/*
* Netflow frame extractor function
* Match netflow metadata against ioc_entries
* Relay matches to appropriate nm_queue
*/
int process_flow(struct store_flow_complete* flow) {
ss_ioc_entry_t* iptr;
uint8_t* metadata = NULL;
size_t mlength = 0;
int rv = 0;
/* Another sanity check */
if (flow->src_addr.af != flow->dst_addr.af) {
logit(LOG_WARNING, "%s: flow src(%d)/dst(%d) AF mismatch",
__func__, flow->src_addr.af, flow->dst_addr.af);
return -1;
}
/* Prepare for writing */
flow->hdr.fields = htonl(flow->hdr.fields);
flow->recv_time.recv_sec = htonl(flow->recv_time.recv_sec);
flow->recv_time.recv_usec = htonl(flow->recv_time.recv_usec);
/* mhall hardcoded verbose */
char fmtbuf[1024];
netflow_format_flow(flow, fmtbuf, sizeof(fmtbuf), 0,
STORE_DISPLAY_ALL, 0);
logit(LOG_DEBUG, "%s: ACCEPT flow %s", __func__, fmtbuf);
iptr = ss_ioc_netflow_match(flow);
if (iptr) {
// match
RTE_LOG(NOTICE, EXTRACTOR, "successful netflow ioc match from frame\n");
ss_ioc_entry_dump_dpdk(iptr);
nn_queue_t* nn_queue = &ss_conf->ioc_files[iptr->file_id].nn_queue;
// XXX: fill in something useful in rule field
metadata = ss_metadata_prepare_netflow("netflow_ioc", NULL, nn_queue, flow, iptr);
// XXX: for now assume the output is C char*
mlength = strlen((char*) metadata);
//printf("metadata: %s\n", metadata);
rv = ss_nn_queue_send(nn_queue, metadata, (uint16_t) mlength);
}
return rv;
}
void sflow_flow_sample_callback(sflow_sample_t* sample, sflow_sampled_header_t* header, uint32_t s_index, uint32_t e_index) {
ss_ioc_entry_t* iptr;
uint8_t* metadata = NULL;
size_t mlength = 0;
int rv = 0;
char src_ip[SS_IPV6_STR_MAX];
char dst_ip[SS_IPV6_STR_MAX];
char nat_src_ip[SS_IPV6_STR_MAX];
char nat_dst_ip[SS_IPV6_STR_MAX];
RTE_LOG(INFO, EXTRACTOR, "flow_sample_meta %u/%u:\n"
" sample_rate %u\n"
" sample_pool %u\n"
" drop_count %u\n"
" input_port %s\n"
" output_port %s\n",
s_index, e_index,
sample->sample_rate,
sample->sample_pool,
sample->drop_count,
sflow_port_id_dump(sample->input_port_format, sample->input_port),
sflow_port_id_dump(sample->output_port_format, sample->output_port));
RTE_LOG(INFO, EXTRACTOR, "header_meta %u/%u:\n"
" protocol %s\n"
" packet_size %u\n"
" stripped_size %u\n"
" header_size %u\n",
s_index, e_index,
sflow_header_protocol_dump(header->protocol),
header->packet_size,
header->stripped_size,
header->header_size);
// XXX: print bytes?
sflow_ip_string(&sample->src_ip, src_ip, sizeof(src_ip));
sflow_ip_string(&sample->dst_ip, dst_ip, sizeof(dst_ip));
sflow_ip_string(&sample->nat_src_ip, nat_src_ip, sizeof(nat_src_ip));
sflow_ip_string(&sample->nat_dst_ip, nat_dst_ip, sizeof(nat_dst_ip));
RTE_LOG(INFO, EXTRACTOR, "header_data: %u/%u\n"
" smac %s\n"
" dmac %s\n"
" rx_vlan %u\n"
" tx_vlan %u\n"
" eth_type 0x%04x\n"
" ether_len %u\n"
" sip %s\n"
" dip %s\n"
" natsip %s\n"
" natdip %s\n"
" ip_protocol %u\n"
" ip_tot_len %u\n"
" ip_fragoff %u\n"
" sport %u\n"
" dport %u\n"
" natsport %u\n"
" natdport %u\n"
" tcp_flags %u\n"
" udp_len %u\n"
" user_ids %s, %s\n",
s_index, e_index,
sflow_mac_string(sample->src_eth),
sflow_mac_string(sample->dst_eth),
sample->rx_vlan,
sample->tx_vlan,
sample->eth_type,
sample->eth_len,
src_ip,
dst_ip,
nat_src_ip,
nat_dst_ip,
sample->ip_protocol,
sample->ip_tot_len,
sample->ip_fragoff,
sample->src_port,
sample->dst_port,
sample->nat_src_port,
sample->nat_dst_port,
sample->tcp_flags,
sample->udp_len,
sample->src_user, sample->dst_user);
iptr = ss_ioc_sflow_match(sample);
if (iptr) {
// match
RTE_LOG(NOTICE, EXTRACTOR, "successful sflow ioc match from sample\n");
ss_ioc_entry_dump_dpdk(iptr);
nn_queue_t* nn_queue = &ss_conf->ioc_files[iptr->file_id].nn_queue;
// XXX: fill in something useful in rule field
metadata = ss_metadata_prepare_sflow("sflow_ioc", NULL, nn_queue, sample, iptr);
// XXX: for now assume the output is C char*
mlength = strlen((char*) metadata);
//printf("metadata: %s\n", metadata);
rv = ss_nn_queue_send(nn_queue, metadata, (uint16_t) mlength);
}
}
