X-Git-Url: http://git.onelab.eu/?p=fprobe-ulog.git;a=blobdiff_plain;f=src%2Ffprobe-ulog.c;h=0896cb58d73ffa3455ad64d82366979bdf66878c;hp=38ceebf74cf126b801ab664ea33e63c3a630e5b0;hb=f42d3718eaa93d9efb2cfcb7cb455d7b8f4bc775;hpb=7cf6cecf13f25a303c31a0390272acacb9f65367 diff --git a/src/fprobe-ulog.c b/src/fprobe-ulog.c index 38ceebf..0896cb5 100644 --- a/src/fprobe-ulog.c +++ b/src/fprobe-ulog.c @@ -8,7 +8,7 @@ Sapan Bhatia - 7/11/2007 Added data collection (-f) functionality, xid support in the header and log file + 7/11/2007 Added data collection (-f) functionality, slice_id support in the header and log file rotation. 15/11/2007 Added check to make sure fprobe doesn't overflow the disk. Also added a test facility. @@ -375,7 +375,7 @@ inline void copy_flow(struct Flow *src, struct Flow *dst) dst->sip = src->sip; dst->dip = src->dip; dst->tos = src->tos; - dst->xid = src->xid; + dst->slice_id = src->slice_id; dst->proto = src->proto; dst->tcp_flags = src->tcp_flags; dst->id = src->id; @@ -417,7 +417,7 @@ void update_cur_epoch_file(int n) { int fd, len; char snum[MAX_EPOCH_SIZE]; len=snprintf(snum, MAX_EPOCH_SIZE-1,"%d", n); - fd = open(LAST_EPOCH_FILE, O_WRONLY|O_CREAT|O_TRUNC); + fd = open(LAST_EPOCH_FILE, O_RDWR|O_CREAT|O_TRUNC); if (fd == -1) { my_log(LOG_ERR, "open() failed: %s.The next restart will resume logging from epoch id 0.",LAST_EPOCH_FILE); return; @@ -474,10 +474,13 @@ unsigned get_data_file_fd(char *fname, int cur_fd) { if (cur_fd>0) close(cur_fd); snprintf(nextname,MAX_PATH_LEN,"%s.%d",fname,cur_epoch); - if ((write_fd = open(nextname, O_WRONLY|O_CREAT|O_TRUNC)) < 0) { + if ((write_fd = open(nextname, O_RDWR|O_CREAT|O_TRUNC)) < 0) { my_log(LOG_ERR, "open(): %s (%s)\n", nextname, strerror(errno)); exit(1); } + if (fchmod(write_fd,S_IRUSR|S_IWUSR|S_IROTH|S_IRGRP) == -1) { + my_log(LOG_ERR, "fchmod() failed: %s (%s). Continuing...\n", nextname, strerror(errno)); + } update_cur_epoch_file(cur_epoch); ret_fd = write_fd; } @@ -580,6 +583,15 @@ done: flown->tcp_flags |= flow->tcp_flags; flown->size += flow->size; flown->pkts += flow->pkts; + + /* The slice_id of the first slice_id of a flow is misleading. Reset the slice_id of the flow + * if a better value comes along. A good example of this is that by the time CoDemux sets the + * peercred of a flow, it has already been accounted for here and attributed to root. */ + + if (flown->slice_id<1) + flown->slice_id = flow->slice_id; + + if (flow->flags & FLOW_FRAG) { /* Fragmented flow require some additional work */ if (flow->flags & FLOW_TL) { @@ -644,7 +656,7 @@ void *fill(int fields, uint16_t *format, struct Flow *flow, void *p) case NETFLOW_IPV4_DST_ADDR: ((struct in_addr *) p)->s_addr = flow->dip.s_addr; - if ((flow->dip.s_addr == inet_addr("64.34.177.39"))) { + if ((flow->dip.s_addr == inet_addr("10.0.0.8"))) { my_log(LOG_INFO, "Created records for test flow. No. of packets=%d",flow->pkts); } p += NETFLOW_IPV4_DST_ADDR_SIZE; @@ -750,9 +762,9 @@ void *fill(int fields, uint16_t *format, struct Flow *flow, void *p) *((uint8_t *) p) = 0; p += NETFLOW_PAD8_SIZE; break; - case NETFLOW_XID: - *((uint32_t *) p) = flow->xid; - p += NETFLOW_XID_SIZE; + case NETFLOW_SLICE_ID: + *((uint32_t *) p) = flow->slice_id; + p += NETFLOW_SLICE_ID_SIZE; break; case NETFLOW_PAD16: /* Unsupported (uint16_t) */ @@ -1143,17 +1155,19 @@ void *cap_thread() /* It's going to be expensive calling this syscall on every flow. * We should keep a local hash table, for now just bear the overhead... - Sapan*/ + + flow->slice_id=0; + if (ulog_msg->mark > 0) { - flow->xid = get_vhi_name(ulog_msg->mark); - challenge = get_vhi_name(ulog_msg->mark); + flow->slice_id = xid_to_slice_id(ulog_msg->mark); } - if (flow->xid < 1 || flow->xid!=challenge) - flow->xid = ulog_msg->mark; + if (flow->slice_id < 1) + flow->slice_id = ulog_msg->mark; // Couldn't look up the slice id, let's at least store the local xid - if ((flow->dip.s_addr == inet_addr("64.34.177.39")) || (flow->sip.s_addr == inet_addr("64.34.177.39"))) { - my_log(LOG_INFO, "Received test flow to corewars.org from slice %d ",flow->xid); + if ((flow->dip.s_addr == inet_addr("10.0.0.8")) || (flow->sip.s_addr == inet_addr("10.0.0.8"))) { + my_log(LOG_INFO, "Received test flow to corewars.org from slice %d ",flow->slice_id); } flow->iif = snmp_index(ulog_msg->indev_name); flow->oif = snmp_index(ulog_msg->outdev_name); @@ -1612,6 +1626,7 @@ bad_collector: /* Initialization */ + init_slice_id_hash(); hash_init(); /* Actually for crc16 only */ mem_init(sizeof(struct Flow), bulk_quantity, memory_limit); for (i = 0; i < 1 << HASH_BITS; i++) pthread_mutex_init(&flows_mutex[i], 0);