void Flow::print_peers(lua_State* vm, bool verbose) {
char buf1[64], buf2[64], buf[256];
Host *src = get_cli_host(), *dst = get_srv_host();
if((src == NULL) || (dst == NULL)) return;
lua_newtable(vm);
lua_push_str_table_entry(vm, "client", get_cli_host()->get_ip()->print(buf, sizeof(buf)));
lua_push_str_table_entry(vm, "server", get_srv_host()->get_ip()->print(buf, sizeof(buf)));
lua_push_int_table_entry(vm, "sent", cli2srv_bytes);
lua_push_int_table_entry(vm, "rcvd", srv2cli_bytes);
lua_push_int_table_entry(vm, "sent.last", get_current_bytes_cli2srv());
lua_push_int_table_entry(vm, "rcvd.last", get_current_bytes_srv2cli());
lua_push_int_table_entry(vm, "duration", get_duration());
lua_push_float_table_entry(vm, "client.latitude", get_cli_host()->get_latitude());
lua_push_float_table_entry(vm, "client.longitude", get_cli_host()->get_longitude());
lua_push_float_table_entry(vm, "server.latitude", get_srv_host()->get_latitude());
lua_push_float_table_entry(vm, "server.longitude", get_srv_host()->get_longitude());
if(verbose) {
lua_push_bool_table_entry(vm, "client.private", get_cli_host()->get_ip()->isPrivateAddress());
lua_push_str_table_entry(vm, "client.country", get_cli_host()->get_country() ? get_cli_host()->get_country() : (char*)"");
lua_push_bool_table_entry(vm, "server.private", get_srv_host()->get_ip()->isPrivateAddress());
lua_push_str_table_entry(vm, "server.country", get_srv_host()->get_country() ? get_srv_host()->get_country() : (char*)"");
lua_push_str_table_entry(vm, "client.city", get_cli_host()->get_city() ? get_cli_host()->get_city() : (char*)"");
lua_push_str_table_entry(vm, "server.city", get_srv_host()->get_city() ? get_srv_host()->get_city() : (char*)"");
if(verbose) {
if(((cli2srv_packets+srv2cli_packets) > NDPI_MIN_NUM_PACKETS)
|| (ndpi_detected_protocol != NDPI_PROTOCOL_UNKNOWN)
|| iface->is_ndpi_enabled()
|| iface->is_sprobe_interface())
lua_push_str_table_entry(vm, "proto.ndpi", get_detected_protocol_name());
else
lua_push_str_table_entry(vm, "proto.ndpi", (char*)CONST_TOO_EARLY);
}
}
// Key
/* Too slow */
#if 0
snprintf(buf, sizeof(buf), "%s %s",
src->Host::get_name(buf1, sizeof(buf1), false),
dst->Host::get_name(buf2, sizeof(buf2), false));
#else
snprintf(buf, sizeof(buf), "%s %s",
intoaV4(ntohl(get_cli_ipv4()), buf1, sizeof(buf1)),
intoaV4(ntohl(get_srv_ipv4()), buf2, sizeof(buf2)));
#endif
lua_pushstring(vm, buf);
lua_insert(vm, -2);
lua_settable(vm, -3);
}
static void printFlow(struct ndpi_flow *flow) {
char buf1[32], buf2[32];
printf("\t%s %s:%u > %s:%u [proto: %u/%s][%u pkts/%u bytes]\n",
ipProto2Name(flow->protocol),
intoaV4(ntohl(flow->lower_ip), buf1, sizeof(buf1)),
ntohs(flow->lower_port),
intoaV4(ntohl(flow->upper_ip), buf2, sizeof(buf2)),
ntohs(flow->upper_port),
flow->detected_protocol,
ndpi_get_proto_name(ndpi_struct, flow->detected_protocol),
flow->packets, flow->bytes);
}
static void fPrintFlow(FILE *stream, struct ndpi_flow *flow) {
char buf1[32], buf2[32];
fprintf(stream, "%s %u %s %u %.6f %s %u/%s %u %u\n",
intoaV4(ntohl(flow->lower_ip), buf1, sizeof(buf1)),
ntohs(flow->lower_port),
intoaV4(ntohl(flow->upper_ip), buf2, sizeof(buf2)),
ntohs(flow->upper_port),
flow->first_packet_time_sec + flow->first_packet_time_usec/1000000.0,
ipProto2Name(flow->protocol),
flow->detected_protocol,
ndpi_get_proto_name(ndpi_struct, flow->detected_protocol),
flow->packets, flow->bytes);
}
/* Function called when the shutdown_reflector is started */
void shutdown_reflector() {
u_int32_t tot_sent = 0;
int i;
if(!shutting_down) {
shutting_down = 1;
traceLevel = 6;
traceEvent(TRACE_INFO, "Shutting down...");
shutdown_reflector(in_sock, SHUT_RDWR);
