Add ident as %idt token in output formats. Adjust raw and json accord…

…ingly
phaag · Jan 18, 2025 · 25cf20a · 25cf20a
1 parent c231972
commit 25cf20a
Show file tree

Hide file tree

Showing 11 changed files with 150 additions and 9 deletions.
diff --git a/man/nfdump.1 b/man/nfdump.1
@@ -1650,8 +1650,9 @@ The following list contains all tags, which are available to compile the output
 .It Cm %<format>
 Inserts the predefined format at this position. e.g. %line
 .It Cm %cnt
-Record counter. record numbers are assigned dynamically assigned while reading
-read from file.
+Record counter. record numbers are assigned dynamically assigned while reading read from file.
+.It Cm %idt
+Ident string. Source identifier string -i to nfcapd and constant for all flows in a file.
 .It Cm %nfv
 Netflow version.
 .It Cm %ts

diff --git a/src/nfdump/nfdump.c b/src/nfdump/nfdump.c
@@ -292,7 +292,7 @@ __attribute__((noreturn)) static void *prepareThread(void *arg) {
     while (!done) {
         if (dataHandle == NULL) {
             dataHandle = calloc(1, sizeof(dataHandle_t));
-            dataHandle->ident = nffile->ident;
+            dataHandle->ident = nffile->ident != NULL ? strdup(nffile->ident) : NULL;
         }
         dataHandle->dataBlock = ReadBlock(nffile, NULL);
 
@@ -304,6 +304,8 @@ __attribute__((noreturn)) static void *prepareThread(void *arg) {
             } else {
                 if (nffile->stat_record->firstseen < t_firstMsec) t_firstMsec = nffile->stat_record->firstseen;
                 if (nffile->stat_record->lastseen > t_lastMsec) t_lastMsec = nffile->stat_record->lastseen;
+                if (dataHandle->ident) free(dataHandle->ident);
+                dataHandle->ident = nffile->ident != NULL ? strdup(nffile->ident) : NULL;
             }
             continue;
         }
@@ -535,7 +537,6 @@ static stat_record_t process_data(void *engine, int processMode, char *wfile, Re
         nffile_w = OpenNewFile(wfile, NULL, CREATOR_NFDUMP, compress, NOT_ENCRYPTED);
         if (!nffile_w) {
             stat_record.firstseen = 0;
-            // XXX DisposeFile(nffile_r);
             return stat_record;
         }
         dataBlock_w = WriteBlock(nffile_w, NULL);
@@ -546,6 +547,7 @@ static stat_record_t process_data(void *engine, int processMode, char *wfile, Re
     // number of flows passed the filter
     dbg(uint32_t numBlocks = 0);
     int done = 0;
+    char *ident = NULL;
     while (!done) {
         dataHandle_t *dataHandle = queue_pop(filterArgs.processQueue);
         if (dataHandle == QUEUE_CLOSED) {  // no more blocks
@@ -665,6 +667,11 @@ static stat_record_t process_data(void *engine, int processMode, char *wfile, Re
 
         // free resources
         FreeDataBlock(dataHandle->dataBlock);
+        if (dataHandle->ident) {
+            if (ident) free(ident);
+            ident = dataHandle->ident;
+            free(dataHandle);
+        }
     }  // while
 
     dbg_printf("processData() done\n");
@@ -673,6 +680,8 @@ static stat_record_t process_data(void *engine, int processMode, char *wfile, Re
     if (nffile_w) {
         // flush current buffer to disc
         FlushBlock(nffile_w, dataBlock_w);
+        SetIdent(nffile_w, ident);
+        if (ident) free(ident);
 
         /* Copy stat info and close file */
         memcpy((void *)nffile_w->stat_record, (void *)&stat_record, sizeof(stat_record_t));

diff --git a/src/output/output_csv.c b/src/output/output_csv.c
@@ -107,6 +107,8 @@ static double duration = 0;
 #define STRINGSIZE 10240
 static char header_string[STRINGSIZE] = {'\0'};
 
+static char *ident = NULL;
+
 /* prototypes */
 static char *ICMP_Port_decode(EXgenericFlow_t *genericFlow);
 
@@ -118,6 +120,8 @@ static void InitFormatParser(void);
 
 static void AddToken(int index);
 
+static char *String_Ident(char *streamPtr, recordHandle_t *recordHandle);
+
 static char *String_Version(char *streamPtr, recordHandle_t *recordHandle);
 
 static char *String_FlowCount(char *streamPtr, recordHandle_t *recordHandle);
@@ -371,6 +375,7 @@ static struct format_entry_s {
     // csv format table
     {"%nfv", 0, "version", String_Version},      // netflow version
     {"%cnt", 0, "count", String_FlowCount},      // flow count
+    {"%idt", 0, "Ident", String_Ident},          // Ident string
     {"%eng", 0, "engine", String_Engine},        // Engine Type/ID
     {"%exp", 0, "exporterID", String_ExpSysID},  // Exporter SysID
 
@@ -622,6 +627,7 @@ void csv_record(FILE *stream, recordHandle_t *recordHandle, outputParams_t *outp
         free(p);
     }
 
+    ident = outputParam->ident;
     streamBuff[0] = '\0';
     char *streamPtr = streamBuff;
     duration = 0;
@@ -803,6 +809,12 @@ static char *ICMP_Port_decode(EXgenericFlow_t *genericFlow) {
 }  // End of ICMP_Port_decode
 
 /* functions, which create the individual strings for the output line */
+static char *String_Ident(char *streamPtr, recordHandle_t *recordHandle) {
+    char *s = ident != NULL ? ident : "<no ident>";
+    AddString(s);
+    return streamPtr;
+}  // End of String_Ident
+
 static char *String_Version(char *streamPtr, recordHandle_t *recordHandle) {
     recordHeaderV3_t *recordHeaderV3 = recordHandle->recordHeaderV3;
 

diff --git a/src/output/output_fmt.c b/src/output/output_fmt.c
@@ -82,7 +82,7 @@ static double duration = 0;
 #define STRINGSIZE 10240
 static char header_string[STRINGSIZE] = {'\0'};
 
-// tag
+static char *ident = NULL;
 static char tag_string[2] = {'\0'};
 
 /* prototypes */
@@ -96,6 +96,8 @@ static void InitFormatParser(void);
 
 static void AddToken(int index, char *s);
 
+static void String_Ident(FILE *stream, recordHandle_t *recordHandle);
+
 static void String_Version(FILE *stream, recordHandle_t *recordHandle);
 
 static void String_FlowCount(FILE *stream, recordHandle_t *recordHandle);
@@ -371,10 +373,11 @@ static struct format_entry_s {
     string_function_t string_function;  // function generation output string
 } formatTable[] = {
     // fmt format table
-    {"%nfv", 0, "Ver", String_Version},      // netflow version
-    {"%cnt", 0, "Count", String_FlowCount},  // flow count
-    {"%eng", 0, " engine", String_Engine},   // Engine Type/ID
-    {"%exp", 0, "Exp ID", String_ExpSysID},  // Exporter SysID
+    {"%nfv", 0, "Ver", String_Version},         // netflow version
+    {"%cnt", 0, "Count", String_FlowCount},     // flow count
+    {"%idt", 0, "Ident       ", String_Ident},  // Ident string
+    {"%eng", 0, " engine", String_Engine},      // Engine Type/ID
+    {"%exp", 0, "Exp ID", String_ExpSysID},     // Exporter SysID
 
     // EXgenericFlowID
     {"%tfs", 0, "Date first seen        ", String_FirstSeen},     // Start Time - first seen
@@ -651,6 +654,7 @@ void fmt_record(FILE *stream, recordHandle_t *recordHandle, outputParams_t *outp
         free(p);
     }
 
+    ident = outputParam->ident;
     tag_string[0] = outputParam->doTag ? TAG_CHAR : '\0';
     tag_string[1] = '\0';
 
@@ -853,6 +857,10 @@ static char *ICMP_Port_decode(EXgenericFlow_t *genericFlow) {
 }  // End of ICMP_Port_decode
 
 /* functions, which create the individual strings for the output line */
+static void String_Ident(FILE *stream, recordHandle_t *recordHandle) {
+    fprintf(stream, "%-12s", ident != NULL ? ident : "<no ident>");
+}  // End of String_Ident
+
 static void String_Version(FILE *stream, recordHandle_t *recordHandle) {
     recordHeaderV3_t *recordHeaderV3 = recordHandle->recordHeaderV3;
 

diff --git a/src/output/output_json.c b/src/output/output_json.c
@@ -828,6 +828,8 @@ void flow_record_to_json(FILE *stream, recordHandle_t *recordHandle, outputParam
     char *typeString = TestFlag(recordHeaderV3->flags, V3_FLAG_EVENT) ? "EVENT" : "FLOW";
     AddElementU32("cnt", ++recordCount);
     AddElementString("type", typeString);
+    if (outputParam->ident != NULL) AddElementString("ident", outputParam->ident);
+
     AddElementU32("export_sysid", recordHeaderV3->exporterID);
 
     int processed = 0;

diff --git a/src/output/output_ndjson.c b/src/output/output_ndjson.c
@@ -807,6 +807,8 @@ void flow_record_to_ndjson(FILE *stream, recordHandle_t *recordHandle, outputPar
     char *typeString = TestFlag(recordHeaderV3->flags, V3_FLAG_EVENT) ? "EVENT" : "FLOW";
     AddElementU32("cnt", ++recordCount);
     AddElementString("type", typeString);
+    if (outputParam->ident != NULL) AddElementString("ident", outputParam->ident);
+
     AddElementU32("export_sysid", recordHeaderV3->exporterID);
 
     int processed = 0;

diff --git a/src/output/output_raw.c b/src/output/output_raw.c
@@ -890,6 +890,10 @@ void raw_record(FILE *stream, recordHandle_t *recordHandle, outputParams_t *outp
             "  RecordCount  =              %5" PRIu64 "\n",
             recordHandle->flowCount);
 
+    if (outputParam->ident) {
+        fprintf(stream, "  Ident        =       %12s\n", outputParam->ident);
+    }
+
     fprintf(stream,
             "  Flags        =               0x%.2x %s%s%s, %s\n"
             "  Elements     =              %5u: %s\n"