static PyObject * flow_format(FlowObject *self, PyObject *args, PyObject *kw_args) { static char *keywords[] = { "utc", "mask", NULL }; char buf[1024]; int utcflag = 0; unsigned long mask = STORE_DISPLAY_BRIEF; if (!PyArg_ParseTupleAndKeywords(args, kw_args, "|ik:format", keywords, &utcflag, &mask)) return NULL; if (flowobj_normalise(self) == -1) return (NULL); store_format_flow(&self->flow, buf, sizeof(buf), utcflag, mask, 1); return PyString_FromString(buf); }
static void process_flow(struct store_flow_complete *flow, struct flowd_config *conf, int log_fd, int log_socket) { char ebuf[512], fbuf[1024]; int flen; u_int filtres; /* Another sanity check */ if (flow->src_addr.af != flow->dst_addr.af) { logit(LOG_WARNING, "%s: flow src(%d)/dst(%d) AF mismatch", __func__, flow->src_addr.af, flow->dst_addr.af); return; } /* Prepare for writing */ flow->hdr.fields = htonl(flow->hdr.fields); flow->recv_time.recv_sec = htonl(flow->recv_time.recv_sec); flow->recv_time.recv_usec = htonl(flow->recv_time.recv_usec); filtres = filter_flow(flow, &conf->filter_list); if (conf->opts & FLOWD_OPT_VERBOSE) { char fmtbuf[1024]; u_int64_t pp = 0; struct flot_node fl; store_format_flow(flow, &fl, fmtbuf, sizeof(fmtbuf), 0, STORE_DISPLAY_ALL, 0); logit(LOG_DEBUG, "%s: %s flow %s", __func__, filtres == FF_ACTION_DISCARD ? "DISCARD" : "ACCEPT", fmtbuf); /////////////////////////////////////////////////////////////////////////////////////////////////////////// //////////////////////// IMED sem_wait (&semFlows); Add_flow(&fl); //logit(LOG_WARNING, "Remplissage de|||||||| flot_flow_packets ######### %llu ###################################", flot.flow_packets); //logit(LOG_WARNING, "Remplissage de|||||||| l'adresse source ######### %s ########estimation_flow_list ########################", flot.src_addr); /*logit(LOG_WARNING, "packets ###### %llu ####### \n", estimation_flow_list->flow_packets); logit(LOG_WARNING, "SRC_ADDR #### %s #### \n", estimation_flow_list->src_addr); logit(LOG_WARNING, "DST_ADDR #### %s ##### \n", estimation_flow_list->dst_addr); logit(LOG_WARNING, "GATEWAY ##### %s ##### \n", estimation_flow_list->gateway_addr); logit(LOG_WARNING, "SRC_PORT #### %d ###### \n", estimation_flow_list->src_port); logit(LOG_WARNING, "DST_PORT #### %d ####### \n", estimation_flow_list->dst_port); logit(LOG_WARNING, "OCKTETS ##### %llu ###### \n", estimation_flow_list->flow_octets);*/ sem_post (&semFlows); // sleep(1); ///////////////////////////////////////////////////////////////////////////////////////////////////// } if (filtres == FF_ACTION_DISCARD) return; if (store_flow_serialise_masked(flow, conf->store_mask, fbuf, sizeof(fbuf), &flen, ebuf, sizeof(ebuf)) != STORE_ERR_OK) logerrx("%s: exiting on %s", __func__, ebuf); if (log_fd != -1 && output_flow_enqueue(fbuf, flen, conf->opts & FLOWD_OPT_VERBOSE) == -1) { output_flow_flush(log_fd, conf->opts & FLOWD_OPT_VERBOSE); /* Must not fail after flush */ if (output_flow_enqueue(fbuf, flen, conf->opts & FLOWD_OPT_VERBOSE) == -1) logerrx("%s: enqueue failed after flush", __func__); } /* Track failures to send on log socket so we can reopen it */ if (log_socket != -1 && send(log_socket, fbuf, flen, 0) == -1) { if (logsock_num_errors > 0 && (logsock_num_errors % 10) == 0) { logit(LOG_WARNING, "log socket send: %s " "(num errors %d)", strerror(errno), logsock_num_errors); } if (errno != ENOBUFS) { if (logsock_first_error == 0) logsock_first_error = time(NULL); logsock_num_errors++; } } else { /* Start to disregard errors after success */ if (logsock_num_errors > 0) logsock_num_errors--; if (logsock_num_errors == 0) logsock_first_error = 0; } /* XXX reopen log file on one failure, exit on multiple */ }
int main(int argc, char **argv) { int ch, i, fd, utc, r, verbose, debug, csv; extern char *optarg; extern int optind; struct store_flow_complete flow; struct store_v2_flow_complete flow_v2; char buf[2048], ebuf[512]; const char *ffile, *ofile; FILE *ffilef; int ofd, read_legacy, head, nflows; u_int32_t disp_mask; struct flowd_config filter_config; struct store_v2_header hdr_v2; utc = verbose = debug = read_legacy = csv = 0; ofile = ffile = NULL; ofd = -1; ffilef = NULL; head = 0; bzero(&filter_config, sizeof(filter_config)); while ((ch = getopt(argc, argv, "H:LUdf:ho:qvc")) != -1) { switch (ch) { case 'h': usage(); return (0); case 'H': if ((head = atoi(optarg)) <= 0) { fprintf(stderr, "Invalid -H value.\n"); usage(); exit(1); } break; case 'L': read_legacy = 1; break; case 'U': utc = 1; break; case 'd': debug = 1; filter_config.opts |= FLOWD_OPT_VERBOSE; break; case 'f': ffile = optarg; break; case 'o': ofile = optarg; break; case 'q': verbose = -1; break; case 'v': verbose = 1; break; case 'c': csv = 1; break; default: usage(); exit(1); } } loginit(PROGNAME, 1, debug); if (argc - optind < 1) { fprintf(stderr, "No logfile specified\n"); usage(); exit(1); } if (ffile != NULL) { if ((ffilef = fopen(ffile, "r")) == NULL) logerr("fopen(%s)", ffile); if (parse_config(ffile, ffilef, &filter_config, 1) != 0) exit(1); fclose(ffilef); } if (ofile != NULL) { if (strcmp(ofile, "-") == 0) { if (!debug) verbose = -1; ofile = NULL; if (isatty(STDOUT_FILENO)) logerrx("Refusing to write binary flow data to " "standard output."); } ofd = open_start_log(ofile, debug); } if (filter_config.store_mask == 0) filter_config.store_mask = STORE_FIELD_ALL; disp_mask = (verbose > 0) ? STORE_DISPLAY_ALL: STORE_DISPLAY_BRIEF; disp_mask &= filter_config.store_mask; for (i = optind; i < argc; i++) { if (strcmp(argv[i], "-") == 0) fd = STDIN_FILENO; else if ((fd = open(argv[i], O_RDONLY)) == -1) logerr("open(%s)", argv[i]); if (read_legacy && store_v2_get_header(fd, &hdr_v2, ebuf, sizeof(ebuf)) != STORE_ERR_OK) logerrx("%s", ebuf); if (verbose >= 1) { printf("LOGFILE %s", argv[i]); if (read_legacy) printf(" started at %s", iso_time(ntohl(hdr_v2.start_time), utc)); printf("\n"); fflush(stdout); } if (csv == 1) { csv++; printf("#:unix_secs,unix_nsecs,sysuptime,exaddr," "dpkts,doctets,first,last,engine_type,engine_id," "srcaddr,dstaddr,nexthop,input,output,srcport," "dstport,prot,tos,tcp_flags,src_mask,dst_mask," "src_as,dst_as\n"); } for (nflows = 0; head == 0 || nflows < head; nflows++) { bzero(&flow, sizeof(flow)); if (read_legacy) r = store_v2_get_flow(fd, &flow_v2, ebuf, sizeof(ebuf)); else r = store_get_flow(fd, &flow, ebuf, sizeof(ebuf)); if (r == STORE_ERR_EOF) break; else if (r != STORE_ERR_OK) logerrx("%s", ebuf); if (read_legacy && store_v2_flow_convert(&flow_v2, &flow) == -1) logerrx("legacy flow conversion failed"); if (ffile != NULL && filter_flow(&flow, &filter_config.filter_list) == FF_ACTION_DISCARD) continue; if (csv) { store_format_flow_flowtools_csv(&flow, buf, sizeof(buf), utc, disp_mask, 0); printf("%s\n", buf); } else if (verbose >= 0) { store_format_flow(&flow, buf, sizeof(buf), utc, disp_mask, 0); printf("%s\n", buf); fflush(stdout); } if (ofd != -1 && store_put_flow(ofd, &flow, filter_config.store_mask, ebuf, sizeof(ebuf)) == -1) logerrx("%s", ebuf); } if (fd != STDIN_FILENO) close(fd); } if (ofd != -1) close(ofd); if (ffile != NULL && debug) dump_config(&filter_config, "final", 1); return (0); }