/* * Netflow frame extractor function * Match netflow metadata against ioc_entries * Relay matches to appropriate nm_queue */ int process_flow(struct store_flow_complete* flow) { ss_ioc_entry_t* iptr; uint8_t* metadata = NULL; size_t mlength = 0; int rv = 0; /* Another sanity check */ if (flow->src_addr.af != flow->dst_addr.af) { logit(LOG_WARNING, "%s: flow src(%d)/dst(%d) AF mismatch", __func__, flow->src_addr.af, flow->dst_addr.af); return -1; } /* Prepare for writing */ flow->hdr.fields = htonl(flow->hdr.fields); flow->recv_time.recv_sec = htonl(flow->recv_time.recv_sec); flow->recv_time.recv_usec = htonl(flow->recv_time.recv_usec); /* mhall hardcoded verbose */ char fmtbuf[1024]; netflow_format_flow(flow, fmtbuf, sizeof(fmtbuf), 0, STORE_DISPLAY_ALL, 0); logit(LOG_DEBUG, "%s: ACCEPT flow %s", __func__, fmtbuf); iptr = ss_ioc_netflow_match(flow); if (iptr) { // match RTE_LOG(NOTICE, EXTRACTOR, "successful netflow ioc match from frame\n"); ss_ioc_entry_dump_dpdk(iptr); nn_queue_t* nn_queue = &ss_conf->ioc_files[iptr->file_id].nn_queue; // XXX: fill in something useful in rule field metadata = ss_metadata_prepare_netflow("netflow_ioc", NULL, nn_queue, flow, iptr); // XXX: for now assume the output is C char* mlength = strlen((char*) metadata); //printf("metadata: %s\n", metadata); rv = ss_nn_queue_send(nn_queue, metadata, (uint16_t) mlength); } return rv; }
void sflow_flow_sample_callback(sflow_sample_t* sample, sflow_sampled_header_t* header, uint32_t s_index, uint32_t e_index) { ss_ioc_entry_t* iptr; uint8_t* metadata = NULL; size_t mlength = 0; int rv = 0; char src_ip[SS_IPV6_STR_MAX]; char dst_ip[SS_IPV6_STR_MAX]; char nat_src_ip[SS_IPV6_STR_MAX]; char nat_dst_ip[SS_IPV6_STR_MAX]; RTE_LOG(INFO, EXTRACTOR, "flow_sample_meta %u/%u:\n" " sample_rate %u\n" " sample_pool %u\n" " drop_count %u\n" " input_port %s\n" " output_port %s\n", s_index, e_index, sample->sample_rate, sample->sample_pool, sample->drop_count, sflow_port_id_dump(sample->input_port_format, sample->input_port), sflow_port_id_dump(sample->output_port_format, sample->output_port)); RTE_LOG(INFO, EXTRACTOR, "header_meta %u/%u:\n" " protocol %s\n" " packet_size %u\n" " stripped_size %u\n" " header_size %u\n", s_index, e_index, sflow_header_protocol_dump(header->protocol), header->packet_size, header->stripped_size, header->header_size); // XXX: print bytes? sflow_ip_string(&sample->src_ip, src_ip, sizeof(src_ip)); sflow_ip_string(&sample->dst_ip, dst_ip, sizeof(dst_ip)); sflow_ip_string(&sample->nat_src_ip, nat_src_ip, sizeof(nat_src_ip)); sflow_ip_string(&sample->nat_dst_ip, nat_dst_ip, sizeof(nat_dst_ip)); RTE_LOG(INFO, EXTRACTOR, "header_data: %u/%u\n" " smac %s\n" " dmac %s\n" " rx_vlan %u\n" " tx_vlan %u\n" " eth_type 0x%04x\n" " ether_len %u\n" " sip %s\n" " dip %s\n" " natsip %s\n" " natdip %s\n" " ip_protocol %u\n" " ip_tot_len %u\n" " ip_fragoff %u\n" " sport %u\n" " dport %u\n" " natsport %u\n" " natdport %u\n" " tcp_flags %u\n" " udp_len %u\n" " user_ids %s, %s\n", s_index, e_index, sflow_mac_string(sample->src_eth), sflow_mac_string(sample->dst_eth), sample->rx_vlan, sample->tx_vlan, sample->eth_type, sample->eth_len, src_ip, dst_ip, nat_src_ip, nat_dst_ip, sample->ip_protocol, sample->ip_tot_len, sample->ip_fragoff, sample->src_port, sample->dst_port, sample->nat_src_port, sample->nat_dst_port, sample->tcp_flags, sample->udp_len, sample->src_user, sample->dst_user); iptr = ss_ioc_sflow_match(sample); if (iptr) { // match RTE_LOG(NOTICE, EXTRACTOR, "successful sflow ioc match from sample\n"); ss_ioc_entry_dump_dpdk(iptr); nn_queue_t* nn_queue = &ss_conf->ioc_files[iptr->file_id].nn_queue; // XXX: fill in something useful in rule field metadata = ss_metadata_prepare_sflow("sflow_ioc", NULL, nn_queue, sample, iptr); // XXX: for now assume the output is C char* mlength = strlen((char*) metadata); //printf("metadata: %s\n", metadata); rv = ss_nn_queue_send(nn_queue, metadata, (uint16_t) mlength); } }