1 |
/* -*- coding: utf-8 -*- |
/* -*- coding: utf-8 -*- |
2 |
darkstattype.c - Program to decode darkstat's dumpfile. |
darkstattype.c - Program to decode darkstat's dumpfile. |
3 |
|
|
4 |
$Ximalas$ |
$Ximalas$ |
5 |
|
|
6 |
Tested on FreeBSD/amd64 stable/9 r263290 with clang 3.3. |
Tested on FreeBSD/i386 stable/8 r255624 with gcc 4.2.1. |
7 |
|
Tested on FreeBSD/amd64 stable/9 r263963 with clang 3.3. |
8 |
|
Tested on FreeBSD/amd64 stable/9 r263963 with clang 3.3 using -m32. |
9 |
|
|
10 |
Copyright © 2014, Trond Endrestøl <Trond.Endrestol@ximalas.info> |
Copyright © 2014, Trond Endrestøl <Trond.Endrestol@ximalas.info> |
11 |
All rights reserved. |
All rights reserved. |
12 |
|
|
13 |
Redistribution and use in source and binary forms, with or without |
Redistribution and use in source and binary forms, with or without |
14 |
modification, are permitted provided that the following conditions are met: |
modification, are permitted provided that the following conditions are met: |
15 |
|
|
16 |
1. Redistributions of source code must retain the above copyright notice, this |
1. Redistributions of source code must retain the above copyright notice, this |
17 |
list of conditions and the following disclaimer. |
list of conditions and the following disclaimer. |
18 |
2. Redistributions in binary form must reproduce the above copyright notice, |
2. Redistributions in binary form must reproduce the above copyright notice, |
19 |
this list of conditions and the following disclaimer in the documentation |
this list of conditions and the following disclaimer in the documentation |
20 |
and/or other materials provided with the distribution. |
and/or other materials provided with the distribution. |
21 |
|
|
22 |
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
23 |
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
331 |
printf("Hostname length %u\n", |
printf("Hostname length %u\n", |
332 |
hostnamelen); |
hostnamelen); |
333 |
|
|
334 |
for (i = 0; i < hostnamelen; i++) { |
for (i = 0; i < hostnamelen; i++) { |
335 |
hostname[i] = read8u(); |
hostname[i] = read8u(); |
336 |
} // for |
} // for |
337 |
hostname[i] = '\0'; |
hostname[i] = '\0'; |
338 |
|
|
339 |
print_indentation(); |
print_indentation(); |
340 |
printf("Hostname %s\n", |
printf("Hostname %s\n", |
341 |
hostname); |
hostname); |
342 |
|
|
343 |
bytesin = read64u(); |
bytesin = read64u(); |
344 |
|
|
345 |
print_indentation(); |
print_indentation(); |
346 |
printf("Bytes in %lu\n", |
printf("Bytes in %llu\n", |
347 |
bytesin); |
(unsigned long long)bytesin); |
348 |
|
|
349 |
bytesout = read64u(); |
bytesout = read64u(); |
350 |
|
|
351 |
print_indentation(); |
print_indentation(); |
352 |
printf("Bytes out %lu\n", |
printf("Bytes out %llu\n", |
353 |
bytesout); |
(unsigned long long)bytesout); |
354 |
|
|
355 |
if ( (protosdata = read8u()) != 'P') { // missing protos data |
if ( (protosdata = read8u()) != 'P') { // missing protos data |
356 |
fprintf(stderr, |
fprintf(stderr, |
357 |
"%s:%s:%ld: expecting character P, not %c\n", |
"%s:%s:%ld: expecting character P, not %c\n", |
358 |
progname, filename, ftell(file), protosdata); |
progname, filename, ftell(file), protosdata); |
359 |
exit(EXIT_FAILURE); |
exit(EXIT_FAILURE); |
360 |
} // if |
} // if |
361 |
|
|
362 |
decode_protos_data(); |
decode_protos_data(); |
363 |
|
|
364 |
if ( (tcpdata = read8u()) != 'T') { // missing tcp data |
if ( (tcpdata = read8u()) != 'T') { // missing tcp data |
365 |
fprintf(stderr, |
fprintf(stderr, |
366 |
"%s:%s:%ld: expecting character T, not %c\n", |
"%s:%s:%ld: expecting character T, not %c\n", |
367 |
progname, filename, ftell(file), tcpdata); |
progname, filename, ftell(file), tcpdata); |
368 |
exit(EXIT_FAILURE); |
exit(EXIT_FAILURE); |
412 |
macaddress[0] = read8u(); |
macaddress[0] = read8u(); |
413 |
macaddress[1] = read8u(); |
macaddress[1] = read8u(); |
414 |
macaddress[2] = read8u(); |
macaddress[2] = read8u(); |
415 |
macaddress[3] = read8u(); |
macaddress[3] = read8u(); |
416 |
macaddress[4] = read8u(); |
macaddress[4] = read8u(); |
417 |
macaddress[5] = read8u(); |
macaddress[5] = read8u(); |
418 |
|
|
419 |
print_indentation(); |
print_indentation(); |
420 |
printf("MAC address %02hhx:%02hhx:%02hhx:%02hhx:%02hhx:%02hhx\n", |
printf("MAC address %02hhx:%02hhx:%02hhx:%02hhx:%02hhx:%02hhx\n", |
421 |
macaddress[0], macaddress[1], macaddress[2], |
macaddress[0], macaddress[1], macaddress[2], |
422 |
macaddress[3], macaddress[4], macaddress[5]); |
macaddress[3], macaddress[4], macaddress[5]); |
423 |
|
|
424 |
lastseen = read64s(); |
lastseen = read64s(); |
425 |
|
|
426 |
print_indentation(); |
print_indentation(); |
427 |
printf("Last seen 0x%lx = %ld = ", |
printf("Last seen 0x%llx = %lld = ", |
428 |
lastseen, lastseen); |
(unsigned long long)lastseen, (long long)lastseen); |
429 |
print_time_t(lastseen); |
print_time_t(lastseen); |
430 |
puts(""); |
puts(""); |
431 |
} // if |
} // if |
432 |
else { |
else { |
433 |
lastseen = read64s(); |
lastseen = read64s(); |
434 |
|
|
435 |
print_indentation(); |
print_indentation(); |
436 |
printf("Last seen 0x%lx = %ld = ", |
printf("Last seen 0x%llx = %lld = ", |
437 |
lastseen, lastseen); |
(unsigned long long)lastseen, (long long)lastseen); |
438 |
print_time_t(lastseen); |
print_time_t(lastseen); |
439 |
puts(""); |
puts(""); |
440 |
|
|
441 |
macaddress[0] = read8u(); |
macaddress[0] = read8u(); |
442 |
macaddress[1] = read8u(); |
macaddress[1] = read8u(); |
443 |
macaddress[2] = read8u(); |
macaddress[2] = read8u(); |
444 |
macaddress[3] = read8u(); |
macaddress[3] = read8u(); |
445 |
macaddress[4] = read8u(); |
macaddress[4] = read8u(); |
446 |
macaddress[5] = read8u(); |
macaddress[5] = read8u(); |
447 |
|
|
448 |
print_indentation(); |
print_indentation(); |
449 |
printf("MAC address %02hhx:%02hhx:%02hhx:%02hhx:%02hhx:%02hhx\n", |
printf("MAC address %02hhx:%02hhx:%02hhx:%02hhx:%02hhx:%02hhx\n", |
450 |
macaddress[0], macaddress[1], macaddress[2], |
macaddress[0], macaddress[1], macaddress[2], |
451 |
macaddress[3], macaddress[4], macaddress[5]); |
macaddress[3], macaddress[4], macaddress[5]); |
452 |
} // else |
