root/trunk/src/dataFlowSet.c @ 25

/*
 * File: dataFlowSet.c
 * 
 * Authors: ANDREU Francois-Xavier 
 *
 * Copyright (C) 2005 GIP RENATER 
 */

/*  This file is part of renetcol. 
 *
 *  renetcol is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  renetcol is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with renetcol; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */

#include "dataFlowSet.h"

/*
 * Check Data FlowSet 
 *
 */
unsigned short 
checkDataFlowSet(unsigned short shift, 
                 struct MyPtrs *myPtrs,
                 int myQueue, 
                 struct PrefixV4 *V4PTab, 
                 size_t nbPV4
                 )
{
  TplFlowSetPtr tmp;
  FieldPtr pftmp;
  FieldPtr secondPftmp;
  unsigned short data_length = 0;
  unsigned short flow_size = 0;
  unsigned short oldOffset = *myPtrs->offsetV9Ptr;
  unsigned short secondOffset = 0;
  unsigned short secondOldOffset = 0;
  int moreIsNecessary = 1;
  int field_size = 0;
  int cpt = 0;
  int secondCpt = 0;
  int overflow = 0;
  int noEnd = 1;
  int i = 0;
  int j = 0;
  int pos = 0;
  unsigned char buffer1;  
  unsigned char buffer2[2];
  unsigned char buffer4[4];
  RulesPtr tmpRuleList = myPtrs->rulesListPtr;
  msgType myMsg;
  char *msgTextIndex;
  unsigned short tplMsgType = 11;
  struct PrefixV4 prefixKey, *res; /* for bsearch */
  struct AggCache agCache;
  int bool = 0; /* in IPV4 Agg mode enabled, we need to now if it's an IPv4 */
                /* flow, we test on the field and then put bool at 1 */
#ifdef CRIHAN
  struct IPFLowCache ipFirstCache;
  struct MPLSFlowCache mplsFirstCache;
  unsigned long firstTime = 0; 
  unsigned long lastTime = 0; 

  ipFirstCache.ipProt = 0;
  ipFirstCache.bytes = 0;
  ipFirstCache.pkts = 0;
  ipFirstCache.inSnmp = 0;
  ipFirstCache.outSnmp = 0;
  ipFirstCache.v4AdS = 0;
  ipFirstCache.v4AdD = 0;
  ipFirstCache.tProt = 0;
  ipFirstCache.sPort = 0;
  ipFirstCache.dPort = 0;
  ipFirstCache.maskD = 0;
  ipFirstCache.maskS = 0;
  ipFirstCache.routerAd = 0;
  ipFirstCache.liveTime = 0;
  mplsFirstCache.ipProt = 0;
  mplsFirstCache.v4AdS = 0;
  mplsFirstCache.v4AdD = 0;
  mplsFirstCache.routerAd = 0;
  mplsFirstCache.mplsLabel1 = 0;
#endif /* CRIHAN */

  buffer2[1] = *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr));(*myPtrs->offsetV9Ptr)++;
  buffer2[0] = *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr));(*myPtrs->offsetV9Ptr)++;
  (*myPtrs->currentFlowsetIdPtr) = *((unsigned short*)&buffer2);
  buffer2[1] = *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr));(*myPtrs->offsetV9Ptr)++;
  buffer2[0] = *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr));(*myPtrs->offsetV9Ptr)++;
  data_length = *((unsigned short*)&buffer2);
  if ((tmp=existTplId(myPtrs->currentRouterPtr, myPtrs->currentHeaderV9Ptr->sourceId, 
                      (*myPtrs->currentFlowsetIdPtr)))!=NULL) {
    pftmp = tmp->lastField;
    for (; pftmp; pftmp = pftmp->prev) {
      flow_size += pftmp->fieldLength;
    }
    if ( data_length%flow_size >= 9 ) {
      (*myPtrs->currentFlowsetNumberPtr) = myPtrs->currentHeaderV9Ptr->count;
      syslog(LOG_INFO, "data flowset length not match with length from template definition, wrong template definition suspected; all next informations of this data flowset are not considered! flowset ID: %hu, from router: %lu.%lu.%lu.%lu",
             (*myPtrs->currentFlowsetIdPtr),
             (myPtrs->pcktPtr->ipH->srcAdd>>24),
             (myPtrs->pcktPtr->ipH->srcAdd<<8>>24),
             (myPtrs->pcktPtr->ipH->srcAdd<<16>>24),
             (myPtrs->pcktPtr->ipH->srcAdd<<24>>24));
      return (data_length+shift);
    }
#ifdef IPV4AGG
    agCache.routerAd = myPtrs->pcktPtr->ipH->srcAdd; 
#endif

#ifdef CRIHAN
    ipFirstCache.routerAd = myPtrs->pcktPtr->ipH->srcAdd;
    mplsFirstCache.routerAd = myPtrs->pcktPtr->ipH->srcAdd;
#endif /* CRIHAN */

    pftmp = tmp->lastField;
    secondPftmp = tmp->lastField;    
    secondOffset = *myPtrs->offsetV9Ptr;
    secondOldOffset = secondOffset;
    while ( (((*myPtrs->offsetV9Ptr)-48-shift) <= data_length) && (overflow!=1) ) { 
      /* 
       * progression in a flow Set 
       * notes:
       *   48=header ip + header netf
       *   shift = shift if there is a template declaration 
       */
      cpt++;
      j=0;
      pos = (pftmp->fieldType)*10+j;
      field_size = (int) pftmp->fieldLength;
      /*
       * Comparaison between the field value and the rules
       * ... if one rule exist
       */
      if (((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos))) != NULL) {
        oldOffset = *myPtrs->offsetV9Ptr;
        while (((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos))) != NULL){
          /* 
           * while on one cache table line
