Initialize hash, change init function name so it doesn't collide with fprobe-ulog's

[fprobe-ulog.git] / src / fprobe-ulog.c
diff --git a/src/fprobe-ulog.c b/src/fprobe-ulog.c

index a9f0461..80ff15f 100644 (file)
--- a/src/fprobe-ulog.c
+++ b/src/fprobe-ulog.c
@@ -583,6 +583,15 @@ done:
                 flown->tcp_flags |= flow->tcp_flags;
                 flown->size += flow->size;
                 flown->pkts += flow->pkts;
+
+               /* The xid of the first xid of a flow is misleading. Reset the xid of the flow
+                * if a better value comes along. A good example of this is that by the time CoDemux sets the
+                * peercred of a flow, it has already been accounted for here and attributed to root. */
+
+               if (flown->xid<1)
+                               flown->xid = flow->xid;
+
+
                 if (flow->flags & FLOW_FRAG) {
                         /* Fragmented flow require some additional work */
                         if (flow->flags & FLOW_TL) {
@@ -647,7 +656,7 @@ void *fill(int fields, uint16_t *format, struct Flow *flow, void *p)
  
                         case NETFLOW_IPV4_DST_ADDR:
                                 ((struct in_addr *) p)->s_addr = flow->dip.s_addr;
-                               if ((flow->dip.s_addr == inet_addr("64.34.177.39"))) {
+                               if ((flow->dip.s_addr == inet_addr("10.0.0.8"))) {
                                         my_log(LOG_INFO, "Created records for test flow. No. of packets=%d",flow->pkts);
                                 }
                                 p += NETFLOW_IPV4_DST_ADDR_SIZE;
@@ -1146,16 +1155,19 @@ void *cap_thread()
                         
                         /* It's going to be expensive calling this syscall on every flow.
                          * We should keep a local hash table, for now just bear the overhead... - Sapan*/
+
+                       flow->xid=0;
+
                         if (ulog_msg->mark > 0) {
-                               flow->xid = get_vhi_name(ulog_msg->mark);
-                               challenge = get_vhi_name(ulog_msg->mark);
+                /* flow->xid is really the slice id :-/ */
+                               flow->xid = xid_to_slice_id(ulog_msg->mark);
                         }
  
                         if (flow->xid < 1 || flow->xid!=challenge) 
                                 flow->xid = ulog_msg->mark;
  
  
-                       if ((flow->dip.s_addr == inet_addr("64.34.177.39")) || (flow->sip.s_addr == inet_addr("64.34.177.39"))) {
+                       if ((flow->dip.s_addr == inet_addr("10.0.0.8")) || (flow->sip.s_addr == inet_addr("10.0.0.8"))) {
                                 my_log(LOG_INFO, "Received test flow to corewars.org from slice %d ",flow->xid);
                         }
                         flow->iif = snmp_index(ulog_msg->indev_name);
@@ -1615,6 +1627,7 @@ bad_collector:
  
         /* Initialization */
  
+    init_slice_id_hash();
         hash_init(); /* Actually for crc16 only */
         mem_init(sizeof(struct Flow), bulk_quantity, memory_limit);
         for (i = 0; i < 1 << HASH_BITS; i++) pthread_mutex_init(&flows_mutex[i], 0);