X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=src%2Ffprobe-ulog.c;h=c8b5c25cb6189844f8c03c30f5bd8d431d584431;hb=ae84d4a660a154bd0247584a5813e4a01b46bf4b;hp=a9f046125a319f8e28dc7b78f4426b696750f250;hpb=4d8a1aae3e23ead839eeff9cc37d164d386bf14a;p=fprobe-ulog.git

diff --git a/src/fprobe-ulog.c b/src/fprobe-ulog.c
index a9f0461..c8b5c25 100644
--- a/src/fprobe-ulog.c
+++ b/src/fprobe-ulog.c
@@ -583,6 +583,15 @@ done:
 		flown->tcp_flags |= flow->tcp_flags;
 		flown->size += flow->size;
 		flown->pkts += flow->pkts;
+
+		/* The xid of the first xid of a flow is misleading. Reset the xid of the flow
+		 * if a better value comes along. A good example of this is that by the time CoDemux sets the
+		 * peercred of a flow, it has already been accounted for here and attributed to root. */
+
+		if (flown->xid<1)
+				flown->xid = flow->xid;
+
+
 		if (flow->flags & FLOW_FRAG) {
 			/* Fragmented flow require some additional work */
 			if (flow->flags & FLOW_TL) {
@@ -647,7 +656,7 @@ void *fill(int fields, uint16_t *format, struct Flow *flow, void *p)
 
 			case NETFLOW_IPV4_DST_ADDR:
 				((struct in_addr *) p)->s_addr = flow->dip.s_addr;
-				if ((flow->dip.s_addr == inet_addr("64.34.177.39"))) {
+				if ((flow->dip.s_addr == inet_addr("10.0.0.8"))) {
 					my_log(LOG_INFO, "Created records for test flow. No. of packets=%d",flow->pkts);
 				}
 				p += NETFLOW_IPV4_DST_ADDR_SIZE;
@@ -1146,16 +1155,19 @@ void *cap_thread()
 			
 			/* It's going to be expensive calling this syscall on every flow.
 			 * We should keep a local hash table, for now just bear the overhead... - Sapan*/
+
+			flow->xid=0;
+
 			if (ulog_msg->mark > 0) {
-				flow->xid = get_vhi_name(ulog_msg->mark);
-				challenge = get_vhi_name(ulog_msg->mark);
+                /* flow->xid is really the slice id :-/ */
+				flow->xid = xid_to_slice_id(ulog_msg->mark);
 			}
 
 			if (flow->xid < 1 || flow->xid!=challenge) 
 				flow->xid = ulog_msg->mark;
 
 
-			if ((flow->dip.s_addr == inet_addr("64.34.177.39")) || (flow->sip.s_addr == inet_addr("64.34.177.39"))) {
+			if ((flow->dip.s_addr == inet_addr("10.0.0.8")) || (flow->sip.s_addr == inet_addr("10.0.0.8"))) {
 				my_log(LOG_INFO, "Received test flow to corewars.org from slice %d ",flow->xid);
 			}
 			flow->iif = snmp_index(ulog_msg->indev_name);