           */
          *myPtrs->offsetV9Ptr = oldOffset;
          switch ((int)
                  (((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->operator)){
          case 2:
            switch (field_size) {
            case 1:
              buffer1 = *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
              /* rule check */
              if (((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.cvalue 
                  == *((unsigned char*)&buffer1)) {
                ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 1;
              }
              /* end rule check */
#ifdef IPV4AGG
              if ((pftmp->fieldType==9)||(pftmp->fieldType==29)){
                agCache.maskS = *((unsigned char*)&buffer1);
              }
              if ((pftmp->fieldType==13)||(pftmp->fieldType==30)){
                agCache.maskD = *((unsigned char*)&buffer1);
              }
              if (pftmp->fieldType==60){
                agCache.ipProt = *((unsigned char*)&buffer1);
              }
              if (pftmp->fieldType==4){
                agCache.tProt = *((unsigned char*)&buffer1);
              }
              if (pftmp->fieldType==61){
                agCache.sens = *((unsigned char*)&buffer1);
              }
              if (pftmp->fieldType==5){
                agCache.dscp = *((unsigned char*)&buffer1);
              }
#endif        
#ifdef CRIHAN
              if ((pftmp->fieldType==9)||(pftmp->fieldType==29)){
                ipFirstCache.maskS = *((unsigned char*)&buffer1);
              }
              if ((pftmp->fieldType==13)||(pftmp->fieldType==30)){
                ipFirstCache.maskD = *((unsigned char*)&buffer1);
              }
              if (pftmp->fieldType==60){ 
                ipFirstCache.ipProt = *((unsigned char*)&buffer1); 
                mplsFirstCache.ipProt = *((unsigned char*)&buffer1); 
              }
              if (pftmp->fieldType==4){ 
                ipFirstCache.tProt = *((unsigned char*)&buffer1); 
              }
#endif
              break;
            case 2:
              buffer2[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
              buffer2[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
              if (((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.svalue 
                  == *((unsigned short*)&buffer2))
                ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 1;
#ifdef IPV4AGG
              if (pftmp->fieldType==10){
                agCache.idSnmp = *((unsigned short*)&buffer2);
              }
#endif
#ifdef CRIHAN
              if (pftmp->fieldType==10){
                ipFirstCache.inSnmp = *((unsigned short*)&buffer2);
              }
              if (pftmp->fieldType==14){
                ipFirstCache.outSnmp = *((unsigned short*)&buffer2);
              }
              if (pftmp->fieldType==7){
                ipFirstCache.sPort = *((unsigned short*)&buffer2);
              }
              if (pftmp->fieldType==11){
                ipFirstCache.dPort = *((unsigned short*)&buffer2);
              }
#endif
              break;
            case 3:
              buffer4[3]= 0;
              buffer4[2]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
              buffer4[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
              buffer4[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
              if (((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.lvalue 
                  == *((unsigned long*)&buffer4))
                ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 1;
              /* aggregation */
              /* end aggregation */
#ifdef CRIHAN
              if (pftmp->fieldType==70){
                mplsFirstCache.mplsLabel1 = (*((unsigned long*)&buffer4))>>4;
              }
#endif
              break;
            case 4:
              buffer4[3]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
              buffer4[2]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
              buffer4[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
              buffer4[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
              /* FIXME : here , add a check on the field type */
              if ((pftmp->fieldType==8)||(pftmp->fieldType==12)){
                if ((((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.lvalue) 
                    == (*((unsigned long*)&buffer4))>>(32-((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask)<<(32-((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask) )
                  {
                    ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 1;
                  }
              }       
