Context Navigation

dataFlowSet.c @ 12

Revision 11, 9.2 KB (checked in by andreu, 17 years ago)
prefix v4 comparaison ok
Property svn:eol-style set to `native`

Line
1	/*
2	* File: dataFlowSet.c
3	*
4	* Authors: ANDREU François-Xavier
5	*
6	* Copyright (C) 2005 GIP RENATER
7	*/
8
9	/ This file is part of renetcol.*
10	*
11	* renetcol is free software; you can redistribute it and/or modify
12	* it under the terms of the GNU General Public License as published by
13	* the Free Software Foundation; either version 2 of the License, or
14	* (at your option) any later version.
15	*
16	* renetcol is distributed in the hope that it will be useful,
17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19	* GNU General Public License for more details.
20	*
21	* You should have received a copy of the GNU General Public License
22	* along with renetcol; if not, write to the Free Software
23	* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
24	*/
25
26	#include "dataFlowSet.h"
27
28	/*
29	* checkDataFlowSet
30	*
31	*/
32	unsigned short
33	checkDataFlowSet(unsigned short shift, RouterPtr cr, NetFlowV9HeaderPtr v9Ptr,
34	unsigned short offV9, unsigned* char buf, short* *cFNPtr,
35	short cFId, DatagramPtr pcktPtr, RuleDefPtr rulesCache,
36	RulesPtr rlPtr, int myQueue)
37	{
38	TplFlowSetPtr tmp;
39	FieldPtr pftmp;
40	FieldPtr secondPftmp;
41	unsigned short data_length = 0;
42	unsigned short flow_size = 0;
43	unsigned short oldOffset = *offV9;
44	unsigned short secondOffset = 0;
45	unsigned short secondOldOffset = 0;
46	int field_size = 0;
47	int cpt = 0;
48	int secondCpt = 0;
49	int overflow = 0;
50	int noEnd = 1;
51	int i=0;
52	int j=0;
53	int pos = 0;
54	unsigned char buffer1;
55	unsigned char buffer2[2];
56	unsigned char buffer4[4];
57	RulesPtr tmpRuleList = rlPtr;
58	msgType myMsg;
59	char *msgTextIndex;
60	unsigned short tplMsgType = 11;
61
62	buffer2[1] = (buf+(offV9));(*offV9)++;
63	buffer2[0] = (buf+(offV9));(*offV9)++;
64	(cFId) = ((unsigned short*)&buffer2);
65	buffer2[1] = (buf+(offV9));(*offV9)++;
66	buffer2[0] = (buf+(offV9));(*offV9)++;
67	data_length = ((unsigned* short*)&buffer2);
68	if ((tmp=existTplId(cr, v9Ptr->sourceId,
69	(*cFId)))!=NULL) {
70	pftmp = tmp->lastField;
71	for (; pftmp; pftmp = pftmp->prev) {
72	flow_size += pftmp->fieldLength;
73	}
74	if ( data_length%flow_size >= 9 ) {
75	(*cFNPtr) = v9Ptr->count;
76	syslog(LOG_INFO, "data flowset length not match with length from template definition, wrong template definition suspected; all next informations of this data flowset are not considered! flowset ID: %hu, from router: %lu.%lu.%lu.%lu",
77	(*cFId),
78	(pcktPtr->ipH->srcAdd>>24),
79	(pcktPtr->ipH->srcAdd<<8>>24),
80	(pcktPtr->ipH->srcAdd<<16>>24),
81	(pcktPtr->ipH->srcAdd<<24>>24));
82	return (data_length+shift);
83	}
84	pftmp = tmp->lastField;
85	secondPftmp = tmp->lastField;
86	secondOffset = *offV9;
87	secondOldOffset = secondOffset;
88	while ( (((*offV9)-48-shift) <= data_length) && (overflow!=1) ) {
89	/*
90	* progression in a flow Set
91	* notes:
92	* 48=header ip + header netf
93	* shift = shift if there is a template declaration
94	*/
95	cpt++;
96	j=0;
97	pos = (pftmp->fieldType)*10+j;
98	field_size = (int) pftmp->fieldLength;
99	/*
100	* Comparaison between the field value and the rules
101	* ... if one rule exist
102	*/
103	if (((RuleDefPtr)(*(rulesCache+pos))) != NULL) {
104	oldOffset = *offV9;
105	while (((RuleDefPtr)(*(rulesCache+pos))) != NULL){
106	/*
107	* while on one cache table line
108	*/
109	*offV9 = oldOffset;
110	switch ((int)
111	(((RuleDefPtr)(*(rulesCache+pos)))->operator)){
112	case 2:
113	switch (field_size) {
114	case 1:
115	buffer1 = (buf+(offV9)); (*offV9)++;
116	if (((RuleDefPtr)(*(rulesCache+pos)))->value->stor.cvalue
117	== ((unsigned* char*)&buffer1)) {
118	((RuleDefPtr)(*(rulesCache+pos)))->check = 1;
119	}
120	break;
121	case 2:
122	buffer2[1]= (buf+(offV9)); (*offV9)++;
123	buffer2[0]= (buf+(offV9)); (*offV9)++;
124	if (((RuleDefPtr)(*(rulesCache+pos)))->value->stor.svalue
125	== ((unsigned* short*)&buffer2))
126	((RuleDefPtr)(*(rulesCache+pos)))->check = 1;
127	break;
128	case 4:
129	buffer4[3]= (buf+(offV9)); (*offV9)++;
130	buffer4[2]= (buf+(offV9)); (*offV9)++;
131	buffer4[1]= (buf+(offV9)); (*offV9)++;
132	buffer4[0]= (buf+(offV9)); (*offV9)++;
133	/ here , add a check on the field type /
134	if ((((RuleDefPtr)(*(rulesCache+pos)))->value->stor.lvalue)
135	== (((unsigned* long)&buffer4))>>(32-((RuleDefPtr)((rulesCache+pos)))->value->mask)<<(32-((RuleDefPtr)(*(rulesCache+pos)))->value->mask) )
136	{
137	((RuleDefPtr)(*(rulesCache+pos)))->check = 1;
138	}
139	break;
140	case 16:
141	for (i=0; i<4; i++) {
142	buffer4[3]= (buf+(offV9)); (*offV9)++;
143	buffer4[2]= (buf+(offV9)); (*offV9)++;
144	buffer4[1]= (buf+(offV9)); (*offV9)++;
145	buffer4[0]= (buf+(offV9)); (*offV9)++;
146	if (ntohl(((RuleDefPtr)(*(rulesCache+pos)))->value->stor.tabAdd6[i])
147	== (((unsigned* long)&buffer4))>>(12-(((RuleDefPtr)((rulesCache+pos)))->value->mask)%32)<<(32-(((RuleDefPtr)(*(rulesCache+pos)))->value->mask)%32)
148	)
149	{
150	if (0==i){
151	((RuleDefPtr)(*(rulesCache+pos)))->check = 1;
152	} else {
153	((RuleDefPtr)(*(rulesCache+pos)))->check =
154	((RuleDefPtr)(*(rulesCache+pos)))->check && 1;
155	}
156	} else {
157	((RuleDefPtr)(*(rulesCache+pos)))->check = 0;
158	}
159	}
160	break;
161	default:
162	syslog(LOG_INFO, "Field size not known: %d\n", field_size);
163	for (i=0; i<field_size; i++){
164	(*offV9)++;
165	}
166	break;
167	}
168	break;
169	default:
170	syslog(LOG_INFO, "Operator not known: %d\n",
171	(int)(((RuleDefPtr)(*(rulesCache+pos)))->operator));
172	break;
173	}
174	j++;
175	pos = (pftmp->fieldType)*10+j;
176	} / end while rulesCache /
177	} else {
178	/*
179	* no rule within this field type, but we must reading the value
180	*/
181	switch (field_size) {
182	case 1:
183	buffer1 = (buf+(offV9)); (*offV9)++;
184	break;
185	case 2:
186	buffer2[1]= (buf+(offV9)); (*offV9)++;
187	buffer2[0]= (buf+(offV9)); (*offV9)++;
188	break;
189	case 4:
190	buffer4[3]= (buf+(offV9)); (*offV9)++;
191	buffer4[2]= (buf+(offV9)); (*offV9)++;
192	buffer4[1]= (buf+(offV9)); (*offV9)++;
193	buffer4[0]= (buf+(offV9)); (*offV9)++;
194	break;
195	case 16:
196	for (i=0; i<4; i++) {
197	buffer2[1]= (buf+(offV9)); (*offV9)++;
198	buffer2[0]= (buf+(offV9)); (*offV9)++;
199	buffer2[1]= (buf+(offV9)); (*offV9)++;
200	buffer2[0]= (buf+(offV9)); (*offV9)++;
201	}
202	break;
203	default:
204	syslog(LOG_INFO,"UNKNOWN FIELDS LENGTH: %d ", field_size);
205	for (i=0; i<field_size; i++){
206	(*offV9)++;
207	}
208	}
209	} / end if one cache table line existence /
210	if (cpt==tmp->fieldCount) {
211	/*
212	* end of one flow (not the flowset)
213	*/
214	/*
215	* Redirection if needed
216	* switch the rules definition (check & fieldToRecord),
217	* we send the flow or a part of the flow to the msg queue
218	*/
219	tmpRuleList = rlPtr;
220	while (tmpRuleList){
221	unsigned short check = 1;
222	RuleDefPtr tmpRuleDefList = tmpRuleList->def;
223	secondOffset = secondOldOffset;
224	while (tmpRuleDefList){
225	check = check && tmpRuleDefList->check;
226	tmpRuleDefList->check = 0;
227	tmpRuleDefList = tmpRuleDefList->next;
228	}
229	if ( (tmpRuleList->def != NULL) && (check == 1)) {
230	/ msg building /
231	secondPftmp = tmp->lastField;
232	/ memcpy(myMsg.text, (char)(buf+secondOffset),flow_size); /*
233	msgTextIndex = mempcpy(mempcpy(mempcpy(myMsg.text,
234	&tplMsgType,
235	sizeof(unsigned short)
236	),
237	&tmpRuleList->id,
238	sizeof(tmpRuleList->id)
239	),
240	&cr->IpAddress,
241	sizeof(unsigned long)
242	);
243	msgTextIndex = mempcpy(mempcpy(mempcpy(msgTextIndex,
244	&tmp->sourceId,
245	sizeof(unsigned long)
246	),
247	&tmp->templateFlowSetId,
248	sizeof(tmp->templateFlowSetId)
249	),
250	buf+secondOffset,
251	flow_size
252	);
253	myMsg.type = 1;
254	msgSend( myQueue, myMsg);
255	noEnd = 1;
256	secondCpt=0;
257	} / end if check /
258	tmpRuleList = tmpRuleList->next;
259	secondPftmp = tmp->lastField;
260	} / end while tmpRuleList /
261	/*
262	* end redirection
263	*/
264	secondOffset = *offV9;
265	secondOldOffset = secondOffset;
266	pftmp = tmp->lastField;
267	cpt=0;
268	(cFNPtr)++; /* pointer on the flows number /
269	if (((*offV9)-48-shift+flow_size) > data_length){
270	overflow = 1; / buffer index not correct /
271	}
272	} else {
273	/ not the flow end, progress in field list /
274	pftmp = pftmp->prev;
275	}
276	} / end of the while on one flow record /
277	}else{
278	/*
279	* template unknown, we skip this all the data
280	*/
281	(*offV9)+=(data_length-4);
282	(*cFNPtr) = v9Ptr->count;
283	}
284	while ( ((*offV9)-48-shift) < data_length ) {
285	(offV9)++; /* if padding /
286	}
287	while ( (*offV9)-48-shift > data_length ) {
288	(offV9)--; /* crazy loop (when bug appears in template def) /
289	}
290	return (data_length+shift);
291	}
292
293	/ for (i=0; i<(90); i++){ /
294	/ int k=0; /
295	/ pos = i10+k; /*
296	/ if (((RuleDefPtr)((rulesCache+pos))) != NULL){ /*
297	/ fprintf(stderr," type: %d ",i); /
298	/ while ( ((RuleDefPtr)((rulesCache+pos))) != NULL){ /*
299	/ fprintf(stderr, "\n op:%hu, pos: %d", /
300	/ ((RuleDefPtr)((rulesCache+pos)))->operator, /*
301	/ pos); /
302	/ k++; /
303	/ pos = i10+k; /*
304	/ } /
305	/ fprintf(stderr,"\n"); /
306	/ } /
307	/ } /

Note: See TracBrowser for help on using the browser.

Context Navigation

root/trunk/src/dataFlowSet.c @ 12

Download in other formats: