Context Navigation

dataFlowSet.c @ 11

Revision 11, 9.2 KB (checked in by andreu, 17 years ago)
prefix v4 comparaison ok
Property svn:eol-style set to `native`

Rev	Line
[2]	1	/*
	2	* File: dataFlowSet.c
	3	*
	4	* Authors: ANDREU François-Xavier
	5	*
	6	* Copyright (C) 2005 GIP RENATER
	7	*/
	8
	9	/ This file is part of renetcol.*
	10	*
	11	* renetcol is free software; you can redistribute it and/or modify
	12	* it under the terms of the GNU General Public License as published by
	13	* the Free Software Foundation; either version 2 of the License, or
	14	* (at your option) any later version.
	15	*
	16	* renetcol is distributed in the hope that it will be useful,
	17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	19	* GNU General Public License for more details.
	20	*
	21	* You should have received a copy of the GNU General Public License
	22	* along with renetcol; if not, write to the Free Software
	23	* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	24	*/
	25
	26	#include "dataFlowSet.h"
	27
	28	/*
	29	* checkDataFlowSet
	30	*
	31	*/
	32	unsigned short
	33	checkDataFlowSet(unsigned short shift, RouterPtr cr, NetFlowV9HeaderPtr v9Ptr,
	34	unsigned short offV9, unsigned* char buf, short* *cFNPtr,
	35	short cFId, DatagramPtr pcktPtr, RuleDefPtr rulesCache,
	36	RulesPtr rlPtr, int myQueue)
	37	{
	38	TplFlowSetPtr tmp;
	39	FieldPtr pftmp;
	40	FieldPtr secondPftmp;
	41	unsigned short data_length = 0;
	42	unsigned short flow_size = 0;
	43	unsigned short oldOffset = *offV9;
	44	unsigned short secondOffset = 0;
	45	unsigned short secondOldOffset = 0;
	46	int field_size = 0;
	47	int cpt = 0;
	48	int secondCpt = 0;
	49	int overflow = 0;
	50	int noEnd = 1;
	51	int i=0;
	52	int j=0;
	53	int pos = 0;
	54	unsigned char buffer1;
	55	unsigned char buffer2[2];
	56	unsigned char buffer4[4];
	57	RulesPtr tmpRuleList = rlPtr;
	58	msgType myMsg;
	59	char *msgTextIndex;
	60	unsigned short tplMsgType = 11;
	61
	62	buffer2[1] = (buf+(offV9));(*offV9)++;
	63	buffer2[0] = (buf+(offV9));(*offV9)++;
	64	(cFId) = ((unsigned short*)&buffer2);
	65	buffer2[1] = (buf+(offV9));(*offV9)++;
	66	buffer2[0] = (buf+(offV9));(*offV9)++;
	67	data_length = ((unsigned* short*)&buffer2);
	68	if ((tmp=existTplId(cr, v9Ptr->sourceId,
	69	(*cFId)))!=NULL) {
	70	pftmp = tmp->lastField;
	71	for (; pftmp; pftmp = pftmp->prev) {
	72	flow_size += pftmp->fieldLength;
	73	}
	74	if ( data_length%flow_size >= 9 ) {
	75	(*cFNPtr) = v9Ptr->count;
	76	syslog(LOG_INFO, "data flowset length not match with length from template definition, wrong template definition suspected; all next informations of this data flowset are not considered! flowset ID: %hu, from router: %lu.%lu.%lu.%lu",
	77	(*cFId),
	78	(pcktPtr->ipH->srcAdd>>24),
	79	(pcktPtr->ipH->srcAdd<<8>>24),
	80	(pcktPtr->ipH->srcAdd<<16>>24),
	81	(pcktPtr->ipH->srcAdd<<24>>24));
	82	return (data_length+shift);
	83	}
	84	pftmp = tmp->lastField;
	85	secondPftmp = tmp->lastField;
	86	secondOffset = *offV9;
	87	secondOldOffset = secondOffset;
	88	while ( (((*offV9)-48-shift) <= data_length) && (overflow!=1) ) {
	89	/*
	90	* progression in a flow Set
	91	* notes:
	92	* 48=header ip + header netf
	93	* shift = shift if there is a template declaration
	94	*/
	95	cpt++;
	96	j=0;
