/*
* void pmap_teardown(void);
*
* Called by skplugin to tear down this plugin.
*/
static void
pmap_teardown(
void)
{
size_t i;
pmap_data_t *pmap_data;
if (pmap_vector) {
for (i = 0; i < skVectorGetCount(pmap_vector); ++i) {
ASSERT_RESULT(skVectorGetValue(&pmap_data, pmap_vector, i),
int, 0);
pmap_data_destroy(pmap_data);
}
skVectorDestroy(pmap_vector);
pmap_vector = NULL;
}
}
/*
* status = readerSetup(&out_daemon_mode, probe_vector, options);
*
* Invoked by input_mode_type->setup_fn();
*/
static int
readerSetup(
fp_daemon_mode_t *is_daemon,
const sk_vector_t *probe_vec,
reader_options_t *options)
{
size_t count = skVectorGetCount(probe_vec);
const char *netflow_file = options->pdu_file.netflow_file;
skpc_probe_t *p;
/* this function should only be called if we actually have probes
* to process */
if (count == 0) {
skAppPrintErr("readerSetup() called with zero length probe vector");
return 1;
}
if (count > 1) {
skAppPrintErr("The " INPUT_MODE_TYPE_NAME
"only supports one file-based probe.");
return -1;
}
if (NULL != netflow_file) {
/* Modify the probe to have the file name given on the command
* line. */
if (0 == skVectorGetValue(&p, probe_vec, 0)) {
if (skpcProbeSetFileSource(p, netflow_file)) {
skAppPrintErr("Cannot change file source of probe");
return 1;
}
}
}
/* Not a deamon */
*is_daemon = FP_DAEMON_OFF;
return 0;
}
/*
* skplugin_err_t pmapfile_handler(const char *opt_arg, void *cbdata)
*
* Handler for --pmap-file option. Actually registers the filter and
* fields.
*/
static skplugin_err_t
pmapfile_handler(
const char *opt_arg,
void UNUSED(*cbdata))
{
/* Whether we have seen any unnamed pmaps */
static int have_unnamed_pmap = 0;
skPrefixMapErr_t map_error = SKPREFIXMAP_OK;
skstream_t *stream = NULL;
skPrefixMap_t *prefix_map = NULL;
pmap_data_t *pmap_data = NULL;
int ok;
const char *filename;
const char *sep;
const char *mapname;
char *prefixed_name = NULL;
char *short_prefixed_name;
size_t namelen = 0;
size_t i;
int rv = SKPLUGIN_ERR;
skplugin_callbacks_t regdata;
/* We can only have one pmap whenever we any any pmap without a
* mapname. If we've seen one and enter this function a second
* time, it is an error */
if (have_unnamed_pmap) {
skAppPrintErr(("Invalid %s: You may use only one prefix map"
" when you are\n"
"\tusing a prefix map without specifying a mapname"),
pmap_file_option);
return SKPLUGIN_ERR;
}
/* Parse the argument into a field name and file name */
sep = strchr(opt_arg, ':');
if (NULL == sep) {
/* We do not have a mapname. We'll check for one in the pmap
* once we read it. */
mapname = NULL;
filename = opt_arg;
} else {
/* A mapname was supplied on the command line */
if (sep == opt_arg) {
skAppPrintErr("Invalid %s: Zero length mapnames are not allowed",
pmap_file_option);
return SKPLUGIN_ERR;
}
if (memchr(opt_arg, ',', sep - opt_arg) != NULL) {
skAppPrintErr("Invalid %s: The mapname may not include a comma",
pmap_file_option);
return SKPLUGIN_ERR;
}
mapname = opt_arg;
filename = sep + 1;
namelen = sep - opt_arg;
}
ok = skpinOpenDataInputStream(&stream, SK_CONTENT_SILK, filename);
if (ok == -1) {
/* problem opening file */
