/* Functions */
void kafka_plugin(int pipe_fd, struct configuration *cfgptr, void *ptr)
{
struct pkt_data *data;
struct ports_table pt;
unsigned char *pipebuf;
struct pollfd pfd;
struct insert_data idata;
time_t t, avro_schema_deadline = 0;
int timeout, refresh_timeout, avro_schema_timeout = 0;
int ret, num;
struct ring *rg = &((struct channels_list_entry *)ptr)->rg;
struct ch_status *status = ((struct channels_list_entry *)ptr)->status;
struct plugins_list_entry *plugin_data = ((struct channels_list_entry *)ptr)->plugin;
int datasize = ((struct channels_list_entry *)ptr)->datasize;
u_int32_t bufsz = ((struct channels_list_entry *)ptr)->bufsize;
pid_t core_pid = ((struct channels_list_entry *)ptr)->core_pid;
struct networks_file_data nfd;
unsigned char *rgptr;
int pollagain = TRUE;
u_int32_t seq = 1, rg_err_count = 0;
struct extra_primitives extras;
struct primitives_ptrs prim_ptrs;
char *dataptr;
#ifdef WITH_AVRO
char *avro_acct_schema_str;
#endif
#ifdef WITH_ZMQ
struct p_zmq_host *zmq_host = &((struct channels_list_entry *)ptr)->zmq_host;
#endif
memcpy(&config, cfgptr, sizeof(struct configuration));
memcpy(&extras, &((struct channels_list_entry *)ptr)->extras, sizeof(struct extra_primitives));
recollect_pipe_memory(ptr);
pm_setproctitle("%s [%s]", "Kafka Plugin", config.name);
P_set_signals();
P_init_default_values();
P_config_checks();
pipebuf = (unsigned char *) pm_malloc(config.buffer_size);
memset(pipebuf, 0, config.buffer_size);
timeout = config.sql_refresh_time*1000;
if (!config.message_broker_output) config.message_broker_output = PRINT_OUTPUT_JSON;
if (config.message_broker_output & PRINT_OUTPUT_JSON) {
compose_json(config.what_to_count, config.what_to_count_2);
}
else if (config.message_broker_output & PRINT_OUTPUT_AVRO) {
#ifdef WITH_AVRO
avro_acct_schema = build_avro_schema(config.what_to_count, config.what_to_count_2);
avro_schema_add_writer_id(avro_acct_schema);
if (config.avro_schema_output_file) write_avro_schema_to_file(config.avro_schema_output_file, avro_acct_schema);
if (config.kafka_avro_schema_topic) {
if (!config.kafka_avro_schema_refresh_time)
config.kafka_avro_schema_refresh_time = DEFAULT_AVRO_SCHEMA_REFRESH_TIME;
avro_schema_deadline = time(NULL);
P_init_refresh_deadline(&avro_schema_deadline, config.kafka_avro_schema_refresh_time, 0, "m");
avro_acct_schema_str = compose_avro_purge_schema(avro_acct_schema, config.name);
}
else {
config.kafka_avro_schema_refresh_time = 0;
avro_schema_deadline = 0;
avro_schema_timeout = 0;
avro_acct_schema_str = NULL;
}
#endif
}
if ((config.sql_table && strchr(config.sql_table, '$')) && config.sql_multi_values) {
Log(LOG_ERR, "ERROR ( %s/%s ): dynamic 'kafka_topic' is not compatible with 'kafka_multi_values'. Exiting.\n", config.name, config.type);
exit_plugin(1);
}
if ((config.sql_table && strchr(config.sql_table, '$')) && config.amqp_routing_key_rr) {
Log(LOG_ERR, "ERROR ( %s/%s ): dynamic 'kafka_topic' is not compatible with 'kafka_topic_rr'. Exiting.\n", config.name, config.type);
exit_plugin(1);
}
/* setting function pointers */
if (config.what_to_count & (COUNT_SUM_HOST|COUNT_SUM_NET))
insert_func = P_sum_host_insert;
else if (config.what_to_count & COUNT_SUM_PORT) insert_func = P_sum_port_insert;
else if (config.what_to_count & COUNT_SUM_AS) insert_func = P_sum_as_insert;
#if defined (HAVE_L2)
else if (config.what_to_count & COUNT_SUM_MAC) insert_func = P_sum_mac_insert;
#endif
else insert_func = P_cache_insert;
purge_func = kafka_cache_purge;
memset(&nt, 0, sizeof(nt));
memset(&nc, 0, sizeof(nc));
memset(&pt, 0, sizeof(pt));
load_networks(config.networks_file, &nt, &nc);
set_net_funcs(&nt);
