Beispiel #1
0
int csvredis_process(fieldset_t *fs)
{
	csv_process(fs);
	int is_success = fs_get_uint64_by_index(fs, success_index);
	int is_repeat = fs_get_uint64_by_index(fs, repeat_index);
	if (is_success && !is_repeat) {
		redismodule_process(fs);
	}
	return EXIT_SUCCESS;
}
Beispiel #2
0
static int eval_lt_node(node_t *node, fieldset_t *fields)
{
	int index = node->left_child->value.field.index;
	uint64_t expected = node->right_child->value.int_literal;
	uint64_t actual = fs_get_uint64_by_index(fields, index);
	return (actual < expected);
}
Beispiel #3
0
static int eval_eq_node(node_t *node, fieldset_t *fields)
{
	node_t *literal = node->right_child;
	int index = node->left_child->value.field.index;
	char *expected, *actual;
	switch (literal->type) {
		case STRING:
			expected = literal->value.string_literal;
			actual = fs_get_string_by_index(fields, index);
			return (strcmp(expected, actual) == 0);
			break;
		case INT:
			return (fs_get_uint64_by_index(fields, index) == literal->value.int_literal);
			break;
		default:
			printf("wat\n");
			break;
	}
	return 0;
}
Beispiel #4
0
void handle_packet(uint32_t buflen, const u_char *bytes) {
	if ((sizeof(struct ip) + (zconf.send_ip_pkts ? 0 : sizeof(struct ether_header))) > buflen) {
		// buffer not large enough to contain ethernet
		// and ip headers. further action would overrun buf
		return;
	}
	struct ip *ip_hdr = (struct ip *) &bytes[(zconf.send_ip_pkts ? 0 : sizeof(struct ether_header))];

	uint32_t src_ip = ip_hdr->ip_src.s_addr;

	uint32_t validation[VALIDATE_BYTES/sizeof(uint8_t)];
	// TODO: for TTL exceeded messages, ip_hdr->saddr is going to be different
	// and we must calculate off potential payload message instead
	validate_gen(ip_hdr->ip_dst.s_addr, ip_hdr->ip_src.s_addr, (uint8_t *) validation);

	if (!zconf.probe_module->validate_packet(ip_hdr, buflen - (zconf.send_ip_pkts ? 0 : sizeof(struct ether_header)),
				&src_ip, validation)) {
		return;
	}

	int is_repeat = pbm_check(seen, ntohl(src_ip));

	//HACK vgiannin for multiple port
	is_repeat=0;

	fieldset_t *fs = fs_new_fieldset();

	//struct tcphdr *tcp = (struct tcphdr*)((char *) ip_hdr + 4*ip_hdr->ip_hl);
	//uint16_t sport = ntohs(tcp->th_sport);
	//printf("port : %d\n",sport);
	// char line[50];
	// struct in_addr t;
	// t.s_addr = ip_hdr->ip_src.s_addr;
	// const char *temp = inet_ntoa(t);
	// sprintf(line,"%s:%d",temp,sport);
	//printf("%s\n",line );


	fs_add_ip_fields(fs, ip_hdr);
	// HACK:
	// probe modules (for whatever reason) expect the full ethernet frame
	// in process_packet. For VPN, we only get back an IP frame.
	// Here, we fake an ethernet frame (which is initialized to
	// have ETH_P_IP proto and 00s for dest/src).
	if (zconf.send_ip_pkts) {
		if (buflen > sizeof(fake_eth_hdr)) {
			buflen = sizeof(fake_eth_hdr);
		}
		memcpy(&fake_eth_hdr[sizeof(struct ether_header)], bytes, buflen);
		bytes = fake_eth_hdr;
	}
	zconf.probe_module->process_packet(bytes, buflen, fs);
	fs_add_system_fields(fs, is_repeat, zsend.complete);
	int success_index = zconf.fsconf.success_index;
	assert(success_index < fs->len);
	int is_success = fs_get_uint64_by_index(fs, success_index);

	if (is_success) {
		zrecv.success_total++;
		if (!is_repeat) {
			zrecv.success_unique++;
			pbm_set(seen, ntohl(src_ip));
		}
		if (zsend.complete) {
			zrecv.cooldown_total++;
			if (!is_repeat) {
				zrecv.cooldown_unique++;
			}
		}
	} else {
		zrecv.failure_total++;
	}
	// probe module includes app_success field
	if (zconf.fsconf.app_success_index >= 0) {
		int is_app_success = fs_get_uint64_by_index(fs,
				zconf.fsconf.app_success_index);
		if (is_app_success) {
			zrecv.app_success_total++;
			if (!is_repeat) {
				zrecv.app_success_unique++;
			}
		}
	}

	fieldset_t *o = NULL;
	// we need to translate the data provided by the probe module
	// into a fieldset that can be used by the output module
	if (!is_success && zconf.filter_unsuccessful) {
		goto cleanup;
	}
	if (is_repeat && zconf.filter_duplicates) {
		goto cleanup;
	}
	if (!evaluate_expression(zconf.filter.expression, fs)) {
		goto cleanup;
	}
	o = translate_fieldset(fs, &zconf.fsconf.translation);
	if (zconf.output_module && zconf.output_module->process_ip) {
		zconf.output_module->process_ip(o);
	}
cleanup:
	fs_free(fs);
	free(o);
	if (zconf.output_module && zconf.output_module->update
			&& !(zrecv.success_unique % zconf.output_module->update_interval)) {
		zconf.output_module->update(&zconf, &zsend, &zrecv);
	}
}