xid support
Sapan Bhatia [Mon, 5 Nov 2007 20:56:56 +0000 (20:56 +0000)]
src/fprobe-ulog.c
src/fprobe-ulog.h
src/netflow.c
src/netflow.c.old [new file with mode: 0644]
src/netflow.h

index 91a9fd1..41a002c 100644 (file)
@@ -355,7 +355,9 @@ unsigned get_log_fd(char *fname, unsigned cur_fd) {
        int ret_fd;
        gettime(&now);
        cur_uptime = getuptime(&now);
-       if ((cur_uptime - prev_uptime) > (1000 * epoch_length)) {
+
+       /* Epoch lenght in minutes */
+       if ((cur_uptime - prev_uptime) > (1000 * 60 * epoch_length)) {
                char nextname[MAX_PATH_LEN];
                int write_fd;
                prev_uptime = cur_uptime;
@@ -370,7 +372,7 @@ unsigned get_log_fd(char *fname, unsigned cur_fd) {
        }
        else
                ret_fd = cur_fd;
-       return(cur_fd);
+       return(ret_fd);
 }
 
 struct Flow *find(struct Flow *where, struct Flow *what, struct Flow ***prev)
@@ -627,7 +629,10 @@ void *fill(int fields, uint16_t *format, struct Flow *flow, void *p)
                                *((uint8_t *) p) = 0;
                                p += NETFLOW_PAD8_SIZE;
                                break;
-
+                       case NETFLOW_PLANETLAB_XID:
+                               *((uint16_t *) p) = flow->tos;
+                               p += NETFLOW_PLANETLAB_XID_SIZE;
+                               break;
                        case NETFLOW_PAD16:
                        /* Unsupported (uint16_t) */
                        case NETFLOW_SRC_AS:
@@ -719,7 +724,7 @@ void *emit_thread()
                        p = fill(netflow->HeaderFields, netflow->HeaderFormat, 0, &emit_packet);
                        size = netflow->HeaderSize + emit_count * netflow->FlowSize;
                        /* Netflow PDUs need to be padded to 1464 bytes - Sapan */
-                       if (size < 1464) size = 1464;
+                       if (size < NETFLOW_PDU_SIZE) size = NETFLOW_PDU_SIZE;
                        peer_rot_cur = 0;
                        for (i = 0; i < npeers; i++) {
                                if (peers[0].type == PEER_FILE) {
@@ -1184,6 +1189,8 @@ int main(int argc, char **argv)
        }
 
        if (parms[Uflag].count) ulog_gmask = atoi(parms[Uflag].arg);
+       if (parms[Tflag].count) log_epochs = atoi(parms[Tflag].arg);
+       if (parms[Eflag].count) epoch_length = atoi(parms[Eflag].arg);
        if (parms[sflag].count) scan_interval = atoi(parms[sflag].arg);
        if (parms[gflag].count) frag_lifetime = atoi(parms[gflag].arg);
        if (parms[dflag].count) inactive_lifetime = atoi(parms[dflag].arg);
@@ -1363,9 +1370,8 @@ bad_collector:
        }
        else if (parms[fflag].count) {
                // log into a file
-               char *fname;
                if (!(peers = malloc(npeers * sizeof(struct peer)))) goto err_malloc;
-               if (!(fname = malloc(strnlen(parms[fflag].arg,MAX_PATH_LEN)))) goto err_malloc;
+               if (!(peers[0].fname = malloc(strnlen(parms[fflag].arg,MAX_PATH_LEN)))) goto err_malloc;
                strncpy(peers[0].fname, parms[fflag].arg, MAX_PATH_LEN);
                
                peers[0].write_fd = -1;
index db76d23..c8aed64 100644 (file)
@@ -26,6 +26,7 @@
 #define THREADS 5
 #define COPY_INTO 0
 #define MOVE_INTO 1
+#define NETFLOW_PDU_SIZE 1464 
 
 struct Time {
        time_t sec;
@@ -50,7 +51,7 @@ struct Flow {
        /* tcp/udp dst port or icmp type sub-code */
        uint16_t dp;
        /* ip ToS */
-       uint8_t tos;
+       uint16_t tos;
        /* tcp flags */
        uint8_t tcp_flags;
        /* number of packets */
index 3e5435e..08409ae 100644 (file)
@@ -71,7 +71,7 @@ static uint16_t NetFlow5_Flow[] = {
        NETFLOW_DST_AS,
        NETFLOW_SRC_MASK,
        NETFLOW_DST_MASK,
-       NETFLOW_PAD16
+       NETFLOW_PLANETLAB_XID /* Whoo hoo! */
 };
 
