/* * This is to parse the DAG card trace file into text records. * */ #define _LARGEFILE_SOURCE #define _LARGEFILE64_SOURCE #define _FILE_OFFSET_BITS 64 #define _GNU_SOURCE #include #include #include #include #include #include typedef struct __attribute__((packed)) _TRACE_RECORD_ { uint32_t tlL; /* 4 bytes, timestamp lower part */ uint32_t tlH; /* 4 bytes, timestamp higher part */ uint8_t stuff[22]; /* 22 bytes, unkown */ uint16_t ll; /* 2 bytes */ /* Here comes the IP header */ unsigned short ip_version : 4; /* 1 byte */ unsigned short ip_ihl : 4; uint8_t ip_tos; /* 1 byte */ uint16_t ip_tlen; /* 2 byte */ uint16_t ip_id; /* 2 byte */ unsigned short ip_flags : 4; /* 2 bytes */ unsigned short ip_offset : 12; uint8_t ip_ttl; /* 1 byte */ uint8_t ip_protocol; /* 1 byte */ uint16_t ip_checksum; /* 2 bytes */ uint32_t ip_src; /* 4 bytes */ uint32_t ip_dst; /* 4 bytes */ /* Here comes the TCP header if it is one */ uint16_t sport; /* 2 bytes */ uint16_t dport; /* 2 bytes */ uint32_t tcp_seqno; /* 4 bytes */ uint32_t tcp_ackno; /* 4 bytes */ uint8_t tcp_offx2; /* data offset, rsvd */ #define TH_OFF(th) (((th)->th_offx2 & 0xf0) >> 4) uint8_t tcp_flags; #define TH_FIN 0x01 #define TH_SYN 0x02 #define TH_RST 0x04 #define TH_PUSH 0x08 #define TH_ACK 0x10 #define TH_URG 0x20 #define TH_ECNECHO 0x40 /* ECN Echo */ #define TH_CWR 0x80 /* ECN Cwnd Reduced */ uint16_t tcp_win; /* 2 bytes */ } TRACE_RECORD; int main(int argc, const char** argv) { const double CFact = pow(2., 32.); int fData; #define RECORD_POOL_SIZE 10000 TRACE_RECORD record_pool[RECORD_POOL_SIZE]; TRACE_RECORD *record; int records_left; char tsrc[16], tdst[16]; double timestamp; if (argc != 2) { printf("Usage: %s \n", argv[0]); return 0; } fData = open64(argv[1], O_RDONLY); if (fData <=0) { printf("Error opening file\n"); return -1; } while ((records_left=read(fData, &record_pool, sizeof(record_pool))) > 0) { records_left /= sizeof(TRACE_RECORD); record = record_pool; while (records_left > 0) { timestamp = ((double)record->tlH) + ((double)record->tlL)/CFact; record->ll = ntohs(record->ll); if (record->ll == 0x0800) { record->ip_tlen = ntohs(record->ip_tlen); record->ip_id = ntohs(record->ip_id); record->ip_src = ntohl(record->ip_src); record->ip_dst = ntohl(record->ip_dst); sprintf(tsrc, "%d.%d.%d.%d",(record->ip_src>>24)&0xff,(record->ip_src>>16)&0xff,(record->ip_src>>8)&0xff,record->ip_src&0xff); sprintf(tdst, "%d.%d.%d.%d",(record->ip_dst>>24)&0xff,(record->ip_dst>>16)&0xff,(record->ip_dst>>8)&0xff,record->ip_dst&0xff); if (record->ip_protocol == 6) { record->sport = ntohs(record->sport); record->dport = ntohs(record->dport); record->tcp_seqno = ntohl(record->tcp_seqno); record->tcp_ackno = ntohl(record->tcp_ackno); record->tcp_win = ntohs(record->tcp_win); /* TCP packet */ printf("%.8f\t%4d\t%5d\t%3d\t%2d\t%u\t%u\t%15s\t%15s\t%5d\t%5d\t%u\t%u\t%d\t%d\t%d\t%d\n", timestamp, record->ip_tlen, record->ip_id, record->ip_ttl, record->ip_protocol, record->ip_src, record->ip_dst, tsrc, tdst, record->sport, record->dport, record->tcp_seqno, record->tcp_ackno, ((record->tcp_flags & TH_ACK) != 0) , ((record->tcp_flags & TH_SYN) != 0) , ((record->tcp_flags & TH_RST) != 0) , record->tcp_win); } else if (record->ip_protocol == 17) { record->sport = ntohs(record->sport); record->dport = ntohs(record->dport); /* UDP packet */ printf("%.8f\t%4d\t%5d\t%3d\t%2d\t%u\t%u\t%15s\t%15s\t%5d\t%5d\n", timestamp, record->ip_tlen, record->ip_id, record->ip_ttl, record->ip_protocol, record->ip_src, record->ip_dst, tsrc, tdst, record->sport, record->dport); } else { /* Other packets */ printf("%.8f\t%4d\t%5d\t%3d\t%2d\t%u\t%u\t%15s\t%15s\n", timestamp, record->ip_tlen, record->ip_id, record->ip_ttl, record->ip_protocol, record->ip_src, record->ip_dst, tsrc, tdst); } } records_left--; record ++; } } close(fData); return 0; }