Re: [sip-ops] [dispatch] SIP-CLF: Extensibility considerations (was Results on ASCII vs. binary representation)

Adam Roach <adam@nostrum.com> Thu, 30 April 2009 23:33 UTC

Return-Path: <adam@nostrum.com>
X-Original-To: sip-ops@core3.amsl.com
Delivered-To: sip-ops@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E755B3A698A; Thu, 30 Apr 2009 16:33:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.268
X-Spam-Level:
X-Spam-Status: No, score=-2.268 tagged_above=-999 required=5 tests=[AWL=-0.268, BAYES_00=-2.599, J_CHICKENPOX_47=0.6, SPF_PASS=-0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dNbONJHtkNUy; Thu, 30 Apr 2009 16:33:33 -0700 (PDT)
Received: from nostrum.com (nostrum-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:267::2]) by core3.amsl.com (Postfix) with ESMTP id BE2CB28C151; Thu, 30 Apr 2009 16:33:32 -0700 (PDT)
Received: from [172.16.3.231] (vicuna-alt.estacado.net [75.53.54.121]) (authenticated bits=0) by nostrum.com (8.14.3/8.14.3) with ESMTP id n3UNYnVm052961 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 30 Apr 2009 18:34:49 -0500 (CDT) (envelope-from adam@nostrum.com)
Message-ID: <49FA3599.7050709@nostrum.com>
Date: Thu, 30 Apr 2009 18:34:49 -0500
From: Adam Roach <adam@nostrum.com>
User-Agent: Postbox 1.0b11 (Macintosh/2009041623)
MIME-Version: 1.0
To: Theo Zourzouvillys <theo@crazygreek.co.uk>
References: <49FA0526.4010000@nostrum.com> <49FA142E.7060607@alcatel-lucent.com> <167dfb9b0904301503w737e1fednc6a5213c54b02a9a@mail.gmail.com>
In-Reply-To: <167dfb9b0904301503w737e1fednc6a5213c54b02a9a@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Received-SPF: pass (nostrum.com: 75.53.54.121 is authenticated by a trusted mechanism)
Cc: "sip-ops@ietf.org" <sip-ops@ietf.org>, "dispatch@ietf.org" <dispatch@ietf.org>
Subject: Re: [sip-ops] [dispatch] SIP-CLF: Extensibility considerations (was Results on ASCII vs. binary representation)
X-BeenThere: sip-ops@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Operations <sip-ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-ops>, <mailto:sip-ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-ops>
List-Post: <mailto:sip-ops@ietf.org>
List-Help: <mailto:sip-ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-ops>, <mailto:sip-ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Apr 2009 23:33:34 -0000

Theo Zourzouvillys wrote:
> On Thu, Apr 30, 2009 at 10:12 PM, Vijay K. Gurbani
> <vkg@alcatel-lucent.com>;  wrote:
>
>
>> A binary CLF can always be produced from an ASCII one using
>> offline transformations.
>
> indeed, and a binary one can be just as easily converted to an ASCII
> one - quicker in that direction, too :-)

In fact, I'll help you out here.


/a

------------------------------------------------------------------------
#!/usr/bin/perl

$bin = shift;

open(LOGFILE, $bin) or die("Could not open log file $bin.");

while (read(LOGFILE, $buffer, 4) == 4)
{
   $tmp = unpack('N',$buffer) ;
   $rec_len = $tmp & 0x7FFF;
   $flags = $tmp >> 24;

   read(LOGFILE,$buffer,$rec_len-4) || die $!;
   ($date_hi, $date_lo, $time_ns, $cseq, $resp_code, $tlv_ptr, @toc)
     = unpack ('N4n18',$buffer);
   $tlv = substr($buffer, $tlv_ptr-4);

   if ($flags & &RESPONSE_FLAG)
   {
     #%d %x %y %s %m %t "%c"
     printf ("%s %s %s %03.3d %s %s;tag=%s \"%s\"\n",
             ($date_hi<<32|$date_lo),
             &get_field(&SERVER_TXN_FIELD,$buffer,@toc),
             &get_field(&CLIENT_TXN_FIELD,$buffer,@toc),
             $resp_code,
             &get_field(&METHOD_FIELD,$buffer,@toc),
             &get_field(&TO_FIELD,$buffer,@toc),
             &get_field(&TO_TAG_FIELD,$buffer,@toc),
             &get_tlv(&CONTACT_TAG,$tlv));
   }
   else
   {
     #%d %h %u %m %r %f %t %i "%c" %x %y
     printf ("%s %s %s %s %s %s;tag=%s %s;tag=%s %s \"%s\" %s %s\n",
             ($date_hi<<32|$date_lo),
             &get_tlv(&REMOTE_HOST_TAG,$tlv),
             &get_tlv(&AUTH_USER_TAG,$tlv),
             &get_field(&METHOD_FIELD,$buffer,@toc),
             &get_tlv(&REQUEST_URI_TAG,$tlv),
             &get_field(&FROM_FIELD,$buffer,@toc),
             &get_field(&FROM_TAG_FIELD,$buffer,@toc),
             &get_field(&TO_FIELD,$buffer,@toc),
             &get_field(&TO_TAG_FIELD,$buffer,@toc),
             &get_field(&CID_FIELD,$buffer,@toc),
             &get_tlv(&CONTACT_TAG,$tlv),
             &get_field(&SERVER_TXN_FIELD,$buffer,@toc),
             &get_field(&CLIENT_TXN_FIELD,$buffer,@toc));
   }
}

sub RESPONSE_FLAG {0x80}
sub RETRANSMISSION_FLAG {0x40}
sub SENT_FLAG {0x20}

sub CONTACT_TAG {0}
sub REQUEST_URI_TAG {1}
sub REMOTE_HOST_TAG {2}
sub AUTH_USER_TAG {3}
sub WHOLE_MESSAGE_TAG {4}

sub SERVER_TXN_FIELD {0}
sub CLIENT_TXN_FIELD {1}
sub METHOD_FIELD {2}
sub TO_FIELD {3}
sub TO_TAG_FIELD {4}
sub FROM_FIELD {5}
sub FROM_TAG_FIELD {6}
sub CID_FIELD {7}

sub get_field
{
   my ($field, $buffer, @toc) = @_;
   my ($pointer, $length) = ($toc[$field*2],$toc[$field*2+1]);
   my $result = substr($buffer, $pointer-4, $length);
   if ($result) { return $result; }
   return '-';
}

sub get_tlv
{
   my ($search_tag, $tlv) = @_;
   my (@result, $tag, $len, $value);
   my $offset = 0;

   while ($offset < length($tlv))
   {
     ($tag, $len) = unpack ('n2',substr($tlv,$offset));
     $value = substr($tlv, $offset + 4, $len);
     if ($tag == $search_tag) { push @result, $value }
     $offset += $len + 4;
   }

   if (@result) { return join ',',@result };
   return "-";
}