 static uint16_t NetFlow7_Header[] = {
diff --git a/src/netflow.c.old b/src/netflow.c.old
new file mode 100644 (file)
index 0000000..3e5435e
--- /dev/null
@@ -0,0 +1,145 @@
+/*
+       Copyright (C) Slava Astashonok <sla@0n.ru>
+
+       This program is free software; you can redistribute it and/or
+       modify it under the terms of the GNU General Public License.
+
+       $Id: netflow.c,v 1.2.2.4 2004/02/02 08:06:24 sla Exp $
+*/
+
+#include <common.h>
+
+#include <netflow.h>
+
+static uint16_t NetFlow1_Header[] = {
+       NETFLOW_VERSION,
+       NETFLOW_COUNT,
+       NETFLOW_UPTIME,
+       NETFLOW_UNIX_SECS,
+       NETFLOW_UNIX_NSECS
+};
+
+static uint16_t NetFlow1_Flow[] = {
+       NETFLOW_IPV4_SRC_ADDR,
+       NETFLOW_IPV4_DST_ADDR,
+       NETFLOW_IPV4_NEXT_HOP,
+       NETFLOW_INPUT_SNMP,
+       NETFLOW_OUTPUT_SNMP,
+       NETFLOW_PKTS_32,
+       NETFLOW_BYTES_32,
+       NETFLOW_FIRST_SWITCHED,
+       NETFLOW_LAST_SWITCHED,
+       NETFLOW_L4_SRC_PORT,
+       NETFLOW_L4_DST_PORT,
+       NETFLOW_PAD16,
+       NETFLOW_PROT,
+       NETFLOW_SRC_TOS,
+       NETFLOW_TCP_FLAGS,
+       NETFLOW_PAD8, NETFLOW_PAD8, NETFLOW_PAD8,
+       NETFLOW_PAD32
+};
+
+static uint16_t NetFlow5_Header[] = {
+       NETFLOW_VERSION,
+       NETFLOW_COUNT,
+       NETFLOW_UPTIME,
+       NETFLOW_UNIX_SECS,
+       NETFLOW_UNIX_NSECS,
+       NETFLOW_FLOW_SEQUENCE,
+       NETFLOW_ENGINE_TYPE,
+       NETFLOW_ENGINE_ID,
+       NETFLOW_PAD16
+};
+
+static uint16_t NetFlow5_Flow[] = {
+       NETFLOW_IPV4_SRC_ADDR,
+       NETFLOW_IPV4_DST_ADDR,
+       NETFLOW_IPV4_NEXT_HOP,
+       NETFLOW_INPUT_SNMP,
+       NETFLOW_OUTPUT_SNMP,
+       NETFLOW_PKTS_32,
+       NETFLOW_BYTES_32,
+       NETFLOW_FIRST_SWITCHED,
+       NETFLOW_LAST_SWITCHED,
+       NETFLOW_L4_SRC_PORT,
+       NETFLOW_L4_DST_PORT,
+       NETFLOW_PAD8,
+       NETFLOW_TCP_FLAGS,
+       NETFLOW_PROT,
+       NETFLOW_SRC_TOS,
+       NETFLOW_SRC_AS,
+       NETFLOW_DST_AS,
+       NETFLOW_SRC_MASK,
+       NETFLOW_DST_MASK,
+       NETFLOW_PAD16
+};
+
+static uint16_t NetFlow7_Header[] = {
+       NETFLOW_VERSION,
+       NETFLOW_COUNT,
+       NETFLOW_UPTIME,
+       NETFLOW_UNIX_SECS,
+       NETFLOW_UNIX_NSECS,
+       NETFLOW_FLOW_SEQUENCE,
+       NETFLOW_PAD32
+};
+
+static uint16_t NetFlow7_Flow[] = {
+       NETFLOW_IPV4_SRC_ADDR,
+       NETFLOW_IPV4_DST_ADDR,
+       NETFLOW_IPV4_NEXT_HOP,
+       NETFLOW_INPUT_SNMP,
+       NETFLOW_OUTPUT_SNMP,
+       NETFLOW_PKTS_32,
+       NETFLOW_BYTES_32,
+       NETFLOW_FIRST_SWITCHED,
+       NETFLOW_LAST_SWITCHED,
+       NETFLOW_L4_SRC_PORT,
+       NETFLOW_L4_DST_PORT,
+       NETFLOW_FLAGS7_1,
+       NETFLOW_TCP_FLAGS,
+       NETFLOW_PROT,
+       NETFLOW_SRC_TOS,
+       NETFLOW_SRC_AS,
+       NETFLOW_DST_AS,
+       NETFLOW_SRC_MASK,
+       NETFLOW_DST_MASK,
+       NETFLOW_FLAGS7_2,
+       NETFLOW_ROUTER_SC
+};
+
+struct NetFlow NetFlow1 = {
+       NETFLOW1_VERSION,
+       NETFLOW1_HEADER_SIZE,
+       NETFLOW1_MAX_FLOWS,
+       NETFLOW1_FLOW_SIZE,
+       NETFLOW1_SEQ_OFFSET,
+       sizeof(NetFlow1_Header) / sizeof(uint16_t),
+       NetFlow1_Header,
+       sizeof(NetFlow1_Flow) / sizeof(uint16_t),
+       NetFlow1_Flow
+};
+
+struct NetFlow NetFlow5 = {
+       NETFLOW5_VERSION,
+       NETFLOW5_HEADER_SIZE,
+       NETFLOW5_MAX_FLOWS,
+       NETFLOW5_FLOW_SIZE,
+       NETFLOW5_SEQ_OFFSET,
+       sizeof(NetFlow5_Header) / sizeof(uint16_t),
+       NetFlow5_Header,
+       sizeof(NetFlow5_Flow) / sizeof(uint16_t),
+       NetFlow5_Flow
+};
+
+struct NetFlow NetFlow7 = {
+       NETFLOW7_VERSION,
+       NETFLOW7_HEADER_SIZE,
+       NETFLOW7_MAX_FLOWS,
+       NETFLOW7_FLOW_SIZE,
+       NETFLOW7_SEQ_OFFSET,
+       sizeof(NetFlow7_Header) / sizeof(uint16_t),
+       NetFlow7_Header,
+       sizeof(NetFlow7_Flow) / sizeof(uint16_t),
+       NetFlow7_Flow
+};
index e2ce3af..92c075b 100644 (file)
 #define NETFLOW_IPV6_OPTION_HEADERS 64
 #define NETFLOW_IPV6_OPTION_HEADERS_SIZE 4
 
+#define NETFLOW_PLANETLAB_XID 65
+#define NETFLOW_PLANETLAB_XID_SIZE 2
 
 #define NETFLOW_VERSION 1001
 #define NETFLOW_VERSION_SIZE 2