skAppPrintErr("Failed to open the prefix map file '%s'",
filename);
return SKPLUGIN_ERR;
}
if (ok == 1) {
/* master needs to process the file, since it may contain the
* map name we use for creating switches */
if ((rv = skStreamCreate(&stream, SK_IO_READ, SK_CONTENT_SILK))
|| (rv = skStreamBind(stream, filename))
|| (rv = skStreamOpen(stream)))
{
skStreamPrintLastErr(stream, rv, &skAppPrintErr);
skStreamDestroy(&stream);
return SKPLUGIN_ERR;
}
/* the master can ignore the file for filtering */
ignore_prefix_map = 1;
}
map_error = skPrefixMapRead(&prefix_map, stream);
if (SKPREFIXMAP_OK != map_error) {
if (SKPREFIXMAP_ERR_IO == map_error) {
skStreamPrintLastErr(stream, skStreamGetLastReturnValue(stream),
&skAppPrintErr);
} else {
skAppPrintErr("Failed to read the prefix map file '%s': %s",
opt_arg, skPrefixMapStrerror(map_error));
}
skStreamDestroy(&stream);
return SKPLUGIN_ERR;
}
skStreamDestroy(&stream);
if (NULL == mapname) {
/* No mapname was supplied on the command line. Check for a
* mapname insided the pmap. */
mapname = skPrefixMapGetMapName(prefix_map);
if (mapname) {
/* The pmap supplied a mapname */
namelen = strlen(mapname);
} else {
/* No mapname. Accept for legacy purposes, unless we have
* read any other pmaps */
have_unnamed_pmap = 1;
if (skVectorGetCount(pmap_vector) != 0) {
skAppPrintErr(("Invalid %s: You may use only one prefix map"
" when you are\n"
"\t using a prefix map without"
" specifying a mapname"),
pmap_file_option);
goto END;
}
}
}
/* Allocate the pmap_data structure */
pmap_data = (pmap_data_t *)calloc(1, sizeof(*pmap_data));
if (pmap_data == NULL) {
ERR_NO_MEM(pmap_data);
rv = SKPLUGIN_ERR_FATAL;
goto END;
}
/* pmap_data now "owns" prefix_map */
pmap_data->pmap = prefix_map;
prefix_map = NULL;
/* Cache the content type */
pmap_data->type = skPrefixMapGetContentType(pmap_data->pmap);
/* Fill the direction structure for each direction */
pmap_data->sdir.dir = DIR_SOURCE;
pmap_data->ddir.dir = DIR_DEST;
pmap_data->adir.dir = DIR_ANY;
pmap_data->sdir.data = pmap_data;
pmap_data->ddir.data = pmap_data;
pmap_data->adir.data = pmap_data;
/* Record the path to the pmap file */
pmap_data->filepath = strdup(filename);
if (NULL == pmap_data->filepath) {
ERR_NO_MEM(pmap_data->filepath);
rv = SKPLUGIN_ERR_FATAL;
goto END;
}
if (mapname == NULL) {
/* Pmap without a mapname. */
/* Add the proper legacy option names to the pmap_data structure */
switch (pmap_data->type) {
case SKPREFIXMAP_CONT_ADDR_V4:
case SKPREFIXMAP_CONT_ADDR_V6:
pmap_data->sdir.filter_option = strdup(pmap_saddress_option);
pmap_data->ddir.filter_option = strdup(pmap_daddress_option);
pmap_data->adir.filter_option = strdup(pmap_aaddress_option);
break;
case SKPREFIXMAP_CONT_PROTO_PORT:
pmap_data->sdir.filter_option = strdup(pmap_sport_proto_option);
pmap_data->ddir.filter_option = strdup(pmap_dport_proto_option);
pmap_data->adir.filter_option = strdup(pmap_aport_proto_option);
break;
}
if ((pmap_data->sdir.filter_option == NULL)
|| (pmap_data->ddir.filter_option == NULL)
|| (pmap_data->adir.filter_option == NULL))
{
ERR_NO_MEM(filter_option);
rv = SKPLUGIN_ERR_FATAL;
goto END;
}
pmap_data->mapname = strdup(pmap_title_val);
pmap_data->sdir.field_name = strdup(pmap_title_sval);
pmap_data->ddir.field_name = strdup(pmap_title_dval);
if ((pmap_data->mapname == NULL)
|| (pmap_data->sdir.field_name == NULL)
|| (pmap_data->ddir.field_name == NULL))
{
ERR_NO_MEM(field_name);
rv = SKPLUGIN_ERR_FATAL;
goto END;
}
} else { /* if (mapname == NULL) */
/* Create the field names*/
pmap_data->mapname = (char*)malloc(namelen + 1);
if (NULL == pmap_data->mapname) {
ERR_NO_MEM(pmap_data->mapname);
rv = SKPLUGIN_ERR_FATAL;
goto END;
}
strncpy(pmap_data->mapname, mapname, namelen);
pmap_data->mapname[namelen] = '\0';
/* Allocate space for the [pmap-]{src-,dst-}<mapname> string */
prefixed_name
= (char*)malloc(namelen + pmap_prefix_len + dir_name_len + 1);
if (NULL == prefixed_name) {
ERR_NO_MEM(prefixed_name);
rv = SKPLUGIN_ERR_FATAL;
goto END;
}
/* Copy in the pmap- prefix */
strncpy(prefixed_name, pmap_prefix, pmap_prefix_len);
/* short name (for fields) starts at the {src-,dst-} */
short_prefixed_name = prefixed_name + pmap_prefix_len;
/* add in the actual field name, and zero terminate it */
strncpy(short_prefixed_name + dir_name_len, mapname, namelen);
short_prefixed_name[namelen + dir_name_len] = '\0';
/* Create the destination-themed names */
strncpy(short_prefixed_name, src_dir_name, dir_name_len);
pmap_data->sdir.filter_option = strdup(prefixed_name);
pmap_data->sdir.field_name = strdup(short_prefixed_name);
if ((pmap_data->sdir.filter_option == NULL)
|| (pmap_data->sdir.field_name == NULL))
{
ERR_NO_MEM(pmap_data->sdir);
rv = SKPLUGIN_ERR_FATAL;
goto END;
}
strncpy(short_prefixed_name, dst_dir_name, dir_name_len);
pmap_data->ddir.filter_option = strdup(prefixed_name);
pmap_data->ddir.field_name = strdup(short_prefixed_name);
if ((pmap_data->ddir.filter_option == NULL)
|| (pmap_data->ddir.field_name == NULL))
{
ERR_NO_MEM(pmap_data->ddir);
rv = SKPLUGIN_ERR_FATAL;
goto END;
}
strncpy(short_prefixed_name, any_dir_name, dir_name_len);
pmap_data->adir.filter_option = strdup(prefixed_name);
if (pmap_data->adir.filter_option == NULL) {
ERR_NO_MEM(pmap_data->adir);
rv = SKPLUGIN_ERR_FATAL;
goto END;
}
/* Free the temporary name buffer */
free(prefixed_name);
prefixed_name = NULL;
} /* if (mapname == NULL) */
/* Verify unique field names */
for (i = 0; i < skVectorGetCount(pmap_vector); i++) {
pmap_data_t *p;
skVectorGetValue(&p, pmap_vector, i);
if ((strcmp(pmap_data->mapname, p->mapname) == 0) ||
(strcmp(pmap_data->sdir.field_name, p->sdir.field_name) == 0) ||
(strcmp(pmap_data->ddir.field_name, p->ddir.field_name) == 0))
{
skAppPrintErr(("Invalid %s: Multiple pmaps use the mapname '%s':\n"
"\t%s\n\t%s"),
pmap_file_option, pmap_data->mapname,
p->filepath, pmap_data->filepath);
rv = SKPLUGIN_ERR;
goto END;
}
}
/* Register fields and filter options */
memset(®data, 0, sizeof(regdata));
regdata.init = pmap_field_init;
regdata.column_width = 0;
regdata.bin_bytes = 4;
regdata.rec_to_text = pmap_text_fn;
regdata.rec_to_bin = pmap_bin_fn;
regdata.bin_to_text = pmap_bin_to_text_fn;
for (i = 0; i < 2; ++i) {
directed_pmap_data_t *dir = ((0 == i)
? &pmap_data->sdir
: &pmap_data->ddir);
skpinRegField(&dir->field, dir->field_name, NULL, ®data, dir);
skpinRegOption2(dir->filter_option,
REQUIRED_ARG,
NULL, &pmap_filter_help,
&pmap_handle_filter_option, dir,
1, SKPLUGIN_FN_FILTER);
}
/* Register the "any" filter separately */
skpinRegOption2(pmap_data->adir.filter_option,
REQUIRED_ARG,
NULL, &pmap_filter_help,
&pmap_handle_filter_option, &pmap_data->adir,
1, SKPLUGIN_FN_FILTER);
if (skVectorAppendValue(pmap_vector, &pmap_data)) {
rv = SKPLUGIN_ERR_FATAL;
goto END;
}
rv = SKPLUGIN_OK;
END:
/* Free the temporary name buffer */
if (prefixed_name) {
free(prefixed_name);
}
if (rv != SKPLUGIN_OK) {
if (prefix_map) {
skPrefixMapDelete(prefix_map);
}
if (pmap_data) {
pmap_data_destroy(pmap_data);
}
}
return (skplugin_err_t)rv;
}
static skplugin_err_t
parseFlowtypes(
const char *opt_arg,
void *v_bitmap)
{
static int registered_fields = 0;
sk_bitmap_t **ft_bitmap;
sksite_error_iterator_t *err_iter = NULL;
sk_vector_t *ft_vec = NULL;
sk_flowtype_id_t ft;
int i = 0;
skplugin_err_t err = SKPLUGIN_OK;
int rv;
assert(v_bitmap);
ft_bitmap = (sk_bitmap_t**)v_bitmap;
if (NULL != *ft_bitmap) {
/* this is an attempt to re-create a list of flowtypes, which
* could happen if the first pass was generated by parsing an
* environment variable. clear the bitmap */
skBitmapClearAllBits(*ft_bitmap);
} else if (skBitmapCreate(ft_bitmap, SK_MAX_NUM_FLOWTYPES)) {
skAppPrintErr("Unable to create bitmap");
err = SKPLUGIN_ERR;
goto END;
}
ft_vec = skVectorNew(sizeof(sk_flowtype_id_t));
if (NULL == ft_vec) {
skAppPrintErr("Unable to create vector");
err = SKPLUGIN_ERR;
goto END;
}
rv = sksiteParseFlowtypeList(ft_vec, opt_arg, NULL, NULL, NULL, NULL,
&err_iter);
if (rv) {
if (rv < 0) {
skAppPrintErr("Memory or internal error while parsing flowtypes");
} else if (1 == rv) {
sksiteErrorIteratorNext(err_iter);
skAppPrintErr("Invalid flowtypes '%s': %s",
opt_arg, sksiteErrorIteratorGetMessage(err_iter));
assert(sksiteErrorIteratorNext(err_iter)
== SK_ITERATOR_NO_MORE_ENTRIES);
} else {
skAppPrintErr("Invalid flowtypes '%s': Found multiple errors:",
opt_arg);
while (sksiteErrorIteratorNext(err_iter) == SK_ITERATOR_OK) {
skAppPrintErr("%s", sksiteErrorIteratorGetMessage(err_iter));
}
}
err = SKPLUGIN_ERR;
goto END;
}
if (0 == skVectorGetCount(ft_vec)) {
skAppPrintErr("Invalid flowtypes '%s': No valid flowtypes found",
opt_arg);
err = SKPLUGIN_ERR;
goto END;
}
for (i = 0; 0 == skVectorGetValue(&ft, ft_vec, i); ++i) {
skBitmapSetBit(*ft_bitmap, ft);
}
if (incoming_flowtypes && outgoing_flowtypes && !registered_fields) {
registered_fields = 1;
err = skpinRegIPAddressField("int-ip", &internalIp, 0);
if (SKPLUGIN_OK != err) {
goto END;
}
err = skpinRegIPAddressField("ext-ip", &externalIp, 0);
if (SKPLUGIN_OK != err) {
goto END;
}
err = skpinRegIntField("int-port", 0, UINT16_MAX, &internalPort, 0);
if (SKPLUGIN_OK != err) {
goto END;
}
err = skpinRegIntField("ext-port", 0, UINT16_MAX, &externalPort, 0);
if (SKPLUGIN_OK != err) {
goto END;
}
}
END:
skVectorDestroy(ft_vec);
sksiteErrorIteratorFree(err_iter);
if (*ft_bitmap && err != SKPLUGIN_OK) {
skBitmapDestroy(ft_bitmap);
*ft_bitmap = NULL;
}
return err;
}