} // else |
457 |
printf("Hostname length %hhu\n", |
printf("Hostname length %hhu\n", |
458 |
hostnamelen); |
hostnamelen); |
459 |
|
|
460 |
for (i = 0; i < hostnamelen; i++) { |
for (i = 0; i < hostnamelen; i++) { |
461 |
hostname[i] = read8u(); |
hostname[i] = read8u(); |
462 |
} // for |
} // for |
463 |
hostname[i] = '\0'; |
hostname[i] = '\0'; |
464 |
|
|
465 |
print_indentation(); |
print_indentation(); |
466 |
printf("Hostname %s\n", |
printf("Hostname %s\n", |
467 |
hostname); |
hostname); |
468 |
|
|
469 |
bytesin = read64u(); |
bytesin = read64u(); |
470 |
|
|
471 |
print_indentation(); |
print_indentation(); |
472 |
printf("Bytes in %lu\n", |
printf("Bytes in %llu\n", |
473 |
bytesin); |
(unsigned long long)bytesin); |
474 |
|
|
475 |
bytesout = read64u(); |
bytesout = read64u(); |
476 |
|
|
477 |
print_indentation(); |
print_indentation(); |
478 |
printf("Bytes out %lu\n", |
printf("Bytes out %llu\n", |
479 |
bytesout); |
(unsigned long long)bytesout); |
480 |
|
|
481 |
if ( (protosdata = read8u()) != 'P') { // missing protos data |
if ( (protosdata = read8u()) != 'P') { // missing protos data |
482 |
fprintf(stderr, |
fprintf(stderr, |
483 |
"%s:%s:%ld: expecting character P, not %c\n", |
"%s:%s:%ld: expecting character P, not %c\n", |
484 |
progname, filename, ftell(file), protosdata); |
progname, filename, ftell(file), protosdata); |
485 |
exit(EXIT_FAILURE); |
exit(EXIT_FAILURE); |
486 |
} // if |
} // if |
487 |
|
|
488 |
decode_protos_data(); |
decode_protos_data(); |
489 |
|
|
490 |
if ( (tcpdata = read8u()) != 'T') { // missing tcp data |
if ( (tcpdata = read8u()) != 'T') { // missing tcp data |
491 |
fprintf(stderr, |
fprintf(stderr, |
492 |
"%s:%s:%ld: expecting character T, not %c\n", |
"%s:%s:%ld: expecting character T, not %c\n", |
493 |
progname, filename, ftell(file), tcpdata); |
progname, filename, ftell(file), tcpdata); |
494 |
exit(EXIT_FAILURE); |
exit(EXIT_FAILURE); |
574 |
macaddress[0] = read8u(); |
macaddress[0] = read8u(); |
575 |
macaddress[1] = read8u(); |
macaddress[1] = read8u(); |
576 |
macaddress[2] = read8u(); |
macaddress[2] = read8u(); |
577 |
macaddress[3] = read8u(); |
macaddress[3] = read8u(); |
578 |
macaddress[4] = read8u(); |
macaddress[4] = read8u(); |
579 |
macaddress[5] = read8u(); |
macaddress[5] = read8u(); |
580 |
|
|
581 |
print_indentation(); |
print_indentation(); |
582 |
printf("MAC address %02hhx:%02hhx:%02hhx:%02hhx:%02hhx:%02hhx\n", |
printf("MAC address %02hhx:%02hhx:%02hhx:%02hhx:%02hhx:%02hhx\n", |
583 |
macaddress[0], macaddress[1], macaddress[2], |
macaddress[0], macaddress[1], macaddress[2], |
584 |
macaddress[3], macaddress[4], macaddress[5]); |
macaddress[3], macaddress[4], macaddress[5]); |
585 |
|
|
586 |
lastseen = read64s(); |
lastseen = read64s(); |
587 |
|
|
588 |
print_indentation(); |
print_indentation(); |
589 |
printf("Last seen 0x%lx = %ld = ", |
printf("Last seen 0x%llx = %lld = ", |
590 |
lastseen, lastseen); |
(unsigned long long)lastseen, (long long)lastseen); |
591 |
print_time_t(lastseen); |
print_time_t(lastseen); |
592 |
puts(""); |
puts(""); |
593 |
} // if |
} // if |
594 |
else { |
else { |
595 |
lastseen = read64s(); |
lastseen = read64s(); |
596 |
|
|
597 |
print_indentation(); |
print_indentation(); |
598 |
printf("Last seen 0x%lx = %ld = ", |
printf("Last seen 0x%llx = %lld = ", |
599 |
lastseen, lastseen); |
(unsigned long long)lastseen, (long long)lastseen); |
600 |
print_time_t(lastseen); |
print_time_t(lastseen); |
601 |
puts(""); |
puts(""); |
602 |
|
|
603 |
macaddress[0] = read8u(); |
macaddress[0] = read8u(); |
604 |
macaddress[1] = read8u(); |
macaddress[1] = read8u(); |
605 |
macaddress[2] = read8u(); |
macaddress[2] = read8u(); |
606 |
macaddress[3] = read8u(); |
macaddress[3] = read8u(); |
607 |
macaddress[4] = read8u(); |
macaddress[4] = read8u(); |
608 |
macaddress[5] = read8u(); |
macaddress[5] = read8u(); |
609 |
|
|
610 |
print_indentation(); |
print_indentation(); |
611 |
printf("MAC address %02hhx:%02hhx:%02hhx:%02hhx:%02hhx:%02hhx\n", |
printf("MAC address %02hhx:%02hhx:%02hhx:%02hhx:%02hhx:%02hhx\n", |
612 |
macaddress[0], macaddress[1], macaddress[2], |
macaddress[0], macaddress[1], macaddress[2], |
613 |
macaddress[3], macaddress[4], macaddress[5]); |
macaddress[3], macaddress[4], macaddress[5]); |
614 |
} // else |
} // else |
619 |
printf("Hostname length %hhu\n", |
printf("Hostname length %hhu\n", |
620 |
hostnamelen); |
hostnamelen); |
621 |
|
|
622 |
for (i = 0; i < hostnamelen; i++) { |
for (i = 0; i < hostnamelen; i++) { |
623 |
hostname[i] = read8u(); |
hostname[i] = read8u(); |
624 |
} // for |
} // for |
625 |
hostname[i] = '\0'; |
hostname[i] = '\0'; |
626 |
|
|
627 |
print_indentation(); |
print_indentation(); |
628 |
printf("Hostname %s\n", |
printf("Hostname %s\n", |
629 |
hostname); |
hostname); |
630 |
|
|
631 |
bytesin = read64u(); |
bytesin = read64u(); |
632 |
|
|
633 |
print_indentation(); |
print_indentation(); |
634 |
printf("Bytes in %lu\n", |
printf("Bytes in %llu\n", |
635 |
bytesin); |
(unsigned long long)bytesin); |
636 |
|
|
637 |
bytesout = read64u(); |
bytesout = read64u(); |
638 |
|
|
639 |
print_indentation(); |
print_indentation(); |
640 |
printf("Bytes out %lu\n", |
printf("Bytes out %llu\n", |
641 |
bytesout); |
(unsigned long long)bytesout); |
642 |
|
|
643 |
if ( (protosdata = read8u()) != 'P') { // missing protos data |
if ( (protosdata = read8u()) != 'P') { // missing protos data |
644 |
fprintf(stderr, |
fprintf(stderr, |
645 |
"%s:%s:%ld: expecting character P, not %c\n", |
"%s:%s:%ld: expecting character P, not %c\n", |
646 |
progname, filename, ftell(file), protosdata); |
progname, filename, ftell(file), protosdata); |
647 |
exit(EXIT_FAILURE); |
exit(EXIT_FAILURE); |
648 |
} // if |
} // if |
649 |
|
|
650 |
decode_protos_data(); |
decode_protos_data(); |
651 |
|
|
652 |
if ( (tcpdata = read8u()) != 'T') { // missing tcp data |
if ( (tcpdata = read8u()) != 'T') { // missing tcp data |
653 |
fprintf(stderr, |
fprintf(stderr, |
654 |
"%s:%s:%ld: expecting character T, not %c\n", |
"%s:%s:%ld: expecting character T, not %c\n", |
655 |
progname, filename, ftell(file), tcpdata); |
progname, filename, ftell(file), tcpdata); |
656 |
exit(EXIT_FAILURE); |
exit(EXIT_FAILURE); |
691 |
|
|
692 |
print_indentation(); |
print_indentation(); |
693 |
printf("Protocol #%u of %hhu:\n", |
printf("Protocol #%u of %hhu:\n", |
694 |
i + 1, ipprotocount); |
i + 1, ipprotocount); |
695 |
|
|
696 |
proto = read8u(); |
proto = read8u(); |
697 |
|
|
698 |
indent(); |
indent(); |
699 |
print_indentation(); |
print_indentation(); |
700 |
printf("Protocol 0x%02hhx\n", |
printf("Protocol 0x%02hhx\n", |
701 |
proto); |
proto); |
702 |
|
|
703 |
in = read64u(); |
in = read64u(); |
704 |
|
|
705 |
print_indentation(); |
print_indentation(); |
706 |
printf("In %lu\n", |
printf("In %llu\n", |
707 |
in); |
(unsigned long long)in); |
708 |
|
|
709 |
out = read64u(); |
out = read64u(); |
710 |
|
|
711 |
print_indentation(); |
print_indentation(); |
712 |
printf("Out %lu\n", |
printf("Out %llu\n", |
713 |
out); |
(unsigned long long)out); |
714 |
|
|
715 |
exdent(); |
exdent(); |
716 |
} // for |
} // for |
717 |
|
|
718 |
exdent(); |
exdent(); |
719 |
} // decode_protos_data(); |
} // decode_protos_data(); |
720 |
|
|
721 |
void decode_tcp_data(void) |
void decode_tcp_data(void) |
722 |
{ |
{ |
723 |
uint8_t tcpprotocount; |
uint8_t tcpprotocount; |
724 |
|
|
725 |
uint16_t i; |
uint16_t i; |
726 |
|
|
727 |
tcpprotocount = read16u(); |
tcpprotocount = read16u(); |
728 |
|
|
736 |
uint16_t port; |
uint16_t port; |
737 |
uint64_t syn; |
uint64_t syn; |
738 |
uint64_t in; |
uint64_t in; |
739 |
uint64_t out; |
uint64_t out; |
740 |
|
|
741 |
port = read16u(); |
port = read16u(); |
742 |
|
|
743 |
print_indentation(); |
print_indentation(); |
744 |
printf("Port %hu:\n", |
printf("Port %hu:\n", |
745 |
port); |
port); |
746 |
|
|
747 |
syn = read64u(); |
syn = read64u(); |
748 |
|
|
749 |
indent(); |
indent(); |
750 |
print_indentation(); |
print_indentation(); |
751 |
printf("SYN %lu\n", |
printf("SYN %llu\n", |
752 |
syn); |
(unsigned long long)syn); |
753 |
|
|
754 |
in = read64u(); |
in = read64u(); |
755 |
|
|
756 |
print_indentation(); |
print_indentation(); |
757 |
printf("In %lu\n", |
printf("In %llu\n", |
758 |
in); |
(unsigned long long)in); |
759 |
|
|
760 |
out = read64u(); |
out = read64u(); |
761 |
|
|
762 |
print_indentation(); |
print_indentation(); |
763 |
printf("Out %lu\n", |
printf("Out %llu\n", |
764 |
out); |
(unsigned long long)out); |
765 |
|
|
766 |
exdent(); |
exdent(); |
767 |
} // for |
} // for |
768 |
|
|
769 |
exdent(); |
exdent(); |
770 |
} // decode_tcp_data() |
} // decode_tcp_data() |
771 |
|
|
772 |
void decode_udp_data(void) |
void decode_udp_data(void) |
773 |
{ |
{ |
774 |
uint8_t udpprotocount; |
uint8_t udpprotocount; |
775 |
|
|
776 |
uint16_t i; |
uint16_t i; |
777 |
|
|
778 |
udpprotocount = read16u(); |
udpprotocount = read16u(); |
779 |
|
|
786 |
for (i = 0; i < udpprotocount; i++) { |
for (i = 0; i < udpprotocount; i++) { |
787 |
uint16_t port; |
uint16_t port; |
788 |
uint64_t in; |
uint64_t in; |
789 |
uint64_t out; |
uint64_t out; |
790 |
|
|
791 |
port = read16u(); |
port = read16u(); |
792 |
|
|
793 |
print_indentation(); |
print_indentation(); |
794 |
printf("Port %hu:\n", |
printf("Port %hu:\n", |
795 |
port); |
port); |
796 |
|
|
797 |
in = read64u(); |
in = read64u(); |
798 |
|
|
799 |
indent(); |
indent(); |
800 |
print_indentation(); |
print_indentation(); |
801 |
printf("In %lu\n", |
printf("In %llu\n", |
802 |
in); |
(unsigned long long)in); |
803 |
|
|
804 |
out = read64u(); |
out = read64u(); |
805 |
|
|
806 |
print_indentation(); |
print_indentation(); |
807 |
printf("Out %lu\n", |
printf("Out %llu\n", |
808 |
out); |
(unsigned long long)out); |
809 |
|
|
810 |
exdent(); |
exdent(); |
811 |
} // for |
} // for |
812 |
|
|
813 |
exdent(); |
exdent(); |
814 |
} // decode_udp_data() |
} // decode_udp_data() |
815 |
|
|
816 |
void decode_graph_db_v1(void) |
void decode_graph_db_v1(void) |
817 |
{ |
{ |
818 |
int64_t lasttime; |
int64_t lasttime; |
819 |
|
|
820 |
uint32_t i; |
uint32_t i; |
821 |
|
|
822 |
lasttime = read64s(); |
lasttime = read64s(); |
823 |
|
|
824 |
indent(); |
indent(); |
825 |
print_indentation(); |
print_indentation(); |
826 |
printf("Last time 0x%lx = %ld = ", |
printf("Last time 0x%llx = %lld = ", |
827 |
lasttime, lasttime); |
(unsigned long long)lasttime, (long long)lasttime); |
828 |
print_time_t(lasttime); |
print_time_t(lasttime); |
829 |
puts(""); |
puts(""); |
830 |
|
|
831 |
for (i = 0; i < 4; i++) { |
for (i = 0; i < 4; i++) { |
832 |
uint8_t nbars; |
uint8_t nbars; |
833 |
uint8_t idxlastbar; |
uint8_t idxlastbar; |
834 |
|
|
835 |
uint32_t j; |
uint32_t j; |
836 |
|
|
837 |
print_indentation(); |
print_indentation(); |
838 |
printf("Graph #%u of 4:\n", |
printf("Graph #%u of 4:\n", |
839 |
i + 1); |
i + 1); |
840 |
|
|
841 |
nbars = read8u(); |
nbars = read8u(); |
842 |
|
|
852 |
idxlastbar); |
idxlastbar); |
853 |
|
|
854 |
indent(); |
indent(); |
855 |
for (j = 0; j < idxlastbar; j++) { |
for (j = 0; j < idxlastbar; j++) { |
856 |
uint64_t in; |
uint64_t in; |
857 |
uint64_t out; |
uint64_t out; |
858 |
|
|
859 |
print_indentation(); |
print_indentation(); |
860 |
printf("Bar #%u of %hhu:\n", |
printf("Bar #%u of %hhu:\n", |
861 |
j + 1, idxlastbar); |
j + 1, idxlastbar); |
862 |
|
|
863 |
in = read64u(); |
in = read64u(); |
864 |
|
|
865 |
indent(); |
indent(); |
866 |
print_indentation(); |
print_indentation(); |
867 |
printf("In %lu\n", |
printf("In %llu\n", |
868 |
in); |
(unsigned long long)in); |
869 |
|
|
870 |
out = read64u(); |
out = read64u(); |
871 |
|
|
872 |
print_indentation(); |
print_indentation(); |
873 |
printf("Out %lu\n", |
printf("Out %llu\n", |
874 |
out); |
(unsigned long long)out); |
875 |
|
|
876 |
exdent(); |
exdent(); |
877 |
} // for |
} // for |
878 |
exdent(); |
exdent(); |
879 |
|
|
880 |
exdent(); |
exdent(); |
881 |
} // for |
} // for |
882 |
|
|
883 |
exdent(); |
exdent(); |
884 |
} // decode_graph_db_v1() |
} // decode_graph_db_v1() |
885 |
|
|
886 |
void handle_file_error(void); |
void handle_file_error(void); |
887 |
|
|
888 |
uint8_t read8u(void) |
uint8_t read8u(void) |
889 |
{ |
{ |