/* ** Copyright (C) 2004-2006 by Carnegie Mellon University. ** ** @OPENSOURCE_HEADER_START@ ** ** Use of the SILK system and related source code is subject to the terms ** of the following licenses: ** ** GNU Public License (GPL) Rights pursuant to Version 2, June 1991 ** Government Purpose License Rights (GPLR) pursuant to DFARS 252.225-7013 ** ** NO WARRANTY ** ** ANY INFORMATION, MATERIALS, SERVICES, INTELLECTUAL PROPERTY OR OTHER ** PROPERTY OR RIGHTS GRANTED OR PROVIDED BY CARNEGIE MELLON UNIVERSITY ** PURSUANT TO THIS LICENSE (HEREINAFTER THE "DELIVERABLES") ARE ON AN ** "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY ** KIND, EITHER EXPRESS OR IMPLIED AS TO ANY MATTER INCLUDING, BUT NOT ** LIMITED TO, WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE, ** MERCHANTABILITY, INFORMATIONAL CONTENT, NONINFRINGEMENT, OR ERROR-FREE ** OPERATION. CARNEGIE MELLON UNIVERSITY SHALL NOT BE LIABLE FOR INDIRECT, ** SPECIAL OR CONSEQUENTIAL DAMAGES, SUCH AS LOSS OF PROFITS OR INABILITY ** TO USE SAID INTELLECTUAL PROPERTY, UNDER THIS LICENSE, REGARDLESS OF ** WHETHER SUCH PARTY WAS AWARE OF THE POSSIBILITY OF SUCH DAMAGES. ** LICENSEE AGREES THAT IT WILL NOT MAKE ANY WARRANTY ON BEHALF OF ** CARNEGIE MELLON UNIVERSITY, EXPRESS OR IMPLIED, TO ANY PERSON ** CONCERNING THE APPLICATION OF OR THE RESULTS TO BE OBTAINED WITH THE ** DELIVERABLES UNDER THIS LICENSE. ** ** Licensee hereby agrees to defend, indemnify, and hold harmless Carnegie ** Mellon University, its trustees, officers, employees, and agents from ** all claims or demands made against them (and any related losses, ** expenses, or attorney's fees) arising out of, or relating to Licensee's ** and/or its sub licensees' negligent use or willful misuse of or ** negligent conduct or willful misconduct regarding the Software, ** facilities, or other rights or assistance granted by Carnegie Mellon ** University under this License, including, but not limited to, any ** claims of product liability, personal injury, death, damage to ** property, or violation of any laws or regulations. ** ** Carnegie Mellon University Software Engineering Institute authored ** documents are sponsored by the U.S. Department of Defense under ** Contract F19628-00-C-0003. Carnegie Mellon University retains ** copyrights in all material produced under this contract. The U.S. ** Government retains a non-exclusive, royalty-free license to publish or ** reproduce these documents, or allow others to do so, for U.S. ** Government purposes only pursuant to the copyright license under the ** contract clause at 252.227.7013. ** ** @OPENSOURCE_HEADER_END@ */ /* ** Converts FLOWCAP records to RWGENERIC records ** */ /* Includes */ #include "silk.h" RCSIDENT("$SiLK: convert-flowcap.c 5079 2006-09-28 17:20:52Z mwd $"); #include "convert-flowcap.h" int genericToFlowcap( const rwRec *rwrec, flowcapRec_t *fc_rec, int fc_version) { union { uint32_t n; uint8_t b[4]; } p; uint8_t *input8 = NULL; uint8_t *output8 = NULL; uint16_t *input16 = NULL; uint16_t *output16 = NULL; uint8_t *pkts; uint8_t *proto; uint8_t *flags; uint16_t *service_port = NULL; uint8_t *first_flags = NULL; uint8_t *tcp_state = NULL; uint8_t *time_frac = NULL; uint32_t *payload_hash = NULL; assert(FC_REC_SIZE(fc_version) != -1); memset(fc_rec, 0, FC_REC_SIZE(fc_version)); /* For all records */ { flowcapRec_V2_t *fcr = (flowcapRec_V2_t *)fc_rec; uint16_t dur; fcr->sIP.ipnum = htonl(rwrec->sIP.ipnum); fcr->dIP.ipnum = htonl(rwrec->dIP.ipnum); fcr->bytes = htonl(rwrec->bytes); fcr->sTime = htonl(rwrec->sTime); if (rwrec->elapsed > UINT16_MAX) { dur = UINT16_MAX; } else { dur = rwrec->elapsed; } fcr->dur = htons(dur); fcr->sPort = htons(rwrec->sPort); fcr->dPort = htons(rwrec->dPort); } switch (fc_version) { case 2: { flowcapRec_V2_t *fcr = (flowcapRec_V2_t *)fc_rec; input8 = &fcr->input; output8 = &fcr->output; pkts = fcr->pkts; proto = &fcr->proto; flags = &fcr->flags; } break; case 4: { flowcapRec_V4_t *fcr = (flowcapRec_V4_t *)fc_rec; payload_hash = &fcr->payload_hash; } /* Fall through */ case 3: { flowcapRec_V3_t *fcr = (flowcapRec_V3_t *)fc_rec; service_port = &fcr->service_port; input8 = &fcr->input; output8 = &fcr->output; pkts = fcr->pkts; proto = &fcr->proto; flags = &fcr->flags; first_flags = &fcr->first_flags; tcp_state = &fcr->tcp_state; time_frac = fcr->time_frac; } break; case 5: { flowcapRec_V5_t *fcr = (flowcapRec_V5_t *)fc_rec; service_port = &fcr->service_port; input16 = &fcr->input; output16 = &fcr->output; pkts = fcr->pkts; proto = &fcr->proto; flags = &fcr->flags; first_flags = &fcr->first_flags; tcp_state = &fcr->tcp_state; time_frac = fcr->time_frac; } break; default: assert(0); abort(); } if (input8) { *input8 = rwrec->input & 0xff; } if (output8) { *output8 = rwrec->output & 0xff; } if (input16) { *input16 = htons(rwrec->input); } if (output16) { *output16 = htons(rwrec->output); } if (rwrec->pkts > 0xffffff) { memset(pkts, 0xff, 3); } else { p.n = htonl(rwrec->pkts); memcpy(pkts, &p.b[1], 3); } *proto = rwrec->proto; if (rwrec->tcp_state & SK_TCPSTATE_EXPANDED) { *flags = rwrec->rest_flags; if (first_flags) { *first_flags = rwrec->init_flags; } } else { *flags = rwrec->flags; } if (tcp_state) { *tcp_state = rwrec->tcp_state; } if (service_port) { *service_port = htons(rwrec->application); } if (payload_hash) { *payload_hash = htonl(rwrec->nhIP.ipnum); } if (time_frac) { time_frac[0] = rwrec->sTime_msec >> 2; SET_MASKED_BITS(time_frac[1], rwrec->sTime_msec, 6, 2); SET_MASKED_BITS(time_frac[1], rwrec->elapsed_msec >> 4, 0, 6); time_frac[2] = (rwrec->elapsed_msec << 4) & 0xff; } return 0; } /* * flowcapToGeneric(&fc_rec, &rwrec) * * Create an RW GENERIC record rwrec using the flowcap record * fc_rec as input. */ int flowcapToGeneric( const flowcapRec_t *fc_rec, int fc_version, rwRec *rwrec) { uint32_t pkts = 0; assert(FC_REC_SIZE(fc_version) != -1); memset(rwrec, 0, sizeof(rwRec)); switch (fc_version) { case 