count;
24163 *ptr++ = far->dst.bytes;
24164 *ptr++ = far->dst.appbytes;
24165 }
24166
24167 dsr += metric->hdr.argus_dsrvl8.len;
24168 argus->hdr.len += metric->hdr.argus_dsrvl8.len;
24169
24170 if (ipattr != NULL) {
24171 unsigned int *dsrptr = (unsigned int *)(dsr + 1);
24172
24173 bcopy((char *) &ipattr->hdr, (char *) dsr, sizeof(*dsr));
24174
24175 if (ipattr->hdr.argus_dsrvl8.qual & ARGUS_IPATTR_SRC) {
24176 *dsrptr = *(unsigned int *)&ipattr->src;
24177 dsrptr++;
24178 }
24179 if (ipattr->hdr.argus_dsrvl8.qual & ARGUS_IPATTR_SRC_OPTIONS) {
24180 *dsrptr = *(unsigned int *)&ipattr->src.options;
24181 dsrptr++;
24182 }
24183 if (ipattr->hdr.argus_dsrvl8.qual & ARGUS_IPATTR_DST) {
24184 *dsrptr = *(unsigned int *)&ipattr->dst;
24185 dsrptr++;
24186 }
24187 if (ipattr->hdr.argus_dsrvl8.qual & ARGUS_IPATTR_DST_OPTIONS) {
24188 *dsrptr = *(unsigned int *)&ipattr->dst.options;
24189 dsrptr++;
24190 }
24191
24192 dsr += ipattr->hdr.argus_dsrvl8.len;
24193 argus->hdr.len += ipattr->hdr.argus_dsrvl8.len;
24194 }
24195
24196 break;
24197 }
24198
24199 case ARGUS_V2_TCP_DSR_STATUS: {
24200 struct ArgusV2TCPObject *nv2tcp = (struct ArgusV2TCPObject *)hdrs[ARGUS_V2_TCP_DSR_INDEX];
24201 struct ArgusNetworkStruct *net = (struct ArgusNetworkStruct *) dsr;
24202 struct ArgusTCPObject *tcp = (struct ArgusTCPObject *)&net->net_union.tcp;
24203
24204 net->hdr.type = ARGUS_NETWORK_DSR;
24205 net->hdr.subtype = ARGUS_TCP_PERF;
24206 net->hdr.argus_dsrvl8.len = ((sizeof(*tcp) + 3)/4) + 1;
24207
24208 tcp->status = nv2tcp->state;
24209 tcp->state = nv2tcp->status;
24210 tcp->options = nv2tcp->options;
24211 tcp->synAckuSecs = nv2tcp->synAckuSecs;
24212 tcp->ackDatauSecs = nv2tcp->ackDatauSecs;
24213 tcp->src.seqbase = nv2tcp->src.seqbase;
24214 tcp->src.ackbytes = nv2tcp->src.ackbytes;
24215 tcp->src.bytes = nv2tcp->src.bytes;
24216 tcp->src.retrans = nv2tcp->src.rpkts;
24217 tcp->src.win = nv2tcp->src.win;
24218 tcp->src.winshift = 0;
24219 tcp->src.flags = nv2tcp->src.flags;
24220 tcp->src.status = 0; tcp->src.seq = 0;
24221 tcp->src.ack = 0; tcp->src.winnum = 0;
24222 tcp->src.winbytes = 0;
24223 tcp->dst.seqbase = nv2tcp->dst.seqbase;
24224 tcp->dst.ackbytes = nv2tcp->dst.ackbytes;
24225 tcp->dst.bytes = nv2tcp->dst.bytes;
24226 tcp->dst.retrans = nv2tcp->dst.rpkts;
24227 tcp->dst.win = nv2tcp->dst.win;
24228 tcp->dst.winshift = 0;
24229 tcp->dst.flags = nv2tcp->dst.flags;
24230 tcp->dst.status = 0; tcp->dst.seq = 0;
24231 tcp->dst.ack = 0; tcp->dst.winnum = 0;
24232 tcp->dst.winbytes = 0;
24233
24234 dsr += net->hdr.argus_dsrvl8.len;
24235 argus->hdr.len += net->hdr.argus_dsrvl8.len;
24236 break;
24237 }
24238
24239 case ARGUS_V2_ICMP_DSR_STATUS: {
24240 struct ArgusV2ICMPObject *nv2icmp = (struct ArgusV2ICMPObject *)hdrs[ARGUS_V2_ICMP_DSR_INDEX];
24241 struct ArgusV2FarStruct *far = (struct ArgusV2FarStruct *)hdrs[ARGUS_V2_FAR_DSR_INDEX];
24242 struct ArgusIcmpStruct *icmp = (struct ArgusIcmpStruct *) dsr;
24243
24244 icmp->hdr.type = ARGUS_ICMP_DSR;
24245 icmp->hdr.subtype = 0;
24246
24247 if (far != NULL)
24248 icmp->hdr.argus_dsrvl8.qual = far->status & ARGUS_V2_ICMP_MAPPED;
24249 else
24250 icmp->hdr.argus_dsrvl8.qual = 0;
24251
24252 icmp->hdr.argus_dsrvl8.len = ((sizeof(*icmp) + 3)/4) + 1;
24253
24254 icmp->icmp_type = nv2icmp->icmp_type;
24255 icmp->icmp_code = nv2icmp->icmp_code;
24256 icmp->iseq = nv2icmp->iseq;
24257 icmp->osrcaddr = nv2icmp->osrcaddr;
24258 icmp->odstaddr = nv2icmp->odstaddr;
24259 icmp->isrcaddr = nv2icmp->isrcaddr;
24260 icmp->idstaddr = nv2icmp->idstaddr;
24261 icmp->igwaddr = nv2icmp->igwaddr;
24262
24263 dsr += icmp->hdr.argus_dsrvl8.len;
24264 argus->hdr.len += icmp->hdr.argus_dsrvl8.len;
24265 break;
24266 }
24267
24268 case ARGUS_V2_RTCP_DSR_STATUS: {
24269 struct ArgusV2RTCPObject *nv2rtcp = (struct ArgusV2RTCPObject *)hdrs[ARGUS_V2_RTCP_DSR_INDEX];
24270 struct ArgusNetworkStruct *net = (struct ArgusNetworkStruct *)dsr;
24271 struct ArgusRTCPObject *rtcp = &net->net_union.rtcp;
24272
24273 net->hdr.type = ARGUS_NETWORK_DSR;
24274 net->hdr.subtype = ARGUS_RTCP_FLOW;
24275
24276 net->hdr.argus_dsrvl8.len = (((sizeof(*rtcp) + 3)/4) + 1) + 1;
24277 bcopy((char *)&nv2rtcp->src, (char *)&rtcp->src, sizeof(rtcp->src));
24278 bcopy((char *)&nv2rtcp->dst, (char *)&rtcp->dst, sizeof(rtcp->dst));
24279 rtcp->sdrop = nv2rtcp->src_pkt_drop;
24280 rtcp->ddrop = nv2rtcp->dst_pkt_drop;
24281
24282 dsr += net->hdr.argus_dsrvl8.len;
24283 argus->hdr.len += net->hdr.argus_dsrvl8.len;
24284 break;
24285 }
24286 case ARGUS_V2_RTP_DSR_STATUS: {
24287 struct ArgusV2RTPObject *nv2rtp = (struct ArgusV2RTPObject *)hdrs[ARGUS_V2_RTP_DSR_INDEX];
24288 struct ArgusNetworkStruct *net = (struct ArgusNetworkStruct *)dsr;
24289 struct ArgusRTPObject *rtp = &net->net_union.rtp;
24290
24291 net->hdr.type = ARGUS_NETWORK_DSR;
24292 net->hdr.subtype = ARGUS_RTP_FLOW;
24293
24294 net->hdr.argus_dsrvl8.len = (((sizeof(*rtp) + 3)/4) + 1) + 1;
24295 bcopy((char *)&nv2rtp->src, (char *)&rtp->src, sizeof(rtp->src));
24296 bcopy((char *)&nv2rtp->dst, (char *)&rtp->dst, sizeof(rtp->dst));
24297 rtp->sdrop = nv2rtp->sdrop;
24298 rtp->ddrop = nv2rtp->ddrop;
24299 rtp->ssdev = nv2rtp->ssdev;
24300 rtp->dsdev = nv2rtp->dsdev;
24301
24302 dsr += net->hdr.argus_dsrvl8.len;
24303 argus->hdr.len += net->hdr.argus_dsrvl8.len;
24304 break;
24305 }
24306
24307 case ARGUS_V2_IGMP_DSR_STATUS:
24308 case ARGUS_V2_ARP_DSR_STATUS:
24309 break;
24310
24311 case ARGUS_V2_SRCUSRDATA_DSR_STATUS: {
24312 struct ArgusDataStruct *user = (struct ArgusDataStruct *)dsr;
24313 struct ArgusV2UserStruct *nv2user = (struct ArgusV2UserStruct *)hdrs[ARGUS_V2_SRCUSRDATA_DSR_INDEX];
24314 int len = (nv2user->length - 1) * 4;
24315 len = (len < argus2->argus_far.src.appbytes) ? len : argus2->argus_far.src.appbytes;
24316
24317 user->hdr.type = ARGUS_DATA_DSR;
24318 user->hdr.subtype = ARGUS_LEN_16BITS | ARGUS_SRC_DATA;
24319 user->hdr.argus_dsrvl16.len = nv2user->length + 1;
24320 user->size = (nv2user->length - 1) * 4;
24321 user->count = len;
24322
24323 bcopy (&nv2user->data, &user->array, (nv2user->length - 1) * 4);
24324 dsr += user->hdr.argus_dsrvl16.len;
24325 argus->hdr.len += user->hdr.argus_dsrvl16.len;
24326 break;
24327 }
24328
24329 case ARGUS_V2_DSTUSRDATA_DSR_STATUS: {
24330 struct ArgusDataStruct *user = (struct ArgusDataStruct *)dsr;
24331 struct ArgusV2UserStruct *nv2user = (struct ArgusV2UserStruct *)hdrs[ARGUS_V2_DSTUSRDATA_DSR_INDEX];
24332 int len = (nv2user->length - 1) * 4;
24333 len = (len < argus2->argus_far.dst.appbytes) ? len : argus2->argus_far.dst.appbytes;
24334
24335 user->hdr.type = ARGUS_DATA_DSR;
24336 user->hdr.subtype = ARGUS_LEN_16BITS | ARGUS_DST_DATA;
24337 user->hdr.argus_dsrvl16.len = nv2user->length + 1;
24338 user->size = (nv2user->length - 1) * 4;
24339 user->count = len;
24340
24341 bcopy (&nv2user->data, &user->array, (nv2user->length - 1) * 4);
24342 dsr += user->hdr.argus_dsrvl16.len;
24343 argus->hdr.len += user->hdr.argus_dsrvl16.len;
24344 break;
24345 }
24346
24347 case ARGUS_V2_ESP_DSR_STATUS:
24348 break;
24349
24350 case ARGUS_V2_AGR_DSR_STATUS:
24351 break;
24352
24353 case ARGUS_V2_TIME_DSR_STATUS: {
24354 struct ArgusJitterStruct *jitter = (struct ArgusJitterStruct *) dsr;
24355 struct ArgusV2TimeStruct *time = (struct ArgusV2TimeStruct *)hdrs[ARGUS_V2_TIME_DSR_INDEX];
24356 jitter->hdr.type = ARGUS_JITTER_DSR;
24357 jitter->hdr.subtype = 0;
24358 jitter->hdr.argus_dsrvl8.qual = (ARGUS_SRC_ACTIVE_JITTER | ARGUS_DST_ACTIVE_JITTER |
24359 ARGUS_SRC_IDLE_JITTER | ARGUS_DST_IDLE_JITTER );
24360 jitter->hdr.argus_dsrvl8.len = sizeof(*jitter) >> 2;
24361
24362 jitter->src.act.n = time->src.act.n;
24363 jitter->src.act.minval = time->src.act.minval;
24364 jitter->src.act.meanval = time->src.act.meanval;
24365 jitter->src.act.stdev = time->src.act.stdev;
24366 jitter->src.act.maxval = time->src.act.maxval;
24367
24368 jitter->src.idle.n = time->src.idle.n;
24369 jitter->src.idle.minval = time->src.idle.minval;
24370 jitter->src.idle.meanval = time->src.idle.meanval;
24371 jitter->src.idle.stdev = time->src.idle.stdev;
24372 jitter->src.idle.maxval = time->src.idle.maxval;
24373
24374 jitter->dst.act.n = time->dst.act.n;
24375 jitter->dst.act.minval = time->dst.act.minval;
24376 jitter->dst.act.meanval = time->dst.act.meanval;
24377 jitter->dst.act.stdev = time->dst.act.stdev;
24378 jitter->dst.act.maxval = time->dst.act.maxval;
24379
24380 jitter->dst.idle.n = time->dst.idle.n;
24381 jitter->dst.idle.minval = time->dst.idle.minval;
24382 jitter->dst.idle.meanval = time->dst.idle.meanval;
24383 jitter->dst.idle.stdev = time->dst.idle.stdev;
24384 jitter->dst.idle.maxval = time->dst.idle.maxval;
24385
24386 dsr += jitter->hdr.argus_dsrvl8.len;
24387 argus->hdr.len += jitter->hdr.argus_dsrvl8.len;
24388 break;
24389 }
24390 /*
24391 struct ArgusV2MacStruct {
24392 unsigned char type, length;
24393 unsigned short status;
24394 union {
24395 struct ArgusV2ETHERObject ether;
24396 } phys_union;
24397 };
24398 */
24399 case ARGUS_V2_MAC_DSR_STATUS: {
24400 struct ArgusMacStruct *mac = (struct ArgusMacStruct *) dsr;
24401 struct ArgusV2MacStruct *mac2 = (struct ArgusV2MacStruct *)hdrs[ARGUS_V2_MAC_DSR_INDEX];
24402 mac->hdr.type = ARGUS_MAC_DSR;
24403 mac->hdr.subtype = 0;
24404 mac->hdr.argus_dsrvl8.len = 5;
24405
24406 bcopy ((char *)&mac2->phys_union.ether.ethersrc,(char *)&mac->mac.mac_union.ether.ehdr.ether_shost, 6);
24407 bcopy ((char *)&mac2->phys_union.ether.etherdst,(char *)&mac->mac.mac_union.ether.ehdr.ether_dhost, 6);
24408 mac->mac.mac_union.ether.ehdr.ether_type = ntohs(mac2->status & 0xFFFF);
24409
24410 dsr += mac->hdr.argus_dsrvl8.len;
24411 argus->hdr.len += mac->hdr.argus_dsrvl8.len;
24412 break;
24413 }
24414
24415 case ARGUS_V2_VLAN_DSR_STATUS: {
24416 struct ArgusVlanStruct *vlan = (struct ArgusVlanStruct *) dsr;
24417 struct ArgusV2VlanStruct *nv2vlan = (struct ArgusV2VlanStruct *)hdrs[ARGUS_V2_VLAN_DSR_INDEX];
24418 vlan->hdr.type = ARGUS_VLAN_DSR;
24419 vlan->hdr.subtype = 0;
24420 vlan->hdr.argus_dsrvl8.len = sizeof(*vlan)/4;
24421 vlan->hdr.argus_dsrvl8.qual = 0;
24422
24423 if (nv2vlan->status & ARGUS_SRC_VLAN) {
24424 vlan->hdr.argus_dsrvl8.qual |= ARGUS_SRC_VLAN;
24425 vlan->sid = nv2vlan->sid;
24426 } else
24427 vlan->sid = 0;
24428
24429 if (nv2vlan->status & ARGUS_DST_VLAN) {
24430 vlan->hdr.argus_dsrvl8.qual |= ARGUS_DST_VLAN;
24431 vlan->did = nv2vlan->did;
24432 } else
24433 vlan->did = 0;
24434 dsr += vlan->hdr.argus_dsrvl8.len;
24435 argus->hdr.len += vlan->hdr.argus_dsrvl8.len;
24436
24437 break;
24438 }
24439 case ARGUS_V2_MPLS_DSR_STATUS: {
24440 struct ArgusMplsStruct *mpls = (struct ArgusMplsStruct *) dsr;
24441 struct ArgusV2MplsStruct *nv2mpls = (struct ArgusV2MplsStruct *)hdrs[ARGUS_V2_MPLS_DSR_INDEX];
24442 mpls->hdr.type = ARGUS_MPLS_DSR;
24443 mpls->hdr.subtype = 0;
24444 mpls->hdr.argus_dsrvl8.len = ((sizeof(*mpls) + 3)/4) + 1;
24445 mpls->slabel = nv2mpls->slabel;
24446 mpls->dlabel = nv2mpls->dlabel;
24447
24448 dsr += mpls->hdr.argus_dsrvl8.len;
24449 argus->hdr.len += mpls->hdr.argus_dsrvl8.len;
24450
24451 break;
24452 }
24453 case ARGUS_V2_FRG_DSR_STATUS:
24454 break;
24455 }
24456 }
24457 }
24458 ((unsigned int *)argus)[argus->hdr.len] = 0;
24459 ArgusHtoN(argus);
24460 }
24461 }
24462 }
24463
24464 return (input->ArgusConvBuffer);
24465 }
24466
24467
24468 int ArgusWriteConnection (struct ArgusParserStruct *parser, struct ArgusInput *, u_char *, int);
24469
24470 extern ArgusNetFlowHandler ArgusLookUpNetFlow(struct ArgusInput *, int);
24471
24472 #define CISCO_VERSION_1 1
24473 #define CISCO_VERSION_5 5
24474 #define CISCO_VERSION_6 6
24475 #define CISCO_VERSION_7 7
24476 #define CISCO_VERSION_8 8
24477
24478 #if defined(ARGUS_FLOWTOOLS)
24479 extern struct ArgusRecord *ArgusParseFlowToolsRecord (struct ArgusParserStruct *parser, struct ArgusInput *, struct fts3rec_all *);
24480 #endif
24481
24482 int
ArgusReadConnection(struct ArgusParserStruct * parser,struct ArgusInput * input,int type)24483 ArgusReadConnection (struct ArgusParserStruct *parser, struct ArgusInput *input, int type)
24484 {
24485 struct ArgusRecord argus;
24486 u_char *ptr = (u_char *)&argus;
24487 u_char buf[MAXARGUSRECORD];
24488 int cnt, retn = -1, found = 0, len;
24489
24490 ArgusParser->ArgusCurrentInput = input;
24491
24492 switch (type) {
24493 case ARGUS_FILE: {
24494 if (input->file != NULL) {
24495
24496
24497 switch (input->type) {
24498 case ARGUS_DATA_SOURCE:
24499 case ARGUS_V2_DATA_SOURCE: {
24500 if ((cnt = fread (&argus, 1, 16, input->file)) == 16) {
24501 #ifdef ARGUSDEBUG
24502 ArgusDebug (2, "ArgusReadConnection() read %d bytes\n", cnt);
24503 #endif
24504 if (((ptr[0] == 0x1F) && ((ptr[1] == 0x8B) || (ptr[1] == 0x9D))) ||
24505 ((ptr[0] == 0xFD) && (ptr[1] == 0x37) && (ptr[2] == 0x7A) && (ptr[3] == 0x58) && (ptr[4] == 0x5A) && (ptr[5] == 0x00)) ||
24506 ((ptr[0] == 0xFD) && ((ptr[1] == 0x37) || (ptr[2] == 0x7A))) ||
24507 ((ptr[0] == 'B') && (ptr[1] == 'Z') && (ptr[2] == 'h'))) {
24508 char cmd[256];
24509 bzero(cmd, 256);
24510
24511 fclose(input->file);
24512 input->file = NULL;
24513
24514 if (ptr[0] == 'B')
24515 strncpy(cmd, "bzip2 -dc ", 11);
24516 else
24517 if (ptr[1] == 0x8B)
24518 strncpy(cmd, "gzip -dc ", 11);
24519 else
24520 if ((ptr[0] == 0xFD) && (ptr[1] == 0x37) && (ptr[2] == 0x7A) && (ptr[3] == 0x58) && (ptr[4] == 0x5A) && (ptr[5] == 0x00))
24521 strncpy(cmd, "xzcat ", 7);
24522 else
24523 strncpy(cmd, "zcat ", 6);
24524
24525 strncat(cmd, input->filename, (256 - strlen(cmd)));
24526 strncat(cmd, " 2>/dev/null", (256 - strlen(cmd)));
24527
24528 if ((input->pipe = popen(cmd, "r")) == NULL)
24529 ArgusLog (LOG_ERR, "ArgusReadConnection: popen(%s) failed. %s", cmd, strerror(errno));
24530
24531 if ((cnt = fread (&argus, 1, 16, input->pipe)) != 16) {
24532 #ifdef ARGUSDEBUG
24533 ArgusDebug (1, "ArgusReadConnection: read from '%s' failed. %s", cmd, strerror(errno));
24534 #endif
24535 pclose(input->pipe);
24536 input->pipe = NULL;
24537 return (retn);
24538 } else {
24539 #ifdef ARGUSDEBUG
24540 ArgusDebug (1, "ArgusReadConnection() read %d bytes from pipe\n", cnt);
24541 #endif
24542 input->file = input->pipe;
24543 }
24544 }
24545
24546 input->offset = 16;
24547
24548 if ((argus.argus_mar.argusid == htonl(ARGUS_COOKIE)) ||
24549 (argus.argus_mar.argusid == ARGUS_COOKIE)) {
24550 int size = (sizeof(argus.hdr) + sizeof(argus.argus_mar)) - 16;
24551 int br = 0;
24552 cnt = 0;
24553 clearerr(input->file);
24554 while (cnt != size) {
24555 if ((br = fread (&((u_char *)&argus)[16 + cnt], 1, (size - cnt), input->file)) > 0) {
24556 cnt += br;
24557 } else {
24558 #ifdef ARGUSDEBUG
24559 ArgusDebug (1, "ArgusReadConnection() read returned zero %s.\n", strerror(errno));
24560 #endif
24561 /*
24562 if (feof(input->file) || ferror(input->file)) {
24563 if (input->pipe != NULL) {
24564 pclose(input->pipe);
24565 input->pipe = NULL;
24566 } else {
24567 fclose (input->file);
24568 }
24569 input->file = NULL;
24570 return (retn);
24571 }
24572 */
24573 }
24574 }
24575 #ifdef ARGUSDEBUG
24576 ArgusDebug (2, "ArgusReadConnection() read %d bytes\n", cnt);
24577 #endif
24578 input->offset += cnt;
24579 input->major_version = argus.argus_mar.major_version;
24580 input->minor_version = argus.argus_mar.minor_version;
24581 bcopy ((char *) &argus, (char *)&input->ArgusInitCon, sizeof (argus));
24582 bcopy ((char *) &argus, (char *)&input->ArgusManStart, sizeof (argus));
24583 #ifdef _LITTLE_ENDIAN
24584 ArgusNtoH((struct ArgusRecord *)&input->ArgusManStart);
24585 #endif
24586
24587 input->ArgusID = ntohl(argus.argus_mar.thisid);
24588 input->ArgusReadSize = argus.argus_mar.record_len;
24589
24590 fstat(fileno(input->file), &input->statbuf);
24591 ArgusParseInit (parser, input);
24592 bzero(buf, MAXSTRLEN);
24593 found++;
24594
24595 } else {
24596 struct ArgusV2Record *argus2 = (struct ArgusV2Record *) &argus;
24597
24598 if (argus2->ahdr.type & ARGUS_V2_MAR) {
24599 u_short length = ntohs(argus2->ahdr.length);
24600 u_int argusid = ntohl(argus2->ahdr.argusid);
24601 u_int status = ntohl(argus2->ahdr.status);
24602 u_int sequence = ntohl(argus2->ahdr.seqNumber);
24603
24604 if ((sequence == 0) && (length == sizeof (*argus2))) {
24605 if (argus2->ahdr.cause & ARGUS_V2_ERROR) {
24606 #ifdef ARGUSDEBUG
24607 ArgusDebug (1, "ArgusReadConnection() ARGUS_V2_ERROR Mar.\n");
24608 #endif
24609 if (status & ARGUS_MAXLISTENEXCD) {
24610 ArgusLog (LOG_ALERT, "remote exceed listen error.");
24611 if (input->pipe != NULL) {
24612 pclose(input->pipe);
24613 input->pipe = NULL;
24614 } else {
24615 fclose (input->file);
24616 }
24617 input->file = NULL;
24618 return (retn);
24619 }
24620 }
24621
24622 if (argus2->ahdr.cause == ARGUS_V2_START) {
24623 #ifdef ARGUSDEBUG
24624 ArgusDebug (5, "ArgusReadConnection() ARGUS_V2_START Mar.\n");
24625 #endif
24626 input->type = ARGUS_V2_DATA_SOURCE;
24627 if ((argusid == ARGUS_V2_COOKIE) && (sequence == 0)) {
24628 int size = (sizeof(argus.hdr) + sizeof(argus.argus_mar)) - 16;
24629
24630 if ((cnt = fread (&argus2->argus_mar, 1, size, input->file)) != size) {
24631 #ifdef ARGUSDEBUG
24632 ArgusDebug (1, "ArgusReadConnection() read failed for ARGUS_START Mar %s.\n",
24633 strerror(errno));
24634 #endif
24635 if (input->pipe != NULL) {
24636 pclose(input->pipe);
24637 input->pipe = NULL;
24638 } else {
24639 fclose (input->file);
24640 }
24641 input->file = NULL;
24642 return (retn);
24643 }
24644
24645 input->offset += cnt;
24646 ptr = ArgusConvertRecord(input, (char *)argus2);
24647 bcopy ((char *) ptr, (char *)&input->ArgusInitCon, sizeof (*argus2));
24648
24649 fstat(fileno(input->file), &input->statbuf);
24650 #ifdef _LITTLE_ENDIAN
24651 ArgusNtoH((struct ArgusRecord *)argus2);
24652 #endif
24653 bcopy ((char *) argus2, (char *)&input->ArgusManStart, sizeof (*argus2));
24654 input->major_version = MAJOR_VERSION_2;
24655 input->minor_version = MINOR_VERSION_0;
24656 input->ArgusReadSize = ((struct ArgusRecord *)argus2)->argus_mar.record_len;
24657
24658 input->ArgusID = argus2->argus_mar.argusid;
24659
24660 ArgusParseInit (parser, input);
24661 found++;
24662
24663 } else {
24664 ArgusLog (LOG_ALERT, "ArgusReadConnection: not Argus-2.0 data stream.");
24665 if (input->pipe != NULL) {
24666 pclose(input->pipe);
24667 input->pipe = NULL;
24668 } else {
24669 fclose (input->file);
24670 }
24671 input->file = NULL;
24672 }
24673 }
24674 }
24675 }
24676 }
24677 }
24678 break;
24679 }
24680
24681 case ARGUS_JFLOW_DATA_SOURCE:
24682 case ARGUS_CISCO_DATA_SOURCE: {
24683 char *ptr = (char *)&argus;
24684 #ifdef ARGUSDEBUG
24685 ArgusDebug (3, "ArgusReadConnection() testing for CISCO records\n");
24686 #endif
24687 if ((cnt = fread (&argus, 1, 16, input->file)) == 16) {
24688 if (!(strncmp(&ptr[3], "SOURCE", 6))) {
24689 BinaryHeaderF2 *ArgusNetFlow = (BinaryHeaderF2 *) buf;
24690 int size;
24691
24692 bcopy ((char *)&argus, buf, 16);
24693 size = sizeof(*ArgusNetFlow) - 16;
24694
24695 if ((cnt = fread (&buf[16], 1, size, input->file)) != size) {
24696 ArgusLog (LOG_ALERT, "ArgusReadConnection: reading %d bytes, got %d bytes. %s", size, cnt, strerror(errno));
24697 if (input->pipe != NULL) {
24698 pclose(input->pipe);
24699 input->pipe = NULL;
24700 } else {
24701 fclose (input->file);
24702 }
24703 input->file = NULL;
24704 return (-1);
24705
24706 } else {
24707 #ifdef _LITTLE_ENDIAN
24708 ArgusNetFlow->starttime = ntohl(ArgusNetFlow->starttime);
24709 ArgusNetFlow->endtime = ntohl(ArgusNetFlow->endtime);
24710 ArgusNetFlow->flows = ntohl(ArgusNetFlow->flows);
24711 ArgusNetFlow->missed = ntohl(ArgusNetFlow->missed);
24712 ArgusNetFlow->records = ntohl(ArgusNetFlow->records);
24713 #endif
24714 bzero ((char *)&argus, sizeof(argus));
24715 argus.hdr.type = ARGUS_MAR | ARGUS_NETFLOW | ARGUS_VERSION;
24716 argus.hdr.cause = ARGUS_START;
24717 argus.hdr.len = sizeof (argus) / 4;
24718 argus.argus_mar.argusid = ARGUS_COOKIE;
24719 if (input->addr.s_addr != 0)
24720 argus.argus_mar.thisid = input->addr.s_addr;
24721
24722 argus.argus_mar.startime.tv_sec = ArgusParser->ArgusGlobalTime.tv_sec;
24723 argus.argus_mar.now.tv_sec = ArgusParser->ArgusGlobalTime.tv_sec;
24724 argus.argus_mar.major_version = VERSION_MAJOR;
24725 argus.argus_mar.minor_version = VERSION_MINOR;
24726 argus.argus_mar.record_len = -1;
24727
24728 input->major_version = argus.argus_mar.major_version;
24729 input->minor_version = argus.argus_mar.minor_version;
24730
24731 if ((input->ArgusCiscoNetFlowParse =
24732 ArgusLookUpNetFlow(input, ArgusNetFlow->aggregation)) != NULL) {
24733 #ifdef _LITTLE_ENDIAN
24734 ArgusHtoN(&argus);
24735 #endif
24736 bcopy ((char *) &argus, (char *)&input->ArgusInitCon, sizeof (argus));
24737 #ifdef _LITTLE_ENDIAN
24738 ArgusNtoH(&argus);
24739 #endif
24740 input->type = ARGUS_DATA_SOURCE;
24741 ArgusParseInit (parser, input);
24742 input->type = ARGUS_CISCO_DATA_SOURCE;
24743 found++;
24744
24745 } else
24746 ArgusLog (LOG_ERR, "%s: not supported Cisco data stream.\n");
24747 }
24748
24749 } else {
24750 unsigned short vers;
24751 switch (vers = ntohs(*(unsigned short *)ptr)) {
24752 case CISCO_VERSION_1:
24753 case CISCO_VERSION_5:
24754 case CISCO_VERSION_6:
24755 case CISCO_VERSION_7:
24756 case CISCO_VERSION_8:
24757 found++;
24758 input->type = ARGUS_CISCO_DATA_SOURCE;
24759 fseek(input->file, 0, SEEK_SET);
24760 ArgusParseInit (parser, input);
24761 #ifdef ARGUSDEBUG
24762 ArgusDebug (3, "ArgusReadConnection() found cflowd record\n");
24763 #endif
24764 }
24765 }
24766
24767 break;
24768 }
24769 }
24770
24771 case ARGUS_SFLOW_DATA_SOURCE:
24772 #ifdef ARGUSDEBUG
24773 ArgusDebug (3, "ArgusReadConnection() testing for Sflow based records\n");
24774 #endif
24775 break;
24776
24777 #if defined(ARGUS_FLOWTOOLS)
24778 case ARGUS_FLOW_TOOLS_SOURCE: {
24779 struct fts3rec_all cur;
24780 struct fts3rec_offsets fo;
24781 struct ftver ftv;
24782 struct ftio ftio, *ftp = &ftio;
24783 struct ArgusRecord *argus;
24784 char *rec;
24785 int done = 0;
24786
24787 #ifdef ARGUSDEBUG
24788 ArgusDebug (3, "ArgusReadConnection() testing for Flow Tools based records\n");
24789 #endif
24790 if (ftio_init(ftp, fileno(input->file), FT_IO_FLAG_READ) < 0)
24791 ArgusLog (LOG_ERR, "ArgusReadConnection() flowtools ftio_init failed");
24792
24793 ftio_get_ver(ftp, &ftv);
24794 fts3rec_compute_offsets(&fo, &ftv);
24795
24796 while ((rec = ftio_read(ftp)) != NULL) {
24797 long long xfield;
24798 int i, fields = 0;
24799
24800 bzero(&cur, sizeof(cur));
24801
24802 for (i = 1, xfield = i; i < 32; i++) {
24803 xfield = FT_XFIELD_UNIX_SECS << (i - 1);
24804 if (!(ftio_check_xfield(ftp, xfield))) {
24805 switch (xfield) {
24806 case FT_XFIELD_UNIX_SECS: cur.unix_secs = ((u_int32_t *)(rec+fo.unix_secs)); break;
24807 case FT_XFIELD_UNIX_NSECS: cur.unix_nsecs = ((u_int32_t *)(rec+fo.unix_nsecs)); fields++; break;
24808 case FT_XFIELD_SYSUPTIME: cur.sysUpTime = ((u_int32_t *)(rec+fo.sysUpTime)); fields++; break;
24809 case FT_XFIELD_EXADDR: cur.exaddr = ((u_int32_t *)(rec+fo.exaddr)); fields++; break;
24810 case FT_XFIELD_DFLOWS: cur.dFlows = ((u_int32_t *)(rec+fo.dFlows)); fields++; break;
24811 case FT_XFIELD_DPKTS: cur.dPkts = ((u_int32_t *)(rec+fo.dPkts)); fields++; break;
24812 case FT_XFIELD_DOCTETS: cur.dOctets = ((u_int32_t *)(rec+fo.dOctets)); fields++; break;
24813 case FT_XFIELD_FIRST: cur.First = ((u_int32_t *)(rec+fo.First)); fields++; break;
24814 case FT_XFIELD_LAST: cur.Last = ((u_int32_t *)(rec+fo.Last)); fields++; break;
24815 case FT_XFIELD_ENGINE_TYPE: fields++; break;
24816 case FT_XFIELD_ENGINE_ID: fields++; break;
24817 case FT_XFIELD_SRCADDR: cur.srcaddr = ((u_int32_t *)(rec+fo.srcaddr)); fields++; break;
24818 case FT_XFIELD_DSTADDR: cur.dstaddr = ((u_int32_t *)(rec+fo.dstaddr)); fields++; break;
24819 case FT_XFIELD_NEXTHOP: fields++; break;
24820 case FT_XFIELD_INPUT: cur.input = ((u_int16_t *)(rec+fo.input)); fields++; break;
24821 case FT_XFIELD_OUTPUT: cur.output = ((u_int16_t *)(rec+fo.output)); fields++; break;
24822 case FT_XFIELD_SRCPORT: cur.srcport = ((u_int16_t *)(rec+fo.srcport)); fields++; break;
24823 case FT_XFIELD_DSTPORT: cur.dstport = ((u_int16_t *)(rec+fo.dstport)); fields++; break;
24824 case FT_XFIELD_PROT: cur.prot = ((u_int8_t *)(rec+fo.prot)); fields++; break;
24825 case FT_XFIELD_TOS: cur.tos = ((u_int8_t *)(rec+fo.tos)); fields++; break;
24826 case FT_XFIELD_TCP_FLAGS: cur.tcp_flags = ((u_int8_t *)(rec+fo.tcp_flags)); fields++; break;
24827 case FT_XFIELD_SRC_MASK: cur.src_mask = ((u_int8_t *)(rec+fo.src_mask)); fields++; break;
24828 case FT_XFIELD_DST_MASK: cur.dst_mask = ((u_int8_t *)(rec+fo.dst_mask)); fields++; break;
24829 case FT_XFIELD_SRC_AS: cur.src_as = ((u_int16_t *)(rec+fo.src_as)); fields++; break;
24830 case FT_XFIELD_DST_AS: cur.dst_as = ((u_int16_t *)(rec+fo.dst_as)); fields++; break;
24831 case FT_XFIELD_IN_ENCAPS: cur.in_encaps = ((u_int8_t *)(rec+fo.in_encaps)); fields++; break;
