1 #include <stdio.h>
2 #include <fcntl.h>
3 #include <sys/param.h>
4 #include <unistd.h>
5 #include <string.h>
6 #include <libgen.h>
7 #include "types.h"
8 #include "convert.h"
9 
10 
buildip(uint32 ipaddr)11 char *buildip (uint32 ipaddr)
12 {
13   static char b[18];
14   unsigned int i1,i2,i3,i4;
15 
16   i1 = ipaddr >> 24 ;
17   i2 = (ipaddr >> 16 ) & 0xff;
18   i3 = (ipaddr >> 8) & 0xff;
19   i4 = ipaddr & 0xff;
20 
21   sprintf(b,"%u.%u.%u.%u",i1,i2,i3,i4);
22   return (b);
23 }
24 
main(int argc,char * argv[])25 int main( int argc, char* argv[] )
26 {
27     int infile, outfile, retval;
28     struct v1header v1head;
29     struct v1tcpflow v1tcpf;
30     struct v1othflow v1othf;
31     struct v4header v4head;
32     struct v4flow   v4flw;
33     u_char flowtype=0; /* tcp, udp, other ... */
34     char outfilename[22];
35 
36 
37     if( argc < 2 ) {
38         printf( "%s <inputfile> \n", argv[0] );
39         exit( 1 );
40     }
41 
42     infile = open( argv[1], O_RDONLY );
43 
44     if( ! infile ) {
45         perror( "while opening input file" );
46         exit( 1 );
47     }
48 
49     if      (0==strncmp(basename(argv[1]),"tcp.",4) ) flowtype=6;
50     else if (0==strncmp(basename(argv[1]),"udp.",4) ) flowtype=17;
51     else if (0==strncmp(basename(argv[1]),"other..",6) ) flowtype=1; /* We should look insiede */
52     else {
53        printf("Unknown Flow:%s\n",argv[1]);
54        exit(1);
55     }
56 
57     printf("%s is %d\n",basename(argv[1]), flowtype );
58 
59     retval = read( infile, &v1head, sizeof( struct v1header ) );
60 
61     if( !retval ) {
62         perror( "while reading header from input file" );
63         exit(1);
64     }
65 
66     sprintf(outfilename,"flow.%lu.s",v1head.starttime);
67     printf("Using %s as outfile\n", outfilename);
68     outfile = open( outfilename , O_RDWR | O_CREAT | O_TRUNC, 0666 );
69 
70     if( ! outfile ) {
71         perror( "while opening output file" );
72         exit (1);
73     }
74 
75 
76     printf( "starttime:%lu  stoptime:%lu nbytes:%qu nflows:%lu npkts:%lu\n",
77             v1head.starttime,
78             v1head.stoptime,
79             v1head.nbytes,
80             v1head.nflows,
81             v1head.npkts );
82 
83     bzero(&v4head,sizeof( struct v4header) );
84     retval = write( outfile, &v4head, sizeof( struct v4header ) );
85     if (!retval) {
86        perror("Write outfile header\n");
87        exit(1);
88     }
89 
90     switch(flowtype) { /* 17,6,1 */
91 
92       case  6:
93       case 17:
94 
95         for(;( retval = read( infile, &v1tcpf, sizeof( struct v1tcpflow ) ) ); ) {
96            v4flw.startoffset = htons(v1tcpf.startoffset);
97            v4flw.endoffset = htons(v1tcpf.endoffset);
98            v4flw.sdpkts = htonl(v1tcpf.pkts) ;
99            v4flw.sdbytes = htonl(v1tcpf.bytes) ;
100            v4flw.dspkts = 0 ;
101            v4flw.dsbytes = 0 ;
102 
103            v4flw.src = v1tcpf.src;
104            v4flw.dst =  v1tcpf.dst ;
105            v4flw.typenr = flowtype;
106            v4flw.tcp.sport = v1tcpf.sport;
107            v4flw.tcp.dport = v1tcpf.dport;
108 
109            write(outfile,&v4flw,sizeof(struct v4flow) );
110 
111            v4head.starttime=htonl(v1head.starttime);
112            if(v4head.stoptime < v4head.starttime+v1tcpf.startoffset)
113               v4head.stoptime=htonl(v4head.starttime+v1tcpf.startoffset);
114 
115            v4head.bytes=v4head.bytes + v1tcpf.bytes;
116            v4head.flows++;
117            v4head.pkts=v4head.pkts+v1tcpf.pkts;
118         }
119         break;
120 
121     case 1:
122 
123         for(;( retval = read( infile, &v1othf, sizeof( struct v1othflow ) ) ); ) {
124            v4flw.startoffset = htons(v1othf.startoffset);
125            v4flw.endoffset = htons(v1othf.endoffset);
126            v4flw.sdpkts = htonl(v1othf.pkts) ;
127            v4flw.sdbytes = htonl(v1othf.bytes) ;
128            v4flw.dspkts = 0 ;
129            v4flw.dsbytes = 0 ;
130 
131            v4flw.src = v1othf.src;
132            v4flw.dst =  v1othf.dst ;
133            v4flw.typenr = v1othf.type;
134 
135            write(outfile,&v4flw,sizeof(struct v4flow) );
136 
137            v4head.starttime=htonl(v1head.starttime);
138            if(v4head.stoptime < v4head.starttime+v1othf.startoffset)
139               v4head.stoptime=htonl(v4head.starttime+v1othf.startoffset);
140 
141            v4head.bytes=v4head.bytes + v1othf.bytes;
142            v4head.flows++;
143            v4head.pkts=v4head.pkts+v1othf.pkts;
144         }
145         break;
146 
147 
148     }
149 
150 
151 
152     close( infile );
153 
154     strncpy(v4head.MagicNr, "NPFF",4 );
155 
156     v4head.MajVersion = 4;
157     v4head.MinVersion = 1;
158 
159     lseek( outfile, 0, SEEK_SET );
160     v4head.bytes = htonq (v4head.bytes);
161     v4head.flows = htonl (v4head.flows);
162     v4head.pkts = htonl (v4head.pkts);
163     write( outfile, &v4head, sizeof( struct v4header ) );
164 
165     close( outfile );
166 
167     return 0;
168 }
169 
170