Context Navigation

dataFlowSet.c @ 22

Revision 22, 23.0 KB (checked in by andreu, 16 years ago)
aggregation et timer
Property svn:eol-style set to `native`

Rev	Line
[2]	1	/*
	2	* File: dataFlowSet.c
	3	*
[15]	4	* Authors: ANDREU Francois-Xavier
[2]	5	*
	6	* Copyright (C) 2005 GIP RENATER
	7	*/
	8
	9	/ This file is part of renetcol.*
	10	*
	11	* renetcol is free software; you can redistribute it and/or modify
	12	* it under the terms of the GNU General Public License as published by
	13	* the Free Software Foundation; either version 2 of the License, or
	14	* (at your option) any later version.
	15	*
	16	* renetcol is distributed in the hope that it will be useful,
	17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	19	* GNU General Public License for more details.
	20	*
	21	* You should have received a copy of the GNU General Public License
	22	* along with renetcol; if not, write to the Free Software
	23	* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	24	*/
	25
	26	#include "dataFlowSet.h"
	27
	28	/*
[22]	29	* Check Data FlowSet
[2]	30	*
[22]	31	* @param shift Shift
	32	* @param cr Current router pointer
	33	* @param v9Ptr Pointer in the datagram ??
	34	* @param offv9 index in the datagram
	35	* @param buf Pointer to the buffer
	36	* @param cFNPtr Pointer on the current flowset number
	37	* @param cFId Pointer on the current flowset ID
	38	* @param pcktPtr Pointer on the datagram buffer
	39	* @param rulesCache Pointer on the rules table (cache for the next param)
	40	* @param rlPtr Pointer on the rules list
	41	* @param myQueue FIXME : to erase/delete/suppress
	42	* @param V4PTab Pointer on the IPv4 Prefix Table
	43	* @param nbPV4 Previous table size
	44	* @param ipCache Cache for all IP flow (for CRIHAN compilation option)
	45	* @param mplsCache Cache for all MPLS flow (for CRIHAN compilation option)
	46	* @param ipCounter Param to defined IP Cache size
	47	* @param mplsCounter Param to defined MPLS Cache size
	48	* @return shift (index in the datagram) FIXME
	49	*
	50	* FIXME to tune : just a param like a table ?
[2]	51	*/
	52	unsigned short
	53	checkDataFlowSet(unsigned short shift, RouterPtr cr, NetFlowV9HeaderPtr v9Ptr,
	54	unsigned short offV9, unsigned* char buf, short* *cFNPtr,
	55	short cFId, DatagramPtr pcktPtr, RuleDefPtr rulesCache,
[16]	56	RulesPtr rlPtr, int myQueue, struct PrefixV4 *V4PTab,
[18]	57	size_t nbPV4,
	58	struct IPFLowCache ipCache, struct* MPLSFlowCache *mplsCache,
	59	unsigned long ipCounter, unsigned* long *mplsCounter)
[2]	60	{
	61	TplFlowSetPtr tmp;
	62	FieldPtr pftmp;
	63	FieldPtr secondPftmp;
	64	unsigned short data_length = 0;
	65	unsigned short flow_size = 0;
	66	unsigned short oldOffset = *offV9;
	67	unsigned short secondOffset = 0;
	68	unsigned short secondOldOffset = 0;
[14]	69	int moreIsNecessary = 1;
[2]	70	int field_size = 0;
	71	int cpt = 0;
	72	int secondCpt = 0;
	73	int overflow = 0;
	74	int noEnd = 1;
[16]	75	int i = 0;
	76	int j = 0;
[2]	77	int pos = 0;
	78	unsigned char buffer1;
	79	unsigned char buffer2[2];
	80	unsigned char buffer4[4];
	81	RulesPtr tmpRuleList = rlPtr;
	82	msgType myMsg;