#ifdef IPV4AGG
              if ((pftmp->fieldType==8)){
                agCache.v4AdS = *((unsigned long*)&buffer4);
              }
              if ((pftmp->fieldType==12)){
                agCache.v4AdD = *((unsigned long*)&buffer4);
              }
              if (pftmp->fieldType==1){
                agCache.bytes = *((unsigned long*)&buffer4);
              }
              if (pftmp->fieldType==2){
                agCache.pkts = *((unsigned long*)&buffer4);
              }
#endif
#ifdef CRIHAN
              if (pftmp->fieldType==8){
                ipFirstCache.v4AdS = *((unsigned long*)&buffer4);
                mplsFirstCache.v4AdS = *((unsigned long*)&buffer4);
              }
              if (pftmp->fieldType==12){
                ipFirstCache.v4AdD = *((unsigned long*)&buffer4);
                mplsFirstCache.v4AdD = *((unsigned long*)&buffer4);
              }
              if (pftmp->fieldType==1){
                ipFirstCache.bytes = *((unsigned long*)&buffer4);
              }
              if (pftmp->fieldType==2){
                ipFirstCache.pkts = *((unsigned long*)&buffer4);
              }
              if (pftmp->fieldType==22){
                firstTime = *((unsigned long*)&buffer4);
              }
              if (pftmp->fieldType==21){
                lastTime = *((unsigned long*)&buffer4);
              }
#endif
              break;
            case 16:
              for (i=0; i<4; i++) {
                buffer4[3]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
                buffer4[2]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
                buffer4[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
                buffer4[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
                if (1==moreIsNecessary){
                  switch(i){
                  case 0:
                    if (((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask <= 32){
                      if (ntohl(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.tabAdd6[i]) 
                          == 
                          (*((unsigned long*)&buffer4))>>(32-((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask)<<(32-((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask)
                          )
                        {
                          ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 1;
                          moreIsNecessary = 0;
                        } else {
                          ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 0;
                          moreIsNecessary = 0;
                        }
                    } else {
                      if (ntohl(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.tabAdd6[i]) 
                          == 
                          (*((unsigned long*)&buffer4))
                          )
                        {
                          ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 1;
                        } else {
                          ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 0;
                          moreIsNecessary = 0;
                        }
                    }
                    break;
                  case 1:
                    if (((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask <= 64){
                      if (ntohl(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.tabAdd6[i]) 
                          == 
                          (*((unsigned long*)&buffer4))>>(64-((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask)<<(64-((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask)
                          )
                        {
                          ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check =
                            ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check && 1;
                          moreIsNecessary = 0;
                        } else {
                          ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 0;
                          moreIsNecessary = 0;
                        }
                    } else {
                      if (ntohl(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.tabAdd6[i]) 
                          == 
                          (*((unsigned long*)&buffer4))
                          )
                        {
                          ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 
                            ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check && 1;
                        } else {
                          ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 0;
                          moreIsNecessary = 0;
                        }
                    }
                    break;
                  case 2:
                    if (((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask <= 96){
                      if (ntohl(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.tabAdd6[i]) 
                          == 
                          (*((unsigned long*)&buffer4))>>(96-((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask)<<(96-((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask)
                          )
                        {
                          ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check =
                            ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check && 1;
                          moreIsNecessary = 0;
                        } else {
                          ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 0;
                          moreIsNecessary = 0;
                        }
                    } else {
                      if (ntohl(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.tabAdd6[i]) 
                          == 
                          (*((unsigned long*)&buffer4))
                          )
                        {
                          ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 
                            ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check && 1;
                        } else {
                          ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 0;
                          moreIsNecessary = 0;
                        }
                    }
                    break;
                  case 3:
                    if (((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask <= 128){
                      if (ntohl(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.tabAdd6[i]) 
                          == 
                          (*((unsigned long*)&buffer4))>>(128-((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask)<<(128-((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask)
                          )
                        {
                          ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check =
                            ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check && 1;
                        } else {
                          ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 0;
                          moreIsNecessary = 0;
                        }
                    } else {
                      if (ntohl(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.tabAdd6[i]) 
                          == 
                          (*((unsigned long*)&buffer4))
                          )
                        {
                          ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 
                            ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check && 1;
                        } else {
                          ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 0;
                          moreIsNecessary = 0;
                        }
                    }
                    break;
                  default:
                    break;
                  } /* end of switch(i) */
                } /* end of if moreIsNecessary */
              }
              moreIsNecessary = 1;
              /* aggregation for IPv6 flows */
              
              /* end aggregation */
              break;
            default:
              syslog(LOG_INFO, "Field size not known: %d\n", field_size); 
              for (i=0; i<field_size; i++){
                (*myPtrs->offsetV9Ptr)++;
              }
              break;
            }
            break;
          default:
            syslog(LOG_INFO, "Operator not known: %d\n",
                   (int)(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->operator));
            break;
          }
          j++;
          pos = (pftmp->fieldType)*10+j;
        } /* end while myPtrs->rulesAddressPtr */
      } else {
        /* 
         * no rule within this field type, but we must read the value 
         */
        switch (field_size) {
        case 1:
          buffer1 = *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
#ifdef IPV4AGG
          if ((pftmp->fieldType==9)||(pftmp->fieldType==29)){
            agCache.maskS = *((unsigned char*)&buffer1);
          }
          if ((pftmp->fieldType==13)||(pftmp->fieldType==30)){
            agCache.maskD = *((unsigned char*)&buffer1);
          }
          if (pftmp->fieldType==60){
            agCache.ipProt = *((unsigned char*)&buffer1);
          }
          if (pftmp->fieldType==4){
