cflag,
dflag,
eflag,
+ Eflag,
fflag,
gflag,
hflag,
rflag,
sflag,
tflag,
+ Tflag,
Uflag,
uflag,
vflag,
{'c', MY_GETOPT_ARG_REQUIRED, 0, 0},
{'d', MY_GETOPT_ARG_REQUIRED, 0, 0},
{'e', MY_GETOPT_ARG_REQUIRED, 0, 0},
+ {'E', MY_GETOPT_ARG_REQUIRED, 0, 0},
{'f', MY_GETOPT_ARG_REQUIRED, 0, 0},
{'g', MY_GETOPT_ARG_REQUIRED, 0, 0},
{'h', 0, 0, 0},
{'r', MY_GETOPT_ARG_REQUIRED, 0, 0},
{'s', MY_GETOPT_ARG_REQUIRED, 0, 0},
{'t', MY_GETOPT_ARG_REQUIRED, 0, 0},
+ {'T', MY_GETOPT_ARG_REQUIRED, 0, 0},
{'U', MY_GETOPT_ARG_REQUIRED, 0, 0},
{'u', MY_GETOPT_ARG_REQUIRED, 0, 0},
{'v', MY_GETOPT_ARG_REQUIRED, 0, 0},
#else
#define BULK_QUANTITY 200
#endif
+
+static unsigned epoch_length=60, log_epochs=1;
+static unsigned cur_epoch=0,prev_uptime=0;
+
static unsigned bulk_quantity = BULK_QUANTITY;
static unsigned pending_queue_length = 100;
static struct NetFlow *netflow = &NetFlow5;
"-u <user>\tUser to run as\n"
"-v <level>\tMaximum log level (0=EMERG, ..., 6=INFO, 7=DEBUG) [6]\n"
"-l <[dst][:id]>\tLog destination and log/pidfile idetifier [1]\n"
- "-y <remote:port>\tAddress of the NetFlow collector\n",
+ "-y <remote:port>\tAddress of the NetFlow collector\n"
"-f <writable file>\tFile to write data into\n"
+ "-T <n>\tRotate log file every n epochs\n"
+ "-E <[1..60]>\tSize of an epoch in minutes\n",
VERSION, BULK_QUANTITY_MAX, bulk_quantity, sched_min, sched_max);
exit(0);
}
dst->flags = src->flags;
}
+unsigned get_log_fd(char *fname, unsigned cur_fd) {
+ struct Time now;
+ unsigned cur_uptime;
+ int ret_fd;
+ gettime(&now);
+ cur_uptime = getuptime(&now);
+
+ /* Epoch lenght in minutes */
+ if ((cur_uptime - prev_uptime) > (1000 * 60 * epoch_length)) {
+ char nextname[MAX_PATH_LEN];
+ int write_fd;
+ prev_uptime = cur_uptime;
+ cur_epoch = (cur_epoch + 1) % log_epochs;
+ close(cur_fd);
+ snprintf(nextname,MAX_PATH_LEN,"%s.%d",fname,cur_epoch);
+ if ((write_fd = open(nextname, O_WRONLY|O_CREAT)) < 0) {
+ fprintf(stderr, "open(): %s (%s)\n", nextname, strerror(errno));
+ exit(1);
+ }
+ ret_fd = write_fd;
+ }
+ else
+ ret_fd = cur_fd;
+ return(ret_fd);
+}
+
struct Flow *find(struct Flow *where, struct Flow *what, struct Flow ***prev)
{
struct Flow **flowpp;
?FIXME?
Several packets with FLOW_TL (attack)
*/
- flown->sp = flow->sp;
+ flown->sp = flow->sp;
flown->dp = flow->dp;
}
if (flow->flags & FLOW_LASTFRAG) {
*((uint8_t *) p) = 0;
p += NETFLOW_PAD8_SIZE;
break;
-
+ case NETFLOW_PLANETLAB_XID:
+ *((uint16_t *) p) = flow->tos;
+ p += NETFLOW_PLANETLAB_XID_SIZE;
+ break;
case NETFLOW_PAD16:
/* Unsupported (uint16_t) */
case NETFLOW_SRC_AS:
p = fill(netflow->HeaderFields, netflow->HeaderFormat, 0, &emit_packet);
size = netflow->HeaderSize + emit_count * netflow->FlowSize;
/* Netflow PDUs need to be padded to 1464 bytes - Sapan */
- if (size < 1464) size = 1464;
+ if (size < NETFLOW_PDU_SIZE) size = NETFLOW_PDU_SIZE;
peer_rot_cur = 0;
for (i = 0; i < npeers; i++) {
if (peers[0].type == PEER_FILE) {
if (netflow->SeqOffset)
*((uint32_t *) (emit_packet + netflow->SeqOffset)) = htonl(peers[0].seq);
#define MESSAGES
+ peers[0].write_fd = get_log_fd(peers[0].fname, peers[0].write_fd);
ret = write(peers[0].write_fd, emit_packet, size);
if (ret < size) {
#if ((DEBUG) & DEBUG_E) || defined MESSAGES
}
if (parms[Uflag].count) ulog_gmask = atoi(parms[Uflag].arg);
+ if (parms[Tflag].count) log_epochs = atoi(parms[Tflag].arg);
+ if (parms[Eflag].count) epoch_length = atoi(parms[Eflag].arg);
if (parms[sflag].count) scan_interval = atoi(parms[sflag].arg);
if (parms[gflag].count) frag_lifetime = atoi(parms[gflag].arg);
if (parms[dflag].count) inactive_lifetime = atoi(parms[dflag].arg);
}
else if (parms[fflag].count) {
// log into a file
- char *fname;
if (!(peers = malloc(npeers * sizeof(struct peer)))) goto err_malloc;
- fname = parms[fflag].arg;
- if ((write_fd = open(fname, O_WRONLY|O_CREAT)) < 0) {
- fprintf(stderr, "open(): %s (%s)\n", fname, strerror(errno));
- exit(1);
- }
- peers[0].write_fd = write_fd;
+ if (!(peers[0].fname = malloc(strnlen(parms[fflag].arg,MAX_PATH_LEN)))) goto err_malloc;
+ strncpy(peers[0].fname, parms[fflag].arg, MAX_PATH_LEN);
+
+ peers[0].write_fd = -1;
peers[0].type = PEER_FILE;
peers[0].seq = 0;
npeers++;