	83	char *msgTextIndex;
	84	unsigned short tplMsgType = 11;
[16]	85	struct PrefixV4 prefixKey, res; /* for bsearch /
	86	struct AggCache agCache;
[22]	87	int bool = 0; / in IPV4 Agg mode enabled, we need to now if it's an IPv4 /
	88	/ flow, we test on the field and then put bool at 1 /
[20]	89	#ifdef CRIHAN
[22]	90	struct IPFLowCache ipFirstCache;
	91	struct MPLSFlowCache mplsFirstCache;
	92	unsigned long firstTime = 0;
	93	unsigned long lastTime = 0;
[2]	94
[18]	95	ipFirstCache.ipProt = 0;
	96	ipFirstCache.bytes = 0;
	97	ipFirstCache.pkts = 0;
	98	ipFirstCache.inSnmp = 0;
	99	ipFirstCache.outSnmp = 0;
	100	ipFirstCache.v4AdS = 0;
	101	ipFirstCache.v4AdD = 0;
	102	ipFirstCache.tProt = 0;
	103	ipFirstCache.sPort = 0;
	104	ipFirstCache.dPort = 0;
	105	ipFirstCache.maskD = 0;
	106	ipFirstCache.maskS = 0;
	107	ipFirstCache.routerAd = 0;
	108	ipFirstCache.liveTime = 0;
	109	mplsFirstCache.ipProt = 0;
	110	mplsFirstCache.v4AdS = 0;
	111	mplsFirstCache.v4AdD = 0;
	112	mplsFirstCache.routerAd = 0;
	113	mplsFirstCache.mplsLabel1 = 0;
[20]	114	#endif / CRIHAN /
[19]	115
[2]	116	buffer2[1] = (buf+(offV9));(*offV9)++;
	117	buffer2[0] = (buf+(offV9));(*offV9)++;
	118	(cFId) = ((unsigned short*)&buffer2);
	119	buffer2[1] = (buf+(offV9));(*offV9)++;
	120	buffer2[0] = (buf+(offV9));(*offV9)++;
	121	data_length = ((unsigned* short*)&buffer2);
	122	if ((tmp=existTplId(cr, v9Ptr->sourceId,
	123	(*cFId)))!=NULL) {
	124	pftmp = tmp->lastField;
	125	for (; pftmp; pftmp = pftmp->prev) {
	126	flow_size += pftmp->fieldLength;
	127	}
	128	if ( data_length%flow_size >= 9 ) {
	129	(*cFNPtr) = v9Ptr->count;
	130	syslog(LOG_INFO, "data flowset length not match with length from template definition, wrong template definition suspected; all next informations of this data flowset are not considered! flowset ID: %hu, from router: %lu.%lu.%lu.%lu",
	131	(*cFId),
	132	(pcktPtr->ipH->srcAdd>>24),
	133	(pcktPtr->ipH->srcAdd<<8>>24),
	134	(pcktPtr->ipH->srcAdd<<16>>24),
	135	(pcktPtr->ipH->srcAdd<<24>>24));
	136	return (data_length+shift);
	137	}
[22]	138	#ifdef IPV4AGG
	139	agCache.routerAd = pcktPtr->ipH->srcAdd;
	140	#endif
[18]	141
[20]	142	#ifdef CRIHAN
[18]	143	ipFirstCache.routerAd = pcktPtr->ipH->srcAdd;
	144	mplsFirstCache.routerAd = pcktPtr->ipH->srcAdd;
[20]	145	#endif / CRIHAN /
[18]	146
[2]	147	pftmp = tmp->lastField;
	148	secondPftmp = tmp->lastField;
	149	secondOffset = *offV9;
	150	secondOldOffset = secondOffset;
	151	while ( (((*offV9)-48-shift) <= data_length) && (overflow!=1) ) {
	152	/*
	153	* progression in a flow Set
	154	* notes:
	155	* 48=header ip + header netf
	156	* shift = shift if there is a template declaration
	157	*/
	158	cpt++;
	159	j=0;
	160	pos = (pftmp->fieldType)*10+j;
	161	field_size = (int) pftmp->fieldLength;
	162	/*
	163	* Comparaison between the field value and the rules
	164	* ... if one rule exist
	165	*/
	166	if (((RuleDefPtr)(*(rulesCache+pos))) != NULL) {
	167	oldOffset = *offV9;
	168	while (((RuleDefPtr)(*(rulesCache+pos))) != NULL){
	169	/*
	170	* while on one cache table line
	171	*/
	172	*offV9 = oldOffset;
	173	switch ((int)
	174	(((RuleDefPtr)(*(rulesCache+pos)))->operator)){
	175	case 2:
	176	switch (field_size) {
	177	case 1:
	178	buffer1 = (buf+(offV9)); (*offV9)++;
[17]	179	/ rule check /
[2]	180	if (((RuleDefPtr)(*(rulesCache+pos)))->value->stor.cvalue
	181	== ((unsigned* char*)&buffer1)) {
	182	((RuleDefPtr)(*(rulesCache+pos)))->check = 1;
[16]	183	}
[17]	184	/ end rule check /
[22]	185	#ifdef IPV4AGG
	186	if ((pftmp->fieldType==9)\|\|(pftmp->fieldType==29)){
	187	agCache.maskS = ((unsigned* char*)&buffer1);
	188	}
	189	if ((pftmp->fieldType==13)\|\|(pftmp->fieldType==30)){
	190	agCache.maskD = ((unsigned* char*)&buffer1);
	191	}
	192	if (pftmp->fieldType==60){
	193	agCache.ipProt = ((unsigned* char*)&buffer1);
	194	}
	195	if (pftmp->fieldType==4){
	196	agCache.tProt = ((unsigned* char*)&buffer1);
	197	}
	198	if (pftmp->fieldType==61){
	199	agCache.sens = ((unsigned* char*)&buffer1);
	200	}
	201	if (pftmp->fieldType==5){
	202	agCache.dscp = ((unsigned* char*)&buffer1);
	203	}
	204	#endif
[20]	205	#ifdef CRIHAN
[17]	206	if ((pftmp->fieldType==9)\|\|(pftmp->fieldType==29)){
[18]	207	ipFirstCache.maskS = ((unsigned* char*)&buffer1);
[17]	208	}
	209	if ((pftmp->fieldType==13)\|\|(pftmp->fieldType==30)){
[18]	210	ipFirstCache.maskD = ((unsigned* char*)&buffer1);
[17]	211	}
[18]	212	if (pftmp->fieldType==60){
	213	ipFirstCache.ipProt = ((unsigned* char*)&buffer1);
	214	mplsFirstCache.ipProt = ((unsigned* char*)&buffer1);
	215	}
	216	if (pftmp->fieldType==4){
	217	ipFirstCache.tProt = ((unsigned* char*)&buffer1);
	218	}
[22]	219	#endif
[2]	220	break;
	221	case 2:
	222	buffer2[1]= (buf+(offV9)); (*offV9)++;
	223	buffer2[0]= (buf+(offV9)); (*offV9)++;
	224	if (((RuleDefPtr)(*(rulesCache+pos)))->value->stor.svalue
	225	== ((unsigned* short*)&buffer2))
	226	((RuleDefPtr)(*(rulesCache+pos)))->check = 1;
[22]	227	#ifdef IPV4AGG
	228	if (pftmp->fieldType==10){
	229	agCache.idSnmp = ((unsigned* short*)&buffer2);
	230	}
	231	#endif
[20]	232	#ifdef CRIHAN
[17]	233	if (pftmp->fieldType==10){
[18]	234	ipFirstCache.inSnmp = ((unsigned* short*)&buffer2);
[17]	235	}
[18]	236	if (pftmp->fieldType==14){
	237	ipFirstCache.outSnmp = ((unsigned* short*)&buffer2);
	238	}
	239	if (pftmp->fieldType==7){
	240	ipFirstCache.sPort = ((unsigned* short*)&buffer2);
	241	}
	242	if (pftmp->fieldType==11){
	243	ipFirstCache.dPort = ((unsigned* short*)&buffer2);
	244	}
[22]	245	#endif
[2]	246	break;
[17]	247	case 3:
	248	buffer4[3]= 0;
	249	buffer4[2]= (buf+(offV9)); (*offV9)++;
	250	buffer4[1]= (buf+(offV9)); (*offV9)++;
	251	buffer4[0]= (buf+(offV9)); (*offV9)++;
	252	if (((RuleDefPtr)(*(rulesCache+pos)))->value->stor.lvalue
	253	== ((unsigned* long*)&buffer4))
	254	((RuleDefPtr)(*(rulesCache+pos)))->check = 1;
	255	/ aggregation /
	256	/ end aggregation /
[20]	257	#ifdef CRIHAN
[18]	258	if (pftmp->fieldType==70){
	259	mplsFirstCache.mplsLabel1 = (((unsigned* long*)&buffer4))>>4;
	260	}
[22]	261	#endif
[17]	262	break;
[2]	263	case 4:
	264	buffer4[3]= (buf+(offV9)); (*offV9)++;
	265	buffer4[2]= (buf+(offV9)); (*offV9)++;
	266	buffer4[1]= (buf+(offV9)); (*offV9)++;
	267	buffer4[0]= (buf+(offV9)); (*offV9)++;