24832 case FT_XFIELD_OUT_ENCAPS: cur.out_encaps = ((u_int8_t *)(rec+fo.out_encaps)); fields++; break;
24833 case FT_XFIELD_PEER_NEXTHOP: cur.peer_nexthop = ((u_int32_t *)(rec+fo.peer_nexthop)); fields++; break;
24834 case FT_XFIELD_ROUTER_SC: cur.router_sc = ((u_int32_t *)(rec+fo.router_sc)); fields++; break;
24835 case FT_XFIELD_EXTRA_PKTS: cur.extra_pkts = ((u_int32_t *)(rec+fo.extra_pkts)); fields++; break;
24836 case FT_XFIELD_MARKED_TOS: cur.marked_tos = ((u_int8_t *)(rec+fo.marked_tos)); fields++; break;
24837 case FT_XFIELD_SRC_TAG: cur.src_tag = ((u_int32_t *)(rec+fo.src_tag)); fields++; break;
24838 case FT_XFIELD_DST_TAG: cur.dst_tag = ((u_int32_t *)(rec+fo.dst_tag)); fields++; break;
24839 }
24840 }
24841 }
24842
24843 if ((argus = ArgusParseFlowToolsRecord (ArgusParser, input, &cur)) != NULL) {
24844 if (argus && !done && !parser->RaParseDone) {
24845 int len = 0;
24846 if ((len = ArgusHandleRecord (ArgusParser, input, argus, &ArgusParser->ArgusFilterCode)) < 0) {
24847 retn = 1;
24848 done = 1;
24849 } else {
24850
24851 input->offset += len;
24852 input->ArgusReadPtr += len;
24853 input->ArgusReadSocketCnt -= len;
24854
24855 if (input->ostop != -1) {
24856 if (input->offset > input->ostop) {
24857 retn = 1;
24858 done++;
24859 }
24860 }
24861 }
24862
24863 } else
24864 done = 1;
24865 }
24866 }
24867 break;
24868 }
24869 #endif
24870
24871 default:
24872 ArgusLog (LOG_ERR, "ArgusReadConnection(0x%x) unknown source type", input);
24873 break;
24874 }
24875
24876 if (!found) {
24877 if (input->pipe != NULL) {
24878 pclose(input->pipe);
24879 input->pipe = NULL;
24880 } else {
24881 if (input->file != NULL)
24882 fclose (input->file);
24883 }
24884 input->file = NULL;
24885 } else
24886 retn = 1;
24887
24888 } else {
24889 if (input->pipe != NULL) {
24890 pclose(input->pipe);
24891 input->pipe = NULL;
24892 } else {
24893 if (input->file != NULL)
24894 fclose (input->file);
24895 }
24896 input->file = NULL;
24897 }
24898 break;
24899 }
24900
24901 case ARGUS_SOCKET: {
24902 switch (input->type) {
24903 case ARGUS_DATA_SOURCE:
24904 case ARGUS_V2_DATA_SOURCE: {
24905 if (input->mode == ARGUS_DATAGRAM_SOURCE) {
24906 ArgusParseInit (parser, input);
24907 retn = 0;
24908 #ifdef ARGUSDEBUG
24909 ArgusDebug (3, "ArgusReadConnection(0x%x, %d) reading juniper wire format", input, type);
24910 #endif
24911 } else {
24912 if (input->fd >= 0) {
24913 int bytes = 0;
24914 while (bytes < 16) {
24915 if ((cnt = read (input->fd, &((char *)&argus)[bytes], 16 - bytes)) > 0)
24916 bytes += cnt;
24917 else
24918 break;
24919 }
24920
24921 if (bytes == 16) {
24922 #ifdef ARGUSDEBUG
24923 ArgusDebug (2, "ArgusReadConnection() read %d bytes\n", cnt);
24924 #endif
24925 input->offset = 16;
24926
24927 if (((argus.hdr.type & 0x0F) >= MAJOR_VERSION_3) || (argus.argus_mar.argusid == htonl(ARGUS_COOKIE))) {
24928 switch (argus.hdr.cause & 0xF0) {
24929 case ARGUS_ERROR:
24930 switch (argus.hdr.cause & 0x0F) {
24931 case ARGUS_ACCESSDENIED:
24932 ArgusLog (LOG_ALERT, "remote access denied.");
24933 close (input->fd);
24934 input->fd = -1;
24935 return (retn);
24936 case ARGUS_MAXLISTENEXCD:
24937 ArgusLog (LOG_ALERT, "remote exceed listen error.");
24938 close (input->fd);
24939 input->fd = -1;
24940 return (retn);
24941 }
24942 break;
24943
24944 case ARGUS_START:
24945 if (argus.argus_mar.argusid == htonl(ARGUS_COOKIE)) {
24946 /*
24947 int size = (sizeof(argus.hdr) + sizeof(argus.argus_mar)) - 16;
24948
24949 if ((cnt = read (input->fd, &((u_char *)&argus)[16], size)) != size) {
24950 #ifdef ARGUSDEBUG
24951 ArgusDebug (1, "ArgusReadConnection() read failed for ARGUS_START Mar %s.\n", strerror(errno));
24952 #endif
24953 close (input->fd);
24954 input->fd = -1;
24955 return (retn);
24956 } else {
24957 #ifdef ARGUSDEBUG
24958 ArgusDebug (5, "ArgusReadConnection() read %d bytes\n", cnt);
24959 #endif
24960 }
24961 */
24962 int size = (sizeof(argus.hdr) + sizeof(argus.argus_mar)) - 16;
24963 int br = 0;
24964 cnt = 0;
24965 while (cnt != size) {
24966 if ((br = read (input->fd, &((u_char *)&argus)[16 + cnt], (size - cnt))) > 0) {
24967 cnt += br;
24968 } else {
24969 #ifdef ARGUSDEBUG
24970 ArgusDebug (1, "ArgusReadConnection() read returned zero %s.\n", strerror(errno));
24971 #endif
24972 if (br < 0) {
24973 if (input->pipe != NULL) {
24974 pclose(input->pipe);
24975 input->pipe = NULL;
24976 } else {
24977 close (input->fd);
24978 }
24979 input->fd = -1;
24980 return (retn);
24981 }
24982 }
24983 }
24984 input->offset += cnt;
24985 input->major_version = argus.argus_mar.major_version;
24986 input->minor_version = argus.argus_mar.minor_version;
24987 bcopy ((char *) &argus, (char *)&input->ArgusInitCon, sizeof (argus));
24988 bcopy ((char *) &argus, (char *)&input->ArgusManStart, sizeof (argus));
24989 #ifdef _LITTLE_ENDIAN
24990 ArgusNtoH((struct ArgusRecord *)&input->ArgusManStart);
24991 #endif
24992 input->ArgusID = ntohl(argus.argus_mar.thisid);
24993 input->ArgusReadSize = argus.argus_mar.record_len;
24994
24995 fstat(input->fd, &input->statbuf);
24996 ArgusParseInit (parser, input);
24997 found++;
24998 }
24999 break;
25000 }
25001
25002 } else {
25003 struct ArgusV2Record *argus2 = (struct ArgusV2Record *) &argus;
25004
25005 if (argus2->ahdr.type & ARGUS_V2_MAR) {
25006 u_short length = ntohs(argus2->ahdr.length);
25007 u_int argusid = ntohl(argus2->ahdr.argusid);
25008 u_int status = ntohl(argus2->ahdr.status);
25009 u_int sequence = ntohl(argus2->ahdr.seqNumber);
25010
25011 if (argus2->ahdr.cause & ARGUS_V2_ERROR) {
25012 #ifdef ARGUSDEBUG
25013 ArgusDebug (1, "ArgusReadConnection() ARGUS_V2_ERROR Mar.\n");
25014 #endif
25015 if (status & ARGUS_V2_MAXLISTENEXCD) {
25016 ArgusLog (LOG_ALERT, "remote exceed listen error.");
25017 close (input->fd);
25018 input->fd = -1;
25019 return (retn);
25020 }
25021 }
25022
25023 if (argus2->ahdr.cause == ARGUS_V2_START) {
25024 #ifdef ARGUSDEBUG
25025 ArgusDebug (5, "ArgusReadConnection() ARGUS_V2_START Mar.\n");
25026 #endif
25027 input->type = ARGUS_V2_DATA_SOURCE;
25028 if ((argusid == ARGUS_V2_COOKIE) && (sequence == 0)) {
25029 int size = length - sizeof(argus2->ahdr);
25030
25031 if ((cnt = read (input->fd, &argus2->argus_mar, size)) != size) {
25032 #ifdef ARGUSDEBUG
25033 ArgusDebug (1, "ArgusReadConnection() read failed for ARGUS_START Mar %s.\n", strerror(errno));
25034 #endif
25035 close (input->fd);
25036 input->fd = -1;
25037 return (retn);
25038 }
25039
25040 input->offset += cnt;
25041 ptr = ArgusConvertRecord(input, (char *)argus2);
25042 bcopy ((char *) ptr, (char *)&input->ArgusInitCon, sizeof (*argus2));
25043
25044 fstat(input->fd, &input->statbuf);
25045 #ifdef _LITTLE_ENDIAN
25046 ArgusNtoH((struct ArgusRecord *)argus2);
25047 #endif
25048 bcopy ((char *) argus2, (char *)&input->ArgusManStart, sizeof (*argus2));
25049 input->major_version = MAJOR_VERSION_2;
25050 input->minor_version = MINOR_VERSION_0;
25051 input->ArgusReadSize = ((struct ArgusRecord *)argus2)->argus_mar.record_len;
25052
25053 ArgusParseInit (parser, input);
25054 found++;
25055
25056 } else {
25057 ArgusLog (LOG_ALERT, "ArgusReadConnection: not Argus-2.0 data stream.");
25058 close (input->fd);
25059 input->fd = -1;
25060 }
25061 }
25062 }
25063 }
25064
25065 } else {
25066 if (cnt < 0)
25067 ArgusLog (LOG_ALERT, "ArgusReadConnection: %s %s.", input->hostname, strerror(errno));
25068 else
25069 ArgusLog (LOG_ALERT, "ArgusReadConnection: %s %s.", input->hostname, "connection closed");
25070 close (input->fd);
25071 input->fd = -1;
25072 }
25073
25074 if (found) {
25075 if (input->major_version >= MAJOR_VERSION_2) {
25076 if (argus.argus_mar.status & htonl(ARGUS_SASL_AUTHENTICATE)) {
25077 if (!(ArgusAuthenticate(input))) {
25078 close(input->fd);
25079 input->fd = -1;
25080 return (retn);
25081 }
25082 }
25083
25084 if (input->fd >= 0) {
25085 if (parser->ArgusRemoteFilter != NULL) {
25086 snprintf ((char *) buf, MAXSTRLEN-1, "FILTER: man or (%s)",
25087 (char *) parser->ArgusRemoteFilter);
25088
25089 len = strlen((char *) buf);
25090 if (ArgusWriteConnection (parser, input, (u_char *) buf, len) < 0) {
25091 ArgusLog (LOG_ALERT, "%s: write remote filter error %s.", strerror(errno));
25092 close(input->fd);
25093 input->fd = -1;
25094 return (retn);
25095 }
25096
25097 if (input->major_version >= MAJOR_VERSION_3) {
25098 bzero(buf, len);
25099 if ((cnt = read (input->fd, buf, 2)) != 2) {
25100 ArgusLog (LOG_ALERT, "remote Filter error");
25101 close(input->fd);
25102 input->fd = -1;
25103 return (retn);
25104 }
25105
25106 if (strncmp((char *)buf, "OK", 2)) {
25107 if (!strncmp((char *)buf, "SY", 2))
25108 ArgusLog (LOG_ALERT, "remote filter syntax error.");
25109 else if (!strncmp((char *)buf, "TI", 2))
25110 ArgusLog (LOG_ALERT, "remote filter compiler timed out.");
25111 close(input->fd);
25112 input->fd = -1;
25113 return (retn);
25114 }
25115 }
25116 }
25117
25118 if (input->filename) {
25119 int len = 0;
25120 snprintf ((char *) buf, MAXSTRLEN-1, "FILE: %s", input->filename);
25121 len = strlen((char *) buf);
25122 if (ArgusWriteConnection (parser, input, (u_char *) buf, len) < 0) {
25123 ArgusLog (LOG_ALERT, "%s: write FILE indication error %s.", strerror(errno));
25124 close(input->fd);
25125 input->fd = -1;
25126 return (retn);
25127 }
25128 #ifdef ARGUSDEBUG
25129 ArgusDebug (3, "ArgusReadConnection() sent %s to remote\n", buf);
25130 #endif
25131 if ((cnt = recv (input->fd, buf, MAXSTRLEN - 1, 0)) < 0) {
25132 ArgusLog (LOG_ALERT, "remote error recv %d bytes, %s", cnt, strerror(errno));
25133 close(input->fd);
25134 input->fd = -1;
25135 return (retn);
25136
25137 } else {
25138 unsigned int filesize;
25139 filesize = *(int *)buf;
25140 #ifdef _LITTLE_ENDIAN
25141 filesize = ntohl(filesize);
25142 #endif
25143
25144 if (cnt != sizeof(filesize)) {
25145 if (cnt == 2)
25146 ArgusLog (LOG_ALERT, "remote file error");
25147 else
25148 ArgusLog (LOG_ALERT, "remote file error recv %d bytes, %s", cnt, strerror(errno));
25149
25150 close(input->fd);
25151 input->fd = -1;
25152 return (retn);
25153 }
25154 }
25155 }
25156
25157 if (input->major_version >= MAJOR_VERSION_3) {
25158 if (!parser->RaPollMode) {
25159 sprintf ((char *) buf, "START: ");
25160 len = strlen((char *) buf);
25161 if (ArgusWriteConnection (parser, input, (u_char *) buf, len) < 0) {
25162 ArgusLog (LOG_ALERT, "%s: write remote START msg error %s.", strerror(errno));
25163 close(input->fd);
25164 input->fd = -1;
25165 return (retn);
25166 }
25167 }
25168 }
25169
25170 if (input->filename) {
25171 if ((cnt = read (input->fd, &argus, 16)) == 16) {
25172 #ifdef ARGUSDEBUG
25173 ArgusDebug (2, "ArgusReadConnection() read %d bytes\n", cnt);
25174 #endif
25175 input->offset = 16;
25176
25177 if (argus.argus_mar.argusid == htonl(ARGUS_COOKIE)) {
25178 int size = (sizeof(argus.hdr) + sizeof(argus.argus_mar)) - 16;
25179
25180 if ((cnt = read (input->fd, &((u_char *)&argus)[16], size)) != size) {
25181 #ifdef ARGUSDEBUG
25182 ArgusDebug (1, "ArgusReadConnection() read failed for ARGUS_START Mar %s.\n", strerror(errno));
25183 #endif
25184 close (input->fd);
25185 input->fd = -1;
25186 return (retn);
25187 } else {
25188 #ifdef ARGUSDEBUG
25189 ArgusDebug (5, "ArgusReadConnection() read %d bytes\n", cnt);
25190 #endif
25191 }
25192 input->offset += cnt;
25193 input->major_version = argus.argus_mar.major_version;
25194 input->minor_version = argus.argus_mar.minor_version;
25195 bcopy ((char *) &argus, (char *)&input->ArgusInitCon, sizeof (argus));
25196 bcopy ((char *) &argus, (char *)&input->ArgusManStart, sizeof (argus));
25197 #ifdef _LITTLE_ENDIAN
25198 ArgusNtoH((struct ArgusRecord *)&input->ArgusManStart);
25199 #endif
25200 input->ArgusID = ntohl(argus.argus_mar.thisid);
25201 input->ArgusReadSize = argus.argus_mar.record_len;
25202
25203 fstat(input->fd, &input->statbuf);
25204 ArgusParseInit (parser, input);
25205 found++;
25206
25207 } else {
25208 struct ArgusV2Record *argus2 = (struct ArgusV2Record *) &argus;
25209
25210 if (argus2->ahdr.type & ARGUS_V2_MAR) {
25211 u_short length = ntohs(argus2->ahdr.length);
25212 u_int argusid = ntohl(argus2->ahdr.argusid);
25213 u_int status = ntohl(argus2->ahdr.status);
25214 u_int sequence = ntohl(argus2->ahdr.seqNumber);
25215
25216 if (argus2->ahdr.cause & ARGUS_V2_ERROR) {
25217 #ifdef ARGUSDEBUG
25218 ArgusDebug (1, "ArgusReadConnection() ARGUS_V2_ERROR Mar.\n");
25219 #endif
25220 if (status & ARGUS_V2_MAXLISTENEXCD) {
25221 ArgusLog (LOG_ALERT, "remote exceed listen error.");
25222 close (input->fd);
25223 input->fd = -1;
25224 return (retn);
25225 }
25226 }
25227
25228 if (argus2->ahdr.cause == ARGUS_V2_START) {
25229 #ifdef ARGUSDEBUG
25230 ArgusDebug (5, "ArgusReadConnection() ARGUS_V2_START Mar.\n");
25231 #endif
25232 input->type = ARGUS_V2_DATA_SOURCE;
25233 if ((argusid == ARGUS_V2_COOKIE) && (sequence == 0)) {
25234 int size = length - sizeof(argus2->ahdr);
25235
25236 if ((cnt = read (input->fd, &argus2->argus_mar, size)) != size) {
25237 #ifdef ARGUSDEBUG
25238 ArgusDebug (1, "ArgusReadConnection() read failed for ARGUS_START Mar %s.\n", strerror(errno));
25239 #endif
25240 close (input->fd);
25241 input->fd = -1;
25242 return (retn);
25243 }
25244
25245 input->offset += cnt;
25246 ptr = ArgusConvertRecord(input, (char *)argus2);
25247 bcopy ((char *) ptr, (char *)&input->ArgusInitCon, sizeof (*argus2));
25248
25249 fstat(input->fd, &input->statbuf);
25250 #ifdef _LITTLE_ENDIAN
25251 ArgusNtoH((struct ArgusRecord *)argus2);
25252 #endif
25253 bcopy ((char *) argus2, (char *)&input->ArgusManStart, sizeof (*argus2));
25254 input->major_version = MAJOR_VERSION_2;
25255 input->minor_version = MINOR_VERSION_0;
25256 input->ArgusReadSize = ((struct ArgusRecord *)argus2)->argus_mar.record_len;
25257
25258 ArgusParseInit (parser, input);
25259 found++;
25260
25261 } else {
25262 ArgusLog (LOG_ALERT, "ArgusReadConnection: not Argus-2.0 data stream.");
25263 close (input->fd);
25264 input->fd = -1;
25265 return (retn);
25266 }
25267 }
25268 }
25269 }
25270
25271 } else {
25272 ArgusLog (LOG_ALERT, "ArgusReadConnection: %s", strerror(errno));
25273 close (input->fd);
25274 input->fd = -1;
25275 return (retn);
25276 }
25277 }
25278 }
25279 }
25280
25281 retn = 1;
25282
25283 } else {
25284 if (input->fd >= 0) {
25285 close (input->fd);
25286 input->fd = -1;
25287 return (retn);
25288 }
25289 }
25290 }
25291 }
25292 break;
25293 }
25294
25295 case ARGUS_JFLOW_DATA_SOURCE:
25296 ArgusParseInit (parser, input);
25297 retn = 0;
25298 #ifdef ARGUSDEBUG
25299 ArgusDebug (3, "ArgusReadConnection(0x%x, %d) reading juniper wire format", input, type);
25300 #endif
25301 break;
25302
25303 case ARGUS_SFLOW_DATA_SOURCE:
25304 ArgusParseInit (parser, input);
25305 retn = 0;
25306 #ifdef ARGUSDEBUG
25307 ArgusDebug (3, "ArgusReadConnection(0x%x, %d) reading inmon wire format", input, type);
25308 #endif
25309 break;
25310
25311 case ARGUS_CISCO_DATA_SOURCE:
25312 ArgusParseInit (parser, input);
25313 retn = 0;
25314 #ifdef ARGUSDEBUG
25315 ArgusDebug (3, "ArgusReadConnection(0x%x, %d) reading cisco wire format", input, type);
25316 #endif
25317 break;
25318
25319 default:
25320 ArgusLog (LOG_ERR, "ArgusReadConnection(0x%x) unknown source type", input);
25321 break;
25322 }
25323 break;
25324 }
25325
25326 default:
25327 ArgusLog (LOG_ERR, "ArgusReadConnection(0x%x) unknown stream type", input);
25328 break;
25329 }
25330
25331 ArgusParser->ArgusCurrentInput = NULL;
25332
25333 #ifdef ARGUSDEBUG
25334 ArgusDebug (3, "ArgusReadConnection(0x%x, %d) returning %d\n", input, type, retn);
25335 #endif
25336
25337 return (retn);
25338 }
25339
25340
25341
25342 void ArgusRecordDump (struct ArgusRecord *);
25343 void ArgusDump (const u_char *, int, char *);
25344 int setArgusRemoteFilter(struct ArgusParserStruct *, char *);
25345
25346 int
setArgusRemoteFilter(struct ArgusParserStruct * parser,char * str)25347 setArgusRemoteFilter(struct ArgusParserStruct *parser, char *str)
25348 {
25349 struct ArgusInput *input = NULL;
25350 char buf[MAXSTRLEN];
25351 int retn = 0, len;
25352
25353 if (str != NULL) {
25354 if (strcmp(parser->ArgusRemoteFilter, str)) {
25355 if (parser->ArgusRemoteFilter != NULL)
25356 free(parser->ArgusRemoteFilter);
25357
25358 parser->ArgusRemoteFilter = str;
25359
25360 if ((input = (struct ArgusInput *)parser->ArgusRemoteHosts->start) != NULL) {
25361 do {
25362 if ((input->type & ARGUS_DATA_SOURCE) && (input->filename == NULL)) {
25363 snprintf ((char *) buf, MAXSTRLEN-1, "FILTER: man or (%s)",
25364 (char *) parser->ArgusRemoteFilter);
25365 len = strlen((char *) buf);
25366 if (ArgusWriteConnection (parser, input, (u_char *) buf, len) < 0) {
25367 ArgusLog (LOG_ALERT, "%s: write remote filter error %s.", strerror(errno));
25368 }
25369 }
25370 input = (struct ArgusInput *)input->qhdr.nxt;
25371 } while (input != (struct ArgusInput *)parser->ArgusRemoteHosts->start);
25372 }
25373 }
25374 }
25375
25376 #ifdef ARGUSDEBUG
25377 ArgusDebug (1, "setArgusRemoteFilter(0x%x, %s) returning %d\n", parser, str, retn);
25378 #endif
25379
25380 return (retn);
25381 }
25382
25383 int
ArgusWriteConnection(struct ArgusParserStruct * parser,struct ArgusInput * input,u_char * buf,int cnt)25384 ArgusWriteConnection (struct ArgusParserStruct *parser, struct ArgusInput *input, u_char *buf, int cnt)
25385 {
25386 int retn = 0, fd = 0;
25387 unsigned int len = cnt;
25388 u_char *output = NULL;
25389
25390 if (input != NULL) {
25391 fd = input->fd;
25392 if ((fd > 2) || (parser->dflag && (fd >= 0))) {
25393 #ifdef ARGUS_SASL
25394 u_char outputbuf[MAXARGUSRECORD];
25395 output = outputbuf;
25396 len = cnt;
25397
25398 if (input->sasl_conn) {
25399 const int *ssfp;
25400 int result;
25401
25402 if ((result = sasl_getprop(input->sasl_conn, SASL_SSF, (const void **) &ssfp)) != SASL_OK)
25403 ArgusLog (LOG_ERR, "sasl_getprop: error %s\n", sasl_errdetail(input->sasl_conn));
25404
25405 if (ssfp && (*ssfp > 0)) {
25406
25407 #ifdef ARGUSDEBUG
25408 ArgusDebug (5, "ArgusWriteConnection: sasl_encode(0x%x, 0x%x, %d, 0x%x, 0x%x)\n",
25409 input->sasl_conn, buf, cnt, &output, &len);
25410 #endif
25411 if ((retn = sasl_encode(input->sasl_conn, (char *)buf, (u_int) cnt, (const char **) &output, &len)) != SASL_OK)
25412 ArgusLog (LOG_ERR, "sasl_encode: failed returned %d", retn);
25413
25414 } else
25415 output = buf;
25416 } else
25417 output = buf;
25418 #else
25419 output = buf;
25420
25421 #endif /* ARGUS_SASL */
25422
25423 #ifdef ARGUSDEBUG
25424 ArgusDebug (4, "ArgusWriteConnection: write(%d, 0x%x, %d)\n", fd, output, len);
25425 #endif
25426 while ((retn = write(fd, output, len)) != len) {
25427 if (retn >= 0) {
25428 output += retn;
25429 len -= retn;
25430 } else {
25431 if ((errno != EAGAIN) && (errno != EINTR))
25432 break;
25433 }
25434 }
25435 }
25436 }
25437
25438 #ifdef ARGUSDEBUG
25439 ArgusDebug (3, "ArgusWriteConnection(0x%x, 0x%x, %d) returning %d\n", input, buf, cnt, len);
25440 #endif
25441
25442 return (retn);
25443 }
25444
25445
25446 void
ArgusCloseInput(struct ArgusParserStruct * parser,struct ArgusInput * input)25447 ArgusCloseInput(struct ArgusParserStruct *parser, struct ArgusInput *input)
25448 {
25449 if ((input != NULL) && (input->status & ARGUS_CLOSED)) {
25450 input->fd = -1;
25451 return;
25452 }
25453
25454 #if defined(ARGUS_THREADS)
25455 pthread_mutex_lock(&input->lock);
25456 #endif
25457
25458 #ifdef ARGUSDEBUG
25459 ArgusDebug (3, "ArgusCloseInput(0x%x) closing", input);
25460 #endif
25461
25462 input->status |= ARGUS_CLOSED;
25463
25464 if (input->pipe) {
25465 pclose(input->pipe);
25466 input->pipe = NULL;
25467 input->file = NULL;
25468 }
25469
25470 if (parser->Sflag)
25471 ArgusWriteConnection (parser, input, (u_char *)"DONE: ", strlen("DONE: "));
25472
25473 input->ArgusReadSocketCnt = 0;
25474 input->ArgusReadSocketSize = 0;
25475
25476 if (input->servname != NULL) {
25477 free (input->servname);
25478 input->servname = NULL;
25479 }
25480
25481 /*
25482 if (input->hostname != NULL) {
25483 free (input->hostname);
25484 input->hostname = NULL;
25485 }
25486
25487 #if HAVE_GETADDRINFO
25488 if (input->host != NULL) {
25489 freeaddrinfo(input->host);
25490 input->host = NULL;
25491 }
25492 #endif
25493 */
25494
25495 if (parser->RaCloseInputFd && (input->fd >= 0)) {
25496 if (close (input->fd))
25497 ArgusLog (LOG_ERR, "ArgusCloseInput: close error %s", strerror(errno));
25498
25499 input->fd = -1;
25500
25501 if ((parser->eNflag >= 0) && (parser->ArgusTotalRecords > parser->eNflag)) {
25502 if (parser->ArgusReliableConnection)
25503 parser->ArgusReliableConnection = 0;
25504 parser->RaShutDown = 1;
25505 }
25506
25507 if (!(parser->RaShutDown) && (parser->ArgusReliableConnection)) {
25508 if (input->qhdr.queue != NULL)
25509 ArgusRemoveFromQueue(input->qhdr.queue, &input->qhdr, ARGUS_LOCK);
25510
25511 ArgusAddToQueue(parser->ArgusRemoteHosts, &input->qhdr, ARGUS_LOCK);
25512
25513 } else {
25514 parser->ArgusRemotes--;
25515 }
25516 }
25517
25518 if (input->ArgusReadBuffer != NULL) {
25519 ArgusFree(input->ArgusReadBuffer);
25520 input->ArgusReadBuffer = NULL;
25521 }
25522
25523 if (input->ArgusConvBuffer != NULL) {
25524 ArgusFree(input->ArgusConvBuffer);
25525 input->ArgusConvBuffer = NULL;
25526 }
25527
25528 #ifdef ARGUS_SASL
25529 if (input->ArgusSaslBuffer != NULL) {
25530 ArgusFree(input->ArgusSaslBuffer);
25531 input->ArgusSaslBuffer = NULL;
25532 }
25533 #endif /* ARGUS_SASL */
25534
25535 if (parser->RaCloseInputFd && (input->file != NULL)) {
25536 if (fclose (input->file))
25537 ArgusLog (LOG_ERR, "ArgusCloseInput: close error %s", strerror(errno));
25538 input->file = NULL;
25539 }
25540
25541 #if defined(ARGUS_THREADS)
25542 pthread_mutex_unlock(&input->lock);
25543 #endif
25544
25545 #ifdef ARGUSDEBUG
25546 ArgusDebug (3, "ArgusCloseInput(0x%x) done\n", input);
25547 #endif
25548 }
25549
25550 #define HEXDUMP_BYTES_PER_LINE 16
25551 #define HEXDUMP_SHORTS_PER_LINE (HEXDUMP_BYTES_PER_LINE / 2)
25552 #define HEXDUMP_HEXSTUFF_PER_SHORT 5 /* 4 hex digits and a space */
25553 #define HEXDUMP_HEXSTUFF_PER_LINE \
25554 (HEXDUMP_HEXSTUFF_PER_SHORT * HEXDUMP_SHORTS_PER_LINE)
25555
25556
25557 void
ArgusRecordDump(struct ArgusRecord * argus)25558 ArgusRecordDump (struct ArgusRecord *argus)
25559 {
25560 int length = argus->hdr.len;
25561 const u_char *cp = (const u_char *) argus;
25562
25563 ArgusDump (cp, length, NULL);
25564 }
25565
25566 void
ArgusDump(const u_char * cp,int length,char * prefix)25567 ArgusDump (const u_char *cp, int length, char *prefix)
25568 {
25569 u_int oset = 0;
25570 register u_int i;
25571 register int s1, s2;
25572 register int nshorts;
25573 char hexstuff[HEXDUMP_SHORTS_PER_LINE*HEXDUMP_HEXSTUFF_PER_SHORT+1], *hsp;
25574 char asciistuff[HEXDUMP_BYTES_PER_LINE+1], *asp;
25575
25576 #ifdef ARGUSDEBUG
25577 ArgusDebug (2, "ArgusDump(0x%x, %d)", cp, length);
25578 #endif
25579
25580 nshorts = length / sizeof(u_short);
25581 i = 0;
25582 hsp = hexstuff; asp = asciistuff;
25583 while (--nshorts >= 0) {
25584 s1 = *cp++;
25585 s2 = *cp++;
25586 (void)snprintf(hsp, sizeof(hexstuff) - (hsp - hexstuff),
25587 " %02x%02x", s1, s2);
25588 hsp += HEXDUMP_HEXSTUFF_PER_SHORT;
25589 *(asp++) = (isgraph(s1) ? s1 : '.');
25590 *(asp++) = (isgraph(s2) ? s2 : '.');
25591 if (++i >= HEXDUMP_SHORTS_PER_LINE) {
25592 *hsp = *asp = '\0';
25593 if (prefix != NULL)
25594 (void)printf("\n%s0x%04x\t%-*s\t%s", prefix,
25595 oset, HEXDUMP_HEXSTUFF_PER_LINE,
25596 hexstuff, asciistuff);
25597 else
25598 (void)printf("\n0x%04x\t%-*s\t%s",
25599 oset, HEXDUMP_HEXSTUFF_PER_LINE,
25600 hexstuff, asciistuff);
25601 i = 0; hsp = hexstuff; asp = asciistuff;
25602 oset += HEXDUMP_BYTES_PER_LINE;
25603 }
25604 }
25605 if (length & 1) {
25606 s1 = *cp++;
25607 (void)snprintf(hsp, sizeof(hexstuff) - (hsp - hexstuff), " %02x", s1);
25608 hsp += 3;
25609 *(asp++) = (isgraph(s1) ? s1 : '.');
25610 ++i;
25611 }
25612 if (i > 0) {
25613 *hsp = *asp = '\0';
25614 if (prefix != NULL)
25615 (void)printf("\n%s0x%04x\t%-*s\t%s", prefix,
25616 oset, HEXDUMP_HEXSTUFF_PER_LINE,
25617 hexstuff, asciistuff);
25618 else
25619 (void)printf("\n0x%04x\t%-*s\t%s",
25620 oset, HEXDUMP_HEXSTUFF_PER_LINE,
25621 hexstuff, asciistuff);
25622 }
25623 (void)printf("\n");
25624 }
25625
25626
25627
25628 int
ArgusAddMaskList(struct ArgusParserStruct * parser,char * ptr)25629 ArgusAddMaskList (struct ArgusParserStruct *parser, char *ptr)
25630 {
25631 int retn = 0;
25632 struct ArgusModeStruct *mode, *list;
25633
25634 if (ptr) {
25635 if ((mode = (struct ArgusModeStruct *) ArgusCalloc (1, sizeof(struct ArgusModeStruct))) != NULL) {
25636 if ((list = parser->ArgusMaskList) != NULL) {
25637 while (list->nxt)
25638 list = list->nxt;
25639 list->nxt = mode;
25640 } else
25641 parser->ArgusMaskList = mode;
25642
25643 mode->mode = strdup(ptr);
25644 retn = 1;
25645 }
25646 }
25647
25648 #ifdef ARGUSDEBUG
