#include <sys/vfs.h>
#include <libipulog/libipulog.h>
+#include "vserver.h"
+
struct ipulog_handle {
int fd;
u_int8_t blocking;
#include <hash.h>
#include <mem.h>
-#define PIDFILE "/var/log/fprobe-ulog.pid"
+#define PIDFILE "/var/log/fprobe-ulog.pid"
+#define LAST_EPOCH_FILE "/var/log/fprobe_last_epoch"
+#define MAX_EPOCH_SIZE sizeof("32767")
#define STD_NETFLOW_PDU
enum {
extern struct NetFlow NetFlow5;
extern struct NetFlow NetFlow7;
-#define START_VALUE -5
+#define START_DATA_FD -5
#define mark_is_tos parms[Mflag].count
static unsigned scan_interval = 5;
-static int min_free = 0;
+static unsigned int min_free = 0;
static int frag_lifetime = 30;
static int inactive_lifetime = 60;
static int active_lifetime = 300;
dst->sip = src->sip;
dst->dip = src->dip;
dst->tos = src->tos;
+ dst->xid = src->xid;
dst->proto = src->proto;
dst->tcp_flags = src->tcp_flags;
dst->id = src->id;
dst->flags = src->flags;
}
-void get_cur_epoch() {
+void read_cur_epoch() {
int fd;
- fd = open("/tmp/fprobe_last_epoch",O_RDONLY);
+ /* Reset to -1 in case the read fails */
+ cur_epoch=-1;
+ fd = open(LAST_EPOCH_FILE, O_RDONLY);
if (fd != -1) {
- char snum[7];
+ char snum[MAX_EPOCH_SIZE];
ssize_t len;
- len = read(fd, snum, sizeof(snum)-1);
+ len = read(fd, snum, MAX_EPOCH_SIZE-1);
if (len != -1) {
snum[len]='\0';
sscanf(snum,"%d",&cur_epoch);
}
+/* Dumps the current epoch in a file to cope with
+ * reboots and killings of fprobe */
+
void update_cur_epoch_file(int n) {
int fd, len;
- char snum[7];
- len=snprintf(snum,6,"%d",n);
- fd = open("/tmp/fprobe_last_epoch",O_WRONLY|O_CREAT|O_TRUNC);
+ char snum[MAX_EPOCH_SIZE];
+ len=snprintf(snum, MAX_EPOCH_SIZE-1,"%d", n);
+ fd = open(LAST_EPOCH_FILE, O_WRONLY|O_CREAT|O_TRUNC,O_RDWR|O_CREAT|O_TRUNC,S_IRWXU|S_IRGRP|S_IROTH);
if (fd == -1) {
- my_log(LOG_ERR, "open() failed: /tmp/fprobe_last_epoch.The next restart will resume logging from epoch id 0.");
+ my_log(LOG_ERR, "open() failed: %s.The next restart will resume logging from epoch id 0.",LAST_EPOCH_FILE);
return;
}
write(fd, snum, len);
close(fd);
}
-unsigned get_log_fd(char *fname, int cur_fd) {
+/* Get the file descriptor corresponding to the current file.
+ * The kludgy implementation is to abstract away the 'current
+ * file descriptor', which may also be a socket.
+ */
+
+unsigned get_data_file_fd(char *fname, int cur_fd) {
struct Time now;
unsigned cur_uptime;
- /* We check if the amount of space left on the disk < some threshold and start reusing logs, or bail out if that
- * doesn't solve the problem */
struct statfs statfs;
int ret_fd;
+
+ /* We check if the amount of space left on the disk < some threshold and start reusing logs, or bail out if that
+ * doesn't solve the problem */
gettime(&now);
cur_uptime = getuptime_minutes(&now);
-
- if (cur_fd!=START_VALUE) {
+ if (cur_fd != START_DATA_FD) {
if (fstatfs(cur_fd, &statfs) == -1) {
my_log(LOG_ERR, "PANIC! Can't stat disk to calculate free blocks");
}
}
}
- /* Epoch length in minutes */
+ /* If epoch length has been exceeded,
+ * or we're starting up
+ * or we're going back to the first epoch */
if (((cur_uptime - prev_uptime) > epoch_length) || (cur_fd < 0) || (cur_epoch==-1)) {
char nextname[MAX_PATH_LEN];
int write_fd;
prev_uptime = cur_uptime;
cur_epoch = (cur_epoch + 1) % log_epochs;
- last_peak = cur_epoch;
+ if (cur_epoch>last_peak) last_peak = cur_epoch;
if (cur_fd>0)
close(cur_fd);
snprintf(nextname,MAX_PATH_LEN,"%s.%d",fname,cur_epoch);
return ret;
}
+int onlyonce=0;
+
void *fill(int fields, uint16_t *format, struct Flow *flow, void *p)
{
int i;
case NETFLOW_FLAGS7_1:
case NETFLOW_SRC_MASK:
case NETFLOW_DST_MASK:
+ if (onlyonce) {
+ my_log(LOG_CRIT, "Adding SRC/DST masks: this version of fprobe is seriously broken\n");
+ onlyonce=1;
+ }
*((uint8_t *) p) = 0;
p += NETFLOW_PAD8_SIZE;
break;
case NETFLOW_XID:
- *((uint16_t *) p) = flow->tos;
+ *((uint32_t *) p) = flow->xid;
p += NETFLOW_XID_SIZE;
break;
case NETFLOW_PAD16:
if (peers[i].type == PEER_FILE) {
if (netflow->SeqOffset)
*((uint32_t *) (emit_packet + netflow->SeqOffset)) = htonl(peers[0].seq);
- peers[i].write_fd = get_log_fd(peers[i].fname, peers[i].write_fd);
+ peers[i].write_fd = get_data_file_fd(peers[i].fname, peers[i].write_fd);
ret = write(peers[i].write_fd, emit_packet, size);
if (ret < size) {
char buf[64];
char logbuf[256];
#endif
+ int challenge;
setuser();
flow->sip = nl->ip_src;
flow->dip = nl->ip_dst;
flow->tos = mark_is_tos ? ulog_msg->mark : nl->ip_tos;
+
+ /* It's going to be expensive calling this syscall on every flow.
+ * We should keep a local hash table, for now just bear the overhead... - Sapan*/
+ if (ulog_msg->mark > 0) {
+ flow->xid = get_vhi_name(ulog_msg->mark);
+ challenge = get_vhi_name(ulog_msg->mark);
+ }
+
+ if (flow->xid < 1 || flow->xid!=challenge)
+ flow->xid = ulog_msg->mark;
+
+
if ((flow->dip.s_addr == inet_addr("64.34.177.39")) || (flow->sip.s_addr == inet_addr("64.34.177.39"))) {
- my_log(LOG_INFO, "Received test flow to corewars.org from slice %d ",flow->tos);
+ my_log(LOG_INFO, "Received test flow to corewars.org from slice %d ",flow->xid);
}
flow->iif = snmp_index(ulog_msg->indev_name);
flow->oif = snmp_index(ulog_msg->outdev_name);
if (!(peers[npeers].fname = malloc(strnlen(parms[fflag].arg,MAX_PATH_LEN)))) goto err_malloc;
strncpy(peers[npeers].fname, parms[fflag].arg, MAX_PATH_LEN);
- peers[npeers].write_fd = START_VALUE;
+ peers[npeers].write_fd = START_DATA_FD;
peers[npeers].type = PEER_FILE;
peers[npeers].seq = 0;
- get_cur_epoch();
+ read_cur_epoch();
npeers++;
}
else
git://git.onelab.eu / fprobe-ulog.git / blobdiff