if (config.ports_file) load_ports(config.ports_file, &pt);
if (config.pkt_len_distrib_bins_str) load_pkt_len_distrib_bins();
else {
if (config.what_to_count_2 & COUNT_PKT_LEN_DISTRIB) {
Log(LOG_ERR, "ERROR ( %s/%s ): 'aggregate' contains pkt_len_distrib but no 'pkt_len_distrib_bins' defined. Exiting.\n", config.name, config.type);
exit_plugin(1);
}
}
memset(&idata, 0, sizeof(idata));
memset(&prim_ptrs, 0, sizeof(prim_ptrs));
set_primptrs_funcs(&extras);
if (config.pipe_zmq) {
plugin_pipe_zmq_compile_check();
#ifdef WITH_ZMQ
p_zmq_plugin_pipe_init_plugin(zmq_host);
p_zmq_plugin_pipe_consume(zmq_host);
p_zmq_set_retry_timeout(zmq_host, config.pipe_zmq_retry);
pipe_fd = p_zmq_get_fd(zmq_host);
seq = 0;
#endif
}
else setnonblocking(pipe_fd);
idata.now = time(NULL);
/* print_refresh time init: deadline */
refresh_deadline = idata.now;
P_init_refresh_deadline(&refresh_deadline, config.sql_refresh_time, config.sql_startup_delay, config.sql_history_roundoff);
if (config.sql_history) {
basetime_init = P_init_historical_acct;
basetime_eval = P_eval_historical_acct;
basetime_cmp = P_cmp_historical_acct;
(*basetime_init)(idata.now);
}
/* setting number of entries in _protocols structure */
while (_protocols[protocols_number].number != -1) protocols_number++;
/* plugin main loop */
for(;;) {
poll_again:
status->wakeup = TRUE;
calc_refresh_timeout(refresh_deadline, idata.now, &refresh_timeout);
if (config.kafka_avro_schema_topic) calc_refresh_timeout(avro_schema_deadline, idata.now, &avro_schema_timeout);
pfd.fd = pipe_fd;
pfd.events = POLLIN;
timeout = MIN(refresh_timeout, (avro_schema_timeout ? avro_schema_timeout : INT_MAX));
ret = poll(&pfd, (pfd.fd == ERR ? 0 : 1), timeout);
if (ret <= 0) {
if (getppid() == 1) {
Log(LOG_ERR, "ERROR ( %s/%s ): Core process *seems* gone. Exiting.\n", config.name, config.type);
exit_plugin(1);
}
if (ret < 0) goto poll_again;
}
idata.now = time(NULL);
if (config.sql_history) {
while (idata.now > (basetime.tv_sec + timeslot)) {
new_basetime.tv_sec = basetime.tv_sec;
basetime.tv_sec += timeslot;
if (config.sql_history == COUNT_MONTHLY)
timeslot = calc_monthly_timeslot(basetime.tv_sec, config.sql_history_howmany, ADD);
}
}
#ifdef WITH_AVRO
if (idata.now > avro_schema_deadline) {
kafka_avro_schema_purge(avro_acct_schema_str);
avro_schema_deadline += config.kafka_avro_schema_refresh_time;
}
#endif
switch (ret) {
case 0: /* timeout */
if (idata.now > refresh_deadline) P_cache_handle_flush_event(&pt);
break;
default: /* we received data */
read_data:
if (config.pipe_homegrown) {
if (!pollagain) {
seq++;
seq %= MAX_SEQNUM;
if (seq == 0) rg_err_count = FALSE;
}
else {
if ((ret = read(pipe_fd, &rgptr, sizeof(rgptr))) == 0)
exit_plugin(1); /* we exit silently; something happened at the write end */
}
if ((rg->ptr + bufsz) > rg->end) rg->ptr = rg->base;
if (((struct ch_buf_hdr *)rg->ptr)->seq != seq) {
if (!pollagain) {
pollagain = TRUE;
goto poll_again;
}
else {
rg_err_count++;
if (config.debug || (rg_err_count > MAX_RG_COUNT_ERR)) {
Log(LOG_WARNING, "WARN ( %s/%s ): Missing data detected (plugin_buffer_size=%llu plugin_pipe_size=%llu).\n",
config.name, config.type, config.buffer_size, config.pipe_size);
Log(LOG_WARNING, "WARN ( %s/%s ): Increase values or look for plugin_buffer_size, plugin_pipe_size in CONFIG-KEYS document.\n\n",
config.name, config.type);
}
rg->ptr = (rg->base + status->last_buf_off);
seq = ((struct ch_buf_hdr *)rg->ptr)->seq;
}
}
pollagain = FALSE;
memcpy(pipebuf, rg->ptr, bufsz);
rg->ptr += bufsz;
}
#ifdef WITH_ZMQ
else if (config.pipe_zmq) {
ret = p_zmq_plugin_pipe_recv(zmq_host, pipebuf, config.buffer_size);
if (ret > 0) {