close(in_sock);
traceEvent(TRACE_INFO, "Leaving...");
close(out_sock);
}
traceEvent(TRACE_INFO, "Received [%u flow packets]", num_rcvd_flows);
for(i=0; i<num_nf_collectors; i++) {
char ebuf[64];
traceEvent(TRACE_INFO, "Collector %s: forwarded %u flows",
intoaV4(ntohl(nf_collectors[i].addr.sin_addr.s_addr), ebuf, sizeof(ebuf)),
nf_collectors[i].num_pkts_sent);
tot_sent += nf_collectors[i].num_pkts_sent;
}
traceEvent(TRACE_INFO, "Forwarded [%u flows][%u discarded for missing collector]",
tot_sent, unforwarded_as_no_available_collector);
exit(0);
}
/* List known reflectors */
static void list_reflectors(int command_sd, /* Socket where the response will be sent */
struct sockaddr_in *cliAddr /* Address of the requestor */) {
char buf[2500];
u_int32_t tot_flow_pkts_sent = 0;
int idx = 0, rc, i;
time_t now = time(NULL);
for(i=0; i<num_nf_collectors; i++) {
char tmpbuf[32];
idx += snprintf(&buf[idx], sizeof(buf)-idx, "Collector %s:%d : ",
intoaV4(ntohl(nf_collectors[i].addr.sin_addr.s_addr), tmpbuf, sizeof(tmpbuf)),
ntohs(nf_collectors[i].addr.sin_port));
idx += snprintf(&buf[idx], sizeof(buf)-idx, "[Sent %u flows pkts]\n",
nf_collectors[i].num_pkts_sent);
tot_flow_pkts_sent += nf_collectors[i].num_pkts_sent;
idx += snprintf(&buf[idx], sizeof(buf)-idx, "\n");
}
if(num_nf_collectors == 0) snprintf(buf, sizeof(buf), "No nf_collectors defined");
idx += snprintf(&buf[idx], sizeof(buf)-idx, "Total flow packets rcvd / sent / unsent no collector: %u / %u / %u\n",
num_rcvd_flows, tot_flow_pkts_sent, unforwarded_as_no_available_collector);
}
int send_packet(int sock, char* msg, u_int msg_len, struct sockaddr_in *dest) {
int rc;
rc = sendto(sock, msg, msg_len, 0, (struct sockaddr*)dest, sizeof(struct sockaddr_in));
if(rc == -1) {
char ebuf[64];
/* traceEvent(TRACE_ERROR, "Forwarding error: %s", strerror(errno)); */
traceEvent(TRACE_ERROR, "Collector %s:%u either down or unreachable",
intoaV4(ntohl(nf_collectors[last_target].addr.sin_addr.s_addr), ebuf, sizeof(ebuf)),
ntohs(nf_collectors[last_target].addr.sin_port));
}
return(rc);
}
/* Process the incoming file */
static u_int8_t process_flow(char *msg, /* Flow */
int msg_len, /* Flow length */
struct sockaddr_in *cliAddr /* Flow sedevicesr */) {
char ebuf[32];
int rc, targetId = -1, j;
num_rcvd_flows++;
if(num_nf_collectors == 0) {
traceEvent(TRACE_INFO, "Flow dropped: no nf_collectors defined");
return(1);
}
if(traceLevel > 2)
traceEvent(TRACE_INFO, "Forwarding flow received from %s:%u [len=%d]",
intoaV4(ntohl(cliAddr->sin_addr.s_addr), ebuf, sizeof(ebuf)),
ntohs(cliAddr->sin_port), msg_len);
/* Check prefered nf_collectors first */
for(j=0; j<num_nf_probes; j++)
if(nf_probes[j].source_addr.s_addr == cliAddr->sin_addr.s_addr) {
targetId = j;
break;
}
if(targetId != -1) {
if(!dummy_mode) {
rc = send_packet(out_sock, msg, msg_len, &nf_collectors[targetId].addr);
if(rc == -1)
traceEvent(TRACE_ERROR, "Forwarding error: %s", strerror(errno));
}
nf_collectors[targetId].num_pkts_sent++;
last_target = targetId;
} else {
traceEvent(TRACE_INFO, "No collector available for forwarding");
unforwarded_as_no_available_collector++;
}
return(0);
}
static char* intoa(IpAddress addr, char* buf, u_short bufLen) {
if(addr.ipVersion == 4)
return(intoaV4(addr.ipType.ipv4, buf, bufLen));
else {
char *ret;
int len;
ret = (char*)inet_ntop(AF_INET6, &addr.ipType.ipv6, buf, bufLen);
if(ret == NULL) {
printf("WARNING: Internal error (buffer too short)");
buf[0] = '\0';
} else {
len = strlen(ret);
}
ret = buf;
return(ret);
}
}
static unsigned int packet_processing(const u_int64_t time,
const struct ndpi_iphdr *iph,
struct ndpi_ip6_hdr *iph6,
u_int16_t ip_offset,
u_int16_t ipsize, u_int16_t rawsize)
{
struct ndpi_id_struct *src, *dst;
struct ndpi_flow *flow;
struct ndpi_flow_struct *ndpi_flow = NULL;
u_int32_t protocol = 0;
u_int8_t proto;
if(iph)
flow = get_ndpi_flow(4, iph, ip_offset, ipsize,
ntohs(iph->tot_len) - (iph->ihl * 4),
&src, &dst, &proto);
else
flow = get_ndpi_flow6(iph6, ip_offset, &src, &dst, &proto);
if(flow != NULL) {
ndpi_flow = flow->ndpi_flow;
flow->packets++, flow->bytes += rawsize;
} else
return(0);
ip_packet_count++;
total_bytes += rawsize + 24 /* CRC etc */;
if(flow->detection_completed) return(0);
protocol = (const u_int32_t)ndpi_detection_process_packet(ndpi_struct, ndpi_flow,
iph ? (uint8_t *)iph : (uint8_t *)iph6,
ipsize, time, src, dst);
flow->detected_protocol = protocol;
if((flow->detected_protocol != NDPI_PROTOCOL_UNKNOWN)
|| (proto == IPPROTO_UDP)
|| ((proto == IPPROTO_TCP) && (flow->packets > 10))) {
flow->detection_completed = 1;
#if 0
if(flow->ndpi_flow->l4.tcp.host_server_name[0] != '\0')
printf("%s\n", flow->ndpi_flow->l4.tcp.host_server_name);
#endif
if(verbose > 1) {
char buf1[32], buf2[32];
printf("%s %s:%u > %s:%u [proto: %u/%s][%s]\n",
ipProto2Name(flow->protocol),
intoaV4(ntohl(flow->lower_ip), buf1, sizeof(buf1)), ntohs(flow->lower_port),
intoaV4(ntohl(flow->upper_ip), buf2, sizeof(buf2)), ntohs(flow->upper_port),
protocol, ndpi_get_proto_name(ndpi_struct, protocol),
flow->ndpi_flow->host_server_name);
}
snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", flow->ndpi_flow->host_server_name);
free_ndpi_flow(flow);
}
#if 0
if(ndpi_flow->l4.tcp.host_server_name[0] != '\0')
printf("%s\n", ndpi_flow->l4.tcp.host_server_name);
#endif
return 0;
}
static unsigned int packet_processing(const u_int64_t time, const struct pcap_pkthdr *header,
const struct ndpi_iphdr *iph, u_int16_t ipsize, u_int16_t rawsize)
{
struct ndpi_id_struct *src, *dst;
struct ndpi_flow *flow;
struct ndpi_flow_struct *ndpi_flow = NULL;
u_int16_t protocol = 0;
u_int16_t frag_off = ntohs(iph->frag_off);
flow = get_ndpi_flow(header, iph, ipsize);
if (flow != NULL) {
ndpi_flow = flow->ndpi_flow;
flow->packets++, flow->bytes += rawsize;
src = flow->src_id, dst = flow->dst_id;
} else
return;
ip_packet_count++;
total_bytes += rawsize;
if(flow->detection_completed) return;
// only handle unfragmented packets
if ((frag_off & 0x3FFF) == 0) {
// here the actual detection is performed
ndpi_protocol detected = ndpi_detection_process_packet(ndpi_struct, ndpi_flow, (uint8_t *) iph, ipsize, time, src, dst);
protocol = detected.master_protocol;
} else {
static u_int8_t frag_warning_used = 0;
if (frag_warning_used == 0) {
printf("\n\nWARNING: fragmented ip packets are not supported and will be skipped \n\n");
frag_warning_used = 1;
}
return 0;
}
#if 0
if(verbose && (protocol == 0)) {
char buf1[32], buf2[32];
printf("%s %s:%u > %s:%u [proto: %u/%s]\n",
ipProto2Name(flow->protocol),
intoaV4(ntohl(flow->lower_ip), buf1, sizeof(buf1)), ntohs(flow->lower_port),
intoaV4(ntohl(flow->upper_ip), buf2, sizeof(buf2)), ntohs(flow->upper_port),
protocol, ndpi_get_proto_name(ndpi_struct, protocol));
}
#endif
flow->detected_protocol = protocol;
if((flow->detected_protocol != NDPI_PROTOCOL_UNKNOWN)
|| (iph->protocol == IPPROTO_UDP)
|| ((iph->protocol == IPPROTO_TCP) && (flow->packets > 10))) {
flow->detection_completed = 1;
#if 0
if(flow->ndpi_flow->l4.tcp.host_server_name[0] != '\0')
printf("%s\n", flow->ndpi_flow->l4.tcp.host_server_name);
#endif
free_ndpi_flow(flow);
}
#if 0
if(ndpi_flow->l4.tcp.host_server_name[0] != '\0')
printf("%s\n", ndpi_flow->l4.tcp.host_server_name);
#endif
return 0;
}