[15]	268	/ FIXME : here , add a check on the field type /
[16]	269	if ((pftmp->fieldType==8)\|\|(pftmp->fieldType==12)){
	270	if ((((RuleDefPtr)(*(rulesCache+pos)))->value->stor.lvalue)
	271	== (((unsigned* long)&buffer4))>>(32-((RuleDefPtr)((rulesCache+pos)))->value->mask)<<(32-((RuleDefPtr)(*(rulesCache+pos)))->value->mask) )
	272	{
	273	((RuleDefPtr)(*(rulesCache+pos)))->check = 1;
	274	}
	275	}
[22]	276	#ifdef IPV4AGG
	277	if ((pftmp->fieldType==8)){
	278	agCache.v4AdS = ((unsigned* long*)&buffer4);
	279	}
	280	if ((pftmp->fieldType==12)){
	281	agCache.v4AdD = ((unsigned* long*)&buffer4);
	282	}
	283	if (pftmp->fieldType==1){
	284	agCache.bytes = ((unsigned* long*)&buffer4);
	285	}
	286	if (pftmp->fieldType==2){
	287	agCache.pkts = ((unsigned* long*)&buffer4);
	288	}
	289	#endif
[20]	290	#ifdef CRIHAN
[18]	291	if (pftmp->fieldType==8){
	292	ipFirstCache.v4AdS = ((unsigned* long*)&buffer4);
[19]	293	mplsFirstCache.v4AdS = ((unsigned* long*)&buffer4);
[17]	294	}
[18]	295	if (pftmp->fieldType==12){
	296	ipFirstCache.v4AdD = ((unsigned* long*)&buffer4);
[19]	297	mplsFirstCache.v4AdD = ((unsigned* long*)&buffer4);
[17]	298	}
	299	if (pftmp->fieldType==1){
[18]	300	ipFirstCache.bytes = ((unsigned* long*)&buffer4);
[17]	301	}
	302	if (pftmp->fieldType==2){
[18]	303	ipFirstCache.pkts = ((unsigned* long*)&buffer4);
[17]	304	}
[18]	305	if (pftmp->fieldType==22){
	306	firstTime = ((unsigned* long*)&buffer4);
	307	}
	308	if (pftmp->fieldType==21){
	309	lastTime = ((unsigned* long*)&buffer4);
	310	}
[22]	311	#endif
[2]	312	break;
	313	case 16:
	314	for (i=0; i<4; i++) {
	315	buffer4[3]= (buf+(offV9)); (*offV9)++;
	316	buffer4[2]= (buf+(offV9)); (*offV9)++;
	317	buffer4[1]= (buf+(offV9)); (*offV9)++;
	318	buffer4[0]= (buf+(offV9)); (*offV9)++;
[14]	319	if (1==moreIsNecessary){
	320	switch(i){
	321	case 0:
	322	if (((RuleDefPtr)(*(rulesCache+pos)))->value->mask <= 32){
	323	if (ntohl(((RuleDefPtr)(*(rulesCache+pos)))->value->stor.tabAdd6[i])
	324	==
	325	(((unsigned* long)&buffer4))>>(32-((RuleDefPtr)((rulesCache+pos)))->value->mask)<<(32-((RuleDefPtr)(*(rulesCache+pos)))->value->mask)
	326	)
	327	{
	328	((RuleDefPtr)(*(rulesCache+pos)))->check = 1;
	329	moreIsNecessary = 0;
	330	} else {
	331	((RuleDefPtr)(*(rulesCache+pos)))->check = 0;
	332	moreIsNecessary = 0;
	333	}
[2]	334	} else {
[14]	335	if (ntohl(((RuleDefPtr)(*(rulesCache+pos)))->value->stor.tabAdd6[i])
	336	==
	337	(((unsigned* long*)&buffer4))
	338	)
	339	{
	340	((RuleDefPtr)(*(rulesCache+pos)))->check = 1;
	341	} else {
	342	((RuleDefPtr)(*(rulesCache+pos)))->check = 0;
	343	moreIsNecessary = 0;
	344	}
[2]	345	}
[14]	346	break;
	347	case 1:
	348	if (((RuleDefPtr)(*(rulesCache+pos)))->value->mask <= 64){
	349	if (ntohl(((RuleDefPtr)(*(rulesCache+pos)))->value->stor.tabAdd6[i])
	350	==
	351	(((unsigned* long)&buffer4))>>(64-((RuleDefPtr)((rulesCache+pos)))->value->mask)<<(64-((RuleDefPtr)(*(rulesCache+pos)))->value->mask)
	352	)
	353	{
	354	((RuleDefPtr)(*(rulesCache+pos)))->check =
	355	((RuleDefPtr)(*(rulesCache+pos)))->check && 1;
	356	moreIsNecessary = 0;
	357	} else {
	358	((RuleDefPtr)(*(rulesCache+pos)))->check = 0;
	359	moreIsNecessary = 0;
	360	}
	361	} else {
	362	if (ntohl(((RuleDefPtr)(*(rulesCache+pos)))->value->stor.tabAdd6[i])
	363	==
	364	(((unsigned* long*)&buffer4))
	365	)
	366	{
	367	((RuleDefPtr)(*(rulesCache+pos)))->check =
	368	((RuleDefPtr)(*(rulesCache+pos)))->check && 1;
	369	} else {
	370	((RuleDefPtr)(*(rulesCache+pos)))->check = 0;
	371	moreIsNecessary = 0;
	372	}
	373	}
	374	break;
	375	case 2:
	376	if (((RuleDefPtr)(*(rulesCache+pos)))->value->mask <= 96){
	377	if (ntohl(((RuleDefPtr)(*(rulesCache+pos)))->value->stor.tabAdd6[i])
	378	==
	379	(((unsigned* long)&buffer4))>>(96-((RuleDefPtr)((rulesCache+pos)))->value->mask)<<(96-((RuleDefPtr)(*(rulesCache+pos)))->value->mask)
	380	)
	381	{
	382	((RuleDefPtr)(*(rulesCache+pos)))->check =
	383	((RuleDefPtr)(*(rulesCache+pos)))->check && 1;
	384	moreIsNecessary = 0;
	385	} else {
	386	((RuleDefPtr)(*(rulesCache+pos)))->check = 0;
	387	moreIsNecessary = 0;
	388	}
	389	} else {
	390	if (ntohl(((RuleDefPtr)(*(rulesCache+pos)))->value->stor.tabAdd6[i])
	391	==
	392	(((unsigned* long*)&buffer4))
	393	)
	394	{
	395	((RuleDefPtr)(*(rulesCache+pos)))->check =
	396	((RuleDefPtr)(*(rulesCache+pos)))->check && 1;
	397	} else {
	398	((RuleDefPtr)(*(rulesCache+pos)))->check = 0;
	399	moreIsNecessary = 0;
	400	}
	401	}
	402	break;
	403	case 3:
	404	if (((RuleDefPtr)(*(rulesCache+pos)))->value->mask <= 128){
	405	if (ntohl(((RuleDefPtr)(*(rulesCache+pos)))->value->stor.tabAdd6[i])
	406	==
	407	(((unsigned* long)&buffer4))>>(128-((RuleDefPtr)((rulesCache+pos)))->value->mask)<<(128-((RuleDefPtr)(*(rulesCache+pos)))->value->mask)
	408	)
	409	{
	410	((RuleDefPtr)(*(rulesCache+pos)))->check =
	411	((RuleDefPtr)(*(rulesCache+pos)))->check && 1;
	412	} else {
	413	((RuleDefPtr)(*(rulesCache+pos)))->check = 0;
	414	moreIsNecessary = 0;
	415	}
	416	} else {
	417	if (ntohl(((RuleDefPtr)(*(rulesCache+pos)))->value->stor.tabAdd6[i])
	418	==
	419	(((unsigned* long*)&buffer4))
	420	)
	421	{
	422	((RuleDefPtr)(*(rulesCache+pos)))->check =
	423	((RuleDefPtr)(*(rulesCache+pos)))->check && 1;
	424	} else {
	425	((RuleDefPtr)(*(rulesCache+pos)))->check = 0;
	426	moreIsNecessary = 0;
	427	}
	428	}
	429	break;
	430	default:
	431	break;
	432	} / end of switch(i) /
	433	} / end of if moreIsNecessary /
[2]	434	}
[14]	435	moreIsNecessary = 1;
[22]	436	/ aggregation for IPv6 flows /
[16]	437
	438	/ end aggregation /
[2]	439	break;
	440	default:
	441	syslog(LOG_INFO, "Field size not known: %d\n", field_size);
	442	for (i=0; i<field_size; i++){
	443	(*offV9)++;
	444	}
	445	break;
	446	}
	447	break;
	448	default:
	449	syslog(LOG_INFO, "Operator not known: %d\n",
	450	(int)(((RuleDefPtr)(*(rulesCache+pos)))->operator));
	451	break;
	452	}
	453	j++;
	454	pos = (pftmp->fieldType)*10+j;
	455	} / end while rulesCache /
	456	} else {
	457	/*
[22]	458	* no rule within this field type, but we must read the value
[2]	459	*/
	460	switch (field_size) {
	461	case 1:
	462	buffer1 = (buf+(offV9)); (*offV9)++;
[22]	463	#ifdef IPV4AGG
	464	if ((pftmp->fieldType==9)\|\|(pftmp->fieldType==29)){
	465	agCache.maskS = ((unsigned* char*)&buffer1);
	466	}
	467	if ((pftmp->fieldType==13)\|\|(pftmp->fieldType==30)){
	468	agCache.maskD = ((unsigned* char*)&buffer1);
	469	}
	470	if (pftmp->fieldType==60){
	471	agCache.ipProt = ((unsigned* char*)&buffer1);
	472	}
	473	if (pftmp->fieldType==4){
	474	agCache.tProt = ((unsigned* char*)&buffer1);
	475	}
	476	if (pftmp->fieldType==61){
	477	agCache.sens = ((unsigned* char*)&buffer1);
	478	}
	479	if (pftmp->fieldType==5){
	480	agCache.dscp = ((unsigned* char*)&buffer1);
	481	}
	482	#endif
[20]	483	#ifdef CRIHAN
[17]	484	if ((pftmp->fieldType==9)\|\|(pftmp->fieldType==29)){
[18]	485	ipFirstCache.maskS = ((unsigned* char*)&buffer1);
[17]	486	}
	487	if ((pftmp->fieldType==13)\|\|(pftmp->fieldType==30)){
[18]	488	ipFirstCache.maskD = ((unsigned* char*)&buffer1);
[17]	489	}
[18]	490	if (pftmp->fieldType==60){
	491	ipFirstCache.ipProt = ((unsigned* char*)&buffer1);
	492	mplsFirstCache.ipProt = ((unsigned* char*)&buffer1);
[17]	493	}
[18]	494	if (pftmp->fieldType==4){
	495	ipFirstCache.tProt = ((unsigned* char*)&buffer1);
[17]	496	}
[22]	497	#endif
[2]	498	break;
	499	case 2:
	500	buffer2[1]= (buf+(offV9)); (*offV9)++;
	501	buffer2[0]= (buf+(offV9)); (*offV9)++;
[22]	502	#ifdef IPV4AGG
[17]	503	if (pftmp->fieldType==10){
	504	agCache.idSnmp = ((unsigned* short*)&buffer2);
	505	}
[22]	506	#endif
[20]	507	#ifdef CRIHAN
[18]	508	if (pftmp->fieldType==10){
	509	ipFirstCache.inSnmp = ((unsigned* short*)&buffer2);
	510	}
	511	if (pftmp->fieldType==14){
	512	ipFirstCache.outSnmp = ((unsigned* short*)&buffer2);
	513	}
	514	if (pftmp->fieldType==7){
	515	ipFirstCache.sPort = ((unsigned* short*)&buffer2);
	516	}
	517	if (pftmp->fieldType==11){
	518	ipFirstCache.dPort = ((unsigned* short*)&buffer2);
	519	}
[22]	520	#endif
[2]	521	break;
[17]	522	case 3:
	523	buffer4[3]= 0;
	524	buffer4[2]= (buf+(offV9)); (*offV9)++;
	525	buffer4[1]= (buf+(offV9)); (*offV9)++;
	526	buffer4[0]= (buf+(offV9)); (*offV9)++;
	527	/ aggregation /
	528	/ end aggregation /
[20]	529	#ifdef CRIHAN
[18]	530	if (pftmp->fieldType==70){
	531	mplsFirstCache.mplsLabel1 = (((unsigned* long*)&buffer4))>>4;
	532	}
[22]	533	#endif
[17]	534	break;
[2]	535	case 4:
	536	buffer4[3]= (buf+(offV9)); (*offV9)++;
	537	buffer4[2]= (buf+(offV9)); (*offV9)++;
	538	buffer4[1]= (buf+(offV9)); (*offV9)++;
	539	buffer4[0]= (buf+(offV9)); (*offV9)++;
[22]	540	#ifdef IPV4AGG
	541	if ((pftmp->fieldType==8)){
	542	bool = 1;
	543	agCache.v4AdS = ((unsigned* long*)&buffer4);
	544	} else if ((pftmp->fieldType==12)){
	545	agCache.v4AdD = ((unsigned* long*)&buffer4);
	546	} else if (pftmp->fieldType==1){
	547	agCache.bytes = ((unsigned* long*)&buffer4);
	548	} else if (pftmp->fieldType==2){
	549	agCache.pkts = ((unsigned* long*)&buffer4);
	550	}
	551	#endif
[20]	552	#ifdef CRIHAN
[18]	553	if (pftmp->fieldType==8){
	554	ipFirstCache.v4AdS = ((unsigned* long*)&buffer4);
[19]	555	mplsFirstCache.v4AdS = ((unsigned* long*)&buffer4);
[17]	556	}
[18]	557	if (pftmp->fieldType==12){
	558	ipFirstCache.v4AdD = ((unsigned* long*)&buffer4);
[19]	559	mplsFirstCache.v4AdD = ((unsigned* long*)&buffer4);
[18]	560	}