2: { flowcapRec_V2_t *fcr = (flowcapRec_V2_t *)fc_rec; /* packet count */ memcpy((((uint8_t*)(&pkts)) + 1), fcr->pkts, 3); } break; case 3: case 4: { flowcapRec_V3_t *fcr = (flowcapRec_V3_t *)fc_rec; /* packet count */ memcpy((((uint8_t*)(&pkts)) + 1), fcr->pkts, 3); } break; case 5: { flowcapRec_V5_t *fcr = (flowcapRec_V5_t *)fc_rec; /* packet count */ memcpy((((uint8_t*)(&pkts)) + 1), fcr->pkts, 3); } break; default: return -1; } switch (fc_version) { case 2: case 3: case 4: case 5: { /* Use V1 for v2 through v5 since the structures are identical for all the fields used in this block. */ flowcapRec_V2_t *fcr = (flowcapRec_V2_t *)fc_rec; /* src and dest IP */ rwrec->sIP.ipnum = ntohl(fcr->sIP.ipnum); rwrec->dIP.ipnum = ntohl(fcr->dIP.ipnum); /* src and dest Port */ rwrec->sPort = ntohs(fcr->sPort); rwrec->dPort = ntohs(fcr->dPort); /* bytes, start time, duration */ rwrec->bytes = ntohl(fcr->bytes); rwrec->sTime = ntohl(fcr->sTime); rwrec->elapsed = ntohs(fcr->dur); /* packets count */ rwrec->pkts = ntohl(pkts); } break; default: return -1; } /* Handle extra v3 stuff */ switch (fc_version) { case 4: { flowcapRec_V4_t *fcr = (flowcapRec_V4_t *)fc_rec; rwrec->nhIP.ipnum = ntohl(fcr->payload_hash); } /* Fall through */ case 3: { flowcapRec_V3_t *fcr = (flowcapRec_V3_t *)fc_rec; /* protocol, TCP flags, input and output interfaces */ rwrec->proto = fcr->proto; rwrec->input = fcr->input; rwrec->output = fcr->output; rwrec->init_flags = fcr->first_flags; rwrec->rest_flags = fcr->flags; rwrec->flags = fcr->flags | fcr->first_flags; rwrec->tcp_state = fcr->tcp_state; rwrec->sTime_msec = fcr->time_frac[0] << 2; rwrec->sTime_msec |= GET_MASKED_BITS(fcr->time_frac[1], 6, 2); rwrec->elapsed_msec = GET_MASKED_BITS(fcr->time_frac[1], 0, 6) << 4; rwrec->elapsed_msec |= GET_MASKED_BITS(fcr->time_frac[2], 4, 4); rwrec->application = ntohs(fcr->service_port); } break; case 5: { flowcapRec_V5_t *fcr = (flowcapRec_V5_t *)fc_rec; /* protocol, TCP flags, input and output interfaces */ rwrec->proto = fcr->proto; rwrec->input = ntohs(fcr->input); rwrec->output = ntohs(fcr->output); rwrec->init_flags = fcr->first_flags; rwrec->rest_flags = fcr->flags; rwrec->flags = fcr->flags | fcr->first_flags; rwrec->tcp_state = fcr->tcp_state; rwrec->sTime_msec = fcr->time_frac[0] << 2; rwrec->sTime_msec |= GET_MASKED_BITS(fcr->time_frac[1], 6, 2); rwrec->elapsed_msec = GET_MASKED_BITS(fcr->time_frac[1], 0, 6) << 4; rwrec->elapsed_msec |= GET_MASKED_BITS(fcr->time_frac[2], 4, 4); rwrec->application = ntohs(fcr->service_port); } break; case 2: { flowcapRec_V2_t *fcr = (flowcapRec_V2_t *)fc_rec; /* protocol, TCP flags, input and output interfaces */ rwrec->proto = fcr->proto; rwrec->flags = fcr->flags; rwrec->input = fcr->input; rwrec->output = fcr->output; /* packet count */ memcpy((((uint8_t*)(&pkts)) + 1), fcr->pkts, 3); } break; default: return -1; } return 0; } /* ** Local variables: ** mode:c ** indent-tabs-mode:nil ** c-basic-offset:4 ** End: */