25649 ArgusDebug (8, "ArgusAddMaskList (%s) returning %d\n", ptr, retn);
25650 #endif
25651
25652 return (retn);
25653 }
25654
25655 void
ArgusDeleteMaskList(struct ArgusParserStruct * parser)25656 ArgusDeleteMaskList (struct ArgusParserStruct *parser)
25657 {
25658
25659 if (parser && parser->ArgusMaskList) {
25660 struct ArgusModeStruct *mode = parser->ArgusMaskList;
25661
25662 while (mode) {
25663 if (mode->mode)
25664 free(mode->mode);
25665
25666 mode = mode->nxt;
25667 ArgusFree(parser->ArgusMaskList);
25668 parser->ArgusMaskList = mode;
25669 }
25670 }
25671
25672 #ifdef ARGUSDEBUG
25673 ArgusDebug (2, "ArgusDeleteMaskList () returning\n");
25674 #endif
25675 }
25676
25677
25678 int
ArgusAddModeList(struct ArgusParserStruct * parser,char * ptr)25679 ArgusAddModeList (struct ArgusParserStruct *parser, char *ptr)
25680 {
25681 int retn = 0;
25682 struct ArgusModeStruct *mode, *list;
25683
25684 if (ptr) {
25685 if ((mode = (struct ArgusModeStruct *) ArgusCalloc (1, sizeof(struct ArgusModeStruct))) != NULL) {
25686 if ((list = parser->ArgusModeList) != NULL) {
25687 while (list->nxt)
25688 list = list->nxt;
25689 list->nxt = mode;
25690 } else
25691 parser->ArgusModeList = mode;
25692
25693 mode->mode = strdup(ptr);
25694 retn = 1;
25695 }
25696 }
25697
25698 #ifdef ARGUSDEBUG
25699 ArgusDebug (8, "ArgusAddModeList (%s) returning %d\n", ptr, retn);
25700 #endif
25701
25702 return (retn);
25703 }
25704
25705 void
ArgusDeleteModeList(struct ArgusParserStruct * parser)25706 ArgusDeleteModeList (struct ArgusParserStruct *parser)
25707 {
25708
25709 if (parser && parser->ArgusModeList) {
25710 struct ArgusModeStruct *mode = parser->ArgusModeList;
25711
25712 while (mode) {
25713 if (mode->mode)
25714 free(mode->mode);
25715
25716 mode = mode->nxt;
25717 ArgusFree(parser->ArgusModeList);
25718 parser->ArgusModeList = mode;
25719 }
25720 }
25721
25722 #ifdef ARGUSDEBUG
25723 ArgusDebug (2, "ArgusDeleteModeList () returning\n");
25724 #endif
25725 }
25726
25727 int
ArgusAddFileList(struct ArgusParserStruct * parser,char * ptr,int type,long long ostart,long long ostop)25728 ArgusAddFileList (struct ArgusParserStruct *parser, char *ptr, int type, long long ostart, long long ostop)
25729 {
25730 int retn = 0;
25731 struct ArgusInput *file, *list;
25732
25733 if (ptr) {
25734 if ((file = (struct ArgusInput *) ArgusCalloc (1, sizeof(struct ArgusInput))) != NULL) {
25735 if ((list = parser->ArgusInputFileList) != NULL) {
25736 while (list->qhdr.nxt)
25737 list = (struct ArgusInput *)list->qhdr.nxt;
25738 list->qhdr.nxt = &file->qhdr;
25739 } else
25740 parser->ArgusInputFileList = file;
25741
25742 file->ArgusOriginal = (struct ArgusRecord *)&file->ArgusOriginalBuffer;
25743 file->type = type;
25744 file->ostart = ostart;
25745 file->ostop = ostop;
25746 file->filename = strdup(ptr);
25747 file->fd = -1;
25748 retn = 1;
25749 }
25750 }
25751
25752 #ifdef ARGUSDEBUG
25753 ArgusDebug (2, "ArgusAddFileList (0x%x, %s, %d, %d, %d) returning %d\n", parser, ptr, type, ostart, ostop, retn);
25754 #endif
25755
25756 return (retn);
25757 }
25758
25759 void
ArgusDeleteFileList(struct ArgusParserStruct * parser)25760 ArgusDeleteFileList (struct ArgusParserStruct *parser)
25761 {
25762 if (parser && parser->ArgusInputFileList) {
25763 struct ArgusInput *addr = parser->ArgusInputFileList;
25764
25765 while (addr) {
25766 if (addr->filename)
25767 free(addr->filename);
25768
25769 addr = (struct ArgusInput *)addr->qhdr.nxt;
25770 ArgusFree(parser->ArgusInputFileList);
25771 parser->ArgusInputFileList = addr;
25772 }
25773 }
25774
25775 #ifdef ARGUSDEBUG
25776 ArgusDebug (2, "ArgusDeleteFileList () returning\n");
25777 #endif
25778 }
25779
25780
25781 #include <sys/socket.h>
25782 #include <netinet/in.h>
25783 #include <arpa/inet.h>
25784
25785 /*
25786 Format:
25787 [proto://][user[:pass]@]host[:port[/file]]
25788 */
25789
25790 int
ArgusAddHostList(struct ArgusParserStruct * parser,char * host,int type,int proto)25791 ArgusAddHostList (struct ArgusParserStruct *parser, char *host, int type, int proto)
25792 {
25793 static char *str, strbuf[MAXSTRLEN], msgbuf[MAXSTRLEN];
25794 static char *protoStr, portbuf[16];
25795 char *fptr = NULL, *tptr = NULL, *sptr = NULL;
25796 char *aptr = NULL, *uptr = NULL, *pptr = NULL;
25797 char *ptr = NULL, *endptr = NULL;
25798 char *hptr = NULL, *file = NULL;
25799 struct ArgusInput *addr = NULL;
25800 char *servname = NULL;
25801 long int portnum = 0;
25802 int retn = 0;
25803
25804 #if HAVE_GETADDRINFO
25805 struct addrinfo hints, *hp = NULL;
25806 #else
25807 struct hostent *hp = NULL;
25808 #endif
25809
25810 strncpy (strbuf, host, MAXSTRLEN);
25811 str = strbuf;
25812
25813 while ((sptr = strtok(str, " ")) != NULL) {
25814 tptr = sptr;
25815 if ((ptr = strstr(tptr, "://")) != NULL) {
25816 ptr = &ptr[3];
25817 if (!(strncmp("argus-tcp:", tptr, 9)) || (!(strncmp("argus:", tptr, 9)))) {
25818 protoStr = "tcp";
25819 proto = IPPROTO_TCP;
25820 } else
25821 if (!(strncmp("argus-udp:", tptr, 9))) {
25822 protoStr = "udp";
25823 proto = IPPROTO_UDP;
25824 } else
25825 if (!(strncmp("sflow:", tptr, 6))) {
25826 protoStr = "udp";
25827 type = ARGUS_SFLOW_DATA_SOURCE;
25828 proto = IPPROTO_UDP;
25829 } else
25830 if (!(strncmp("jflow:", tptr, 6))) {
25831 protoStr = "udp";
25832 type = ARGUS_JFLOW_DATA_SOURCE;
25833 proto = IPPROTO_UDP;
25834 } else
25835 if (!(strncmp("cisco:", tptr, 6))) {
25836 protoStr = "udp";
25837 type = ARGUS_CISCO_DATA_SOURCE;
25838 proto = IPPROTO_UDP;
25839 } else
25840 if (!(strncmp("ipfix-sctp:", tptr, 6))) {
25841 protoStr = "sctp";
25842 type = ARGUS_IPFIX_DATA_SOURCE;
25843 proto = IPPROTO_SCTP;
25844 } else
25845 if (!(strncmp("ipfix-tcp:", tptr, 6))) {
25846 protoStr = "tcp";
25847 type = ARGUS_IPFIX_DATA_SOURCE;
25848 proto = IPPROTO_TCP;
25849 } else
25850 if (!(strncmp("ipfix-udp:", tptr, 6))) {
25851 protoStr = "udp";
25852 type = ARGUS_IPFIX_DATA_SOURCE;
25853 proto = IPPROTO_UDP;
25854 } else
25855 if (!(strncmp("ipfix:", tptr, 6))) {
25856 protoStr = "tcp";
25857 type = ARGUS_IPFIX_DATA_SOURCE;
25858 proto = IPPROTO_TCP;
25859 }
25860
25861 } else {
25862 ptr = sptr;
25863 tptr = NULL;
25864 }
25865
25866 if ((aptr = strchr (ptr, (int)'@')) != NULL) {
25867 *aptr++ = '\0';
25868 uptr = strdup(ptr);
25869 ptr = aptr;
25870 if ((aptr = strchr (uptr, (int)':')) != NULL) {
25871 *aptr++ = '\0';
25872 pptr = strdup(aptr);
25873 }
25874 }
25875
25876 if ((fptr = strchr (ptr, (int)'/')) != NULL) {
25877 file = strdup(fptr);
25878 *fptr = '\0';
25879 }
25880
25881
25882 if ((tptr = strchr (ptr, (int)'[')) != NULL) {
25883 hptr = tptr + 1;
25884 if ((tptr = strchr (ptr, (int)']')) != NULL) {
25885 *tptr++ = '\0';
25886 if ((tptr = strchr (tptr, (int)':')) != NULL) {
25887 *tptr++ = '\0';
25888 portnum = strtol(tptr, &endptr, 10);
25889 if (endptr != &tptr[strlen(tptr)]) {
25890 ArgusLog (LOG_ALERT, "ArgusAddHostList(%s) format error %s is not a port number", tptr);
25891 } else
25892 servname = tptr;
25893 }
25894 } else {
25895 ArgusLog (LOG_ALERT, "ArgusAddHostList(%s) literal ipv6 format error %s: no terminating ']'", host, ptr);
25896 }
25897
25898 } else {
25899 char *cptr = ptr;
25900 int cnt = 0;
25901 tptr = NULL;
25902
25903 while (*cptr != '\0') if (*cptr++ == ':') { cnt++; tptr = cptr;}
25904
25905 if ((cnt == 1) && (tptr != NULL)) {
25906 hptr = ptr;
25907 if ((cptr = strrchr(ptr, ':')) != NULL)
25908 *cptr = '\0';
25909
25910 portnum = strtol(tptr, &endptr, 10);
25911 if (endptr == tptr) {
25912 ArgusLog (LOG_ALERT, "ArgusAddHostList(%s) format error %s is not a port number", host, tptr);
25913 } else
25914 servname = tptr;
25915
25916 } else {
25917 if ((cnt > 1) && (tptr != NULL)) { // IPv6 address, should we look for a port? No.
25918 portnum = 0;
25919 hptr = ptr;
25920 } else
25921 if (cnt == 0) {
25922 if (strchr (ptr, (int)'.')) {
25923 portnum = 0;
25924 hptr = ptr;
25925 } else
25926 if (isdigit((int)*ptr)) {
25927 portnum = strtol(ptr, &endptr, 10);
25928 if (endptr == ptr) {
25929 portnum = 0;
25930 hptr = ptr;
25931 } else {
25932 hptr = NULL;
25933 }
25934 } else
25935 hptr = ptr;
25936 }
25937 }
25938 }
25939
25940 if (portnum == 0) {
25941 struct servent *sp;
25942 if (!parser->ArgusPortNum) {
25943 if ((sp = getservbyname ("monitor", protoStr)) != NULL)
25944 portnum = ntohs(sp->s_port);
25945 else
25946 portnum = ARGUS_DEFAULTPORT;
25947 } else
25948 portnum = parser->ArgusPortNum;
25949
25950 if (servname == NULL) {
25951 servname = portbuf;
25952 snprintf(servname, 16, "%ld", portnum);
25953 }
25954 }
25955
25956 if ((hptr != NULL) && (strlen(hptr) > 0)) {
25957 #if HAVE_GETADDRINFO
25958 memset(&hints, 0, sizeof(hints));
25959 if ((type == ARGUS_CISCO_DATA_SOURCE) || (proto == IPPROTO_UDP)) {
25960 hints.ai_socktype = SOCK_DGRAM;
25961 hints.ai_protocol = IPPROTO_UDP;
25962 hints.ai_family = AF_INET;
25963 } else
25964 hints.ai_socktype = SOCK_STREAM;
25965
25966 if (!(strncasecmp("any", hptr, 3))) {
25967 hptr = NULL;
25968 hints.ai_flags = AI_PASSIVE;
25969 }
25970
25971 if ((retn = getaddrinfo(hptr, servname, &hints, &hp)) != 0) {
25972 switch (retn) {
25973 case EAI_AGAIN:
25974 sprintf (msgbuf, "dns server not available");
25975 break;
25976 case EAI_NONAME:
25977 sprintf (msgbuf, "host %s unknown", ptr);
25978 break;
25979 #if defined(EAI_ADDRFAMILY)
25980 case EAI_ADDRFAMILY:
25981 sprintf (msgbuf, "host %s has no IP address", ptr);
25982 break;
25983 #endif
25984 case EAI_SYSTEM:
25985 default:
25986 sprintf (msgbuf, "host '%s' %s", ptr, gai_strerror(retn));
25987 break;
25988 }
25989 }
25990 #else
25991 if ((hp = gethostbyname(hptr)) != NULL) {
25992 u_int **p;
25993 for (p = (u_int **)hp->h_addr_list; *p; ++p)
25994 **p = ntohl(**p);
25995 } else {
25996 switch (h_errno) {
25997 case TRY_AGAIN:
25998 sprintf (msgbuf, "dns server not available");
25999 break;
26000 case HOST_NOT_FOUND:
26001 sprintf (msgbuf, "host %s unknown", ptr);
26002 break;
26003 case NO_ADDRESS:
26004 sprintf (msgbuf, "host %s has no IP address", ptr);
26005 break;
26006 case NO_RECOVERY:
26007 sprintf (msgbuf, "host %s name server error", ptr);
26008 break;
26009 }
26010 }
26011 #endif
26012 }
26013
26014 str = NULL;
26015
26016 if ((type != ARGUS_CISCO_DATA_SOURCE) && (hp == NULL)) {
26017 if (hptr != NULL) {
26018 ArgusLog (LOG_ALERT, "%s", msgbuf);
26019 } else
26020 ArgusLog (LOG_ERR, "error: port only requires -C option");
26021 }
26022
26023 if ((addr = (struct ArgusInput *) ArgusCalloc (1, sizeof (struct ArgusInput))) != NULL) {
26024 addr->fd = -1;
26025 #if HAVE_GETADDRINFO
26026 addr->host = hp;
26027 #else
26028 if (hp != NULL) {
26029 addr->addr.s_addr = **(u_int **)hp->h_addr_list;
26030 addr->hostname = strdup(hp->h_name);
26031 }
26032 #endif
26033 if ((addr->hostname == NULL) && (hptr != NULL))
26034 addr->hostname = strdup(hptr);
26035
26036 addr->filename = file;
26037 if (servname != NULL) {
26038 if (addr->servname) free(addr->servname);
26039 addr->servname = strdup(servname);
26040 }
26041 addr->portnum = portnum;
26042 addr->ArgusOriginal = (struct ArgusRecord *)&addr->ArgusOriginalBuffer;
26043 addr->type = type;
26044 addr->mode = proto;
26045
26046 if (!(addr->portnum = portnum)) {
26047 struct servent *sp;
26048 if (!parser->ArgusPortNum) {
26049 if ((sp = getservbyname ("monitor", "tcp")) != NULL)
26050 addr->portnum = ntohs(sp->s_port);
26051 else
26052 addr->portnum = ARGUS_DEFAULTPORT;
26053 } else
26054 addr->portnum = parser->ArgusPortNum;
26055 }
26056
26057 addr->user = uptr;
26058 addr->pass = pptr;
26059
26060 addr->status |= type;
26061 addr->index = -1;
26062 addr->ostart = -1;
26063 addr->ostop = -1;
26064
26065 #if defined(ARGUS_THREADS)
26066 pthread_mutex_init(&addr->lock, NULL);
26067 #endif
26068 ArgusAddToQueue(parser->ArgusRemoteHosts, &addr->qhdr, ARGUS_LOCK);
26069 retn = 1;
26070
26071 } else
26072 ArgusLog (LOG_ERR, "ArgusAddHostList(%s) ArgusCalloc %s", str, strerror(errno));
26073 }
26074
26075 #ifdef ARGUSDEBUG
26076 ArgusDebug (2, "ArgusAddHostList (0x%x, %s, %d, %d) returning %d\n", parser, host, type, proto, retn);
26077 #endif
26078
26079 return (retn);
26080 }
26081
26082 void
ArgusDeleteHostList(struct ArgusParserStruct * parser)26083 ArgusDeleteHostList (struct ArgusParserStruct *parser)
26084 {
26085 struct ArgusInput *input = parser->ArgusRemoteHostList, *prv;
26086
26087 while ((prv = input) != NULL) {
26088 ArgusCloseInput(parser, input);
26089 input = (struct ArgusInput *)input->qhdr.nxt;
26090 ArgusFree(prv);
26091 }
26092
26093 parser->ArgusRemoteHostList = NULL;
26094
26095 #ifdef ARGUSDEBUG
26096 ArgusDebug (2, "ArgusDeleteHostList () returning\n");
26097 #endif
26098 }
26099
26100
26101 int
ArgusWriteNewLogfile(struct ArgusParserStruct * parser,struct ArgusInput * input,struct ArgusWfileStruct * wfile,struct ArgusRecord * argus)26102 ArgusWriteNewLogfile (struct ArgusParserStruct *parser, struct ArgusInput *input, struct ArgusWfileStruct *wfile, struct ArgusRecord *argus)
26103 {
26104 char *file = NULL;
26105 int retn = 0;
26106
26107 if ((wfile == NULL) || (argus == NULL))
26108 ArgusLog (LOG_ERR, "ArgusWriteNewLogfile() parameter/system init error");
26109 else
26110 file = wfile->filename;
26111
26112 if ((file != NULL) && (*file != '-')) {
26113 if (strncmp(file, "/dev/null", 9)) {
26114 if (parser->ArgusRealTime.tv_sec > wfile->laststat.tv_sec) {
26115 if ((stat (file, &wfile->statbuf) < 0)) {
26116 if (wfile->fd != NULL) {
26117 if (fflush (wfile->fd) != 0)
26118 ArgusLog (LOG_ERR, "ArgusWriteNewLogfile(%s, 0x%x) fflush error %s", file, argus, strerror(errno));
26119 fclose (wfile->fd);
26120 wfile->fd = NULL;
26121 }
26122
26123 } else {
26124 if (wfile->statbuf.st_size == 0)
26125 wfile->firstWrite++;
26126 }
26127 wfile->laststat = parser->ArgusRealTime;
26128 }
26129 }
26130
26131 if (wfile->fd == NULL) {
26132 char realpathname[MAXSTRLEN], *tptr, *pptr;
26133 struct stat statbuf;
26134
26135 sprintf (realpathname, "%s", file);
26136
26137 if ((tptr = strrchr(realpathname, (int) '/')) != NULL) {
26138 *tptr = '\0';
26139 pptr = tptr;
26140
26141 while ((pptr != NULL) && ((stat(realpathname, &statbuf)) < 0)) {
26142 switch (errno) {
26143 case ENOENT:
26144 if ((pptr = strrchr(realpathname, (int) '/')) != NULL) {
26145 if (pptr != realpathname) {
26146 *pptr = '\0';
26147 } else {
26148 pptr = NULL;
26149 }
26150 }
26151 break;
26152
26153 default:
26154 ArgusLog (LOG_ERR, "stat: %s %s\n", realpathname, strerror(errno));
26155 }
26156 }
26157
26158 while (&realpathname[strlen(realpathname)] <= tptr) {
26159 if ((mkdir(realpathname, 0777)) < 0) {
26160 if (errno != EEXIST)
26161 ArgusLog (LOG_ERR, "mkdir: %s %s\n", realpathname, strerror(errno));
26162 }
26163 realpathname[strlen(realpathname)] = '/';
26164 }
26165 *tptr = '/';
26166 }
26167
26168 if ((wfile->fd = fopen (file, "a+")) == NULL)
26169 ArgusLog (LOG_ERR, "ArgusWriteNewLogfile(%s, 0x%x) fopen %s", file, argus, strerror(errno));
26170 else {
26171 fstat (fileno(wfile->fd), &wfile->statbuf);
26172 if (wfile->statbuf.st_size == 0)
26173 wfile->firstWrite++;
26174 }
26175 }
26176
26177 } else {
26178 if (wfile->fd == NULL) {
26179 wfile->fd = stdout;
26180 wfile->firstWrite++;
26181 }
26182 }
26183
26184 if (wfile->firstWrite) {
26185 int len = ntohs(parser->ArgusInitCon.hdr.len) * 4;
26186 if (len == 0) {
26187 struct ArgusRecord *argus = (struct ArgusRecord *)&parser->ArgusInitCon;
26188 argus->hdr.type = (ARGUS_MAR | ARGUS_VERSION);
26189 argus->hdr.cause = ARGUS_START;
26190 argus->hdr.len = (unsigned short) sizeof(struct ArgusRecord)/4;
26191
26192 len = argus->hdr.len * 4;
26193
26194 argus->argus_mar.thisid = 0;
26195 argus->argus_mar.argusid = ARGUS_COOKIE;
26196 argus->argus_mar.startime.tv_sec = parser->ArgusGlobalTime.tv_sec;
26197 argus->argus_mar.startime.tv_usec = parser->ArgusGlobalTime.tv_usec;
26198 argus->argus_mar.now = argus->argus_mar.startime;
26199 argus->argus_mar.record_len = -1;
26200
26201 ArgusHtoN(argus);
26202 }
26203 if (fwrite ((char *)&parser->ArgusInitCon, 1, len, wfile->fd) < 1) {
26204 if (ferror(wfile->fd) || feof(wfile->fd))
26205 RaParseComplete(SIGQUIT);
26206 }
26207 fflush(wfile->fd);
26208 }
26209
26210 if ((argus != NULL) && (!(wfile->firstWrite && (argus == &input->ArgusInitCon)))) {
26211 int cnt, len = ntohs(argus->hdr.len) * 4;
26212
26213 if (len > 0) {
26214 if ((cnt = fwrite (argus, 1, len, wfile->fd)) < 1) {
26215 if ((ferror(wfile->fd)) || feof(wfile->fd))
26216 RaParseComplete(SIGQUIT);
26217 } else {
26218 #ifdef ARGUSDEBUG
26219 ArgusDebug (7, "ArgusWriteNewLogfile (%s, 0x%x) fwrite %d bytes", file, argus, len);
26220 #endif
26221 }
26222 } else {
26223 #ifdef ARGUSDEBUG
26224 ArgusDebug (7, "ArgusWriteNewLogfile (%s, 0x%x) record len is %d", file, argus, len);
26225 #endif
26226 }
26227 }
26228
26229 if (wfile->firstWrite)
26230 wfile->firstWrite = 0;
26231
26232 #ifdef ARGUSDEBUG
26233 ArgusDebug (6, "ArgusWriteNewLogfile (%s, 0x%x) returning %d\n", file, argus, retn);
26234 #endif
26235
26236 return (retn);
26237 }
26238
26239
26240 #include <netdb.h>
26241 #include <sys/socket.h>
26242 #include <netinet/in.h>
26243 #include <arpa/inet.h>
26244 #include <ctype.h>
26245
26246
26247 static char ArgusPidFileName[MAXPATHNAMELEN];
26248 char *ArgusCreatePIDFile (struct ArgusParserStruct *, char *);
26249 int ArgusDeletePIDFile (struct ArgusParserStruct *);
26250
26251 char *
ArgusCreatePIDFile(struct ArgusParserStruct * parser,char * appname)26252 ArgusCreatePIDFile (struct ArgusParserStruct *parser, char *appname)
26253 {
26254 FILE *fd = NULL;
26255 char pidstrbuf[128], *pidstr = pidstrbuf;
26256 char *retn = NULL, *homepath = NULL;
26257 struct stat statbuf;
26258 int pid;
26259
26260 if (appname == NULL)
26261 appname = parser->ArgusProgramName;
26262
26263 if ((homepath = parser->ArgusPidPath) == NULL)
26264 if (stat ("/var/run", &statbuf) == 0)
26265 homepath = "/var/run";
26266
26267 if ((appname != NULL) && (homepath != NULL)) {
26268 snprintf (ArgusPidFileName, MAXPATHNAMELEN - 1, "%s/%s.pid", homepath, appname);
26269 retn = ArgusPidFileName;
26270
26271 if ((stat (retn, &statbuf)) == 0) {
26272 if ((fd = fopen (ArgusPidFileName, "r")) != NULL) {
26273 if ((pidstr = fgets (pidstrbuf, sizeof(pidstrbuf), fd)) != NULL) {
26274 if ((pid = strtol(pidstr, (char **)NULL, 10)) > 0) {
26275 if (pid < 100000000) {
26276 if ((kill (pid, 0)) == 0) {
26277 ArgusLog (LOG_ERR, "%s[%d] is already running!\n", appname, pid);
26278 } else {
26279 switch (errno) {
26280 case ESRCH: break;
26281 default: ArgusLog (LOG_ERR, "kill returned error: %s\n", strerror(errno));
26282 }
26283 }
26284 }
26285 }
26286 }
26287
26288 fclose (fd);
26289 fd = NULL;
26290
26291 } else
26292 ArgusLog (LOG_ERR, "ArgusCreatePIDFile(%s, %s) fopen error %s:%s\n", homepath, appname, ArgusPidFileName, strerror(errno));
26293 }
26294
26295 if (retn) {
26296 if ((fd = fopen (retn, "w+")) != NULL) {
26297 pid = getpid();
26298 fprintf (fd, "%d\n", pid);
26299 fclose (fd);
26300 fd = NULL;
26301 } else {
26302 ArgusLog (LOG_ERR, "ArgusCreatePIDFile(%s, %s) fopen error %s:%s\n", homepath, appname, ArgusPidFileName, strerror(errno));
26303 retn = NULL;
26304 }
26305 }
26306
26307 parser->ArgusPidFile = retn;
26308
26309 } else
26310 ArgusLog (LOG_ERR, "cannot create pidfile %s\n", ArgusPidFileName);
26311
26312 #ifdef ARGUSDEBUG
26313 ArgusDebug (1, "ArgusCreatePIDFile(0x%x) returning %s\n", parser, retn);
26314 #endif
26315
26316 return (retn);
26317 }
26318
26319 int
ArgusDeletePIDFile(struct ArgusParserStruct * parser)26320 ArgusDeletePIDFile (struct ArgusParserStruct *parser)
26321 {
26322 char pidstrbuf[128], *pidstr = pidstrbuf;
26323 struct stat statbuf;
26324 pid_t mypid = getpid();
26325 int retn = 0;
26326 FILE *fd;
26327 int pid;
26328
26329 if (parser->ArgusPidFile != NULL) {
26330 if (stat (parser->ArgusPidFile, &statbuf) == 0) {
26331 if ((fd = fopen (parser->ArgusPidFile, "r")) != NULL) {
26332 if ((pidstr = fgets (pidstrbuf, sizeof(pidstrbuf), fd)) != NULL) {
26333 if ((pid = strtol(pidstr, (char **)NULL, 10)) > 0) {
26334 if (pid == (int) mypid) {
26335 unlink(parser->ArgusPidFile);
26336 } else {
26337 #ifdef ARGUSDEBUG
26338 ArgusDebug (1, "ArgusDeletePIDFile(%s) not owner pid %d\n", parser->ArgusPidFile, pid);
26339 #endif
26340 }
26341 }
26342 }
26343 fclose (fd);
26344 }
26345 }
26346
26347 #ifdef ARGUSDEBUG
26348 ArgusDebug (1, "ArgusDeletePIDFile(%s) returning %d\n", parser->ArgusPidFile, retn);
26349 #endif
26350 } else {
26351 #ifdef ARGUSDEBUG
26352 ArgusDebug (1, "ArgusDeletePIDFile(0x%x) returning %d, no pid file\n", parser, retn);
26353 #endif
26354 }
26355
26356 return (retn);
26357 }
26358
26359 void
setArguspidflag(struct ArgusParserStruct * parser,int value)26360 setArguspidflag (struct ArgusParserStruct *parser, int value)
26361 {
26362 parser->pidflag = value;
26363 }
26364
26365
26366 int
getArguspidflag(struct ArgusParserStruct * parser)26367 getArguspidflag (struct ArgusParserStruct *parser)
26368 {
26369 return (parser->pidflag);
26370 }
26371
26372 void
setArgusArchive(struct ArgusParserStruct * parser,char * dir)26373 setArgusArchive(struct ArgusParserStruct *parser, char *dir)
26374 {
26375 parser->RadiumArchive = strdup(dir);
26376
26377 if (getuid() == 0) {
26378 if (chroot(parser->RadiumArchive) < 0)
26379 ArgusLog (LOG_ERR, "setArgusArchive: chroot(%s) %s", dir, strerror(errno));
26380
26381 if (chdir("/") < 0)
26382 ArgusLog (LOG_ERR, "setArgusArchive: chdir(/) %s", strerror(errno));
26383 }
26384
26385 #ifdef ARGUSDEBUG
26386 ArgusDebug (1, "setArgusArchive (0x%x, %s) returning\n", parser, dir);
26387 #endif
26388 }
26389
26390 void
clearArgusWfile(struct ArgusParserStruct * parser)26391 clearArgusWfile(struct ArgusParserStruct *parser)
26392 {
26393 ArgusDeleteList (parser->ArgusWfileList, ARGUS_WFILE_LIST);
26394 parser->ArgusWfileList = NULL;
26395 }
26396
26397
26398 #include <libgen.h>
26399
26400 #if !defined(PATH_MAX)
26401 #define PATH_MAX 4098
26402 #endif
26403
26404 void
setArgusWfile(struct ArgusParserStruct * parser,char * file,char * filter)26405 setArgusWfile(struct ArgusParserStruct *parser, char *file, char *filter)
26406 {
26407 struct ArgusWfileStruct *wfile = NULL;
26408 char realpathname[PATH_MAX], *ptr = NULL;
26409 char *tptr, *pptr;
26410 FILE *fd = NULL;
26411
26412 if (parser->ArgusWfileList == NULL)
26413 parser->ArgusWfileList = ArgusNewList();
26414
26415 if (file) {
26416 if (strcmp (file, "-")) {
26417 if (!(strncmp(parser->ArgusProgramName, "radium", 6)) &&
26418 ((!(strncmp (file, "argus-udp://", 12))) ||
26419 (!(strncmp (file, "cisco-udp://", 12))) ||
26420 (!(strncmp (file, "udp://", 6))))) {
26421 ptr = strdup(file);
26422 } else
26423 if ((strncmp(parser->ArgusProgramName, "rasplit", 7)) &&
26424 (strncmp(parser->ArgusProgramName, "rastream", 8))) {
26425 struct stat statbuf;
26426 sprintf (realpathname, "%s", file);
26427
26428 if ((stat(realpathname, &statbuf)) < 0) {
26429 switch (errno) {
26430 case ENOENT: {
26431 if ((fd = fopen (file, "a+")) == NULL) {
26432 if ((errno == ENOENT) || (errno == ENOTDIR)) {
26433 if (strncmp(parser->ArgusProgramName, "radium", 6)) {
26434 if ((tptr = strrchr(realpathname, (int) '/')) != NULL) { /* if there is a path */
26435 *tptr = '\0';
26436 pptr = tptr;
26437
26438 while ((pptr != NULL) && ((stat(realpathname, &statbuf)) < 0)) {
26439 switch (errno) {
26440 case ENOENT:
26441 if ((pptr = strrchr(realpathname, (int) '/')) != NULL) {
26442 if (pptr != realpathname) {
26443 *pptr = '\0';
26444 } else {
26445 pptr = NULL;
26446 }
26447 }
26448 break;
26449
26450 default:
26451 ArgusLog (LOG_ERR, "stat: %s %s\n", realpathname, strerror(errno));
26452 }
26453 }
26454
26455 while (&realpathname[strlen(realpathname)] <= tptr) {
26456 if ((mkdir(realpathname, 0777)) < 0) {
26457 if (errno != EEXIST)
26458 ArgusLog (LOG_ERR, "mkdir: %s %s\n", realpathname, strerror(errno));
26459 }
26460 realpathname[strlen(realpathname)] = '/';
26461 }
26462 *tptr = '/';
26463 }
26464 }
26465
26466 if ((fd = fopen (file, "a+")) == NULL)
26467 ArgusLog (LOG_ERR, "setArgusWfile open %s %s", file, strerror(errno));
26468 } else
26469 ArgusLog (LOG_ERR, "setArgusWfile open %s %s", file, strerror(errno));
26470 }
26471
26472 if (fd != NULL) {
26473 fclose (fd);
26474 bzero (realpathname, PATH_MAX);
26475 if ((ptr = realpath (file, realpathname)) == NULL)
26476 ArgusLog (LOG_ERR, "setArgusWfile, realpath %s %s", file, strerror(errno));
26477 else
26478 ptr = strdup(ptr);
26479 unlink(file);
26480 }
26481 break;
26482 }
26483
26484 default:
26485 ArgusLog (LOG_ERR, "%s %s", file, strerror(errno));
26486 break;
26487 }
26488
26489 } else {
26490 bzero (realpathname, PATH_MAX);
26491 if ((ptr = realpath (file, realpathname)) == NULL)
26492 ArgusLog (LOG_ERR, "setArgusWfile, realpath %s %s", file, strerror(errno));
26493 else
26494 ptr = strdup(ptr);
26495 }
26496 /*
26497 So do we remove the file and start anew, or are we appending to the data?
26498 This is a tough one, but the tradition is to append so lets do that.
26499
26500 unlink (ptr);
26501 */
26502
26503 } else
26504 ptr = strdup(file);
26505
26506 } else
26507 ptr = strdup(file);
26508
26509 if ((wfile = (struct ArgusWfileStruct *) ArgusCalloc (1, sizeof (*wfile))) != NULL) {
26510 ArgusPushFrontList(parser->ArgusWfileList, (struct ArgusListRecord *)wfile, ARGUS_LOCK);
26511
26512 wfile->filename = ptr;
26513
26514 if (filter) {
26515 wfile->filterstr = strdup(filter);
26516
26517 if (ArgusFilterCompile (&wfile->filter, wfile->filterstr, ArgusParser->Oflag) < 0)
26518 ArgusLog (LOG_ERR, "setArgusWfile: ArgusFilterCompile returned error");
26519 }
26520
26521 if (parser->exceptfile != NULL)
26522 if (!(strcmp(file, parser->exceptfile)))
26523 parser->exceptfile = ptr;
26524
26525 } else
26526 ArgusLog (LOG_ERR, "setArgusWfile, ArgusCalloc %s", strerror(errno));
26527
26528 } else
26529 ArgusLog (LOG_ERR, "setArgusWfile, file is null");
26530 }
26531
26532 void
ArgusProcessLabelOptions(struct ArgusParserStruct * parser,char * label)26533 ArgusProcessLabelOptions(struct ArgusParserStruct *parser, char *label)
26534 {
26535 if (label != NULL) {
26536 char buf[1024];
26537 int retn, options;
26538
26539 bzero(buf, sizeof(buf));
26540 while (isspace((int) *label)) label++;
26541 if (*label == '\"') {
26542 char *ptr = &label[strlen(label)];
26543 while (*ptr != '\"') ptr--;
26544 if (ptr != label)
26545 *ptr = '\0';
26546 label++;
26547 }
26548
26549 #if defined(ARGUS_PCRE)
26550 options = 0;
26551 #else
26552 options = REG_EXTENDED | REG_NOSUB;
26553 #if defined(REG_ENHANCED)
26554 options |= REG_ENHANCED;
26555 #endif
26556 #endif
26557 if (parser->iflag)
26558 options |= REG_ICASE;
26559
26560 if ((retn = regcomp(&parser->lpreg, label, options)) != 0) {
26561 char errbuf[MAXSTRLEN];
26562 if (regerror(retn, &parser->lpreg, errbuf, MAXSTRLEN))
26563 ArgusLog (LOG_ERR, "ArgusProcessLabelOption: label regex error %s", errbuf);
26564 }
26565 }
26566 }
26567
26568
26569 #define RA_ADD_OPTION 2
26570 #define RA_SUB_OPTION 3
26571
26572 /*
26573 #define ARGUS_TRANSPORT_INDEX 0
26574 #define ARGUS_FLOW_INDEX 1
26575 #define ARGUS_TIME_INDEX 2
26576 #define ARGUS_METRIC_INDEX 3
26577 #define ARGUS_AGR_INDEX 4
26578 #define ARGUS_FRAG_INDEX 5
26579 #define ARGUS_NETWORK_INDEX 5
26580 #define ARGUS_VLAN_INDEX 6
26581 #define ARGUS_MPLS_INDEX 7
26582 #define ARGUS_JITTER_INDEX 8
26583 #define ARGUS_IPATTR_INDEX 9
26584 #define ARGUS_PSIZE_INDEX 10
26585 #define ARGUS_SRCUSERDATA_INDEX 11
26586 #define ARGUS_DSTUSERDATA_INDEX 12
26587 #define ARGUS_MAC_INDEX 13
26588 #define ARGUS_ICMP_INDEX 14
26589 #define ARGUS_ENCAPS_INDEX 15
26590 #define ARGUS_TIME_ADJ_INDEX 16
26591 #define ARGUS_BEHAVIOR_INDEX 17
26592 #define ARGUS_HISTO_INDEX 18
26593 #define ARGUS_COR_INDEX 18
26594 #define ARGUS_COCODE_INDEX 19
26595 #define ARGUS_LABEL_INDEX 20
26596 #define ARGUS_ASN_INDEX 21
26597 */
26598
26599 char *ArgusDSRKeyWords[ARGUSMAXDSRTYPE] = {
26600 "trans",
26601 "flow",
26602 "time",
26603 "metric",
26604 "agr",
26605 "net",
26606 "vlan",
26607 "mpls",
26608 "jitter",
26609 "ipattr",
26610 "psize",
26611 "suser",
26612 "duser",
26613 "mac",
26614 "icmp",
26615 "encaps",
26616 "tadj",
26617 "behavior",
26618 "cor",
26619 "cocode",
26620 "label",
26621 "asn",
26622 };
26623
26624
26625 void ArgusProcessStripOptions(struct ArgusParserStruct *, char *);
26626
26627 void
ArgusProcessStripOptions(struct ArgusParserStruct * parser,char * options)26628 ArgusProcessStripOptions(struct ArgusParserStruct *parser, char *options)
26629 {
26630 if (options != NULL) {
26631 int x, RaOptionOperation, setValue = 0;
26632 int ArgusFirstMOptionField = 1;
26633 char *ptr = options, *tok;
26634
26635 while ((tok = strtok(ptr, " ,")) != NULL) {
26636 if (*tok == '-') {
26637 if (ArgusFirstMOptionField) {
26638 for (x = 0; x < ARGUSMAXDSRTYPE; x++)
26639 parser->ArgusDSRFields[x] = 1;
26640 ArgusFirstMOptionField = 0;
26641 }
26642 ptr = tok + 1;
26643 RaOptionOperation = RA_SUB_OPTION;
26644 } else
26645 if (*tok == '+') {
26646 if (ArgusFirstMOptionField) {
26647 for (x = 0; x < ARGUSMAXDSRTYPE; x++)
26648 parser->ArgusDSRFields[x] = 1;
26649 ArgusFirstMOptionField = 0;
26650 }
26651 ptr = tok + 1;
26652 RaOptionOperation = RA_ADD_OPTION;
26653 } else {
26654 if (ArgusFirstMOptionField) {
26655 bzero ((char *) parser->ArgusDSRFields, sizeof(parser->ArgusDSRFields));
26656 ArgusFirstMOptionField = 0;
26657 }
26658 ptr = tok;
26659 RaOptionOperation = RA_ADD_OPTION;
26660 }
26661
26662 setValue = (RaOptionOperation == RA_ADD_OPTION) ? RA_ADD_OPTION : 0;
26663
26664 for (x = 0; x < ARGUSMAXDSRTYPE; x++) {
26665 if (strlen(ArgusDSRKeyWords[x])) {
26666 if (!strncmp (ArgusDSRKeyWords[x], ptr, strlen(ArgusDSRKeyWords[x]))) {
26667 parser->ArgusDSRFields[x] = setValue;
26668 break;
26669 }
26670 }
26671 }
26672 ptr = NULL;
26673 }
26674 }
26675
26676 #ifdef ARGUSDEBUG
26677 ArgusDebug (2, "ArgusProcessStripOptions (0x%x, %s)", parser, options);
26678 #endif
26679 }
26680
26681
26682
26683 void ArgusProcessSOptions(struct ArgusParserStruct *);
26684
26685 void
ArgusProcessSOptions(struct ArgusParserStruct * parser)26686 ArgusProcessSOptions(struct ArgusParserStruct *parser)
26687 {
26688 int i, x, RaOptionOperation, RaOptionRank;
26689 char *soption = NULL, *ptr = NULL;
26690 char *endptr = NULL;
26691 int value = 0;
26692
26693 if ((soption = parser->RaPrintOptionStrings[0]) != NULL) {
26694 if (!((*soption == '+') || (*soption == '-'))) {
26695 x = 0;
26696 while (parser->RaPrintAlgorithmList[x] != NULL) {
26697 ArgusFree(parser->RaPrintAlgorithmList[x]);
26698 parser->RaPrintAlgorithmList[x] = NULL;
26699 x++;
26700 }
26701 } else {
26702 x = 0;
26703 if (parser->RaPrintAlgorithmList[0] == NULL) {
26704 while (RaPrintAlgorithms[x]) {
26705 for (i = 0; i < MAX_PRINT_ALG_TYPES; i++) {
26706 if (RaPrintAlgorithmTable[i].print == RaPrintAlgorithms[x]) {
26707 if ((parser->RaPrintAlgorithmList[x] = ArgusCalloc(1, sizeof(*parser->RaPrintAlgorithm))) == NULL)
26708 ArgusLog (LOG_ERR, "ArgusCalloc error %s", strerror(errno));
26709
26710 bcopy(&RaPrintAlgorithmTable[i], parser->RaPrintAlgorithmList[x], sizeof(*parser->RaPrintAlgorithm));
26711 }
26712 }
26713 x++;
26714 }
26715 }
26716 }
26717 }
26718
26719 for (i = 0; i < ARGUS_MAX_S_OPTIONS; i++) {
26720 int RaNewLength = 0, RaNewIndex = 0;
26721 char *RaNewFormat = NULL;
26722
26723 if ((soption = parser->RaPrintOptionStrings[i]) != NULL) {
26724 int found = 0;
26725 RaOptionOperation = RA_ADD_OPTION;
26726 RaOptionRank = -1;
26727 if ((*soption == '+') || (*soption == '-')) {
26728 if (*soption == '-')
26729 RaOptionOperation = RA_SUB_OPTION;
26730
26731 soption++;
26732 if (isdigit((int)*soption)) {
26733 sscanf(soption, "%d", &RaOptionRank);
26734 while(isdigit((int)*soption)) soption++;
26735 }
26736 }
26737
26738 /* format is field[index,index-index]:len:format */
26739
26740 if ((ptr = strchr(soption, '[')) != NULL) {
26741 char *cptr = NULL;
26742 int sind = -1, dind = -1;
26743 *ptr++ = '\0';
26744 while (*ptr != ']') {
26745 if (isdigit((int)*ptr)) {
26746 dind = strtol(ptr, (char **)&cptr, 10);
26747 if (cptr == ptr)
26748 usage ();
26749
26750 if (sind < 0)
26751 sind = dind;
26752
26753 for (x = sind; x <= dind; x++)
26754 RaNewIndex |= 0x01 << x;
26755
26756 ptr = cptr;
26757 if (*ptr != ']')
26758 ptr++;
26759 if (*cptr != '-')
26760 sind = -1;
26761 } else
26762 usage ();
26763 }
26764
26765 } else
26766 ptr = soption;
26767
26768 if ((ptr = strchr(soption, ':')) != NULL) {
26769 char *sptr = NULL;
26770 *ptr++ = '\0';
26771
26772 if (isdigit((int)*ptr) || (*ptr == '-')) {
26773 if ((RaNewLength = strtol(ptr, &endptr, 10)) == 0)
26774 if (endptr == ptr)
26775 usage();
26776
26777 if (RaNewLength < 1)
26778 ArgusLog (LOG_ERR, "-s %s:%d length must be greater than 0\n", soption, RaNewLength);
26779 }
26780
26781 if ((sptr = strchr(ptr, ':')) != NULL) {
26782 *sptr++ = '\0';
26783 RaNewFormat = sptr;
26784 }
26785 }
26786
26787 if ((ptr = strchr(soption, '/')) != NULL) {
26788 *ptr++ = '\0';
26789 if ((value = strtol(ptr, &endptr, 10)) == 0)
26790 if (endptr == ptr)
26791 usage();
26792 }
26793
26794 if (!(strncmp("rec", soption, 3))) {
26795 switch (RaOptionOperation) {
26796 case RA_ADD_OPTION: ArgusSOptionRecord = 1; break;
26797 case RA_SUB_OPTION: ArgusSOptionRecord = 0; break;
26798 }
26799 } else {
26800 for (x = 0; x < MAX_PRINT_ALG_TYPES; x++) {
26801 if (strlen(RaPrintAlgorithmTable[x].field)) {
26802 if (!strcmp (RaPrintAlgorithmTable[x].field, soption)) {
26803 if (RaNewLength) {
26804 RaPrintAlgorithmTable[x].length = RaNewLength;
26805 }
26806 if (RaNewIndex) {
26807 RaPrintAlgorithmTable[x].index = RaNewIndex;
26808 }
26809 if (RaNewFormat) {
26810 RaPrintAlgorithmTable[x].format = strdup(RaNewFormat);
26811 }
26812 switch (RaOptionOperation) {
26813 case RA_ADD_OPTION:
26814 if (RaOptionRank == -1) {
26815 int z = 0;
26816 while (parser->RaPrintAlgorithmList[z] != NULL) z++;
26817 if (z < ARGUS_MAX_PRINT_ALG) {
26818 if ((parser->RaPrintAlgorithmList[z] = ArgusCalloc(1, sizeof(RaPrintAlgorithmTable[x]))) == NULL)
26819 ArgusLog (LOG_ERR, "ArgusCalloc error %s", strerror(errno));
26820 bcopy(&RaPrintAlgorithmTable[x], parser->RaPrintAlgorithmList[z], sizeof (RaPrintAlgorithmTable[x]));
26821 }
26822 } else {
26823 int z = RaOptionRank;
26824 while (parser->RaPrintAlgorithmList[z] != NULL) z++;
26825 while (z != RaOptionRank) {
26826 parser->RaPrintAlgorithmList[z] = parser->RaPrintAlgorithmList[z - 1];
26827 parser->RaPrintAlgorithmList[z - 1] = NULL;
26828 z--;
26829 }
26830 if ((parser->RaPrintAlgorithmList[z] = ArgusCalloc(1, sizeof(RaPrintAlgorithmTable[x]))) == NULL)
26831 ArgusLog (LOG_ERR, "ArgusCalloc error %s", strerror(errno));
26832 bcopy(&RaPrintAlgorithmTable[x], parser->RaPrintAlgorithmList[z], sizeof (RaPrintAlgorithmTable[x]));
26833 }
26834 break;
26835
26836 case RA_SUB_OPTION: {
26837 for (RaOptionRank = 0; RaOptionRank < ARGUS_MAX_PRINT_ALG; RaOptionRank++)
26838 if ((parser->RaPrintAlgorithmList[RaOptionRank] != NULL) &&
26839 (parser->RaPrintAlgorithmList[RaOptionRank]->print == RaPrintAlgorithmTable[x].print))
26840 break;
26841
26842 if (RaOptionRank < ARGUS_MAX_PRINT_ALG) {
26843 parser->RaPrintAlgorithmList[RaOptionRank] = NULL;
26844
26845 while (RaOptionRank < (ARGUS_MAX_PRINT_ALG - 1)) {
26846 parser->RaPrintAlgorithmList[RaOptionRank] =
26847 parser->RaPrintAlgorithmList[RaOptionRank + 1];
26848 RaOptionRank++;
26849 }
26850 }
26851 break;
26852 }
26853 }
26854 found++;
26855 break;
26856 }
26857 }
26858 }
26859 }
26860
26861 } else
26862 break;
26863 }
26864 }
26865
26866
26867 /*
26868 * Copy arg vector into a new argus_strbuffer, concatenating arguments with spaces.
26869 */
26870
26871 char *
ArgusCopyArgv(char ** argv)26872 ArgusCopyArgv(char **argv)
26873 {
26874 char *retn = NULL, **p;
26875 char *src, *dst;
26876 int len = 0;
26877
26878 p = argv;
26879 if (*p == 0)
26880 return 0;
26881
26882 while (*p)
26883 len += strlen(*p++) + 1;
26884
26885 retn = (char *) malloc (len);
26886
26887 p = argv;
26888 dst = retn;
26889 while ((src = *p++) != NULL) {
26890 while ((*dst++ = *src++) != '\0')
26891 ;
26892 dst[-1] = ' ';
26893 }
26894 dst[-1] = '\0';
26895
26896 return retn;
26897 }
26898
26899
26900
26901 unsigned int
ArgusIndexV2Record(struct ArgusV2Record * argus,struct ArgusV2FarHeaderStruct ** hdrs)26902 ArgusIndexV2Record (struct ArgusV2Record *argus, struct ArgusV2FarHeaderStruct **hdrs)
26903 {
26904 unsigned int retn = 0;
26905 struct ArgusV2FarHeaderStruct *far = (struct ArgusV2FarHeaderStruct *) &argus->argus_far;
26906 unsigned int length = argus->ahdr.length - sizeof(argus->ahdr);
26907 unsigned int farlen;
26908
26909 bzero ((char *) hdrs, 32 * sizeof(struct ArgusFarHeaderStruct *));
26910
26911 if (argus->ahdr.type & ARGUS_V2_FAR) {
26912 while ((length > 0) && (far->length > 0) && (length >= far->length)) {
26913 switch (far->type) {
26914 case ARGUS_V2_FAR:
26915 if (retn & ARGUS_V2_FAR_DSR_STATUS)
26916 return (retn);
26917 retn |= ARGUS_V2_FAR_DSR_STATUS;
26918 hdrs[ARGUS_V2_FAR_DSR_INDEX] = far;
26919 break;
26920 case ARGUS_V2_MAC_DSR:
26921 if (retn & ARGUS_V2_MAC_DSR_STATUS)
26922 return (retn);
26923 retn |= ARGUS_V2_MAC_DSR_STATUS;
26924 hdrs[ARGUS_V2_MAC_DSR_INDEX] = far;
26925 break;
26926 case ARGUS_V2_VLAN_DSR:
26927 if (retn & ARGUS_V2_VLAN_DSR_STATUS)
26928 return (retn);
26929 retn |= ARGUS_V2_VLAN_DSR_STATUS;
26930 hdrs[ARGUS_V2_VLAN_DSR_INDEX] = far;
26931 break;
26932 case ARGUS_V2_MPLS_DSR:
26933 if (retn & ARGUS_V2_MPLS_DSR_STATUS)
26934 return (retn);
26935 retn |= ARGUS_V2_MPLS_DSR_STATUS;
26936 hdrs[ARGUS_V2_MPLS_DSR_INDEX] = far;
26937 break;
26938 case ARGUS_V2_AGR_DSR:
26939 if (retn & ARGUS_V2_AGR_DSR_STATUS)
26940 return (retn);
26941 retn |= ARGUS_V2_AGR_DSR_STATUS;
26942 hdrs[ARGUS_V2_AGR_DSR_INDEX] = far;
26943 break;
26944 case ARGUS_V2_TIME_DSR:
26945 if (retn & ARGUS_V2_TIME_DSR_STATUS)
26946 return (retn);
26947 retn |= ARGUS_V2_TIME_DSR_STATUS;
26948 hdrs[ARGUS_V2_TIME_DSR_INDEX] = far;
26949 break;
26950 case ARGUS_V2_SRCUSRDATA_DSR:
26951 if (retn & ARGUS_V2_SRCUSRDATA_DSR_STATUS)
26952 return (retn);
26953 retn |= ARGUS_V2_SRCUSRDATA_DSR_STATUS;
26954 hdrs[ARGUS_V2_SRCUSRDATA_DSR_INDEX] = far;
26955 break;
26956 case ARGUS_V2_DSTUSRDATA_DSR:
26957 if (retn & ARGUS_V2_DSTUSRDATA_DSR_STATUS)
26958 return (retn);
26959 retn |= ARGUS_V2_DSTUSRDATA_DSR_STATUS;
26960 hdrs[ARGUS_V2_DSTUSRDATA_DSR_INDEX] = far;
26961 break;
26962 case ARGUS_V2_TCP_DSR:
26963 if (retn & ARGUS_V2_TCP_DSR_STATUS)
26964 return (retn);
26965 retn |= ARGUS_V2_TCP_DSR_STATUS;
26966 hdrs[ARGUS_V2_TCP_DSR_INDEX] = far;
26967 break;
26968 case ARGUS_V2_ICMP_DSR:
26969 if (retn & ARGUS_V2_ICMP_DSR_STATUS)
26970 return (retn);
26971 retn |= ARGUS_V2_ICMP_DSR_STATUS;
26972 hdrs[ARGUS_V2_ICMP_DSR_INDEX] = far;
26973 break;
26974 case ARGUS_V2_RTP_DSR:
26975 if (retn & ARGUS_V2_RTP_DSR_STATUS)
26976 return (retn);
26977 retn |= ARGUS_V2_RTP_DSR_STATUS;
26978 hdrs[ARGUS_V2_RTP_DSR_INDEX] = far;
26979 break;
26980 case ARGUS_V2_IGMP_DSR:
26981 if (retn & ARGUS_V2_IGMP_DSR_STATUS)
26982 return (retn);
26983 retn |= ARGUS_V2_IGMP_DSR_STATUS;
26984 hdrs[ARGUS_V2_IGMP_DSR_INDEX] = far;
26985 break;
26986 case ARGUS_V2_ARP_DSR:
26987 if (retn & ARGUS_V2_ARP_DSR_STATUS)
26988 return (retn);
26989 retn |= ARGUS_V2_ARP_DSR_STATUS;
26990 hdrs[ARGUS_V2_ARP_DSR_INDEX] = far;
26991 break;
26992 case ARGUS_V2_FRG_DSR:
26993 if (retn & ARGUS_V2_FRG_DSR_STATUS)
26994 return (retn);
26995 retn |= ARGUS_V2_FRG_DSR_STATUS;
26996 hdrs[ARGUS_V2_FRG_DSR_INDEX] = far;
26997 break;
26998 case ARGUS_V2_ESP_DSR:
26999 if (retn & ARGUS_V2_ESP_DSR_STATUS)
27000 return (retn);
27001 retn |= ARGUS_V2_ESP_DSR_STATUS;
27002 hdrs[ARGUS_V2_ESP_DSR_INDEX] = far;
27003 break;
27004 }
27005
27006 if ((farlen = far->length) == 0)
27007 break;
27008
27009 if ((far->type == ARGUS_V2_SRCUSRDATA_DSR) ||
27010 (far->type == ARGUS_V2_DSTUSRDATA_DSR))
27011 farlen = farlen * 4;
27012
27013 length -= farlen;
27014 far = (struct ArgusV2FarHeaderStruct *)((char *)far + farlen);
27015 }
27016 }
27017
27018 #ifdef ARGUSDEBUG
27019 ArgusDebug (10, "ArgusIndexRecord (0x%x, 0x%x) returns 0x%x", argus, hdrs, retn);
27020 #endif
27021
27022 return (retn);
27023 }
27024
27025
27026
27027 void
ArgusParseInit(struct ArgusParserStruct * parser,struct ArgusInput * input)27028 ArgusParseInit (struct ArgusParserStruct *parser, struct ArgusInput *input)
27029 {
27030 // int fd = 0;
27031
27032 if (input != NULL) {
27033 // fd = input->fd;
27034
27035 input->ArgusLocalNet = htonl(input->ArgusInitCon.argus_mar.localnet);
27036 input->ArgusNetMask = htonl(input->ArgusInitCon.argus_mar.netmask);
27037
27038 bcopy((char *)&input->ArgusInitCon, (char *)&parser->ArgusInitCon, sizeof(input->ArgusInitCon));
27039
27040 input->ArgusLastTime = parser->ArgusRealTime;
27041 input->ArgusMarInterval = ntohs(input->ArgusInitCon.argus_mar.argusMrInterval);
27042
27043 if (input->ArgusReadBuffer != NULL) {
27044 ArgusFree(input->ArgusReadBuffer);
27045 input->ArgusReadBuffer = NULL;
27046 }
27047
27048 if (input->ArgusConvBuffer != NULL) {
27049 ArgusFree(input->ArgusConvBuffer);
27050 input->ArgusConvBuffer = NULL;
27051 }
27052
27053 switch (input->type) {
27054 case ARGUS_SFLOW_DATA_SOURCE:
27055 case ARGUS_JFLOW_DATA_SOURCE:
27056 case ARGUS_CISCO_DATA_SOURCE: {
27057 if ((input->ArgusReadBuffer = (u_char *)ArgusCalloc (1, ARGUS_MAX_STREAM)) == NULL)
27058 ArgusLog (LOG_ERR, "ArgusCalloc error %s", strerror(errno));
27059
27060 input->ArgusBufferLen = ARGUS_MAX_STREAM;
27061
27062 if (parser->ArgusActiveHosts) {
27063 input->ArgusReadSocketState = ARGUS_READINGDATAGRAM;
27064 input->ArgusReadSize = MAXARGUSRECORD;
27065 input->ArgusReadSocketSize = MAXARGUSRECORD;
27066 }
27067
27068 if (parser->ArgusInputFileList) {
27069 input->ArgusReadSocketState = ARGUS_READINGPREHDR;
27070 input->ArgusReadSize = 4;
27071 }
27072
27073 if ((input->ArgusConvBuffer = (u_char *)ArgusCalloc (1, MAXARGUSRECORD)) == NULL)
27074 ArgusLog (LOG_ERR, "ArgusCalloc error %s", strerror(errno));
27075
27076 break;
27077 }
27078
27079 case ARGUS_DATA_SOURCE:
27080 case ARGUS_V2_DATA_SOURCE: {
27081 if ((input->ArgusReadBuffer = (u_char *)ArgusCalloc (1, ARGUS_MAX_STREAM)) == NULL)
27082 ArgusLog (LOG_ERR, "ArgusCalloc error %s", strerror(errno));
27083 input->ArgusBufferLen = ARGUS_MAX_STREAM;
27084
27085 if ((input->ArgusConvBuffer = (u_char *)ArgusCalloc (1, MAXARGUSRECORD)) == NULL)
27086 ArgusLog (LOG_ERR, "ArgusCalloc error %s", strerror(errno));
27087
27088 #ifdef ARGUS_SASL
27089 if (input->ArgusSaslBuffer != NULL)
27090 ArgusFree(input->ArgusSaslBuffer);
27091
27092 if ((input->ArgusSaslBuffer = (u_char *)ArgusCalloc (1, ARGUS_MAX_STREAM)) == NULL)
27093 ArgusLog (LOG_ERR, "ArgusCalloc error %s", strerror(errno));
27094 #endif /* ARGUS_SASL */
27095
27096 if (input->major_version > 2) {
27097 input->ArgusReadSocketState = ARGUS_READINGHDR;
27098 input->ArgusReadSocketSize = (input->ArgusReadSize < 0) ?
27099 sizeof(struct ArgusRecordHeader) : input->ArgusReadSize;
27100
27101 } else
27102 if (input->major_version > 1) {
27103 input->ArgusReadSocketState = ARGUS_READINGHDR;
27104 input->ArgusReadSocketSize = (input->ArgusReadSize < 0) ?
27105 sizeof(struct ArgusV2RecordHeader) : input->ArgusReadSize;
27106
27107 } else {
27108 input->ArgusReadSocketState = ARGUS_READINGBLOCK;
27109 input->ArgusReadSize = 60;
27110 }
27111 }
27112 }
27113
27114 input->ArgusReadPtr = input->ArgusReadBuffer;
27115 input->ArgusConvPtr = input->ArgusConvBuffer;
27116 }
27117
27118 if (!(ArgusParseInited++)) {
27119 if (input)
27120 ArgusInitAddrtoname (parser, input->ArgusLocalNet, input->ArgusNetMask);
27121 else
27122 ArgusInitAddrtoname (parser, 0L, 0L);
27123 }
27124
27125 #ifdef ARGUSDEBUG
27126 if (input) {
27127 ArgusDebug (2, "ArgusParseInit(%p %p\n", parser, input);
27128 } else
27129 ArgusDebug (2, "ArgusParseInit(%p, NULL)", parser);
27130 #endif
27131 }
27132
27133 /*
27134 * this is a generic routine for printing unknown data;
27135 * we pass on the linefeed plus indentation string to
27136 * get a proper output - returns 0 on error
27137 */
27138
27139 int
print_unknown_data(const u_char * cp,const char * ident,int len)27140 print_unknown_data(const u_char *cp, const char *ident, int len)
27141 {
27142 hex_print((const u_char *)ident,cp,len);
27143 return(1); /* everything is ok */
27144 }
27145
27146 /*
27147 * print 128-bit integers into buffer.
27148 */
27149
27150 void
sprint128(char * buf,char * format,uint128 * t)27151 sprint128(char *buf, char *format, uint128 *t)
27152 {
27153 uint128 nbuf, *n = &nbuf;
27154 int d[39] = {0}, i, j, x, sign = 1;
27155
27156 n->high = ntohll(t->high);
27157 n->low = ntohll(t->low);
27158
27159 if (format[strlen(format) - 1] == 'x') {
27160 sprintf(buf, "0x%016llx%016llx", (unsigned long long) n->high, (unsigned long long) n->low);
27161
27162 } else {
27163 if (format[strlen(format) - 1] == 'd') {
27164 if (n->high >> 63) {
27165 sign = -1;
27166 n->high = n->high & 0x7FFFFFFFFFFFFFFFLL;
27167 }
27168 }
27169
27170 for (i = 63; i > -1; i--) {
27171 if ((n->high >> i) & 1) d[0]++;
27172 for (j = 0; j < 39; j++) d[j] *= 2;
27173 for (j = 0; j < 38; j++) d[j+1] += d[j]/10, d[j] %= 10;
27174 }
27175 for (i = 63; i > -1; i--) {
27176 if ((n->low >> i) & 1) d[0]++;
27177 if (i > 0) for (j = 0; j < 39; j++) d[j] *= 2;
27178 for (j = 0; j < 38; j++) d[j+1] += d[j]/10, d[j] %= 10;
27179 }
27180 for (i = 38; i > 0; i--) if (d[i] > 0) break;
27181
27182 x = 0;
27183 if (sign < 0) buf[x++] = '-';
27184 for (; i > -1; i--) {
27185 sprintf(&buf[x++], "%c", '0'+d[i]);
27186 }
27187 buf[x] = '\0';
27188 }
27189 }
27190
27191
27192 /*
27193 * Convert a token value to a string; use "fmt" if not found.
27194 */
27195 const char *
tok2str(const struct tok * lp,const char * fmt,int v)27196 tok2str(const struct tok *lp, const char *fmt, int v)
27197 {
27198 static char buf[128];
27199
27200 while (lp->s != NULL) {
27201 if (lp->v == v)
27202 return (lp->s);
27203 ++lp;
27204 }
27205 if (fmt == NULL)
27206 fmt = "#%d";
27207 (void)snprintf(buf, sizeof(buf), fmt, v);
27208 return (buf);
27209 }
27210
27211 /*
27212 * Convert a bit token value to a string; use "fmt" if not found.
27213 * this is useful for parsing bitfields, the output strings are comma seperated
27214 */
27215
27216 char *
bittok2str(const struct tok * lp,const char * fmt,int v)27217 bittok2str(const struct tok *lp, const char *fmt, int v)
27218 {
27219 static char buf[256]; /* our stringbuffer */
27220 int buflen=0;
27221 int rotbit; /* this is the bit we rotate through all bitpositions */
27222 int tokval;
27223
27224 while (lp->s != NULL) {
27225 tokval=lp->v; /* load our first value */
27226 rotbit=1;
27227 while (rotbit != 0) {
27228 /*
27229 * lets AND the rotating bit with our token value
27230 * and see if we have got a match
27231 */
27232 if (tokval == (v&rotbit)) {
27233 /* ok we have found something */
27234 buflen+=snprintf(buf+buflen, sizeof(buf)-buflen, "%s, ",lp->s);
27235 break;
27236 }
27237 rotbit=rotbit<<1; /* no match - lets shift and try again */
27238 }
27239 lp++;
27240 }
27241
27242 if (buflen != 0) { /* did we find anything */
27243 /* yep, set the the trailing zero 2 bytes before to eliminate the last comma & whitespace */
27244 buf[buflen-2] = '\0';
27245 return (buf);
27246 } else {
27247 /* bummer - lets print the "unknown" message as advised in the fmt string if we got one */
27248 if (fmt == NULL)
27249 fmt = "#%d";
27250 (void)snprintf(buf, sizeof(buf), fmt, v);
27251 return (buf);
27252 }
27253 }
27254
27255
27256 #define ASCII_LINELENGTH 300
27257 #define HEXDUMP_BYTES_PER_LINE 16
27258 #define HEXDUMP_SHORTS_PER_LINE (HEXDUMP_BYTES_PER_LINE / 2)
27259 #define HEXDUMP_HEXSTUFF_PER_SHORT 5
27260 #define HEXDUMP_HEXSTUFF_PER_LINE (HEXDUMP_HEXSTUFF_PER_SHORT * HEXDUMP_SHORTS_PER_LINE)
27261
27262 void
hex_print_with_offset(const u_char * ident,const u_char * cp,u_int length,u_int oset)27263 hex_print_with_offset(const u_char *ident, const u_char *cp, u_int length, u_int oset)
27264 {
27265 u_int i, s;
27266 int nshorts;
27267
27268 nshorts = (u_int) length / sizeof(u_short);
27269 i = 0;
27270 while (--nshorts >= 0) {
27271 if ((i++ % 8) == 0) {
27272 (void)printf("%s0x%04x: ", ident, oset);
27273 oset += HEXDUMP_BYTES_PER_LINE;
27274 }
27275 s = *cp++;
27276 (void)printf(" %02x%02x", s, *cp++);
27277 }
27278 if (length & 1) {
27279 if ((i % 8) == 0)
27280 (void)printf("%s0x%04x: ", ident, oset);
27281 (void)printf(" %02x", *cp);
27282 }
27283 }
27284
27285 /*
27286 * just for completeness
27287 */
27288 void
hex_print(const u_char * ident,const u_char * cp,u_int length)27289 hex_print(const u_char *ident, const u_char *cp, u_int length)
27290 {
27291 hex_print_with_offset(ident, cp, length, 0);
27292 }
27293
27294 /*
27295 * Print a relative number of seconds (e.g. hold time, prune timer)
27296 * in the form 5m1s. This does no truncation, so 32230861 seconds
27297 * is represented as 1y1w1d1h1m1s.
27298 */
27299 void
relts_print(char * buf,int secs)27300 relts_print(char *buf, int secs)
27301 {
27302 static const char *lengths[] = {"y", "w", "d", "h", "m", "s"};
27303 static const int seconds[] = {31536000, 604800, 86400, 3600, 60, 1};
27304 const char **l = lengths;
27305 const int *s = seconds;
27306
27307 if (secs == 0) {
27308 (void)sprintf(&buf[strlen(buf)], "0s");
27309 return;
27310 }
27311 if (secs < 0) {
27312 (void)sprintf(&buf[strlen(buf)], "-");
27313 secs = -secs;
27314 }
27315 while (secs > 0) {
27316 if (secs >= *s) {
27317 (void)sprintf(&buf[strlen(buf)], "%d%s", secs / *s, *l);
27318 secs -= (secs / *s) * *s;
27319 }
27320 s++;
27321 l++;
27322 }
27323 }
27324
27325 char *
ArgusAbbreviateMetric(struct ArgusParserStruct * parser,char * buf,int len,double value)27326 ArgusAbbreviateMetric(struct ArgusParserStruct *parser, char *buf, int len, double value)
27327 {
27328 char *retn = buf, *ptr;
27329 int ind = 0;
27330
27331 while (value >= 1000.0) {
27332 value /= 1000.0;
27333 ind++;
27334 }
27335
27336 snprintf (buf, len, "%.03f", value);
27337 if (parser->pflag < 3) {
27338 ptr = strchr(buf, '.');
27339 ptr++;
27340 ptr[parser->pflag] = '\0';
27341 ptr[parser->pflag + 1] = '\0';
27342 }
27343
27344 switch (ind) {
27345 case 0: sprintf (&buf[strlen(buf)], "%c", ' '); break;
27346 case 1: sprintf (&buf[strlen(buf)], "%c", 'K'); break;
27347 case 2: sprintf (&buf[strlen(buf)], "%c", 'M'); break;
27348 case 3: sprintf (&buf[strlen(buf)], "%c", 'G'); break;
27349 case 4: sprintf (&buf[strlen(buf)], "%c", 'T'); break;
27350 case 5: sprintf (&buf[strlen(buf)], "%c", 'P'); break;
27351 case 6: sprintf (&buf[strlen(buf)], "%c", 'E'); break;
27352 case 7: sprintf (&buf[strlen(buf)], "%c", 'Z'); break;
27353 case 8: sprintf (&buf[strlen(buf)], "%c", 'Y'); break;
27354 }
27355
27356 return (retn);
27357 }
27358
27359 char *
ArgusTrimString(char * str)27360 ArgusTrimString (char *str)
27361 {
27362 char *retn = NULL, *ptr = str;
27363
27364 if ((ptr != NULL) && (strlen(ptr) > 0)) {
27365 int len;
27366 while (isspace((int)*ptr)) ptr++;
27367 retn = ptr;
27368
27369 if ((len = strlen(ptr)) > 0)
27370 ptr = &ptr[len - 1];
27371
27372 while ((*ptr != '\0') && (isspace((int)*ptr)) && (ptr != retn))
27373 *ptr-- = '\0';
27374 }
27375 return (retn);
27376 }
27377
27378
27379 #if !defined(HAVE_TIMEGM)
27380 #include <time.h>
27381 #include <stdlib.h>
27382
27383 time_t
timegm(struct tm * tm)27384 timegm (struct tm *tm)
27385 {
27386 time_t retn;
27387 char *tz;
27388
27389 tz = getenv("TZ");
27390 setenv("TZ", "", 1);
27391 tzset();
27392 retn = mktime(tm);
27393 if (tz)
27394 setenv("TZ", tz, 1);
27395 else
27396 unsetenv("TZ");
27397 tzset();
27398 return retn;
27399 }
27400 #endif
27401