Context Navigation

dataFlowSet.c @ 16

Revision 16, 12.7 KB (checked in by andreu, 17 years ago)
Friday save
Property svn:eol-style set to `native`

Line
1	/*
2	* File: dataFlowSet.c
3	*
4	* Authors: ANDREU Francois-Xavier
5	*
6	* Copyright (C) 2005 GIP RENATER
7	*/
8
9	/ This file is part of renetcol.*
10	*
11	* renetcol is free software; you can redistribute it and/or modify
12	* it under the terms of the GNU General Public License as published by
13	* the Free Software Foundation; either version 2 of the License, or
14	* (at your option) any later version.
15	*
16	* renetcol is distributed in the hope that it will be useful,
17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19	* GNU General Public License for more details.
20	*
21	* You should have received a copy of the GNU General Public License
22	* along with renetcol; if not, write to the Free Software
23	* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
24	*/
25
26	#include "dataFlowSet.h"
27
28	/*
29	* checkDataFlowSet
30	*
31	*/
32	unsigned short
33	checkDataFlowSet(unsigned short shift, RouterPtr cr, NetFlowV9HeaderPtr v9Ptr,
34	unsigned short offV9, unsigned* char buf, short* *cFNPtr,
35	short cFId, DatagramPtr pcktPtr, RuleDefPtr rulesCache,
36	RulesPtr rlPtr, int myQueue, struct PrefixV4 *V4PTab,
37	size_t nbPV4)
38	{
39	TplFlowSetPtr tmp;
40	FieldPtr pftmp;
41	FieldPtr secondPftmp;
42	unsigned short data_length = 0;
43	unsigned short flow_size = 0;
44	unsigned short oldOffset = *offV9;
45	unsigned short secondOffset = 0;
46	unsigned short secondOldOffset = 0;
47	int moreIsNecessary = 1;
48	int field_size = 0;
49	int cpt = 0;
50	int secondCpt = 0;
51	int overflow = 0;
52	int noEnd = 1;
53	int i = 0;
54	int j = 0;
55	int pos = 0;
56	unsigned char buffer1;
57	unsigned char buffer2[2];
58	unsigned char buffer4[4];
59	RulesPtr tmpRuleList = rlPtr;
60	msgType myMsg;
61	char *msgTextIndex;
62	unsigned short tplMsgType = 11;
63	struct PrefixV4 prefixKey, res; /* for bsearch /
64	struct AggCache agCache;
65
66	buffer2[1] = (buf+(offV9));(*offV9)++;
67	buffer2[0] = (buf+(offV9));(*offV9)++;
68	(cFId) = ((unsigned short*)&buffer2);
69	buffer2[1] = (buf+(offV9));(*offV9)++;
70	buffer2[0] = (buf+(offV9));(*offV9)++;
71	data_length = ((unsigned* short*)&buffer2);
72	if ((tmp=existTplId(cr, v9Ptr->sourceId,
73	(*cFId)))!=NULL) {
74	pftmp = tmp->lastField;
75	for (; pftmp; pftmp = pftmp->prev) {
76	flow_size += pftmp->fieldLength;
77	}
78	if ( data_length%flow_size >= 9 ) {
79	(*cFNPtr) = v9Ptr->count;
80	syslog(LOG_INFO, "data flowset length not match with length from template definition, wrong template definition suspected; all next informations of this data flowset are not considered! flowset ID: %hu, from router: %lu.%lu.%lu.%lu",
81	(*cFId),
82	(pcktPtr->ipH->srcAdd>>24),
83	(pcktPtr->ipH->srcAdd<<8>>24),
84	(pcktPtr->ipH->srcAdd<<16>>24),
85	(pcktPtr->ipH->srcAdd<<24>>24));
86	return (data_length+shift);
87	}
88	pftmp = tmp->lastField;
89	secondPftmp = tmp->lastField;
90	secondOffset = *offV9;
91	secondOldOffset = secondOffset;
92	while ( (((*offV9)-48-shift) <= data_length) && (overflow!=1) ) {
93	/*
94	* progression in a flow Set
95	* notes:
96	* 48=header ip + header netf
97	* shift = shift if there is a template declaration
98	*/
99	cpt++;
100	j=0;
101	pos = (pftmp->fieldType)*10+j;
102	field_size = (int) pftmp->fieldLength;
103	/*
104	* Comparaison between the field value and the rules
105	* ... if one rule exist
106	*/
107	if (((RuleDefPtr)(*(rulesCache+pos))) != NULL) {
108	oldOffset = *offV9;
109	while (((RuleDefPtr)(*(rulesCache+pos))) != NULL){
110	/*
111	* while on one cache table line
112	*/
113	*offV9 = oldOffset;
114	switch ((int)
115	(((RuleDefPtr)(*(rulesCache+pos)))->operator)){
116	case 2:
117	switch (field_size) {
118	case 1:
119	buffer1 = (buf+(offV9)); (*offV9)++;
120	if (((RuleDefPtr)(*(rulesCache+pos)))->value->stor.cvalue
121	== ((unsigned* char*)&buffer1)) {
122	((RuleDefPtr)(*(rulesCache+pos)))->check = 1;
123	}
124	/ aggregation /
125
126	/ end aggregation /
127	break;
128	case 2:
129	buffer2[1]= (buf+(offV9)); (*offV9)++;
130	buffer2[0]= (buf+(offV9)); (*offV9)++;
131	if (((RuleDefPtr)(*(rulesCache+pos)))->value->stor.svalue
132	== ((unsigned* short*)&buffer2))
133	((RuleDefPtr)(*(rulesCache+pos)))->check = 1;
134	/ aggregation /
135
136	/ end aggregation /
137	break;
138	case 4:
139	buffer4[3]= (buf+(offV9)); (*offV9)++;
140	buffer4[2]= (buf+(offV9)); (*offV9)++;
141	buffer4[1]= (buf+(offV9)); (*offV9)++;
142	buffer4[0]= (buf+(offV9)); (*offV9)++;
143	/ FIXME : here , add a check on the field type /
144	if ((pftmp->fieldType==8)\|\|(pftmp->fieldType==12)){
145	if ((((RuleDefPtr)(*(rulesCache+pos)))->value->stor.lvalue)
146	== (((unsigned* long)&buffer4))>>(32-((RuleDefPtr)((rulesCache+pos)))->value->mask)<<(32-((RuleDefPtr)(*(rulesCache+pos)))->value->mask) )
147	{
148	((RuleDefPtr)(*(rulesCache+pos)))->check = 1;
149	}
150	prefixKey.beginning = ((unsigned* long*)&buffer4);
151	res = bsearch(&prefixKey, V4PTab, nbPV4,
152	sizeof(struct PrefixV4), prefCmp);
153	if (res == NULL)
154	fprintf(stderr,"!");
155	else
156	fprintf(stderr,".");
157	}
158	/ aggregation /
159
160	/ end aggregation /
161	break;
162	case 16:
163	for (i=0; i<4; i++) {
164	buffer4[3]= (buf+(offV9)); (*offV9)++;
165	buffer4[2]= (buf+(offV9)); (*offV9)++;
166	buffer4[1]= (buf+(offV9)); (*offV9)++;
167	buffer4[0]= (buf+(offV9)); (*offV9)++;
168	if (1==moreIsNecessary){
169	switch(i){
170	case 0:
171	if (((RuleDefPtr)(*(rulesCache+pos)))->value->mask <= 32){
172	if (ntohl(((RuleDefPtr)(*(rulesCache+pos)))->value->stor.tabAdd6[i])
173	==
174	(((unsigned* long)&buffer4))>>(32-((RuleDefPtr)((rulesCache+pos)))->value->mask)<<(32-((RuleDefPtr)(*(rulesCache+pos)))->value->mask)
175	)
176	{
177	((RuleDefPtr)(*(rulesCache+pos)))->check = 1;
178	moreIsNecessary = 0;
179	} else {
180	((RuleDefPtr)(*(rulesCache+pos)))->check = 0;
181	moreIsNecessary = 0;
182	}
183	} else {
184	if (ntohl(((RuleDefPtr)(*(rulesCache+pos)))->value->stor.tabAdd6[i])
185	==
186	(((unsigned* long*)&buffer4))
187	)
188	{
189	((RuleDefPtr)(*(rulesCache+pos)))->check = 1;
190	} else {
191	((RuleDefPtr)(*(rulesCache+pos)))->check = 0;
192	moreIsNecessary = 0;
193	}
194	}
195	break;
196	case 1:
197	if (((RuleDefPtr)(*(rulesCache+pos)))->value->mask <= 64){
198	if (ntohl(((RuleDefPtr)(*(rulesCache+pos)))->value->stor.tabAdd6[i])
199	==
200	(((unsigned* long)&buffer4))>>(64-((RuleDefPtr)((rulesCache+pos)))->value->mask)<<(64-((RuleDefPtr)(*(rulesCache+pos)))->value->mask)
201	)
202	{
203	((RuleDefPtr)(*(rulesCache+pos)))->check =
204	((RuleDefPtr)(*(rulesCache+pos)))->check && 1;
205	moreIsNecessary = 0;
206	} else {
207	((RuleDefPtr)(*(rulesCache+pos)))->check = 0;
208	moreIsNecessary = 0;
209	}
210	} else {
211	if (ntohl(((RuleDefPtr)(*(rulesCache+pos)))->value->stor.tabAdd6[i])
212	==
213	(((unsigned* long*)&buffer4))
214	)
215	{
216	((RuleDefPtr)(*(rulesCache+pos)))->check =
217	((RuleDefPtr)(*(rulesCache+pos)))->check && 1;
218	} else {
219	((RuleDefPtr)(*(rulesCache+pos)))->check = 0;
220	moreIsNecessary = 0;
221	}
222	}
223	break;
224	case 2:
225	if (((RuleDefPtr)(*(rulesCache+pos)))->value->mask <= 96){
226	if (ntohl(((RuleDefPtr)(*(rulesCache+pos)))->value->stor.tabAdd6[i])
227	==
228	(((unsigned* long)&buffer4))>>(96-((RuleDefPtr)((rulesCache+pos)))->value->mask)<<(96-((RuleDefPtr)(*(rulesCache+pos)))->value->mask)
229	)
230	{
231	((RuleDefPtr)(*(rulesCache+pos)))->check =
232	((RuleDefPtr)(*(rulesCache+pos)))->check && 1;
233	moreIsNecessary = 0;
234	} else {
235	((RuleDefPtr)(*(rulesCache+pos)))->check = 0;
236	moreIsNecessary = 0;
237	}
238	} else {
239	if (ntohl(((RuleDefPtr)(*(rulesCache+pos)))->value->stor.tabAdd6[i])
240	==
241	(((unsigned* long*)&buffer4))
242	)
243	{
244	((RuleDefPtr)(*(rulesCache+pos)))->check =
245	((RuleDefPtr)(*(rulesCache+pos)))->check && 1;
246	} else {
247	((RuleDefPtr)(*(rulesCache+pos)))->check = 0;
248	moreIsNecessary = 0;
249	}
250	}
251	break;
252	case 3:
253	if (((RuleDefPtr)(*(rulesCache+pos)))->value->mask <= 128){
254	if (ntohl(((RuleDefPtr)(*(rulesCache+pos)))->value->stor.tabAdd6[i])
255	==
256	(((unsigned* long)&buffer4))>>(128-((RuleDefPtr)((rulesCache+pos)))->value->mask)<<(128-((RuleDefPtr)(*(rulesCache+pos)))->value->mask)
257	)
258	{
259	((RuleDefPtr)(*(rulesCache+pos)))->check =
260	((RuleDefPtr)(*(rulesCache+pos)))->check && 1;
261	} else {
262	((RuleDefPtr)(*(rulesCache+pos)))->check = 0;
263	moreIsNecessary = 0;
264	}
265	} else {
266	if (ntohl(((RuleDefPtr)(*(rulesCache+pos)))->value->stor.tabAdd6[i])
267	==
268	(((unsigned* long*)&buffer4))
269	)
270	{
271	((RuleDefPtr)(*(rulesCache+pos)))->check =
272	((RuleDefPtr)(*(rulesCache+pos)))->check && 1;
273	} else {
274	((RuleDefPtr)(*(rulesCache+pos)))->check = 0;
275	moreIsNecessary = 0;
276	}
277	}
278	break;
279	default:
280	break;
281	} / end of switch(i) /
282	} / end of if moreIsNecessary /
283	}
284	moreIsNecessary = 1;
285	/ aggregation /
286
287	/ end aggregation /
288	break;
289	default:
290	syslog(LOG_INFO, "Field size not known: %d\n", field_size);
291	for (i=0; i<field_size; i++){
292	(*offV9)++;
293	}
294	break;
295	}
296	break;
297	default:
298	syslog(LOG_INFO, "Operator not known: %d\n",
299	(int)(((RuleDefPtr)(*(rulesCache+pos)))->operator));
300	break;
301	}
302	j++;
303	pos = (pftmp->fieldType)*10+j;
304	} / end while rulesCache /
305	} else {
306	/*
307	* no rule within this field type, but we must reading the value
308	*/
309	switch (field_size) {
310	case 1:
311	buffer1 = (buf+(offV9)); (*offV9)++;
312	/ aggregation /
313
314	/ end aggregation /
315	break;
316	case 2:
317	buffer2[1]= (buf+(offV9)); (*offV9)++;
318	buffer2[0]= (buf+(offV9)); (*offV9)++;
319	/ aggregation /
320
321	/ end aggregation /
322	break;
323	case 4:
324	buffer4[3]= (buf+(offV9)); (*offV9)++;
325	buffer4[2]= (buf+(offV9)); (*offV9)++;
326	buffer4[1]= (buf+(offV9)); (*offV9)++;
327	buffer4[0]= (buf+(offV9)); (*offV9)++;
328	/ aggregation /
329
330	/ end aggregation /
331	break;
332	case 16:
333	for (i=0; i<4; i++) {
334	buffer2[1]= (buf+(offV9)); (*offV9)++;
335	buffer2[0]= (buf+(offV9)); (*offV9)++;
336	buffer2[1]= (buf+(offV9)); (*offV9)++;
337	buffer2[0]= (buf+(offV9)); (*offV9)++;
338	}
339	/ aggregation /
340
341	/ end aggregation /
342	break;
343	default:
344	syslog(LOG_INFO,"UNKNOWN FIELDS LENGTH: %d ", field_size);
345	for (i=0; i<field_size; i++){
346	(*offV9)++;
347	}
348	}
349	} / end if one cache table line existence /
350	if (cpt==tmp->fieldCount) {
351	/*
352	* end of one flow (not the flowset)
353	*/
354	/ put aggregation cache information to tables /
355
356	/ end put /
357	/*
358	* Redirection if needed
359	* switch the rules definition (check & fieldToRecord),
360	* we send the flow or a part of the flow to the msg queue
361	*/
362	tmpRuleList = rlPtr;
363	while (tmpRuleList){
364	unsigned short check = 1;
365	RuleDefPtr tmpRuleDefList = tmpRuleList->def;
366	secondOffset = secondOldOffset;
367	while (tmpRuleDefList){
368	check = check && tmpRuleDefList->check;
369	tmpRuleDefList->check = 0;
370	tmpRuleDefList = tmpRuleDefList->next;
371	}
372	if ( (tmpRuleList->def != NULL) && (check == 1)) {
373	/ msg building /
374	secondPftmp = tmp->lastField;
375	/ memcpy(myMsg.text, (char)(buf+secondOffset),flow_size); /*
376	msgTextIndex = mempcpy(mempcpy(mempcpy(myMsg.text,
377	&tplMsgType,
378	sizeof(unsigned short)
379	),
380	&tmpRuleList->id,
381	sizeof(tmpRuleList->id)
382	),
383	&cr->IpAddress,
384	sizeof(unsigned long)
385	);
386	msgTextIndex = mempcpy(mempcpy(mempcpy(msgTextIndex,
387	&tmp->sourceId,
388	sizeof(unsigned long)
389	),
390	&tmp->templateFlowSetId,
391	sizeof(tmp->templateFlowSetId)
392	),
393	buf+secondOffset,
394	flow_size
395	);
396	myMsg.type = 1;
397	msgSend( myQueue, myMsg);
398	noEnd = 1;
399	secondCpt=0;
400	} / end if check /
401	tmpRuleList = tmpRuleList->next;
402	secondPftmp = tmp->lastField;
403	} / end while tmpRuleList /
404	/*
405	* end redirection
406	*/
407	secondOffset = *offV9;
408	secondOldOffset = secondOffset;
409	pftmp = tmp->lastField;
410	cpt=0;
411	(cFNPtr)++; /* pointer on the flows number /
412	if (((*offV9)-48-shift+flow_size) > data_length){
413	overflow = 1; / buffer index not correct /
414	}
415	} else {
416	/ not the flow end, progress in field list /
417	pftmp = pftmp->prev;
418	}
419	} / end of the while on one flow record /
420	}else{
421	/*
422	* template unknown, we skip this all the data
423	*/
424	(*offV9)+=(data_length-4);
425	(*cFNPtr) = v9Ptr->count;
426	}
427	while ( ((*offV9)-48-shift) < data_length ) {
428	(offV9)++; /* if padding /
429	}
430	while ( (*offV9)-48-shift > data_length ) {
431	(offV9)--; /* crazy loop (when bug appears in template def) /
432	}
433	return (data_length+shift);
434	}

Note: See TracBrowser for help on using the browser.

Context Navigation

root/trunk/src/dataFlowSet.c @ 16

Download in other formats: