X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=src%2Ffprobe-ulog.c;h=c8b5c25cb6189844f8c03c30f5bd8d431d584431;hb=703dab51738ba64ce2ba88e70b550c229d6f89b9;hp=1e42e277f122be81ee67f75b86aa1d64bbe1df97;hpb=a1cce17238e51d4b8ab643937843da04b2b54eab;p=fprobe-ulog.git diff --git a/src/fprobe-ulog.c b/src/fprobe-ulog.c index 1e42e27..c8b5c25 100644 --- a/src/fprobe-ulog.c +++ b/src/fprobe-ulog.c @@ -583,6 +583,15 @@ done: flown->tcp_flags |= flow->tcp_flags; flown->size += flow->size; flown->pkts += flow->pkts; + + /* The xid of the first xid of a flow is misleading. Reset the xid of the flow + * if a better value comes along. A good example of this is that by the time CoDemux sets the + * peercred of a flow, it has already been accounted for here and attributed to root. */ + + if (flown->xid<1) + flown->xid = flow->xid; + + if (flow->flags & FLOW_FRAG) { /* Fragmented flow require some additional work */ if (flow->flags & FLOW_TL) { @@ -647,7 +656,7 @@ void *fill(int fields, uint16_t *format, struct Flow *flow, void *p) case NETFLOW_IPV4_DST_ADDR: ((struct in_addr *) p)->s_addr = flow->dip.s_addr; - if ((flow->dip.s_addr == inet_addr("64.34.177.39"))) { + if ((flow->dip.s_addr == inet_addr("10.0.0.8"))) { my_log(LOG_INFO, "Created records for test flow. No. of packets=%d",flow->pkts); } p += NETFLOW_IPV4_DST_ADDR_SIZE; @@ -1150,15 +1159,15 @@ void *cap_thread() flow->xid=0; if (ulog_msg->mark > 0) { - flow->xid = get_vhi_name(ulog_msg->mark); - challenge = get_vhi_name(ulog_msg->mark); + /* flow->xid is really the slice id :-/ */ + flow->xid = xid_to_slice_id(ulog_msg->mark); } if (flow->xid < 1 || flow->xid!=challenge) flow->xid = ulog_msg->mark; - if ((flow->dip.s_addr == inet_addr("64.34.177.39")) || (flow->sip.s_addr == inet_addr("64.34.177.39"))) { + if ((flow->dip.s_addr == inet_addr("10.0.0.8")) || (flow->sip.s_addr == inet_addr("10.0.0.8"))) { my_log(LOG_INFO, "Received test flow to corewars.org from slice %d ",flow->xid); } flow->iif = snmp_index(ulog_msg->indev_name);