	561	if (pftmp->fieldType==1){
	562	ipFirstCache.bytes = ((unsigned* long*)&buffer4);
	563	}
	564	if (pftmp->fieldType==2){
	565	ipFirstCache.pkts = ((unsigned* long*)&buffer4);
	566	}
	567	if (pftmp->fieldType==22){
	568	firstTime = ((unsigned* long*)&buffer4);
	569	}
	570	if (pftmp->fieldType==21){
	571	lastTime = ((unsigned* long*)&buffer4);
	572	}
[22]	573	#endif
[2]	574	break;
	575	case 16:
	576	for (i=0; i<4; i++) {
	577	buffer2[1]= (buf+(offV9)); (*offV9)++;
	578	buffer2[0]= (buf+(offV9)); (*offV9)++;
	579	buffer2[1]= (buf+(offV9)); (*offV9)++;
	580	buffer2[0]= (buf+(offV9)); (*offV9)++;
	581	}
[22]	582	/ aggregation IPv6 /
[16]	583	/ end aggregation /
[2]	584	break;
	585	default:
	586	syslog(LOG_INFO,"UNKNOWN FIELDS LENGTH: %d ", field_size);
	587	for (i=0; i<field_size; i++){
	588	(*offV9)++;
	589	}
	590	}
	591	} / end if one cache table line existence /
	592	if (cpt==tmp->fieldCount) {
	593	/*
	594	* end of one flow (not the flowset)
	595	*/
[20]	596	#ifdef CRIHAN
[18]	597	if ( mplsFirstCache.mplsLabel1 == 0 ) {
	598	(ipCache+(*ipCounter))->ipProt = ipFirstCache.ipProt;
	599	ipFirstCache.ipProt = 0;
	600	(ipCache+(*ipCounter))->bytes = ipFirstCache.bytes;
	601	ipFirstCache.bytes = 0;
	602	(ipCache+(*ipCounter))->pkts = ipFirstCache.pkts;
	603	ipFirstCache.pkts = 0;
	604	(ipCache+(*ipCounter))->inSnmp = ipFirstCache.inSnmp;
	605	ipFirstCache.inSnmp = 0;
	606	(ipCache+(*ipCounter))->outSnmp = ipFirstCache.outSnmp;
	607	ipFirstCache.outSnmp = 0;
	608	(ipCache+(*ipCounter))->v4AdS = ipFirstCache.v4AdS;
	609	ipFirstCache.outSnmp = 0;
	610	(ipCache+(*ipCounter))->v4AdD = ipFirstCache.v4AdD;
	611	ipFirstCache.v4AdD = 0;
	612	(ipCache+(*ipCounter))->tProt = ipFirstCache.tProt;
	613	ipFirstCache.tProt = 0;
	614	(ipCache+(*ipCounter))->sPort = ipFirstCache.sPort;
	615	ipFirstCache.sPort = 0;
	616	(ipCache+(*ipCounter))->dPort = ipFirstCache.dPort;
	617	ipFirstCache.dPort = 0;
	618	(ipCache+(*ipCounter))->maskD = ipFirstCache.maskD;
	619	ipFirstCache.maskD = 0;
	620	(ipCache+(*ipCounter))->maskS = ipFirstCache.maskS;
	621	ipFirstCache.maskS = 0;
	622	(ipCache+(*ipCounter))->routerAd = ipFirstCache.routerAd;
	623	(ipCache+(*ipCounter))->liveTime = lastTime - firstTime;
	624	firstTime = 0; lastTime = 0;
	625	(*ipCounter)++;
	626	} else {
	627	(mplsCache+(*mplsCounter))->ipProt = mplsFirstCache.ipProt;
	628	mplsFirstCache.ipProt = 0;
	629	(mplsCache+(*mplsCounter))->v4AdS = mplsFirstCache.v4AdS;
	630	mplsFirstCache.v4AdS = 0;
	631	(mplsCache+(*mplsCounter))->v4AdD = mplsFirstCache.v4AdD;
	632	mplsFirstCache.v4AdD = 0;
	633	(mplsCache+(*mplsCounter))->routerAd = mplsFirstCache.routerAd;
	634	(mplsCache+(*mplsCounter))->mplsLabel1 = mplsFirstCache.mplsLabel1;
	635	mplsFirstCache.mplsLabel1 = 0;
	636	(*mplsCounter)++;
	637	}
[22]	638	#endif
	639	/ put aggregation cache information to IPv4 Prefixes table /
	640	#ifdef IPV4AGG
	641	if (bool == 1){
	642	prefixKey.beginning = agCache.v4AdS>>(32-agCache.maskS)<<(32-agCache.maskS);
	643	res = bsearch(&prefixKey, V4PTab, nbPV4,
	644	sizeof(struct PrefixV4), prefCmp);
	645	if (res!=NULL){
	646	res->bytesNb += agCache.bytes;
	647	res->pktsNb += agCache.pkts;
	648	res->flowNb += 1;
	649	switch (agCache.ipProt) {
	650	case 1:
	651	res->icmpBytesNb += agCache.bytes;
	652	res->icmpPktsNb += agCache.pkts;
	653	res->icmpFlowNb += 1;
	654	break;
	655	case 6:
	656	res->tcpBytesNb += agCache.bytes;
	657	res->tcpPktsNb += agCache.pkts;
	658	res->tcpFlowNb += 1;
	659	break;
	660	case 17:
	661	res->udpBytesNb += agCache.bytes;
	662	res->udpPktsNb += agCache.pkts;
	663	res->udpFlowNb += 1;
	664	break;
	665	default:
	666	res->othersBytesNb += agCache.bytes;
	667	res->othersPktsNb += agCache.pkts;
	668	res->othersFlowNb += 1;
	669	}
	670	}
	671	/ if (res==NULL){ /
	672	/ fprintf(stderr, "IPv4_spoofing? "); /
	673	/ } /
	674	}
	675	bool = 0;
	676	#endif
[2]	677	/*
	678	* Redirection if needed
	679	* switch the rules definition (check & fieldToRecord),
[18]	680	* we send the flow or a part of the flow to a remote host or a file
[2]	681	*/
	682	tmpRuleList = rlPtr;
	683	while (tmpRuleList){
	684	unsigned short check = 1;
	685	RuleDefPtr tmpRuleDefList = tmpRuleList->def;
	686	secondOffset = secondOldOffset;
	687	while (tmpRuleDefList){
	688	check = check && tmpRuleDefList->check;
	689	tmpRuleDefList->check = 0;
	690	tmpRuleDefList = tmpRuleDefList->next;
	691	}
	692	if ( (tmpRuleList->def != NULL) && (check == 1)) {
	693	/ msg building /
	694	secondPftmp = tmp->lastField;
	695	/ memcpy(myMsg.text, (char)(buf+secondOffset),flow_size); /*
	696	msgTextIndex = mempcpy(mempcpy(mempcpy(myMsg.text,
	697	&tplMsgType,
	698	sizeof(unsigned short)
	699	),
	700	&tmpRuleList->id,
	701	sizeof(tmpRuleList->id)
	702	),
	703	&cr->IpAddress,
	704	sizeof(unsigned long)
	705	);
	706	msgTextIndex = mempcpy(mempcpy(mempcpy(msgTextIndex,
	707	&tmp->sourceId,
	708	sizeof(unsigned long)
	709	),
	710	&tmp->templateFlowSetId,
	711	sizeof(tmp->templateFlowSetId)
	712	),
	713	buf+secondOffset,
	714	flow_size
	715	);
	716	myMsg.type = 1;
	717	msgSend( myQueue, myMsg);
	718	noEnd = 1;
	719	secondCpt=0;
	720	} / end if check /
	721	tmpRuleList = tmpRuleList->next;
	722	secondPftmp = tmp->lastField;
	723	} / end while tmpRuleList /
	724	/*
	725	* end redirection
	726	*/
	727	secondOffset = *offV9;
	728	secondOldOffset = secondOffset;
	729	pftmp = tmp->lastField;
	730	cpt=0;
	731	(cFNPtr)++; /* pointer on the flows number /
	732	if (((*offV9)-48-shift+flow_size) > data_length){
	733	overflow = 1; / buffer index not correct /
	734	}
	735	} else {
	736	/ not the flow end, progress in field list /
	737	pftmp = pftmp->prev;
	738	}
	739	} / end of the while on one flow record /
	740	}else{
	741	/*
	742	* template unknown, we skip this all the data
	743	*/
	744	(*offV9)+=(data_length-4);
	745	(*cFNPtr) = v9Ptr->count;
	746	}
	747	while ( ((*offV9)-48-shift) < data_length ) {
	748	(offV9)++; /* if padding /
	749	}
	750	while ( (*offV9)-48-shift > data_length ) {
	751	(offV9)--; /* crazy loop (when bug appears in template def) /
	752	}
	753	return (data_length+shift);
	754	}

Note: See TracBrowser for help on using the browser.

Context Navigation

root/trunk/src/dataFlowSet.c @ 22

Download in other formats: