- Timestamp:
- 12/27/10 15:06:15 (12 years ago)
- Location:
- trunk/src
- Files:
-
- 2 modified
-
dataFlowSet.c (modified) (82 diffs)
-
dataFlowSet.h (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/dataFlowSet.c
r144 r145 1 1 /* 2 2 * File: dataFlowSet.c 3 *4 * Authors: ANDREU Francois-Xavier5 3 * 6 * Copyright (C) 2005 - 2010 GIP RENATER 4 * Authors: ANDREU Francois-Xavier 5 * 6 * Copyright (C) 2005 - 2010 GIP RENATER 7 7 */ 8 8 9 /* This file is part of renetcol. 9 /* This file is part of renetcol. 10 10 * 11 11 * renetcol is free software; you can redistribute it and/or modify … … 27 27 28 28 /* 29 * Check Data FlowSet 29 * Check Data FlowSet 30 30 * 31 31 */ 32 short 33 checkDataFlowSet(short shift, 32 short 33 checkDataFlowSet(short shift, 34 34 struct MyPtrs *myPtrs, 35 int myQueue, 36 struct PrefixV4 *V4PTab, 35 int myQueue, 36 struct PrefixV4 *V4PTab, 37 37 size_t nbPV4, 38 38 struct PrefixV4 *V4STab, … … 58 58 int j = 0; 59 59 int pos = 0; 60 61 62 unsigned char buffer1; 60 int jdos = 0; 61 int posdos = 0; 62 unsigned char buffer1; 63 63 unsigned char buffer2[2]; 64 64 unsigned char buffer4[4]; … … 99 99 data_length = *((unsigned short*)&buffer2); 100 100 if (data_length == 0) { 101 #ifdef DEBUG 101 #ifdef DEBUG 102 102 fprintf (stderr, " dlg==0 <--| "); 103 103 #endif … … 112 112 } 113 113 114 if ( (tmp=existTplId(myPtrs->currentRouterPtr, 115 myPtrs->currentHeaderV9Ptr->sourceId, 114 if ( (tmp=existTplId(myPtrs->currentRouterPtr, 115 myPtrs->currentHeaderV9Ptr->sourceId, 116 116 (*myPtrs->currentFlowsetIdPtr)))!=NULL ) { 117 117 myPtrs->currentMIB->dataFlowSetNb += 1; 118 118 #ifdef DEBUG 119 119 fprintf(stderr, 120 "{d id: %hu, lg %hu", 121 (*myPtrs->currentFlowsetIdPtr), 120 "{d id: %hu, lg %hu", 121 (*myPtrs->currentFlowsetIdPtr), 122 122 data_length); 123 123 if ( (*myPtrs->currentFlowsetIdPtr) > TRESHOLD_TEMPLATE_ID ) { … … 151 151 (myPtrs->pcktPtr->ipH->srcAdd<<16>>24), 152 152 (myPtrs->pcktPtr->ipH->srcAdd<<24>>24)); 153 #ifdef DEBUG 153 #ifdef DEBUG 154 154 fprintf (stderr, " dlg%flsz >=9 skip data "); 155 155 #endif … … 163 163 (myPtrs->pcktPtr->ipH->srcAdd<<16>>24), 164 164 (myPtrs->pcktPtr->ipH->srcAdd<<24>>24)); 165 #ifdef DEBUG 165 #ifdef DEBUG 166 166 fprintf (stderr, " dlg >= 1452 skip pckt "); 167 167 #endif … … 169 169 } 170 170 #if defined(IPV4AGGIDR) || defined(IPV4AGGIDSNMP) 171 agCache.routerAd = myPtrs->pcktPtr->ipH->srcAdd; 171 agCache.routerAd = myPtrs->pcktPtr->ipH->srcAdd; 172 172 #endif 173 173 174 174 pftmp = tmp->lastField; 175 secondPftmp = tmp->lastField; 175 secondPftmp = tmp->lastField; 176 176 secondOffset = *myPtrs->offsetV9Ptr; 177 177 secondOldOffset = secondOffset; 178 while ( (((*myPtrs->offsetV9Ptr)-48-shift) <= data_length) 179 && (overflow!=1) ) { 180 /* 181 * progression in a data flow Set 178 while ( (((*myPtrs->offsetV9Ptr)-48-shift) <= data_length) 179 && (overflow!=1) ) { 180 /* 181 * progression in a data flow Set 182 182 * notes: 183 183 * 48= IP header size + NetFlow header size … … 198 198 { 199 199 ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+j)))->check = 1; 200 } 200 } 201 201 j++; 202 } 202 } 203 203 j = 0; 204 204 … … 211 211 oldOffset = *myPtrs->offsetV9Ptr; 212 212 while (((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos))) != NULL){ 213 /* 213 /* 214 214 * while on one cache table line 215 215 */ … … 218 218 (((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->operator)){ 219 219 case 2: 220 /* operator: "=" */ 220 /* operator: "=" */ 221 221 switch (field_size) { 222 222 case 1: 223 buffer1 = *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 223 buffer1 = *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 224 224 (*myPtrs->offsetV9Ptr)++; 225 225 /* rule check */ 226 if (((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.cvalue 226 if (((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.cvalue 227 227 == *((unsigned char*)&buffer1)) { 228 228 ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 1; … … 248 248 agCache.dscp = *((unsigned char*)&buffer1); 249 249 } 250 #endif 250 #endif 251 251 break; 252 252 case 2: 253 buffer2[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 253 buffer2[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 254 254 (*myPtrs->offsetV9Ptr)++; 255 buffer2[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 255 buffer2[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 256 256 (*myPtrs->offsetV9Ptr)++; 257 if (((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.svalue 257 if (((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.svalue 258 258 == *((unsigned short*)&buffer2)) 259 259 ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 1; 260 260 if (pftmp->fieldType==7){ 261 261 agCache.sPort = *((unsigned short*)&buffer2); 262 } 262 } 263 263 if (pftmp->fieldType==11){ 264 264 agCache.dPort = *((unsigned short*)&buffer2); … … 275 275 if (pftmp->fieldType==16){ 276 276 agCache.asS = *((unsigned short*)&buffer2); 277 } 277 } 278 278 if (pftmp->fieldType==17){ 279 279 agCache.asD = *((unsigned short*)&buffer2); … … 283 283 case 3: 284 284 buffer4[3]= 0; 285 buffer4[2]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 285 buffer4[2]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 286 286 (*myPtrs->offsetV9Ptr)++; 287 buffer4[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 287 buffer4[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 288 288 (*myPtrs->offsetV9Ptr)++; 289 buffer4[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 289 buffer4[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 290 290 (*myPtrs->offsetV9Ptr)++; 291 if (((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.lvalue 291 if (((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.lvalue 292 292 == *((unsigned long*)&buffer4)) 293 293 ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 1; … … 299 299 break; 300 300 case 4: 301 buffer4[3]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 301 buffer4[3]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 302 302 (*myPtrs->offsetV9Ptr)++; 303 buffer4[2]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 303 buffer4[2]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 304 304 (*myPtrs->offsetV9Ptr)++; 305 buffer4[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 305 buffer4[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 306 306 (*myPtrs->offsetV9Ptr)++; 307 buffer4[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 307 buffer4[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 308 308 (*myPtrs->offsetV9Ptr)++; 309 309 /* FIXME : here , add a check on the field type */ 310 310 if ((pftmp->fieldType==8)||(pftmp->fieldType==12) 311 311 ||(pftmp->fieldType==15)||(pftmp->fieldType==18)){ 312 if ((((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.lvalue) 312 if ((((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.lvalue) 313 313 == (*((unsigned long*)&buffer4))>>(32-((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask)<<(32-((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask) ) 314 314 { … … 317 317 } 318 318 if ((pftmp->fieldType==10)||(pftmp->fieldType==14)){ 319 if ((((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.svalue) 319 if ((((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.svalue) 320 320 == ((unsigned short)*((unsigned long*)&buffer4))) 321 321 { … … 324 324 } 325 325 if ((pftmp->fieldType==16)||(pftmp->fieldType==17)){ 326 if ((((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.svalue) 326 if ((((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.svalue) 327 327 == ((unsigned short)*((unsigned long*)&buffer4))) 328 328 { … … 349 349 if (pftmp->fieldType==14){ 350 350 agCache.outputSnmp = (unsigned short)*((unsigned long*)&buffer4); 351 } 351 } 352 352 if ((pftmp->fieldType==8)){ 353 353 bool = 1; /* very important, test if we have an IPv4 flow for Agg */ … … 367 367 if (pftmp->fieldType==16){ 368 368 agCache.asS = (unsigned short)*((unsigned long*)&buffer4); 369 } 369 } 370 370 if (pftmp->fieldType==17){ 371 371 agCache.asD = (unsigned short)*((unsigned long*)&buffer4); … … 374 374 if (pftmp->fieldType==1){ 375 375 dosCache.bytes = *((unsigned long*)&buffer4); 376 dosCache.sampling = *myPtrs->currentRouterPtr->sampled;376 dosCache.sampling = myPtrs->currentRouterPtr->sampled; 377 377 } 378 378 if (pftmp->fieldType==2){ 379 dosCache.pkts = *((unsigned long*)&buffer4); 380 } 379 dosCache.packets = *((unsigned long*)&buffer4); 380 } 381 if (pftmp->fieldType==21){ 382 dosCache.endTime = *((unsigned long*)&buffer4); 383 } 384 if (pftmp->fieldType==22){ 385 dosCache.startTime = *((unsigned long*)&buffer4); 386 } 381 387 break; 382 388 case 16: … … 384 390 isIPv6 = 1; 385 391 for (i=0; i<4; i++) { 386 buffer4[3]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 392 buffer4[3]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 387 393 (*myPtrs->offsetV9Ptr)++; 388 buffer4[2]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 394 buffer4[2]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 389 395 (*myPtrs->offsetV9Ptr)++; 390 buffer4[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 396 buffer4[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 391 397 (*myPtrs->offsetV9Ptr)++; 392 buffer4[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 398 buffer4[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 393 399 (*myPtrs->offsetV9Ptr)++; 394 400 if (1==moreIsNecessary){ … … 396 402 case 0: 397 403 if (((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask <= 32){ 398 if (ntohl(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.tabAdd6[i]) 399 == 404 if (ntohl(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.tabAdd6[i]) 405 == 400 406 (*((unsigned long*)&buffer4))>>(32-((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask)<<(32-((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask) 401 407 ) … … 408 414 } 409 415 } else { 410 if (ntohl(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.tabAdd6[i]) 411 == 416 if (ntohl(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.tabAdd6[i]) 417 == 412 418 (*((unsigned long*)&buffer4)) 413 419 ) … … 422 428 case 1: 423 429 if (((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask <= 64){ 424 if (ntohl(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.tabAdd6[i]) 425 == 430 if (ntohl(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.tabAdd6[i]) 431 == 426 432 (*((unsigned long*)&buffer4))>>(64-((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask)<<(64-((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask) 427 433 ) … … 435 441 } 436 442 } else { 437 if (ntohl(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.tabAdd6[i]) 438 == 443 if (ntohl(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.tabAdd6[i]) 444 == 439 445 (*((unsigned long*)&buffer4)) 440 446 ) 441 447 { 442 ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 448 ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 443 449 ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check && 1; 444 450 } else { … … 450 456 case 2: 451 457 if (((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask <= 96){ 452 if (ntohl(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.tabAdd6[i]) 453 == 458 if (ntohl(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.tabAdd6[i]) 459 == 454 460 (*((unsigned long*)&buffer4))>>(96-((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask)<<(96-((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask) 455 461 ) … … 463 469 } 464 470 } else { 465 if (ntohl(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.tabAdd6[i]) 466 == 471 if (ntohl(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.tabAdd6[i]) 472 == 467 473 (*((unsigned long*)&buffer4)) 468 474 ) 469 475 { 470 ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 476 ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 471 477 ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check && 1; 472 478 } else { … … 478 484 case 3: 479 485 if (((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask <= 128){ 480 if (ntohl(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.tabAdd6[i]) 481 == 486 if (ntohl(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.tabAdd6[i]) 487 == 482 488 (*((unsigned long*)&buffer4))>>(128-((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask)<<(128-((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask) 483 489 ) … … 490 496 } 491 497 } else { 492 if (ntohl(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.tabAdd6[i]) 493 == 498 if (ntohl(((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.tabAdd6[i]) 499 == 494 500 (*((unsigned long*)&buffer4)) 495 501 ) 496 502 { 497 ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 503 ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 498 504 ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check && 1; 499 505 } else { … … 517 523 moreIsNecessary = 1; 518 524 /* aggregation for IPv6 flows */ 519 525 520 526 /* end aggregation */ 521 527 } /* end of : if ((pftmp->fieldType==27)||(pftmp->fieldType==28)){ */ 522 528 break; 523 529 default: 524 syslog(LOG_INFO, "Field size not known: %d\n", field_size); 530 syslog(LOG_INFO, "Field size not known: %d\n", field_size); 525 531 for (i=0; i<field_size; i++){ 526 532 (*myPtrs->offsetV9Ptr)++; … … 538 544 } /* end while myPtrs->rulesAddressPtr */ 539 545 } else { 540 /* 541 * no rule within this field type, but we must read the value 546 /* 547 * no rule within this field type, but we must read the value 542 548 */ 543 549 switch (field_size) { 544 550 case 1: 545 buffer1 = *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 551 buffer1 = *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 546 552 (*myPtrs->offsetV9Ptr)++; 547 553 #if defined(IPV4AGGIDR) || defined(IPV4AGGIDSNMP) … … 563 569 if (pftmp->fieldType==5){ 564 570 agCache.dscp = *((unsigned char*)&buffer1); 565 } 571 } 566 572 #endif 567 573 break; 568 574 case 2: 569 buffer2[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 575 buffer2[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 570 576 (*myPtrs->offsetV9Ptr)++; 571 buffer2[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 577 buffer2[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 572 578 (*myPtrs->offsetV9Ptr)++; 573 579 if (pftmp->fieldType==7){ 574 580 agCache.sPort = *((unsigned short*)&buffer2); 575 } 581 } 576 582 if (pftmp->fieldType==11){ 577 583 agCache.dPort = *((unsigned short*)&buffer2); … … 580 586 if (pftmp->fieldType==10){ 581 587 agCache.inputSnmp = *((unsigned short*)&buffer2); 582 } 588 } 583 589 if (pftmp->fieldType==14){ 584 590 agCache.outputSnmp = *((unsigned short*)&buffer2); 585 } 591 } 586 592 #endif 587 593 #ifdef ASACC 588 594 if (pftmp->fieldType==16){ 589 595 agCache.asS = *((unsigned short*)&buffer2); 590 } 596 } 591 597 if (pftmp->fieldType==17){ 592 598 agCache.asD = *((unsigned short*)&buffer2); … … 596 602 case 3: 597 603 buffer4[3]= 0; 598 buffer4[2]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 604 buffer4[2]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 599 605 (*myPtrs->offsetV9Ptr)++; 600 buffer4[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 606 buffer4[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 601 607 (*myPtrs->offsetV9Ptr)++; 602 buffer4[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 608 buffer4[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 603 609 (*myPtrs->offsetV9Ptr)++; 604 610 /* aggregation */ … … 609 615 break; 610 616 case 4: 611 buffer4[3]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 617 buffer4[3]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 612 618 (*myPtrs->offsetV9Ptr)++; 613 buffer4[2]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 619 buffer4[2]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 614 620 (*myPtrs->offsetV9Ptr)++; 615 buffer4[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 621 buffer4[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 616 622 (*myPtrs->offsetV9Ptr)++; 617 buffer4[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 623 buffer4[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 618 624 (*myPtrs->offsetV9Ptr)++; 619 625 #if defined(IPV4AGGIDR) || defined(IPV4AGGIDSNMP) … … 623 629 if (pftmp->fieldType==14){ 624 630 agCache.outputSnmp = (unsigned short)*((unsigned long*)&buffer4); 625 } 631 } 626 632 if ((pftmp->fieldType==8)){ 627 633 bool = 1; … … 638 644 if (pftmp->fieldType==16){ 639 645 agCache.asS = (unsigned short)*((unsigned long*)&buffer4); 640 } 646 } 641 647 if (pftmp->fieldType==17){ 642 648 agCache.asD = (unsigned short)*((unsigned long*)&buffer4); … … 645 651 if (pftmp->fieldType==1){ 646 652 dosCache.bytes = *((unsigned long*)&buffer4); 647 dosCache.sampling = *myPtrs->currentRouterPtr->sampled;648 } 653 dosCache.sampling = myPtrs->currentRouterPtr->sampled; 654 } 649 655 if (pftmp->fieldType==2){ 650 dosCache.pkts = *((unsigned long*)&buffer4); 651 } 656 dosCache.packets = *((unsigned long*)&buffer4); 657 } 658 if (pftmp->fieldType==21){ 659 dosCache.endTime = *((unsigned long*)&buffer4); 660 } 661 if (pftmp->fieldType==22){ 662 dosCache.startTime = *((unsigned long*)&buffer4); 663 } 652 664 break; 653 665 case 16: … … 656 668 } 657 669 for (i=0; i<4; i++) { 658 buffer4[3]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 670 buffer4[3]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 659 671 (*myPtrs->offsetV9Ptr)++; 660 buffer4[2]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 672 buffer4[2]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 661 673 (*myPtrs->offsetV9Ptr)++; 662 buffer4[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 674 buffer4[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 663 675 (*myPtrs->offsetV9Ptr)++; 664 buffer4[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 676 buffer4[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); 665 677 (*myPtrs->offsetV9Ptr)++; 666 678 #if defined IPV6AGGIDSNMP … … 681 693 } /* end if one cache table line existence */ 682 694 if (cpt==tmp->fieldCount) { 683 /* 684 * end of one flow (not the flowset) 695 /* 696 * end of one flow (not the flowset) 685 697 */ 686 698 myPtrs->currentMIB->realFlowNb += 1; … … 688 700 flowCpt++; 689 701 fprintf(stderr," F%d ", flowCpt); 690 #endif 702 #endif 691 703 /* put aggregation cache information to IPv4 Prefixes table */ 692 704 /* Aggregation mode must be enable in ./configure options */ … … 718 730 (asres->flowNbOUT)++; 719 731 } 720 if (asres->sampling == 0 732 if (asres->sampling == 0 721 733 && myPtrs->currentRouterPtr->sampled != 0){ 722 734 asres->sampling = myPtrs->currentRouterPtr->sampled; … … 744 756 (asres->flowNbIN)++; 745 757 } 746 if (asres->sampling == 0 758 if (asres->sampling == 0 747 759 && myPtrs->currentRouterPtr->sampled != 0){ 748 760 asres->sampling = myPtrs->currentRouterPtr->sampled; … … 775 787 (asres->flowNbIN)++; 776 788 } 777 if (asres->sampling == 0 789 if (asres->sampling == 0 778 790 && myPtrs->currentRouterPtr->sampled != 0){ 779 791 asres->sampling = myPtrs->currentRouterPtr->sampled; … … 860 872 myPtrs->currentMIB->ipv4OthersApPcktsNb += agCache.pkts; 861 873 break; 862 } 874 } 863 875 /* end of mib update */ 864 876 } … … 870 882 /* prefixKey.beginning = agCache.v4AdS>>(32-agCache.maskS)<<(32-agCache.maskS); */ 871 883 prefixKey.beginning = agCache.v4AdS; 872 res = bsearch(&prefixKey, V4PTab, nbPV4, 884 res = bsearch(&prefixKey, V4PTab, nbPV4, 873 885 sizeof(struct PrefixV4), prefGlobalCmp); 874 886 if (res!=NULL){ … … 876 888 if (res->hasSubnet == 1) { 877 889 resSub = NULL; 878 resSub = bsearch(&prefixKey, V4STab, nbSV4, 890 resSub = bsearch(&prefixKey, V4STab, nbSV4, 879 891 sizeof(struct PrefixV4), prefGlobalCmp); 880 892 if (resSub != NULL) { 881 893 res = resSub; 882 894 resSub = NULL; 883 } 895 } 884 896 } 885 897 #ifdef DEBUG 886 898 fprintf(stderr,"S %lu.%lu.%lu.%lu/%hu %lu.%lu.%lu.%lu/%hu Rs %lu Ps %lu SNMPin(hu) %hu\n", 887 899 (agCache.v4AdS>>24), 888 (agCache.v4AdS<<8>>24), 889 (agCache.v4AdS<<16>>24), 890 (agCache.v4AdS<<24>>24), 900 (agCache.v4AdS<<8>>24), 901 (agCache.v4AdS<<16>>24), 902 (agCache.v4AdS<<24>>24), 891 903 (agCache.maskS), 892 (agCache.v4AdD>>24), 893 (agCache.v4AdD<<8>>24), 894 (agCache.v4AdD<<16>>24), 895 (agCache.v4AdD<<24>>24), 904 (agCache.v4AdD>>24), 905 (agCache.v4AdD<<8>>24), 906 (agCache.v4AdD<<16>>24), 907 (agCache.v4AdD<<24>>24), 896 908 (agCache.maskD), 897 909 myPtrs->currentRouterPtr->sampled, … … 900 912 #endif 901 913 #if defined(IPV4AGGIDR) 902 if ( myPtrs->routersID[res->routerNb] == agCache.routerAd ) { 914 if ( myPtrs->routersID[res->routerNb] == agCache.routerAd ) { 903 915 #elif defined(IPV4AGGIDSNMP) 904 if ( myPtrs->currentRouterPtr->snmpIndexList[agCache.inputSnmp] == 1 ) { 916 if ( myPtrs->currentRouterPtr->snmpIndexList[agCache.inputSnmp] == 1 ) { 905 917 #endif 906 918 /* OUT ("traffic from the prefix/subnet") */ … … 948 960 } 949 961 } 950 if (res->sampling == 0 962 if (res->sampling == 0 951 963 && myPtrs->currentRouterPtr->sampled != 0){ 952 964 res->sampling = myPtrs->currentRouterPtr->sampled; … … 956 968 /* prefixKey.beginning = agCache.v4AdD>>(32-agCache.maskD)<<(32-agCache.maskD);*/ 957 969 prefixKey.beginning = agCache.v4AdD; 958 res3 = bsearch(&prefixKey, V4PTab, nbPV4, 970 res3 = bsearch(&prefixKey, V4PTab, nbPV4, 959 971 sizeof(struct PrefixV4), prefGlobalCmp); 960 972 if (res3!=NULL){ … … 962 974 if (res3->hasSubnet == 1) { 963 975 resSub = NULL; 964 resSub = bsearch(&prefixKey, V4STab, nbSV4, 976 resSub = bsearch(&prefixKey, V4STab, nbSV4, 965 977 sizeof(struct PrefixV4), prefGlobalCmp); 966 978 if (resSub != NULL) { … … 972 984 fprintf(stderr,"S&D %lu.%lu.%lu.%lu/%hu %lu.%lu.%lu.%lu/%hu Rs %lu Ps %lu SNMPin %hu\n", 973 985 (agCache.v4AdS>>24), 974 (agCache.v4AdS<<8>>24), 975 (agCache.v4AdS<<16>>24), 976 (agCache.v4AdS<<24>>24), 986 (agCache.v4AdS<<8>>24), 987 (agCache.v4AdS<<16>>24), 988 (agCache.v4AdS<<24>>24), 977 989 (agCache.maskS), 978 (agCache.v4AdD>>24), 979 (agCache.v4AdD<<8>>24), 980 (agCache.v4AdD<<16>>24), 981 (agCache.v4AdD<<24>>24), 990 (agCache.v4AdD>>24), 991 (agCache.v4AdD<<8>>24), 992 (agCache.v4AdD<<16>>24), 993 (agCache.v4AdD<<24>>24), 982 994 (agCache.maskD), 983 995 myPtrs->currentRouterPtr->sampled, … … 1030 1042 } 1031 1043 } 1032 if (res3->sampling == 0 1044 if (res3->sampling == 0 1033 1045 && myPtrs->currentRouterPtr->sampled != 0){ 1034 1046 res3->sampling = myPtrs->currentRouterPtr->sampled; … … 1041 1053 /* prefixKey.beginning = agCache.v4AdD>>(32-agCache.maskD)<<(32-agCache.maskD);*/ 1042 1054 prefixKey.beginning = agCache.v4AdD; 1043 res2 = bsearch(&prefixKey, V4PTab, nbPV4, 1055 res2 = bsearch(&prefixKey, V4PTab, nbPV4, 1044 1056 sizeof(struct PrefixV4), prefGlobalCmp); 1045 1057 if (res2!=NULL){ … … 1061 1073 ((struct POP *)((myPtrs->matrixPOP) 1062 1074 +((res->routerNb)*ROUTER_INDEX_MAX) 1063 +((res2->routerNb))))->bytesNb += agCache.bytes; 1075 +((res2->routerNb))))->bytesNb += agCache.bytes; 1064 1076 ((struct POP *)((myPtrs->matrixPOP) 1065 1077 +((res->routerNb)*ROUTER_INDEX_MAX) … … 1072 1084 ((struct POP *)((myPtrs->matrixPOP) 1073 1085 +((res->routerNb)*ROUTER_INDEX_MAX) 1074 +((res2->routerNb))))->bytesNb += agCache.bytes; 1086 +((res2->routerNb))))->bytesNb += agCache.bytes; 1075 1087 ((struct POP *)((myPtrs->matrixPOP) 1076 1088 +((res->routerNb)*ROUTER_INDEX_MAX) 1077 +((res2->routerNb))))->flowNb++; 1078 #endif 1079 } else { 1089 +((res2->routerNb))))->flowNb++; 1090 #endif 1091 } else { 1080 1092 /* here we'll make the choice that in multisampling mode, 1081 1093 * the virtual POP that represent the reste of world will be … … 1085 1097 ((struct POP *)(myPtrs->matrixPOP) 1086 1098 +((res->routerNb)*ROUTER_INDEX_MAX) 1087 +((ROUTER_INDEX_MAX-1))))->pktsNb += agCache.pkts*myPtrs->currentRouterPtr->sampled/10; 1099 +((ROUTER_INDEX_MAX-1))))->pktsNb += agCache.pkts*myPtrs->currentRouterPtr->sampled/10; 1088 1100 ( 1089 1101 ((struct POP *)(myPtrs->matrixPOP) 1090 1102 +((res->routerNb)*ROUTER_INDEX_MAX) 1091 +((ROUTER_INDEX_MAX-1))))->bytesNb += agCache.bytes*myPtrs->currentRouterPtr->sampled/10; 1103 +((ROUTER_INDEX_MAX-1))))->bytesNb += agCache.bytes*myPtrs->currentRouterPtr->sampled/10; 1092 1104 ( 1093 1105 ((struct POP *)(myPtrs->matrixPOP) … … 1098 1110 ((struct POP *)(myPtrs->matrixPOP) 1099 1111 +((res->routerNb)*ROUTER_INDEX_MAX) 1100 +((ROUTER_INDEX_MAX-1))))->pktsNb += agCache.pkts; 1112 +((ROUTER_INDEX_MAX-1))))->pktsNb += agCache.pkts; 1101 1113 ( 1102 1114 ((struct POP *)(myPtrs->matrixPOP) 1103 1115 +((res->routerNb)*ROUTER_INDEX_MAX) 1104 +((ROUTER_INDEX_MAX-1))))->bytesNb += agCache.bytes; 1116 +((ROUTER_INDEX_MAX-1))))->bytesNb += agCache.bytes; 1105 1117 ( 1106 1118 ((struct POP *)(myPtrs->matrixPOP) 1107 1119 +((res->routerNb)*ROUTER_INDEX_MAX) 1108 1120 +((ROUTER_INDEX_MAX-1))))->flowNb++; 1109 #endif 1121 #endif 1110 1122 } 1111 1123 /* end interpop matrix accounting */ … … 1121 1133 /* prefixKey.beginning = agCache.v4AdD>>(32-agCache.maskD)<<(32-agCache.maskD); */ 1122 1134 prefixKey.beginning = agCache.v4AdD; 1123 res = bsearch(&prefixKey, V4PTab, nbPV4, 1135 res = bsearch(&prefixKey, V4PTab, nbPV4, 1124 1136 sizeof(struct PrefixV4), prefGlobalCmp); 1125 1137 if (res!=NULL){ … … 1127 1139 if (res->hasSubnet == 1) { 1128 1140 resSub = NULL; 1129 resSub = bsearch(&prefixKey, V4STab, nbSV4, 1141 resSub = bsearch(&prefixKey, V4STab, nbSV4, 1130 1142 sizeof(struct PrefixV4), prefGlobalCmp); 1131 1143 if (resSub != NULL) { … … 1137 1149 fprintf(stderr,"D %lu.%lu.%lu.%lu/%hu %lu.%lu.%lu.%lu/%hu Rs %lu Ps %lu R@ %lu.%lu.%lu.%lu SNMPin %hu\n", 1138 1150 (agCache.v4AdS>>24), 1139 (agCache.v4AdS<<8>>24), 1140 (agCache.v4AdS<<16>>24), 1141 (agCache.v4AdS<<24>>24), 1151 (agCache.v4AdS<<8>>24), 1152 (agCache.v4AdS<<16>>24), 1153 (agCache.v4AdS<<24>>24), 1142 1154 (agCache.maskS), 1143 (agCache.v4AdD>>24), 1144 (agCache.v4AdD<<8>>24), 1145 (agCache.v4AdD<<16>>24), 1146 (agCache.v4AdD<<24>>24), 1155 (agCache.v4AdD>>24), 1156 (agCache.v4AdD<<8>>24), 1157 (agCache.v4AdD<<16>>24), 1158 (agCache.v4AdD<<24>>24), 1147 1159 (agCache.maskD), 1148 1160 myPtrs->currentRouterPtr->sampled, 1149 1161 res->sampling, 1150 (myPtrs->pcktPtr->ipH->srcAdd>>24), 1162 (myPtrs->pcktPtr->ipH->srcAdd>>24), 1151 1163 (myPtrs->pcktPtr->ipH->srcAdd<<8>>24), 1152 1164 (myPtrs->pcktPtr->ipH->srcAdd<<16>>24), … … 1202 1214 } 1203 1215 #endif 1204 #if defined(IPV4AGGIDR) 1216 #if defined(IPV4AGGIDR) 1205 1217 if ( myPtrs->routersID[res->routerNb] == agCache.routerAd ) { 1206 1218 #if defined(MULTISAMPLING) … … 1254 1266 ((struct POP *)(myPtrs->matrixPOP) 1255 1267 +((ROUTER_INDEX_MAX-1)*ROUTER_INDEX_MAX) 1256 +((res->routerNb))))->pktsNb += agCache.pkts*myPtrs->currentRouterPtr->sampled/10; 1268 +((res->routerNb))))->pktsNb += agCache.pkts*myPtrs->currentRouterPtr->sampled/10; 1257 1269 ( 1258 1270 ((struct POP *)(myPtrs->matrixPOP) 1259 1271 +((ROUTER_INDEX_MAX-1)*ROUTER_INDEX_MAX) 1260 +((res->routerNb))))->bytesNb += agCache.bytes*myPtrs->currentRouterPtr->sampled/10; 1272 +((res->routerNb))))->bytesNb += agCache.bytes*myPtrs->currentRouterPtr->sampled/10; 1261 1273 ( 1262 1274 ((struct POP *)(myPtrs->matrixPOP) … … 1269 1281 ((struct POP *)(myPtrs->matrixPOP) 1270 1282 +((ROUTER_INDEX_MAX-1)*ROUTER_INDEX_MAX) 1271 +((res->routerNb))))->pktsNb += agCache.pkts; 1283 +((res->routerNb))))->pktsNb += agCache.pkts; 1272 1284 ( 1273 1285 ((struct POP *)(myPtrs->matrixPOP) 1274 1286 +((ROUTER_INDEX_MAX-1)*ROUTER_INDEX_MAX) 1275 +((res->routerNb))))->bytesNb += agCache.bytes; 1287 +((res->routerNb))))->bytesNb += agCache.bytes; 1276 1288 ( 1277 1289 ((struct POP *)(myPtrs->matrixPOP) … … 1279 1291 +((res->routerNb))))->flowNb++; 1280 1292 #endif 1281 #endif 1282 } 1283 if (res->sampling == 0 1293 #endif 1294 } 1295 if (res->sampling == 0 1284 1296 && myPtrs->currentRouterPtr->sampled != 0 ){ 1285 1297 res->sampling = myPtrs->currentRouterPtr->sampled; 1286 1298 } 1287 1299 #endif 1288 } else { 1300 } else { /* UNKNOW SUBNET CASE */ 1289 1301 /* UNKNOW SUBNET CASE */ 1290 1302 /* */ … … 1295 1307 /* - prefix not referenced but not allowed to be routed */ 1296 1308 /* - spoofing */ 1297 #ifdef PRINTUNKNOWNSUBNET 1309 #ifdef PRINTUNKNOWNSUBNET 1298 1310 fprintf(stderr, "%lu.%lu.%lu.%lu/%hu -> %lu.%lu.%lu.%lu/%hu (R:%lu.%lu.%lu.%lu) \n", 1299 1311 (agCache.v4AdS>>24), 1300 (agCache.v4AdS<<8>>24), 1301 (agCache.v4AdS<<16>>24), 1302 (agCache.v4AdS<<24>>24), 1303 (agCache.maskS), 1304 (agCache.v4AdD>>24), 1305 (agCache.v4AdD<<8>>24), 1306 (agCache.v4AdD<<16>>24), 1307 (agCache.v4AdD<<24>>24), 1308 (agCache.maskD), 1309 (myPtrs->pcktPtr->ipH->srcAdd>>24), 1312 (agCache.v4AdS<<8>>24), 1313 (agCache.v4AdS<<16>>24), 1314 (agCache.v4AdS<<24>>24), 1315 (agCache.maskS), 1316 (agCache.v4AdD>>24), 1317 (agCache.v4AdD<<8>>24), 1318 (agCache.v4AdD<<16>>24), 1319 (agCache.v4AdD<<24>>24), 1320 (agCache.maskD), 1321 (myPtrs->pcktPtr->ipH->srcAdd>>24), 1310 1322 (myPtrs->pcktPtr->ipH->srcAdd<<8>>24), 1311 1323 (myPtrs->pcktPtr->ipH->srcAdd<<16>>24), … … 1331 1343 ((struct IndexV6 *)((myPtrs->currentV6IndexTab) 1332 1344 +((myPtrs->currentRouterPtr->ID)*MAX_INDEX_BY_ROUTER) 1333 +(agCache.outputSnmp)))->indexSNMP = agCache.outputSnmp; 1345 +(agCache.outputSnmp)))->indexSNMP = agCache.outputSnmp; 1334 1346 /* FIXME, error or warning if (indexSNMP != agCache.outputSnmp) */ 1335 1347 ((struct IndexV6 *)((myPtrs->currentV6IndexTab) … … 1438 1450 myPtrs->currentMIB->ipv6OthersApPcktsNb += agCache.pkts; 1439 1451 break; 1440 } 1452 } 1441 1453 /* end of mib update */ 1442 1454 isIPv6 = 0; … … 1445 1457 1446 1458 /* DoS DETECTION */ 1447 if ( ( dosCache.packets*dosCache.sampling > MAX_PKTS_DOS ) 1448 && ((dosCache.packets)/(dosCache.bytes) < RATIO_DOS ) ) { 1449 jdos = 0; 1450 posdos = 69*MAX_RULES_PER_FIELD+jdos; 1459 if ( dosCache.endTime-dosCache.startTime > 1000 ) { 1460 if ( ( (dosCache.packets*dosCache.sampling)/((dosCache.endTime-dosCache.startTime)/1000) > MAX_PKTS_DOS ) 1461 && ((dosCache.bytes)/(dosCache.packets) < RATIO_DOS ) ) { 1462 jdos = 0; 1463 posdos = 69*MAX_RULES_PER_FIELD+jdos; 1451 1464 while ( ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+jdos))) != NULL ) { 1452 ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+posdos)))->check = 1; 1453 jdos++; 1454 } 1455 } 1456 1457 /* 1465 ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+posdos)))->check = 1; 1466 jdos++; 1467 } 1468 } 1469 } else { /* flow duration <= 1000ms , we divide by 1 (sec) */ 1470 if ( ( (dosCache.packets*dosCache.sampling) > MAX_PKTS_DOS ) 1471 & ((dosCache.bytes)/(dosCache.packets) < RATIO_DOS ) ) { 1472 jdos = 0; 1473 posdos = 69*MAX_RULES_PER_FIELD+jdos; 1474 while ( ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+jdos))) != NULL ) { 1475 ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+posdos)))->check = 1; 1476 jdos++; 1477 } 1478 } 1479 } 1480 1481 /* 1458 1482 * 1459 1483 * SOCKET OUTPUT TO A REMOTE CLIENT 1460 1484 * 1461 * switch the rules definition (check & fieldToRecord), 1485 * switch the rules definition (check & fieldToRecord), 1462 1486 * we send the flow or a part of the flow to a remote host or a file. 1463 1487 * In a first time (until release 0.0.7, the information was sent via … … 1481 1505 /* msg building */ 1482 1506 secondPftmp = tmp->lastField; 1483 msgTextIndex = mempcpy(mempcpy(mempcpy(myMsg.text, 1484 &tplMsgType, 1485 sizeof(unsigned short) 1507 msgTextIndex = mempcpy(mempcpy(mempcpy(myMsg.text, 1508 &tplMsgType, 1509 sizeof(unsigned short) 1486 1510 ), 1487 1511 &tmpRuleList->id, 1488 1512 sizeof(tmpRuleList->id) 1489 1513 ), 1490 &myPtrs->currentRouterPtr->IpAddress, 1491 sizeof(unsigned long) 1514 &myPtrs->currentRouterPtr->IpAddress, 1515 sizeof(unsigned long) 1492 1516 ); 1493 msgTextIndex = mempcpy(mempcpy(mempcpy(msgTextIndex, 1494 &tmp->sourceId, 1495 sizeof(unsigned long) 1517 msgTextIndex = mempcpy(mempcpy(mempcpy(msgTextIndex, 1518 &tmp->sourceId, 1519 sizeof(unsigned long) 1496 1520 ), 1497 1521 &tmp->templateFlowSetId, … … 1500 1524 myPtrs->ptr_buffer+secondOffset, 1501 1525 flow_size 1502 ); 1526 ); 1503 1527 myMsg.type = 1; 1504 1528 1505 1529 1506 1530 /* NEW transfert type */ 1507 1531 for ( ; tmpRL; tmpRL=tmpRL->next){ 1508 if (tmpRL->id == tmpRuleList->id){ 1532 if (tmpRL->id == tmpRuleList->id){ 1509 1533 s = sendMessage(tmpRL->host->sockId, myMsg.text, sizeof(myMsg.text), 1510 1534 tmpRL->host->hostAddressPtr); … … 1519 1543 secondPftmp = tmp->lastField; 1520 1544 } /* end while tmpRuleList */ 1521 /* 1522 * end redirection 1545 /* 1546 * end redirection 1523 1547 */ 1524 1548 secondOffset = *myPtrs->offsetV9Ptr; … … 1533 1557 /* not the flow end, progress in field list */ 1534 1558 pftmp = pftmp->prev; 1535 } 1559 } 1536 1560 } /* end of the while on one flow record */ 1537 1561 1538 1562 while ( ((*myPtrs->offsetV9Ptr)-48-shift) < data_length ) { 1539 1563 (*myPtrs->offsetV9Ptr)++; /* if padding */ … … 1550 1574 } 1551 1575 } 1552 while ( (*myPtrs->offsetV9Ptr)-48-shift > data_length ) { 1576 while ( (*myPtrs->offsetV9Ptr)-48-shift > data_length ) { 1553 1577 (*myPtrs->offsetV9Ptr)--; /* crazy loop (when bug appears in template def) */ 1554 1578 crazyCounter++; … … 1558 1582 #endif 1559 1583 if (crazyCounter!=0) { syslog(LOG_INFO,"crazyCounter: %d ", crazyCounter);} 1560 1584 1561 1585 #ifdef DEBUG 1562 1586 fprintf(stderr,"(%hu,%hu)}", data_length, data_length+shift); 1563 1587 #endif 1564 1588 1565 1589 return (data_length+shift); 1566 1590 /* end new place */ … … 1574 1598 * 1575 1599 */ 1576 if ((tmpOpt=existTplOptId(myPtrs->currentRouterPtr, myPtrs->currentHeaderV9Ptr->sourceId, 1577 (*myPtrs->currentFlowsetIdPtr)))!=NULL) { 1600 if ((tmpOpt=existTplOptId(myPtrs->currentRouterPtr, myPtrs->currentHeaderV9Ptr->sourceId, 1601 (*myPtrs->currentFlowsetIdPtr)))!=NULL) { 1578 1602 1579 1603 myPtrs->currentMIB->optDataFlowSetNb += 1; … … 1582 1606 #endif 1583 1607 for ( i=0; i<(tmpOpt->optionScopeLg/4); i++){ 1584 /* FIXME : today we skip the scope fields, it's bad :( */ 1608 /* FIXME : today we skip the scope fields, it's bad :( */ 1585 1609 if ((pftmp=tmpOpt->lastField)!=NULL) { 1586 1610 for (j=0; j<pftmp->fieldLength; j++) { 1587 (*myPtrs->offsetV9Ptr)++; 1611 (*myPtrs->offsetV9Ptr)++; 1588 1612 } 1589 1613 pftmp = pftmp->prev; … … 1591 1615 } 1592 1616 while (pftmp != NULL) { 1593 if (pftmp->fieldLength==1){ 1617 if (pftmp->fieldLength==1){ 1594 1618 buffer1 = *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++; 1595 1619 } 1596 if (pftmp->fieldLength==2){ 1620 if (pftmp->fieldLength==2){ 1597 1621 buffer2[1]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++; 1598 1622 buffer2[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++; 1599 1623 } 1600 if (pftmp->fieldLength==4){ 1624 if (pftmp->fieldLength==4){ 1601 1625 buffer4[3]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++; 1602 1626 buffer4[2]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++; … … 1604 1628 buffer4[0]= *(myPtrs->ptr_buffer+(*myPtrs->offsetV9Ptr)); (*myPtrs->offsetV9Ptr)++; 1605 1629 if (pftmp->fieldType==34||pftmp->fieldType==50){ 1606 if ((*((unsigned long*)&buffer4)==1) 1630 if ((*((unsigned long*)&buffer4)==1) 1607 1631 || (*((unsigned long*)&buffer4)==10) 1608 1632 || (*((unsigned long*)&buffer4)==20) … … 1634 1658 } 1635 1659 } 1636 } 1660 } 1637 1661 pftmp = pftmp->prev; 1638 1662 } … … 1653 1677 return (data_length+shift); 1654 1678 } else { 1655 /* 1656 * template unknown, we skip the data 1679 /* 1680 * template unknown, we skip the data 1657 1681 */ 1658 1682 (*myPtrs->offsetV9Ptr)+=(data_length-4); … … 1665 1689 (myPtrs->pcktPtr->ipH->srcAdd<<16>>24), 1666 1690 (myPtrs->pcktPtr->ipH->srcAdd<<24>>24), 1667 myPtrs->currentHeaderV9Ptr->sourceId, 1691 myPtrs->currentHeaderV9Ptr->sourceId, 1668 1692 (*myPtrs->currentFlowsetIdPtr) 1669 1693 ); -
trunk/src/dataFlowSet.h
r144 r145 1 1 /* 2 2 * File: dataFlowSet.h 3 *4 * Authors: ANDREU Francois-Xavier5 3 * 6 * Copyright (C) 2005 - 2010 GIP RENATER 4 * Authors: ANDREU Francois-Xavier 5 * 6 * Copyright (C) 2005 - 2010 GIP RENATER 7 7 */ 8 8 9 /* This file is part of renetcol. 9 /* This file is part of renetcol. 10 10 * 11 11 * renetcol is free software; you can redistribute it and/or modify … … 65 65 unsigned long v4AdD; 66 66 uint32_t tabAdd6S[4]; 67 uint32_t tabAdd6D[4]; 67 uint32_t tabAdd6D[4]; 68 68 }; 69 69 … … 76 76 unsigned char ipProt; 77 77 unsigned short sPort; 78 unsigned short dPort; 78 unsigned short dPort; 79 79 unsigned char sens; /* In/out field 61 */ 80 80 unsigned short inputSnmp; … … 97 97 struct DoSCache { 98 98 unsigned long bytes; 99 unsigned long pkts; 100 unsigned long sampling; 101 } 99 unsigned long packets; 100 unsigned long sampling; 101 unsigned long startTime; 102 unsigned long endTime; 103 }; 102 104 103 short 104 checkDataFlowSet(short, 105 short 106 checkDataFlowSet(short, 105 107 struct MyPtrs *, 106 108 int,
