3

softflowd+nfdump用来创建 netflow 数据并将这些数据存储在二维(字符串)数组中

flows = new string *[flows_len];
for (int i=0;i<flows_len;i++)
{
    flows[i] = new string[47];
}

我正在用 C++ 编写。数组中的每一“行”代表一个流记录,47 是 nfdump 显示的 netflow 数据不同字段的数量。

我想在每个 IP 的基础上创建一些统计信息(例如,每个 IP 有多少连接流),但我不知道如何获得具有相同 IP 的那些行流(存储 srcip 的值在流[j][4] 中,我是 C++ 新手)。

提前致谢!

4

2 回答 2

1

这是一个非常非常非常简单的例子

#include <vector>
#include <string>
#include <iostream>
#include <stdio.h>
#include <stdlib.h>
#include <algorithm>
#include <iterator>

using namespace std;

typedef vector< string > StatInfo; // 47 enries

void print_stat_by_ip( const vector< StatInfo > & infos, const string & ip ) {
    for ( int i = 0, count = infos.size(); i < count; i++ ) {
        const StatInfo & info = infos[ i ];
        if ( info[ 4 ] == ip ) {
            copy( info.begin(), info.end(), ostream_iterator< string >( cout, ", " ) );
            cout << endl;
        }
    }
}

int main()
{
    vector< StatInfo > infos;

    for ( int i = 0; i < 10; i++ ) {
        StatInfo info;
        for ( int j = 0; j < 47; j++ ) { // just filling them "0", "1", "2", ... , "46"
            char c_str[ 42 ];
            sprintf( c_str, "%d", j ); 
            info.push_back( c_str );
        }
        char c_str[ 42 ];
        sprintf( c_str, "%d", rand() % 10 );
        info[ 4 ] = c_str;          // this will be an IP-address
        infos.push_back( info );

        copy( info.begin(), info.end(), ostream_iterator< string >( cout, ", " ) );
        cout << endl;
    }

    string ip_to_find = "5";
    cout << "----------------------------------------" << endl;
    cout << "stat for " << ip_to_find << endl;
    cout << "----------------------------------------" << endl;
    print_stat_by_ip( infos, ip_to_find );
}

你可以在这里找到它 http://liveworkspace.org/code/3AAye8

于 2012-12-29T09:50:47.513 回答
1

老实说,我会考虑重新考虑您的容器。以下使用标准库数组、向量和多图来完成我认为您正在寻找的内容。示例代码仅使用字符串“A”、“B”或“C”以及三个 IP 地址之一填充表行。您应该特别注意的部分是使用 multimap 根据 IP 地址索引您的表(尽管它可以很容易地改装为对任意列执行相同的操作)。

注意:有很多人比我更精通 std lib 算法、函数和容器的使用。这只是为了让您了解多映射如何帮助您解决可能的解决方案。

编辑OP 想查看表中 IP 地址的计数,此代码已修改到main()函数的尾部。还更新为不使用 C++11 功能。希望更接近 OP 可以使用的东西。

#include <iostream>
#include <iterator>
#include <algorithm>
#include <functional>
#include <map>
#include <vector>
#include <string>
using namespace std;

// some simple decls for our info, table, and IP mapping.
typedef std::vector<std::string> FlowInfo;
typedef std::vector<FlowInfo> FlowTable;

// a multi-map will likely work for what you want.
typedef std::multimap<std::string, const FlowInfo* > MapIPToTableIndex;

// a map of IP string-to-unsigned int for counting occurrences.
typedef std::map<std::string, unsigned int> MapStringToCount;

int main(int argc, char *argv[])
{
    // populate your flow table using whatever method you choose.
    //  I'm just going to push 10 rows of three ip addresses each.
    FlowTable ft;
    for (size_t i=0;i<10;++i)
    {
        FlowInfo fi(47); // note: always fixed at 47.

        for (size_t j=0;j<fi.size();++j)
            fi[j] = "A";
        fi[0][0]+=i;
        fi[4] = "192.168.1.1";
        ft.push_back(fi);

        for (size_t j=0;j<fi.size();++j)
            fi[j] = "B";
        fi[0][0]+=i;
        fi[4] = "192.168.1.2";
        ft.push_back(fi);

        for (size_t j=0;j<fi.size();++j)
            fi[j] = "C";
        fi[0][0]+=i;
        fi[4] = "192.168.1.3";
        ft.push_back(fi);
    }

    // map by IP address into something usefull.
    MapIPToTableIndex infomap;
    for (FlowTable::const_iterator it = ft.begin(); it != ft.end(); ++it)
        infomap.insert(MapIPToTableIndex::value_type((*it)[4], &*it));


    // prove the map is setup properly. ask for all items in the map
    //  that honor the 192.168.1.2 address.
    for (MapIPToTableIndex::const_iterator it = infomap.lower_bound("192.168.1.2");
         it != infomap.upper_bound("192.168.1.2"); ++it)
    {
        std::copy(it->second->begin(), it->second->end(),
                  ostream_iterator<std::string>(cout, " "));
        cout << endl;
    }

    // mine the IP occurance rate from the table:
    MapStringToCount ip_counts;
    for (FlowTable::const_iterator it= ft.begin(); it!=ft.end(); ++it)
        ++ip_counts[ (*it)[4] ];

    // dump IPs by occurrence counts.
    for (MapStringToCount::const_iterator it = ip_counts.begin();
         it != ip_counts.end(); ++it)
    {
        cout << it->first << " : " << it->second << endl;
    }

    return 0;
}

输出

B B B B 192.168.1.2 B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B 
C B B B 192.168.1.2 B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B 
D B B B 192.168.1.2 B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B 
E B B B 192.168.1.2 B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B 
F B B B 192.168.1.2 B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B 
G B B B 192.168.1.2 B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B 
H B B B 192.168.1.2 B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B 
I B B B 192.168.1.2 B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B 
J B B B 192.168.1.2 B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B 
K B B B 192.168.1.2 B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B 
192.168.1.1 : 10
192.168.1.2 : 10
192.168.1.3 : 10
于 2012-12-29T10:40:35.013 回答