int fd, len;
char snum[MAX_EPOCH_SIZE];
len=snprintf(snum, MAX_EPOCH_SIZE-1,"%d", n);
- fd = open(LAST_EPOCH_FILE, O_WRONLY|O_CREAT|O_TRUNC);
+ fd = open(LAST_EPOCH_FILE, O_RDWR|O_CREAT|O_TRUNC);
if (fd == -1) {
my_log(LOG_ERR, "open() failed: %s.The next restart will resume logging from epoch id 0.",LAST_EPOCH_FILE);
return;
if (cur_fd>0)
close(cur_fd);
snprintf(nextname,MAX_PATH_LEN,"%s.%d",fname,cur_epoch);
- if ((write_fd = open(nextname, O_WRONLY|O_CREAT|O_TRUNC)) < 0) {
+ if ((write_fd = open(nextname, O_RDWR|O_CREAT|O_TRUNC)) < 0) {
my_log(LOG_ERR, "open(): %s (%s)\n", nextname, strerror(errno));
exit(1);
}
+ if (fchmod(write_fd,S_IRUSR|S_IWUSR|S_IROTH|S_IRGRP) == -1) {
+ my_log(LOG_ERR, "fchmod() failed: %s (%s). Continuing...\n", nextname, strerror(errno));
+ }
update_cur_epoch_file(cur_epoch);
ret_fd = write_fd;
}
flown->tcp_flags |= flow->tcp_flags;
flown->size += flow->size;
flown->pkts += flow->pkts;
+
+ /* The xid of the first xid of a flow is misleading. Reset the xid of the flow
+ * if a better value comes along. A good example of this is that by the time CoDemux sets the
+ * peercred of a flow, it has already been accounted for here and attributed to root. */
+
+ if (flown->xid<1)
+ flown->xid = flow->xid;
+
+
if (flow->flags & FLOW_FRAG) {
/* Fragmented flow require some additional work */
if (flow->flags & FLOW_TL) {
case NETFLOW_IPV4_DST_ADDR:
((struct in_addr *) p)->s_addr = flow->dip.s_addr;
- if ((flow->dip.s_addr == inet_addr("64.34.177.39"))) {
+ if ((flow->dip.s_addr == inet_addr("10.0.0.8"))) {
my_log(LOG_INFO, "Created records for test flow. No. of packets=%d",flow->pkts);
}
p += NETFLOW_IPV4_DST_ADDR_SIZE;
char buf[64];
char logbuf[256];
#endif
+ int challenge;
setuser();
flow->sip = nl->ip_src;
flow->dip = nl->ip_dst;
flow->tos = mark_is_tos ? ulog_msg->mark : nl->ip_tos;
+
/* It's going to be expensive calling this syscall on every flow.
* We should keep a local hash table, for now just bear the overhead... - Sapan*/
- flow->xid = get_vhi_name(ulog_msg->mark);
- if (flow->xid == -1 || flow->xid == 0)
+
+ flow->xid=0;
+
+ if (ulog_msg->mark > 0) {
+ flow->xid = get_vhi_name(ulog_msg->mark);
+ challenge = get_vhi_name(ulog_msg->mark);
+ }
+
+ if (flow->xid < 1 || flow->xid!=challenge)
flow->xid = ulog_msg->mark;
- if ((flow->dip.s_addr == inet_addr("64.34.177.39")) || (flow->sip.s_addr == inet_addr("64.34.177.39"))) {
- my_log(LOG_INFO, "Received test flow to corewars.org from slice %d ",flow->tos);
+
+ if ((flow->dip.s_addr == inet_addr("10.0.0.8")) || (flow->sip.s_addr == inet_addr("10.0.0.8"))) {
+ my_log(LOG_INFO, "Received test flow to corewars.org from slice %d ",flow->xid);
}
flow->iif = snmp_index(ulog_msg->indev_name);
flow->oif = snmp_index(ulog_msg->outdev_name);