if (seq && (((struct ch_buf_hdr *)pipebuf)->seq != ((seq + 1) % MAX_SEQNUM))) {
Log(LOG_WARNING, "WARN ( %s/%s ): Missing data detected. Sequence received=%u expected=%u\n",
config.name, config.type, ((struct ch_buf_hdr *)pipebuf)->seq, ((seq + 1) % MAX_SEQNUM));
}
seq = ((struct ch_buf_hdr *)pipebuf)->seq;
}
else goto poll_again;
}
#endif
/* lazy refresh time handling */
if (idata.now > refresh_deadline) P_cache_handle_flush_event(&pt);
data = (struct pkt_data *) (pipebuf+sizeof(struct ch_buf_hdr));
if (config.debug_internal_msg)
Log(LOG_DEBUG, "DEBUG ( %s/%s ): buffer received cpid=%u len=%llu seq=%u num_entries=%u\n",
config.name, config.type, core_pid, ((struct ch_buf_hdr *)pipebuf)->len,
seq, ((struct ch_buf_hdr *)pipebuf)->num);
if (!config.pipe_check_core_pid || ((struct ch_buf_hdr *)pipebuf)->core_pid == core_pid) {
while (((struct ch_buf_hdr *)pipebuf)->num > 0) {
for (num = 0; primptrs_funcs[num]; num++)
(*primptrs_funcs[num])((u_char *)data, &extras, &prim_ptrs);
for (num = 0; net_funcs[num]; num++)
(*net_funcs[num])(&nt, &nc, &data->primitives, prim_ptrs.pbgp, &nfd);
if (config.ports_file) {
if (!pt.table[data->primitives.src_port]) data->primitives.src_port = 0;
if (!pt.table[data->primitives.dst_port]) data->primitives.dst_port = 0;
}
if (config.pkt_len_distrib_bins_str &&
config.what_to_count_2 & COUNT_PKT_LEN_DISTRIB)
evaluate_pkt_len_distrib(data);
prim_ptrs.data = data;
(*insert_func)(&prim_ptrs, &idata);
((struct ch_buf_hdr *)pipebuf)->num--;
if (((struct ch_buf_hdr *)pipebuf)->num) {
dataptr = (unsigned char *) data;
if (!prim_ptrs.vlen_next_off) dataptr += datasize;
else dataptr += prim_ptrs.vlen_next_off;
data = (struct pkt_data *) dataptr;
}
}
}
goto read_data;
}
}
}
/* Functions */
void sqlite3_plugin(int pipe_fd, struct configuration *cfgptr, void *ptr)
{
struct pkt_data *data;
struct ports_table pt;
struct pollfd pfd;
struct insert_data idata;
struct timezone tz;
time_t refresh_deadline;
int timeout;
int ret, num;
struct ring *rg = &((struct channels_list_entry *)ptr)->rg;
struct ch_status *status = ((struct channels_list_entry *)ptr)->status;
u_int32_t bufsz = ((struct channels_list_entry *)ptr)->bufsize;
struct pkt_bgp_primitives *pbgp;
char *dataptr;
unsigned char *rgptr;
int pollagain = TRUE;
u_int32_t seq = 1, rg_err_count = 0;
memcpy(&config, cfgptr, sizeof(struct configuration));
recollect_pipe_memory(ptr);
pm_setproctitle("%s [%s]", "SQLite3 Plugin", config.name);
memset(&idata, 0, sizeof(idata));
if (config.pidfile) write_pid_file_plugin(config.pidfile, config.type, config.name);
if (config.logfile) {
fclose(config.logfile_fd);
config.logfile_fd = open_logfile(config.logfile);
}
sql_set_signals();
sql_init_default_values();
SQLI_init_default_values(&idata);
SQLI_set_callbacks(&sqlfunc_cbr);
sql_set_insert_func();
/* some LOCAL initialization AFTER setting some default values */
reload_map = FALSE;
idata.now = time(NULL);
refresh_deadline = idata.now;
sql_init_maps(&nt, &nc, &pt);
sql_init_global_buffers();
sql_init_pipe(&pfd, pipe_fd);
sql_init_historical_acct(idata.now, &idata);
sql_init_triggers(idata.now, &idata);
sql_init_refresh_deadline(&refresh_deadline);
/* setting number of entries in _protocols structure */
while (_protocols[protocols_number].number != -1) protocols_number++;
/* building up static SQL clauses */
idata.num_primitives = SQLI_compose_static_queries();
glob_num_primitives = idata.num_primitives;
/* handling purge preprocessor */
set_preprocess_funcs(config.sql_preprocess, &prep);
/* setting up environment variables */
SQL_SetENV();
sql_link_backend_descriptors(&bed, &p, &b);
/* plugin main loop */
for(;;) {
poll_again:
status->wakeup = TRUE;
sql_calc_refresh_timeout(refresh_deadline, idata.now, &timeout);
ret = poll(&pfd, 1, timeout);
if (ret < 0) goto poll_again;
idata.now = time(NULL);
if (config.sql_history) {
while (idata.now > (idata.basetime + idata.timeslot)) {
time_t saved_basetime = idata.basetime;
idata.basetime += idata.timeslot;
if (config.sql_history == COUNT_MONTHLY)
idata.timeslot = calc_monthly_timeslot(idata.basetime, config.sql_history_howmany, ADD);
glob_basetime = idata.basetime;
idata.new_basetime = saved_basetime;
glob_new_basetime = saved_basetime;
}
}
switch (ret) {
case 0: /* timeout */
if (qq_ptr) sql_cache_flush(queries_queue, qq_ptr, &idata, FALSE);
switch (fork()) {
case 0: /* Child */
/* we have to ignore signals to avoid loops:
because we are already forked */
signal(SIGINT, SIG_IGN);
signal(SIGHUP, SIG_IGN);
pm_setproctitle("%s [%s]", "SQLite3 Plugin -- DB Writer", config.name);
if (qq_ptr && sql_writers.flags != CHLD_ALERT) {
if (sql_writers.flags == CHLD_WARNING) sql_db_fail(&p);
(*sqlfunc_cbr.connect)(&p, NULL);
(*sqlfunc_cbr.purge)(queries_queue, qq_ptr, &idata);
(*sqlfunc_cbr.close)(&bed);
}
if (config.sql_trigger_exec) {
if (idata.now > idata.triggertime) sql_trigger_exec(config.sql_trigger_exec);
}
exit(0);
default: /* Parent */
if (pqq_ptr) sql_cache_flush_pending(pending_queries_queue, pqq_ptr, &idata);
gettimeofday(&idata.flushtime, &tz);
while (idata.now > refresh_deadline)
refresh_deadline += config.sql_refresh_time;
while (idata.now > idata.triggertime && idata.t_timeslot > 0) {
idata.triggertime += idata.t_timeslot;
if (config.sql_trigger_time == COUNT_MONTHLY)
idata.t_timeslot = calc_monthly_timeslot(idata.triggertime, config.sql_trigger_time_howmany, ADD);
}
idata.new_basetime = FALSE;
glob_new_basetime = FALSE;
qq_ptr = pqq_ptr;
memcpy(queries_queue, pending_queries_queue, qq_ptr*sizeof(struct db_cache *));
if (reload_map) {
load_networks(config.networks_file, &nt, &nc);
load_ports(config.ports_file, &pt);
reload_map = FALSE;
}
break;
}
break;
default: /* we received data */
read_data:
if (!pollagain) {
seq++;
seq %= MAX_SEQNUM;
if (seq == 0) rg_err_count = FALSE;
idata.now = time(NULL);
}
else {
if ((ret = read(pipe_fd, &rgptr, sizeof(rgptr))) == 0)
exit_plugin(1); /* we exit silently; something happened at the write end */
}
if (((struct ch_buf_hdr *)rg->ptr)->seq != seq) {
if (!pollagain) {
pollagain = TRUE;
goto poll_again;
}
else {
rg_err_count++;
if (config.debug || (rg_err_count > MAX_RG_COUNT_ERR)) {
Log(LOG_ERR, "ERROR ( %s/%s ): We are missing data.\n", config.name, config.type);
Log(LOG_ERR, "If you see this message once in a while, discard it. Otherwise some solutions follow:\n");
Log(LOG_ERR, "- increase shared memory size, 'plugin_pipe_size'; now: '%u'.\n", config.pipe_size);
Log(LOG_ERR, "- increase buffer size, 'plugin_buffer_size'; now: '%u'.\n", config.buffer_size);
Log(LOG_ERR, "- increase system maximum socket size.\n\n");
}
seq = ((struct ch_buf_hdr *)rg->ptr)->seq;
}
}
pollagain = FALSE;
memcpy(pipebuf, rg->ptr, bufsz);
if ((rg->ptr+bufsz) >= rg->end) rg->ptr = rg->base;
else rg->ptr += bufsz;
/* lazy sql refresh handling */
if (idata.now > refresh_deadline) {
if (qq_ptr) sql_cache_flush(queries_queue, qq_ptr, &idata, FALSE);
switch (fork()) {
case 0: /* Child */
/* we have to ignore signals to avoid loops:
because we are already forked */
signal(SIGINT, SIG_IGN);
signal(SIGHUP, SIG_IGN);
pm_setproctitle("%s [%s]", "SQLite3 Plugin -- DB Writer", config.name);
if (qq_ptr && sql_writers.flags != CHLD_ALERT) {
if (sql_writers.flags == CHLD_WARNING) sql_db_fail(&p);
(*sqlfunc_cbr.connect)(&p, NULL);
(*sqlfunc_cbr.purge)(queries_queue, qq_ptr, &idata);
(*sqlfunc_cbr.close)(&bed);
}
if (config.sql_trigger_exec) {
if (idata.now > idata.triggertime) sql_trigger_exec(config.sql_trigger_exec);
}
exit(0);
default: /* Parent */
if (pqq_ptr) sql_cache_flush_pending(pending_queries_queue, pqq_ptr, &idata);
gettimeofday(&idata.flushtime, &tz);
while (idata.now > refresh_deadline)
refresh_deadline += config.sql_refresh_time;
while (idata.now > idata.triggertime && idata.t_timeslot > 0) {
idata.triggertime += idata.t_timeslot;
if (config.sql_trigger_time == COUNT_MONTHLY)
idata.t_timeslot = calc_monthly_timeslot(idata.triggertime, config.sql_trigger_time_howmany, ADD);
}
idata.new_basetime = FALSE;
glob_new_basetime = FALSE;
qq_ptr = pqq_ptr;
memcpy(queries_queue, pending_queries_queue, qq_ptr*sizeof(struct db_cache *));
if (reload_map) {
load_networks(config.networks_file, &nt, &nc);
load_ports(config.ports_file, &pt);
reload_map = FALSE;
}
break;
}
}
else {
if (config.sql_trigger_exec) {
while (idata.now > idata.triggertime && idata.t_timeslot > 0) {
sql_trigger_exec(config.sql_trigger_exec);
idata.triggertime += idata.t_timeslot;
if (config.sql_trigger_time == COUNT_MONTHLY)
idata.t_timeslot = calc_monthly_timeslot(idata.triggertime, config.sql_trigger_time_howmany, ADD);
}
}
}
data = (struct pkt_data *) (pipebuf+sizeof(struct ch_buf_hdr));
while (((struct ch_buf_hdr *)pipebuf)->num) {
for (num = 0; net_funcs[num]; num++)
(*net_funcs[num])(&nt, &nc, &data->primitives);
if (config.ports_file) {
if (!pt.table[data->primitives.src_port]) data->primitives.src_port = 0;
if (!pt.table[data->primitives.dst_port]) data->primitives.dst_port = 0;
}
if (PbgpSz) pbgp = (struct pkt_bgp_primitives *) ((u_char *)data+PdataSz);
else pbgp = NULL;
(*insert_func)(data, pbgp, &idata);
((struct ch_buf_hdr *)pipebuf)->num--;
if (((struct ch_buf_hdr *)pipebuf)->num) {
dataptr = (unsigned char *) data;
dataptr += PdataSz + PbgpSz;
data = (struct pkt_data *) dataptr;
}
}
goto read_data;
}
}
}
/* Functions */
void pgsql_plugin(int pipe_fd, struct configuration *cfgptr, void *ptr)
{
struct pkt_data *data;
struct ports_table pt;
struct pollfd pfd;
struct insert_data idata;
time_t refresh_deadline;
int timeout, refresh_timeout, amqp_timeout;
int ret, num;
struct ring *rg = &((struct channels_list_entry *)ptr)->rg;
struct ch_status *status = ((struct channels_list_entry *)ptr)->status;
struct plugins_list_entry *plugin_data = ((struct channels_list_entry *)ptr)->plugin;
int datasize = ((struct channels_list_entry *)ptr)->datasize;
u_int32_t bufsz = ((struct channels_list_entry *)ptr)->bufsize;
struct networks_file_data nfd;
char *dataptr;
unsigned char *rgptr;
int pollagain = TRUE;
u_int32_t seq = 1, rg_err_count = 0;
struct extra_primitives extras;
struct primitives_ptrs prim_ptrs;
#ifdef WITH_RABBITMQ
struct p_amqp_host *amqp_host = &((struct channels_list_entry *)ptr)->amqp_host;
#endif
memcpy(&config, cfgptr, sizeof(struct configuration));
memcpy(&extras, &((struct channels_list_entry *)ptr)->extras, sizeof(struct extra_primitives));
recollect_pipe_memory(ptr);
pm_setproctitle("%s [%s]", "PostgreSQL Plugin", config.name);
memset(&idata, 0, sizeof(idata));
if (config.pidfile) write_pid_file_plugin(config.pidfile, config.type, config.name);
if (config.logfile) {
fclose(config.logfile_fd);
config.logfile_fd = open_logfile(config.logfile, "a");
}
sql_set_signals();
sql_init_default_values(&extras);
PG_init_default_values(&idata);
PG_set_callbacks(&sqlfunc_cbr);
sql_set_insert_func();
/* some LOCAL initialization AFTER setting some default values */
reload_map = FALSE;
idata.now = time(NULL);
refresh_deadline = idata.now;
idata.cfg = &config;
sql_init_maps(&extras, &prim_ptrs, &nt, &nc, &pt);
sql_init_global_buffers();
sql_init_historical_acct(idata.now, &idata);
sql_init_triggers(idata.now, &idata);
sql_init_refresh_deadline(&refresh_deadline);
if (config.pipe_amqp) {
plugin_pipe_amqp_compile_check();
#ifdef WITH_RABBITMQ
pipe_fd = plugin_pipe_amqp_connect_to_consume(amqp_host, plugin_data);
amqp_timeout = plugin_pipe_amqp_set_poll_timeout(amqp_host, pipe_fd);
#endif
}
else setnonblocking(pipe_fd);
/* building up static SQL clauses */
idata.num_primitives = PG_compose_static_queries();
glob_num_primitives = idata.num_primitives;
/* handling logfile template stuff */
te = sql_init_logfile_template(&th);
INIT_BUF(logbuf);
/* setting up environment variables */
SQL_SetENV();
sql_link_backend_descriptors(&bed, &p, &b);
/* plugin main loop */
for(;;) {
poll_again:
status->wakeup = TRUE;
calc_refresh_timeout(refresh_deadline, idata.now, &refresh_timeout);
pfd.fd = pipe_fd;
pfd.events = POLLIN;
timeout = MIN(refresh_timeout, (amqp_timeout ? amqp_timeout : INT_MAX));
ret = poll(&pfd, (pfd.fd == ERR ? 0 : 1), timeout);
if (ret <= 0) {
if (getppid() == 1) {
Log(LOG_ERR, "ERROR ( %s/%s ): Core process *seems* gone. Exiting.\n", config.name, config.type);
exit_plugin(1);
}
if (ret < 0) goto poll_again;
}
idata.now = time(NULL);
now = idata.now;
if (config.sql_history) {
while (idata.now > (idata.basetime + idata.timeslot)) {
time_t saved_basetime = idata.basetime;
idata.basetime += idata.timeslot;
if (config.sql_history == COUNT_MONTHLY)
idata.timeslot = calc_monthly_timeslot(idata.basetime, config.sql_history_howmany, ADD);
glob_basetime = idata.basetime;
idata.new_basetime = saved_basetime;
glob_new_basetime = saved_basetime;
}
}
#ifdef WITH_RABBITMQ
if (config.pipe_amqp && pipe_fd == ERR) {
if (timeout == amqp_timeout) {
pipe_fd = plugin_pipe_amqp_connect_to_consume(amqp_host, plugin_data);
amqp_timeout = plugin_pipe_amqp_set_poll_timeout(amqp_host, pipe_fd);
}
else amqp_timeout = plugin_pipe_amqp_calc_poll_timeout_diff(amqp_host, idata.now);
}
#endif
switch (ret) {
case 0: /* poll(): timeout */
if (qq_ptr) sql_cache_flush(queries_queue, qq_ptr, &idata, FALSE);
sql_cache_handle_flush_event(&idata, &refresh_deadline, &pt);
break;
default: /* poll(): received data */
read_data:
if (!config.pipe_amqp) {
if (!pollagain) {
seq++;
seq %= MAX_SEQNUM;
if (seq == 0) rg_err_count = FALSE;
idata.now = time(NULL);
now = idata.now;
}
else {
if ((ret = read(pipe_fd, &rgptr, sizeof(rgptr))) == 0)
exit_plugin(1); /* we exit silently; something happened at the write end */
}
if ((rg->ptr + bufsz) > rg->end) rg->ptr = rg->base;
if (((struct ch_buf_hdr *)rg->ptr)->seq != seq) {
if (!pollagain) {
pollagain = TRUE;
goto poll_again;
}
else {
rg_err_count++;
if (config.debug || (rg_err_count > MAX_RG_COUNT_ERR)) {
Log(LOG_ERR, "ERROR ( %s/%s ): We are missing data.\n", config.name, config.type);
Log(LOG_ERR, "If you see this message once in a while, discard it. Otherwise some solutions follow:\n");
Log(LOG_ERR, "- increase shared memory size, 'plugin_pipe_size'; now: '%u'.\n", config.pipe_size);
Log(LOG_ERR, "- increase buffer size, 'plugin_buffer_size'; now: '%u'.\n", config.buffer_size);
Log(LOG_ERR, "- increase system maximum socket size.\n\n");
}
seq = ((struct ch_buf_hdr *)rg->ptr)->seq;
}
}
pollagain = FALSE;
memcpy(pipebuf, rg->ptr, bufsz);
rg->ptr += bufsz;
}
#ifdef WITH_RABBITMQ
else {
ret = p_amqp_consume_binary(amqp_host, pipebuf, config.buffer_size);
if (ret) pipe_fd = ERR;
seq = ((struct ch_buf_hdr *)pipebuf)->seq;
amqp_timeout = plugin_pipe_amqp_set_poll_timeout(amqp_host, pipe_fd);
}
#endif
/* lazy sql refresh handling */
if (idata.now > refresh_deadline) {
if (qq_ptr) sql_cache_flush(queries_queue, qq_ptr, &idata, FALSE);
sql_cache_handle_flush_event(&idata, &refresh_deadline, &pt);
}
else {
if (config.sql_trigger_exec) {
while (idata.now > idata.triggertime && idata.t_timeslot > 0) {
sql_trigger_exec(config.sql_trigger_exec);
idata.triggertime += idata.t_timeslot;
if (config.sql_trigger_time == COUNT_MONTHLY)
idata.t_timeslot = calc_monthly_timeslot(idata.triggertime, config.sql_trigger_time_howmany, ADD);
}
}
}
data = (struct pkt_data *) (pipebuf+sizeof(struct ch_buf_hdr));
Log(LOG_DEBUG, "DEBUG ( %s/%s ): buffer received seq=%u num_entries=%u\n", config.name, config.type, seq, ((struct ch_buf_hdr *)pipebuf)->num);
while (((struct ch_buf_hdr *)pipebuf)->num > 0) {
for (num = 0; primptrs_funcs[num]; num++)
(*primptrs_funcs[num])((u_char *)data, &extras, &prim_ptrs);
for (num = 0; net_funcs[num]; num++)
(*net_funcs[num])(&nt, &nc, &data->primitives, prim_ptrs.pbgp, &nfd);
if (config.ports_file) {
if (!pt.table[data->primitives.src_port]) data->primitives.src_port = 0;
if (!pt.table[data->primitives.dst_port]) data->primitives.dst_port = 0;
}
if (config.pkt_len_distrib_bins_str &&
config.what_to_count_2 & COUNT_PKT_LEN_DISTRIB)
evaluate_pkt_len_distrib(data);
prim_ptrs.data = data;
(*insert_func)(&prim_ptrs, &idata);
((struct ch_buf_hdr *)pipebuf)->num--;
if (((struct ch_buf_hdr *)pipebuf)->num) {
dataptr = (unsigned char *) data;
if (!prim_ptrs.vlen_next_off) dataptr += datasize;
else dataptr += prim_ptrs.vlen_next_off;
data = (struct pkt_data *) dataptr;
}
}
if (!config.pipe_amqp) goto read_data;
}
}
}
/* Functions */
void amqp_plugin(int pipe_fd, struct configuration *cfgptr, void *ptr)
{
struct pkt_data *data;
struct ports_table pt;
unsigned char *pipebuf;
struct pollfd pfd;
time_t t, now;
int timeout, ret, num;
struct ring *rg = &((struct channels_list_entry *)ptr)->rg;
struct ch_status *status = ((struct channels_list_entry *)ptr)->status;
int datasize = ((struct channels_list_entry *)ptr)->datasize;
u_int32_t bufsz = ((struct channels_list_entry *)ptr)->bufsize;
struct networks_file_data nfd;
unsigned char *rgptr;
int pollagain = TRUE;
u_int32_t seq = 1, rg_err_count = 0;
struct extra_primitives extras;
struct primitives_ptrs prim_ptrs;
char *dataptr;
memcpy(&config, cfgptr, sizeof(struct configuration));
memcpy(&extras, &((struct channels_list_entry *)ptr)->extras, sizeof(struct extra_primitives));
recollect_pipe_memory(ptr);
pm_setproctitle("%s [%s]", "RabbitMQ/AMQP Plugin", config.name);
P_set_signals();
P_init_default_values();
pipebuf = (unsigned char *) Malloc(config.buffer_size);
memset(pipebuf, 0, config.buffer_size);
timeout = config.sql_refresh_time*1000;
if (!config.sql_user) config.sql_user = rabbitmq_user;
if (!config.sql_passwd) config.sql_passwd = rabbitmq_pwd;
/* setting function pointers */
if (config.what_to_count & (COUNT_SUM_HOST|COUNT_SUM_NET))
insert_func = P_sum_host_insert;
else if (config.what_to_count & COUNT_SUM_PORT) insert_func = P_sum_port_insert;
else if (config.what_to_count & COUNT_SUM_AS) insert_func = P_sum_as_insert;
#if defined (HAVE_L2)
else if (config.what_to_count & COUNT_SUM_MAC) insert_func = P_sum_mac_insert;
#endif
else insert_func = P_cache_insert;
purge_func = amqp_cache_purge;
memset(&nt, 0, sizeof(nt));
memset(&nc, 0, sizeof(nc));
memset(&pt, 0, sizeof(pt));
load_networks(config.networks_file, &nt, &nc);
set_net_funcs(&nt);
if (config.ports_file) load_ports(config.ports_file, &pt);
if (config.pkt_len_distrib_bins_str) load_pkt_len_distrib_bins();
else {
if (config.what_to_count_2 & COUNT_PKT_LEN_DISTRIB) {
Log(LOG_ERR, "ERROR ( %s/%s ): 'aggregate' contains pkt_len_distrib but no 'pkt_len_distrib_bins' defined. Exiting.\n", config.name, config.type);
exit_plugin(1);
}
}
memset(&prim_ptrs, 0, sizeof(prim_ptrs));
set_primptrs_funcs(&extras);
pfd.fd = pipe_fd;
pfd.events = POLLIN;
setnonblocking(pipe_fd);
now = time(NULL);
/* print_refresh time init: deadline */
refresh_deadline = now;
t = roundoff_time(refresh_deadline, config.sql_history_roundoff);
while ((t+config.sql_refresh_time) < refresh_deadline) t += config.sql_refresh_time;
refresh_deadline = t;
refresh_deadline += config.sql_refresh_time; /* it's a deadline not a basetime */
if (config.sql_history) {
basetime_init = P_init_historical_acct;
basetime_eval = P_eval_historical_acct;
basetime_cmp = P_cmp_historical_acct;
(*basetime_init)(now);
}
/* setting number of entries in _protocols structure */
while (_protocols[protocols_number].number != -1) protocols_number++;
/* plugin main loop */
for(;;) {
poll_again:
status->wakeup = TRUE;
ret = poll(&pfd, 1, timeout);
if (ret <= 0) {
if (getppid() == 1) {
Log(LOG_ERR, "ERROR ( %s/%s ): Core process *seems* gone. Exiting.\n", config.name, config.type);
exit_plugin(1);
}
if (ret < 0) goto poll_again;
}
now = time(NULL);
if (config.sql_history) {
while (now > (basetime.tv_sec + timeslot)) {
new_basetime.tv_sec = basetime.tv_sec;
basetime.tv_sec += timeslot;
if (config.sql_history == COUNT_MONTHLY)
timeslot = calc_monthly_timeslot(basetime.tv_sec, config.sql_history_howmany, ADD);
}
}
switch (ret) {
case 0: /* timeout */
P_cache_handle_flush_event(&pt);
break;
default: /* we received data */
read_data:
if (!pollagain) {
seq++;
seq %= MAX_SEQNUM;
if (seq == 0) rg_err_count = FALSE;
}
else {
if ((ret = read(pipe_fd, &rgptr, sizeof(rgptr))) == 0)
exit_plugin(1); /* we exit silently; something happened at the write end */
}
if (((struct ch_buf_hdr *)rg->ptr)->seq != seq) {
if (!pollagain) {
pollagain = TRUE;
goto poll_again;
}
else {
rg_err_count++;
if (config.debug || (rg_err_count > MAX_RG_COUNT_ERR)) {
Log(LOG_ERR, "ERROR ( %s/%s ): We are missing data.\n", config.name, config.type);
Log(LOG_ERR, "If you see this message once in a while, discard it. Otherwise some solutions follow:\n");
Log(LOG_ERR, "- increase shared memory size, 'plugin_pipe_size'; now: '%u'.\n", config.pipe_size);
Log(LOG_ERR, "- increase buffer size, 'plugin_buffer_size'; now: '%u'.\n", config.buffer_size);
Log(LOG_ERR, "- increase system maximum socket size.\n\n");
}
seq = ((struct ch_buf_hdr *)rg->ptr)->seq;
}
}
pollagain = FALSE;
memcpy(pipebuf, rg->ptr, bufsz);
if ((rg->ptr+bufsz) >= rg->end) rg->ptr = rg->base;
else rg->ptr += bufsz;
/* lazy refresh time handling */
if (now > refresh_deadline) P_cache_handle_flush_event(&pt);
data = (struct pkt_data *) (pipebuf+sizeof(struct ch_buf_hdr));
while (((struct ch_buf_hdr *)pipebuf)->num > 0) {
for (num = 0; primptrs_funcs[num]; num++)
(*primptrs_funcs[num])((u_char *)data, &extras, &prim_ptrs);
for (num = 0; net_funcs[num]; num++)
(*net_funcs[num])(&nt, &nc, &data->primitives, prim_ptrs.pbgp, &nfd);
if (config.ports_file) {
if (!pt.table[data->primitives.src_port]) data->primitives.src_port = 0;
if (!pt.table[data->primitives.dst_port]) data->primitives.dst_port = 0;
}
if (config.pkt_len_distrib_bins_str &&
config.what_to_count_2 & COUNT_PKT_LEN_DISTRIB)
evaluate_pkt_len_distrib(data);
prim_ptrs.data = data;
(*insert_func)(&prim_ptrs);
((struct ch_buf_hdr *)pipebuf)->num--;
if (((struct ch_buf_hdr *)pipebuf)->num) {
dataptr = (unsigned char *) data;
dataptr += datasize;
data = (struct pkt_data *) dataptr;
}
}
goto read_data;
}
}
}