            agCache.tProt = *((unsigned char*)&buffer1);
          }
          if (pftmp->fieldType==61){
            agCache.sens = *((unsigned char*)&buffer1);
          }
          if (pftmp->fieldType==5){
            agCache.dscp = *((unsigned char*)&buffer1);
          }       
#endif
#ifdef CRIHAN
          if ((pftmp->fieldType==9)||(pftmp->fieldType==29)){
            ipFirstCache.maskS = *((unsigned char*)&buffer1);
          }
          if ((pftmp->fieldType==13)||(pftmp->fieldType==30)){
            ipFirstCache.maskD = *((unsigned char*)&buffer1);
          }
          if (pftmp->fieldType==60){ 
            ipFirstCache.ipProt = *((unsigned char*)&buffer1); 
            mplsFirstCache.ipProt = *((unsigned char*)&buffer1); 
          }
          if (pftmp->fieldType==4){ 
            ipFirstCache.tProt = *((unsigned char*)&buffer1); 
          }
#endif
          break;
        case 2:
          buffer2[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
          buffer2[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
#ifdef IPV4AGG
          if (pftmp->fieldType==10){
            agCache.idSnmp = *((unsigned short*)&buffer2);
          }       
#endif
#ifdef CRIHAN
          if (pftmp->fieldType==10){
            ipFirstCache.inSnmp = *((unsigned short*)&buffer2);
          }
          if (pftmp->fieldType==14){
            ipFirstCache.outSnmp = *((unsigned short*)&buffer2);
          }
          if (pftmp->fieldType==7){
            ipFirstCache.sPort = *((unsigned short*)&buffer2);
          }
          if (pftmp->fieldType==11){
            ipFirstCache.dPort = *((unsigned short*)&buffer2);
          }
#endif
          break;
        case 3:
          buffer4[3]= 0;
          buffer4[2]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
          buffer4[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
          buffer4[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
          /* aggregation */
          /* end aggregation */
#ifdef CRIHAN
          if (pftmp->fieldType==70){
            mplsFirstCache.mplsLabel1 = (*((unsigned long*)&buffer4))>>4;
          }
#endif
          break;
        case 4:
          buffer4[3]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
          buffer4[2]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
          buffer4[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
          buffer4[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
#ifdef IPV4AGG
          if ((pftmp->fieldType==8)){
            bool = 1;
            agCache.v4AdS = *((unsigned long*)&buffer4);
          } else if ((pftmp->fieldType==12)){
            agCache.v4AdD = *((unsigned long*)&buffer4);
          } else if (pftmp->fieldType==1){
            agCache.bytes = *((unsigned long*)&buffer4);
          } else if (pftmp->fieldType==2){
            agCache.pkts = *((unsigned long*)&buffer4);
          }
#endif
#ifdef CRIHAN
          if (pftmp->fieldType==8){
            ipFirstCache.v4AdS = *((unsigned long*)&buffer4);
            mplsFirstCache.v4AdS = *((unsigned long*)&buffer4);
          }
          if (pftmp->fieldType==12){
            ipFirstCache.v4AdD = *((unsigned long*)&buffer4);
            mplsFirstCache.v4AdD = *((unsigned long*)&buffer4);
          }
          if (pftmp->fieldType==1){
            ipFirstCache.bytes = *((unsigned long*)&buffer4);
          }
          if (pftmp->fieldType==2){
            ipFirstCache.pkts = *((unsigned long*)&buffer4);
          }
          if (pftmp->fieldType==22){
            firstTime = *((unsigned long*)&buffer4);
          }
          if (pftmp->fieldType==21){
            lastTime = *((unsigned long*)&buffer4);
          }
#endif
          break;
        case 16:
          for (i=0; i<4; i++) {
            buffer2[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
            buffer2[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
            buffer2[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
            buffer2[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++;
          }
          /* aggregation IPv6 */          
          /* end aggregation */
          break;
        default:
          syslog(LOG_INFO,"UNKNOWN FIELDS LENGTH: %d ", field_size);
          for (i=0; i<field_size; i++){
            (*myPtrs->offsetV9Ptr)++;
          }
        }
      } /* end if one cache table line existence */
      if (cpt==tmp->fieldCount) {
        /* 
         * end of one flow (not the flowset) 
         */
#ifdef CRIHAN
        if ( mplsFirstCache.mplsLabel1 == 0 ) {
          (myPtrs->tabIPPtr+(*myPtrs->ipNbPtr))->ipProt = ipFirstCache.ipProt;
          ipFirstCache.ipProt = 0;
          (myPtrs->tabIPPtr+(*myPtrs->ipNbPtr))->bytes = ipFirstCache.bytes;
          ipFirstCache.bytes = 0;
          (myPtrs->tabIPPtr+(*myPtrs->ipNbPtr))->pkts = ipFirstCache.pkts;
          ipFirstCache.pkts = 0;
          (myPtrs->tabIPPtr+(*myPtrs->ipNbPtr))->inSnmp = ipFirstCache.inSnmp;
          ipFirstCache.inSnmp = 0;
          (myPtrs->tabIPPtr+(*myPtrs->ipNbPtr))->outSnmp = ipFirstCache.outSnmp;
          ipFirstCache.outSnmp = 0;
          (myPtrs->tabIPPtr+(*myPtrs->ipNbPtr))->v4AdS = ipFirstCache.v4AdS;
          ipFirstCache.outSnmp = 0;
          (myPtrs->tabIPPtr+(*myPtrs->ipNbPtr))->v4AdD = ipFirstCache.v4AdD;
          ipFirstCache.v4AdD = 0;
          (myPtrs->tabIPPtr+(*myPtrs->ipNbPtr))->tProt = ipFirstCache.tProt;
          ipFirstCache.tProt = 0;
          (myPtrs->tabIPPtr+(*myPtrs->ipNbPtr))->sPort = ipFirstCache.sPort;
          ipFirstCache.sPort = 0;
          (myPtrs->tabIPPtr+(*myPtrs->ipNbPtr))->dPort = ipFirstCache.dPort;
          ipFirstCache.dPort = 0;
          (myPtrs->tabIPPtr+(*myPtrs->ipNbPtr))->maskD = ipFirstCache.maskD;
          ipFirstCache.maskD = 0;
          (myPtrs->tabIPPtr+(*myPtrs->ipNbPtr))->maskS = ipFirstCache.maskS;
          ipFirstCache.maskS = 0;
          (myPtrs->tabIPPtr+(*myPtrs->ipNbPtr))->routerAd = ipFirstCache.routerAd;
          (myPtrs->tabIPPtr+(*myPtrs->ipNbPtr))->liveTime = lastTime - firstTime;
          firstTime = 0; lastTime = 0;
          (*myPtrs->ipNbPtr)++;
        } else {
          (myPtrs->tabMPLSPtr+(*myPtrs->mplsNbPtr))->ipProt = mplsFirstCache.ipProt;
          mplsFirstCache.ipProt = 0;
          (myPtrs->tabMPLSPtr+(*myPtrs->mplsNbPtr))->v4AdS =  mplsFirstCache.v4AdS;
          mplsFirstCache.v4AdS = 0;
          (myPtrs->tabMPLSPtr+(*myPtrs->mplsNbPtr))->v4AdD =  mplsFirstCache.v4AdD; 
          mplsFirstCache.v4AdD = 0;
          (myPtrs->tabMPLSPtr+(*myPtrs->mplsNbPtr))->routerAd =  mplsFirstCache.routerAd;
          (myPtrs->tabMPLSPtr+(*myPtrs->mplsNbPtr))->mplsLabel1 =  mplsFirstCache.mplsLabel1;
          mplsFirstCache.mplsLabel1 = 0;
          (*myPtrs->mplsNbPtr)++;
        }
#endif 
        /* put aggregation cache information to IPv4 Prefixes table */
        /* Aggregation mode must be enable in ./configure options   */
        /* first we must know if the address belong to our prefix   */
#ifdef IPV4AGG
        if (bool == 1){
          prefixKey.beginning = agCache.v4AdS>>(32-agCache.maskS)<<(32-agCache.maskS);
          res = bsearch(&prefixKey, V4PTab, nbPV4, 
                        sizeof(struct PrefixV4), prefCmp);
          if (res!=NULL){ 
            /* OUT ("traffic from the prefix/subnet")  */
            res->bytesNbOUT += agCache.bytes;
            res->pktsNbOUT += agCache.pkts;
            (res->flowNbOUT)++;
            switch (agCache.tProt) {
            case 1:
              res->icmpBytesNbOUT += agCache.bytes;
              res->icmpPktsNbOUT += agCache.pkts;
              (res->icmpFlowNbOUT)++;
              break;
            case 6:
              res->tcpBytesNbOUT += agCache.bytes;
              res->tcpPktsNbOUT += agCache.pkts;
              (res->tcpFlowNbOUT)++;          
              break;
            case 17:
              res->udpBytesNbOUT += agCache.bytes;
              res->udpPktsNbOUT += agCache.pkts;
              (res->udpFlowNbOUT)++;
              break;
            default:
              res->othersBytesNbOUT += agCache.bytes;
              res->othersPktsNbOUT += agCache.pkts;
              (res->othersFlowNbOUT)++;
            }
          } else {
            prefixKey.beginning = agCache.v4AdD>>(32-agCache.maskD)<<(32-agCache.maskD);
            res = bsearch(&prefixKey, V4PTab, nbPV4, 
                          sizeof(struct PrefixV4), prefCmp);
            if (res!=NULL){ /* IN ("traffic to the prefix")  */
              res->bytesNbIN += agCache.bytes;
              res->pktsNbIN += agCache.pkts;
              (res->flowNbIN)++;
              switch (agCache.tProt) {
              case 1:
                res->icmpBytesNbIN += agCache.bytes;
                res->icmpPktsNbIN += agCache.pkts;
                (res->icmpFlowNbIN)++;
                break;
              case 6:
                res->tcpBytesNbIN += agCache.bytes;
                res->tcpPktsNbIN += agCache.pkts;
                (res->tcpFlowNbIN)++;
                break;
              case 17:
                res->udpBytesNbIN += agCache.bytes;
                res->udpPktsNbIN += agCache.pkts;
                (res->udpFlowNbIN)++;
                break;
              default:
                res->othersBytesNbIN += agCache.bytes;
                res->othersPktsNbIN += agCache.pkts;
                (res->othersFlowNbIN)++;
              }
            } else {
              /* HERE : we are in the cases of the address/mask don't      */
              /*        belong to a prefix listed in the IPv4 prefix file  */
              /* possibilities :                                           */
              /*     -  prefix not referenced but allowed to be routed     */
              /*     -  prefix not referenced but not allowed to be routed */
              /*     -  spoofing                                           */
/*            fprintf(stderr, "%lu.%lu.%lu.%lu/%hu -> %lu.%lu.%lu.%lu/%hu R:%lu.%lu.%lu.%lu \n", */
/*                    (agCache.v4AdS>>24), */
/*                    (agCache.v4AdS<<8>>24),  */
/*                    (agCache.v4AdS<<16>>24),  */
/*                    (agCache.v4AdS<<24>>24),  */
/*                    (agCache.maskS),  */
/*                    (agCache.v4AdD>>24),  */
/*                    (agCache.v4AdD<<8>>24),  */
/*                    (agCache.v4AdD<<16>>24),  */
/*                    (agCache.v4AdD<<24>>24),  */
/*                    (agCache.maskD),  */
/*                    (myPtrs->pcktPtr->ipH->srcAdd>>24),  */
/*                    (myPtrs->pcktPtr->ipH->srcAdd<<8>>24), */
/*                    (myPtrs->pcktPtr->ipH->srcAdd<<16>>24), */
/*                    (myPtrs->pcktPtr->ipH->srcAdd<<24>>24) */
/*                    ); */
            }
          }
        }
        bool = 0;
#endif
        /* 
         * Redirection if needed 
         * switch the rules definition (check & fieldToRecord), 
         * we send the flow or a part of the flow to a remote host or a file
         */
        tmpRuleList = myPtrs->rulesListPtr;
        while (tmpRuleList){
          unsigned short check = 1;
          RuleDefPtr tmpRuleDefList = tmpRuleList->def;
          secondOffset = secondOldOffset;
          while (tmpRuleDefList){
            check = check && tmpRuleDefList->check;
            tmpRuleDefList->check = 0;
            tmpRuleDefList = tmpRuleDefList->next;
          }
          if ( (tmpRuleList->def != NULL) && (check == 1)) {
            /* msg building */
            secondPftmp = tmp->lastField;
/*          memcpy(myMsg.text, (char*)(myPtrs->ptr_buffer+secondOffset),flow_size); */
            msgTextIndex = mempcpy(mempcpy(mempcpy(myMsg.text, 
                                                   &tplMsgType, 
                                                   sizeof(unsigned short) 
                                                   ),
                                           &tmpRuleList->id,
                                           sizeof(tmpRuleList->id)
                                           ),
                                   &myPtrs->currentRouterPtr->IpAddress, 
                                   sizeof(unsigned long) 
                                   );
            msgTextIndex = mempcpy(mempcpy(mempcpy(msgTextIndex, 
                                                   &tmp->sourceId, 
                                                   sizeof(unsigned long) 
                                                   ), 
                                           &tmp->templateFlowSetId, 
                                           sizeof(tmp->templateFlowSetId) 
                                           ), 
                                   myPtrs->ptr_buffer+secondOffset, 
                                   flow_size
                                   ); 
            myMsg.type = 1;
            msgSend( myQueue, myMsg);
            noEnd = 1;
            secondCpt=0;
          } /* end if check */
          tmpRuleList = tmpRuleList->next;
          secondPftmp = tmp->lastField;
        } /* end while tmpRuleList */
        /* 
         * end redirection 
         */
        secondOffset = *myPtrs->offsetV9Ptr;
        secondOldOffset = secondOffset;
        pftmp = tmp->lastField;
        cpt=0;
        (*myPtrs->currentFlowsetNumberPtr)++; /* pointer on the flows number */
        if (((*myPtrs->offsetV9Ptr)-48-shift+flow_size) > data_length){
          overflow = 1; /* buffer index not correct */
        }
      } else {
        /* not the flow end, progress in field list */
        pftmp = pftmp->prev;
      }
    } /* end of the while on one flow record */    
  }else{
    /* 
     * template unknown, we skip this all the data 
     */
    (*myPtrs->offsetV9Ptr)+=(data_length-4);
    (*myPtrs->currentFlowsetNumberPtr) = myPtrs->currentHeaderV9Ptr->count;
  }
  while ( ((*myPtrs->offsetV9Ptr)-48-shift) < data_length ) {
    (*myPtrs->offsetV9Ptr)++; /* if padding */
  }
  while ( (*myPtrs->offsetV9Ptr)-48-shift > data_length ) { 
    (*myPtrs->offsetV9Ptr)--; /* crazy loop (when bug appears in template def) */
  }
  return (data_length+shift);
}