/* * Copyright (c) 1998-2007 The TCPDUMP project * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code * distributions retain the above copyright notice and this paragraph * in its entirety, and (2) distributions including binary code include * the above copyright notice and this paragraph in its entirety in * the documentation or other materials provided with the distribution. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE. * * The SFLOW protocol as per http://www.sflow.org/developers/specifications.php * * Original code by Carles Kishimoto <carles.kishimoto@gmail.com> */#ifndef lintstatic const char rcsid[] _U_ ="@(#) $Header: /tcpdump/master/tcpdump/print-sflow.c,v 1.1 2007-08-08 17:20:58 hannes Exp $";#endif#ifdef HAVE_CONFIG_H#include "config.h"#endif#include <tcpdump-stdinc.h>#include <stdio.h>#include <stdlib.h>#include <string.h>#include "interface.h"#include "extract.h"#include "addrtoname.h"/*  * sFlow datagram *  * 0                   1                   2                   3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * |                     Sflow version (2,4,5)                     | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * |               IP version (1 for IPv4 | 2 for IPv6)            | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * |                     IP Address AGENT (4 or 16 bytes)          | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * |                          Sub agent ID                         | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * |                      Datagram sequence number                 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * |                      Switch uptime in ms                      | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * |                    num samples in datagram                    | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ *  */struct sflow_datagram_t {    u_int8_t 	version[4];    u_int8_t 	ip_version[4];    u_int8_t 	agent[4];    u_int8_t 	agent_id[4];    u_int8_t 	seqnum[4];    u_int8_t 	uptime[4];    u_int8_t 	samples[4];};struct sflow_sample_header {    u_int8_t	format[4];    u_int8_t	len[4];};#define		SFLOW_FLOW_SAMPLE		1#define		SFLOW_COUNTER_SAMPLE		2#define		SFLOW_EXPANDED_FLOW_SAMPLE	3#define		SFLOW_EXPANDED_COUNTER_SAMPLE	4static const struct tok sflow_format_values[] = {    { SFLOW_FLOW_SAMPLE, "flow sample" },    { SFLOW_COUNTER_SAMPLE, "counter sample" },    { SFLOW_EXPANDED_FLOW_SAMPLE, "expanded flow sample" },    { SFLOW_EXPANDED_COUNTER_SAMPLE, "expanded counter sample" },    { 0, NULL}};struct sflow_expanded_flow_sample_t {    u_int8_t    seqnum[4];    u_int8_t    type[4];    u_int8_t    index[4];    u_int8_t    rate[4];    u_int8_t    pool[4];    u_int8_t    drops[4];    u_int8_t    in_interface_format[4];    u_int8_t    in_interface_value[4];    u_int8_t    out_interface_format[4];    u_int8_t    out_interface_value[4];    u_int8_t    records[4];};#define 	SFLOW_FLOW_RAW_PACKET			1#define 	SFLOW_FLOW_ETHERNET_FRAME		2#define 	SFLOW_FLOW_IPV4_DATA			3#define 	SFLOW_FLOW_IPV6_DATA			4#define 	SFLOW_FLOW_EXTENDED_SWITCH_DATA		1001#define 	SFLOW_FLOW_EXTENDED_ROUTER_DATA		1002#define 	SFLOW_FLOW_EXTENDED_GATEWAY_DATA 	1003#define 	SFLOW_FLOW_EXTENDED_USER_DATA		1004#define 	SFLOW_FLOW_EXTENDED_URL_DATA		1005#define 	SFLOW_FLOW_EXTENDED_MPLS_DATA		1006#define 	SFLOW_FLOW_EXTENDED_NAT_DATA		1007#define 	SFLOW_FLOW_EXTENDED_MPLS_TUNNEL		1008#define 	SFLOW_FLOW_EXTENDED_MPLS_VC		1009#define 	SFLOW_FLOW_EXTENDED_MPLS_FEC		1010#define 	SFLOW_FLOW_EXTENDED_MPLS_LVP_FEC	1011#define 	SFLOW_FLOW_EXTENDED_VLAN_TUNNEL		1012static const struct tok sflow_flow_type_values[] = {    { SFLOW_FLOW_RAW_PACKET, "Raw packet"},    { SFLOW_FLOW_ETHERNET_FRAME, "Ethernet frame"},    { SFLOW_FLOW_IPV4_DATA, "IPv4 Data"},    { SFLOW_FLOW_IPV6_DATA, "IPv6 Data"},    { SFLOW_FLOW_EXTENDED_SWITCH_DATA, "Extended Switch data"},    { SFLOW_FLOW_EXTENDED_ROUTER_DATA, "Extended Router data"},    { SFLOW_FLOW_EXTENDED_GATEWAY_DATA, "Extended Gateway data"},    { SFLOW_FLOW_EXTENDED_USER_DATA, "Extended User data"},    { SFLOW_FLOW_EXTENDED_URL_DATA, "Extended URL data"},    { SFLOW_FLOW_EXTENDED_MPLS_DATA, "Extended MPLS data"},    { SFLOW_FLOW_EXTENDED_NAT_DATA, "Extended NAT data"},    { SFLOW_FLOW_EXTENDED_MPLS_TUNNEL, "Extended MPLS tunnel"},    { SFLOW_FLOW_EXTENDED_MPLS_VC, "Extended MPLS VC"},    { SFLOW_FLOW_EXTENDED_MPLS_FEC, "Extended MPLS FEC"},    { SFLOW_FLOW_EXTENDED_MPLS_LVP_FEC, "Extended MPLS LVP FEC"},    { SFLOW_FLOW_EXTENDED_VLAN_TUNNEL, "Extended VLAN Tunnel"},    { 0, NULL}};#define		SFLOW_HEADER_PROTOCOL_ETHERNET	1#define		SFLOW_HEADER_PROTOCOL_IPV4	11#define		SFLOW_HEADER_PROTOCOL_IPV6	12static const struct tok sflow_flow_raw_protocol_values[] = {    { SFLOW_HEADER_PROTOCOL_ETHERNET, "Ethernet"},    { SFLOW_HEADER_PROTOCOL_IPV4, "IPv4"},    { SFLOW_HEADER_PROTOCOL_IPV6, "IPv6"},    { 0, NULL}};	struct sflow_expanded_flow_raw_t {    u_int8_t    protocol[4];    u_int8_t    length[4];    u_int8_t    stripped_bytes[4];    u_int8_t    header_size[4];};struct sflow_expanded_counter_sample_t {    u_int8_t    seqnum[4];    u_int8_t    type[4];    u_int8_t    index[4];    u_int8_t    records[4];};#define         SFLOW_COUNTER_GENERIC           1#define         SFLOW_COUNTER_ETHERNET          2#define         SFLOW_COUNTER_TOKEN_RING        3#define         SFLOW_COUNTER_BASEVG            4#define         SFLOW_COUNTER_VLAN              5#define         SFLOW_COUNTER_PROCESSOR         1001static const struct tok sflow_counter_type_values[] = {    { SFLOW_COUNTER_GENERIC, "Generic counter"},    { SFLOW_COUNTER_ETHERNET, "Ethernet counter"},    { SFLOW_COUNTER_TOKEN_RING, "Token ring counter"},    { SFLOW_COUNTER_BASEVG, "100 BaseVG counter"},    { SFLOW_COUNTER_VLAN, "Vlan counter"},    { SFLOW_COUNTER_PROCESSOR, "Processor counter"},    { 0, NULL}};#define		SFLOW_IFACE_DIRECTION_UNKNOWN		0#define		SFLOW_IFACE_DIRECTION_FULLDUPLEX	1#define		SFLOW_IFACE_DIRECTION_HALFDUPLEX	2#define		SFLOW_IFACE_DIRECTION_IN		3#define		SFLOW_IFACE_DIRECTION_OUT		4static const struct tok sflow_iface_direction_values[] = {    { SFLOW_IFACE_DIRECTION_UNKNOWN, "unknown"},    { SFLOW_IFACE_DIRECTION_FULLDUPLEX, "full-duplex"},    { SFLOW_IFACE_DIRECTION_HALFDUPLEX, "half-duplex"},    { SFLOW_IFACE_DIRECTION_IN, "in"},    { SFLOW_IFACE_DIRECTION_OUT, "out"},    { 0, NULL}};  struct sflow_generic_counter_t {    u_int8_t    ifindex[4];    u_int8_t    iftype[4];    u_int8_t    ifspeed[8];    u_int8_t    ifdirection[4];	    u_int8_t    ifstatus[4];    u_int8_t    ifinoctets[8];	    u_int8_t    ifinunicastpkts[4];	    u_int8_t    ifinmulticastpkts[4];	    u_int8_t    ifinbroadcastpkts[4];	    u_int8_t    ifindiscards[4];	    u_int8_t    ifinerrors[4];	    u_int8_t    ifinunkownprotos[4];	    u_int8_t    ifoutoctets[8];    u_int8_t    ifoutunicastpkts[4];         u_int8_t    ifoutmulticastpkts[4];       u_int8_t    ifoutbroadcastpkts[4];             u_int8_t    ifoutdiscards[4];                 u_int8_t    ifouterrors[4];            u_int8_t    ifpromiscmode[4];        };struct sflow_ethernet_counter_t {    u_int8_t    alignerrors[4];    u_int8_t    fcserrors[4];    u_int8_t    single_collision_frames[4];    u_int8_t    multiple_collision_frames[4];    u_int8_t    test_errors[4];    u_int8_t    deferred_transmissions[4];    u_int8_t    late_collisions[4];    u_int8_t    excessive_collisions[4];    u_int8_t    mac_transmit_errors[4];    u_int8_t    carrier_sense_errors[4];    u_int8_t    frame_too_longs[4];    u_int8_t    mac_receive_errors[4];    u_int8_t    symbol_errors[4];};struct sflow_100basevg_counter_t {    u_int8_t    in_highpriority_frames[4];    u_int8_t    in_highpriority_octets[8];    u_int8_t    in_normpriority_frames[4];    u_int8_t    in_normpriority_octets[8];    u_int8_t    in_ipmerrors[4];     u_int8_t    in_oversized[4];     u_int8_t    in_data_errors[4];    u_int8_t    in_null_addressed_frames[4];    u_int8_t    out_highpriority_frames[4];    u_int8_t    out_highpriority_octets[8];    u_int8_t    transitioninto_frames[4];    u_int8_t    hc_in_highpriority_octets[8];    u_int8_t    hc_in_normpriority_octets[8];    u_int8_t    hc_out_highpriority_octets[8];};struct sflow_vlan_counter_t {    u_int8_t    vlan_id[4];    u_int8_t    octets[8];    u_int8_t    unicast_pkt[4];    u_int8_t    multicast_pkt[4];    u_int8_t    broadcast_pkt[4];    u_int8_t    discards[4];};voidsflow_print(const u_char *pptr, u_int len) {    const struct sflow_datagram_t *sflow_datagram;    const struct sflow_sample_header *sflow_sample;    const struct sflow_expanded_flow_sample_t *sflow_expanded_flow_sample;    const struct sflow_expanded_flow_raw_t *sflow_flow_raw;    const struct sflow_expanded_counter_sample_t *sflow_expanded_counter_sample;    const struct sflow_generic_counter_t *sflow_gen_counter;    const struct sflow_ethernet_counter_t *sflow_eth_counter;    const struct sflow_100basevg_counter_t *sflow_100basevg_counter;    const struct sflow_vlan_counter_t *sflow_vlan_counter;    const u_char *tptr;    int tlen;    u_int32_t sflow_sample_type, sflow_sample_len;    int nsamples, nrecords, counter_len, counter_type, flow_len, flow_type;    tptr=pptr;    tlen = len;    sflow_datagram = (const struct sflow_datagram_t *)pptr;    TCHECK(*sflow_datagram);    /*     * Sanity checking of the header.     */    if (EXTRACT_32BITS(sflow_datagram->version) != 5) {        printf("sFlow version %u packet not supported",               EXTRACT_32BITS(sflow_datagram->version));