	97	pos = (pftmp->fieldType)*10+j;
	98	field_size = (int) pftmp->fieldLength;
	99	/*
	100	* Comparaison between the field value and the rules
	101	* ... if one rule exist
	102	*/
	103	if (((RuleDefPtr)(*(rulesCache+pos))) != NULL) {
	104	oldOffset = *offV9;
	105	while (((RuleDefPtr)(*(rulesCache+pos))) != NULL){
	106	/*
	107	* while on one cache table line
	108	*/
	109	*offV9 = oldOffset;
	110	switch ((int)
	111	(((RuleDefPtr)(*(rulesCache+pos)))->operator)){
	112	case 2:
	113	switch (field_size) {
	114	case 1:
	115	buffer1 = (buf+(offV9)); (*offV9)++;
	116	if (((RuleDefPtr)(*(rulesCache+pos)))->value->stor.cvalue
	117	== ((unsigned* char*)&buffer1)) {
	118	((RuleDefPtr)(*(rulesCache+pos)))->check = 1;
	119	}
	120	break;
	121	case 2:
	122	buffer2[1]= (buf+(offV9)); (*offV9)++;
	123	buffer2[0]= (buf+(offV9)); (*offV9)++;
	124	if (((RuleDefPtr)(*(rulesCache+pos)))->value->stor.svalue
	125	== ((unsigned* short*)&buffer2))
	126	((RuleDefPtr)(*(rulesCache+pos)))->check = 1;
	127	break;
	128	case 4:
	129	buffer4[3]= (buf+(offV9)); (*offV9)++;
	130	buffer4[2]= (buf+(offV9)); (*offV9)++;
	131	buffer4[1]= (buf+(offV9)); (*offV9)++;
	132	buffer4[0]= (buf+(offV9)); (*offV9)++;
[11]	133	/ here , add a check on the field type /
[2]	134	if ((((RuleDefPtr)(*(rulesCache+pos)))->value->stor.lvalue)
[11]	135	== (((unsigned* long)&buffer4))>>(32-((RuleDefPtr)((rulesCache+pos)))->value->mask)<<(32-((RuleDefPtr)(*(rulesCache+pos)))->value->mask) )
[2]	136	{
	137	((RuleDefPtr)(*(rulesCache+pos)))->check = 1;
	138	}
	139	break;
	140	case 16:
	141	for (i=0; i<4; i++) {
	142	buffer4[3]= (buf+(offV9)); (*offV9)++;
	143	buffer4[2]= (buf+(offV9)); (*offV9)++;
	144	buffer4[1]= (buf+(offV9)); (*offV9)++;
	145	buffer4[0]= (buf+(offV9)); (*offV9)++;
	146	if (ntohl(((RuleDefPtr)(*(rulesCache+pos)))->value->stor.tabAdd6[i])
[11]	147	== (((unsigned* long)&buffer4))>>(12-(((RuleDefPtr)((rulesCache+pos)))->value->mask)%32)<<(32-(((RuleDefPtr)(*(rulesCache+pos)))->value->mask)%32)
	148	)
[2]	149	{
	150	if (0==i){
	151	((RuleDefPtr)(*(rulesCache+pos)))->check = 1;
	152	} else {
	153	((RuleDefPtr)(*(rulesCache+pos)))->check =
	154	((RuleDefPtr)(*(rulesCache+pos)))->check && 1;
	155	}
	156	} else {
	157	((RuleDefPtr)(*(rulesCache+pos)))->check = 0;
[11]	158	}
[2]	159	}
	160	break;
	161	default:
	162	syslog(LOG_INFO, "Field size not known: %d\n", field_size);
	163	for (i=0; i<field_size; i++){
	164	(*offV9)++;
	165	}
	166	break;
	167	}
	168	break;
	169	default:
	170	syslog(LOG_INFO, "Operator not known: %d\n",
	171	(int)(((RuleDefPtr)(*(rulesCache+pos)))->operator));
	172	break;
	173	}
	174	j++;
	175	pos = (pftmp->fieldType)*10+j;
	176	} / end while rulesCache /
	177	} else {
	178	/*
	179	* no rule within this field type, but we must reading the value
	180	*/
	181	switch (field_size) {
	182	case 1:
	183	buffer1 = (buf+(offV9)); (*offV9)++;
	184	break;
	185	case 2:
	186	buffer2[1]= (buf+(offV9)); (*offV9)++;
	187	buffer2[0]= (buf+(offV9)); (*offV9)++;
	188	break;
	189	case 4:
	190	buffer4[3]= (buf+(offV9)); (*offV9)++;
	191	buffer4[2]= (buf+(offV9)); (*offV9)++;
	192	buffer4[1]= (buf+(offV9)); (*offV9)++;
	193	buffer4[0]= (buf+(offV9)); (*offV9)++;
	194	break;
	195	case 16:
	196	for (i=0; i<4; i++) {
	197	buffer2[1]= (buf+(offV9)); (*offV9)++;
	198	buffer2[0]= (buf+(offV9)); (*offV9)++;
	199	buffer2[1]= (buf+(offV9)); (*offV9)++;
	200	buffer2[0]= (buf+(offV9)); (*offV9)++;
	201	}
	202	break;
	203	default:
	204	syslog(LOG_INFO,"UNKNOWN FIELDS LENGTH: %d ", field_size);
	205	for (i=0; i<field_size; i++){
	206	(*offV9)++;
	207	}
	208	}
	209	} / end if one cache table line existence /
	210	if (cpt==tmp->fieldCount) {
	211	/*
	212	* end of one flow (not the flowset)
	213	*/
	214	/*
	215	* Redirection if needed
	216	* switch the rules definition (check & fieldToRecord),
	217	* we send the flow or a part of the flow to the msg queue
	218	*/
	219	tmpRuleList = rlPtr;
	220	while (tmpRuleList){
	221	unsigned short check = 1;
	222	RuleDefPtr tmpRuleDefList = tmpRuleList->def;
	223	secondOffset = secondOldOffset;
	224	while (tmpRuleDefList){
	225	check = check && tmpRuleDefList->check;
	226	tmpRuleDefList->check = 0;
	227	tmpRuleDefList = tmpRuleDefList->next;
	228	}
	229	if ( (tmpRuleList->def != NULL) && (check == 1)) {
	230	/ msg building /
	231	secondPftmp = tmp->lastField;
	232	/ memcpy(myMsg.text, (char)(buf+secondOffset),flow_size); /*
	233	msgTextIndex = mempcpy(mempcpy(mempcpy(myMsg.text,
	234	&tplMsgType,
	235	sizeof(unsigned short)
	236	),
	237	&tmpRuleList->id,
	238	sizeof(tmpRuleList->id)
	239	),
	240	&cr->IpAddress,
	241	sizeof(unsigned long)
	242	);
	243	msgTextIndex = mempcpy(mempcpy(mempcpy(msgTextIndex,
	244	&tmp->sourceId,
	245	sizeof(unsigned long)
	246	),
	247	&tmp->templateFlowSetId,
	248	sizeof(tmp->templateFlowSetId)
	249	),
	250	buf+secondOffset,
	251	flow_size
	252	);
	253	myMsg.type = 1;
	254	msgSend( myQueue, myMsg);
	255	noEnd = 1;
	256	secondCpt=0;
	257	} / end if check /
	258	tmpRuleList = tmpRuleList->next;
	259	secondPftmp = tmp->lastField;
	260	} / end while tmpRuleList /
	261	/*
	262	* end redirection
	263	*/
	264	secondOffset = *offV9;
	265	secondOldOffset = secondOffset;
	266	pftmp = tmp->lastField;
	267	cpt=0;
	268	(cFNPtr)++; /* pointer on the flows number /
	269	if (((*offV9)-48-shift+flow_size) > data_length){
	270	overflow = 1; / buffer index not correct /
	271	}
	272	} else {
	273	/ not the flow end, progress in field list /
	274	pftmp = pftmp->prev;
	275	}
	276	} / end of the while on one flow record /
	277	}else{
	278	/*
	279	* template unknown, we skip this all the data
	280	*/
	281	(*offV9)+=(data_length-4);
	282	(*cFNPtr) = v9Ptr->count;
	283	}
	284	while ( ((*offV9)-48-shift) < data_length ) {
	285	(offV9)++; /* if padding /
	286	}
	287	while ( (*offV9)-48-shift > data_length ) {
	288	(offV9)--; /* crazy loop (when bug appears in template def) /
	289	}
	290	return (data_length+shift);
	291	}
	292
	293	/ for (i=0; i<(90); i++){ /
	294	/ int k=0; /
	295	/ pos = i10+k; /*
	296	/ if (((RuleDefPtr)((rulesCache+pos))) != NULL){ /*
	297	/ fprintf(stderr," type: %d ",i); /
	298	/ while ( ((RuleDefPtr)((rulesCache+pos))) != NULL){ /*
	299	/ fprintf(stderr, "\n op:%hu, pos: %d", /
	300	/ ((RuleDefPtr)((rulesCache+pos)))->operator, /*
	301	/ pos); /
	302	/ k++; /
	303	/ pos = i10+k; /*
	304	/ } /
	305	/ fprintf(stderr,"\n"); /
	306	/ } /
	307	/ } /

Note: See TracBrowser for help on using the browser.

Context Navigation

root/trunk/src/dataFlowSet.c @ 11

Download in other formats: