char* ss_json_string_get(json_object* items, const char* key) {
const char* value;
char* rv = NULL;
value = ss_json_string_view(items, key);
if (value == NULL) {
fprintf(stderr, "value for %s is null\n", key);
goto out;
}
rv = je_strdup(value);
if (rv == NULL) {
fprintf(stderr, "could not allocate return value for %s\n", key);
goto out;
}
out:
return rv;
}
uint8_t* ss_metadata_prepare_sflow(
const char* source, const char* rule, nn_queue_t* nn_queue,
sflow_sample_t* sample, ss_ioc_entry_t* iptr) {
int irv;
json_object* jobject = NULL;
json_object* item = NULL;
uint8_t* rv = NULL;
uint8_t* jstring = NULL;
jobject = json_object_new_object();
if (jobject == NULL) {
RTE_LOG(ERR, EXTRACTOR, "could not allocate sflow json object\n");
goto error_out;
}
item = json_object_new_string(source);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "source", item);
item = json_object_new_int64((int64_t) __sync_add_and_fetch(&nn_queue->tx_messages, 1));
if (item == NULL) goto error_out;
json_object_object_add(jobject, "seq_num", item);
irv = ss_metadata_prepare_sflow_ip(jobject, "source_ip", &sample->source_ip);
if (irv) goto error_out;
irv = ss_metadata_prepare_sflow_ip(jobject, "agent_ip", &sample->agent_ip);
if (irv) goto error_out;
item = json_object_new_int((int32_t) sample->agent_sub_id);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "agent_sub_id", item);
item = json_object_new_int((int32_t) sample->packet_seq_num);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "packet_seq_num", item);
item = json_object_new_double(sample->sys_up_time / 1000.0);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "sys_up_time", item);
item = json_object_new_string(sflow_sample_type_dump(sample->sample_type));
if (item == NULL) goto error_out;
json_object_object_add(jobject, "sample_type", item);
item = json_object_new_string(sflow_sample_format_dump(sample->sample_type, sample->data_format));
if (item == NULL) goto error_out;
json_object_object_add(jobject, "sample_format", item);
item = json_object_new_int((int32_t) sample->sample_seq_num);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "sample_seq_num", item);
item = json_object_new_string(sflow_ds_type_dump(sample->ds_type));
if (item == NULL) goto error_out;
json_object_object_add(jobject, "ds_type", item);
item = json_object_new_int((int32_t) sample->ds_index);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "ds_index", item);
item = json_object_new_int((int32_t) sample->sample_rate);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "sample_rate", item);
item = json_object_new_int((int32_t) sample->sample_pool);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "sample_pool", item);
item = json_object_new_int((int32_t) sample->drop_count);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "drop_count", item);
item = json_object_new_string(sflow_port_id_dump(sample->input_port_format, sample->input_port));
if (item == NULL) goto error_out;
json_object_object_add(jobject, "input_port", item);
item = json_object_new_string(sflow_port_id_dump(sample->output_port_format, sample->output_port));
if (item == NULL) goto error_out;
json_object_object_add(jobject, "output_port", item);
item = json_object_new_string(sflow_header_protocol_dump(sample->header.protocol));
if (item == NULL) goto error_out;
json_object_object_add(jobject, "sample_protocol", item);
item = json_object_new_int((int32_t) sample->header.packet_size);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "packet_length", item);
item = json_object_new_int((int32_t) sample->header.stripped_size);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "stripped_length", item);
item = json_object_new_int((int32_t) sample->header.header_size);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "header_length", item);
item = json_object_new_int((int32_t) sample->eth_type);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "eth_type", item);
irv = ss_metadata_prepare_sflow_mac(jobject, "smac", (uint8_t*) &sample->src_eth);
if (irv) goto error_out;
irv = ss_metadata_prepare_sflow_mac(jobject, "dmac", (uint8_t*) &sample->src_eth);
if (irv) goto error_out;
item = json_object_new_int((int32_t) sample->rx_vlan);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "rx_vlan", item);
item = json_object_new_int((int32_t) sample->tx_vlan);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "tx_vlan", item);
irv = ss_metadata_prepare_sflow_ip(jobject, "sip", &sample->src_ip);
if (irv == -1) goto error_out;
irv = ss_metadata_prepare_sflow_ip(jobject, "dip", &sample->dst_ip);
if (irv == -1) goto error_out;
irv = ss_metadata_prepare_sflow_ip(jobject, "natsip", &sample->nat_src_ip);
if (irv == -1) goto error_out;
irv = ss_metadata_prepare_sflow_ip(jobject, "natdip", &sample->nat_dst_ip);
if (irv == -1) goto error_out;
item = json_object_new_int((int32_t) sample->ip_protocol);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "ip_protocol", item);
item = json_object_new_int((int32_t) sample->ip_tot_len);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "ip_length", item);
item = json_object_new_int((int32_t) sample->ip_ttl);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "ttl", item);
// XXX: fix this field
item = json_object_new_int((int32_t) sample->udp_len);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "l4_length", item);
if (sample->ip_protocol == IPPROTO_ICMP || sample->ip_protocol == IPPROTO_ICMPV6) {
item = json_object_new_int((int32_t) sample->src_port);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "icmp_type", item);
item = json_object_new_int((int32_t) sample->dst_port);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "icmp_code", item);
}
else {
item = json_object_new_int((int32_t) sample->src_port);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "sport", item);
item = json_object_new_int((int32_t) sample->dst_port);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "dport", item);
}
item = json_object_new_int((int32_t) sample->nat_src_port);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "natsport", item);
item = json_object_new_int((int32_t) sample->nat_dst_port);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "natdport", item);
if (sample->ip_protocol == IPPROTO_TCP) {
item = json_object_new_int((int32_t) sample->tcp_flags);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "tcp_flags", item);
}
if (sample->src_user[0]) {
item = json_object_new_string(sample->src_user);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "src_user", item);
}
if (sample->dst_user[0]) {
item = json_object_new_string(sample->dst_user);
if (item == NULL) goto error_out;
json_object_object_add(jobject, "dst_user", item);
}
if (iptr) {
irv = ss_metadata_prepare_ioc(source, rule, nn_queue, iptr, jobject);
if (irv) goto error_out;
}
item = NULL;
// XXX: NOTE: String pointer is internal to JSON object.
jstring = (uint8_t*) json_object_to_json_string_ext(jobject, JSON_C_TO_STRING_SPACED);
rv = (uint8_t*) je_strdup((char*)jstring);
if (!rv) goto error_out;
json_object_put(jobject); jobject = NULL;
return rv;
error_out:
fprintf(stderr, "could not serialize sflow metadata\n");
if (rv) { je_free(rv); rv = NULL; }
if (jobject) { json_object_put(jobject); jobject = NULL; }
if (item) { json_object_put(item); item = NULL; }
return NULL;
}
uint8_t* ss_metadata_prepare_netflow(
const char* source, nn_queue_t* nn_queue,
struct store_flow_complete* flow,
ss_ioc_entry_t* ioc_entry) {
json_object* jobject = NULL;
json_object* item = NULL;
uint8_t* rv = NULL;
uint8_t* jstring = NULL;
uint32_t fields;
uint64_t (*fmt_ntoh64)(uint64_t) = netflow_swp_ntoh64;
uint32_t (*fmt_ntoh32)(uint32_t) = netflow_swp_ntoh32;
uint16_t (*fmt_ntoh16)(uint16_t) = netflow_swp_ntoh16;
uint32_t display_mask = STORE_DISPLAY_ALL;
fields = fmt_ntoh32(flow->hdr.fields) & display_mask;
int utc_flag = 0;
jobject = json_object_new_object();
if (jobject == NULL) {
RTE_LOG(ERR, EXTRACTOR, "could not allocate netflow json object\n");
goto error_out;
}
if (SHASFIELD(TAG)) {
item = json_object_new_int(fmt_ntoh32(flow->tag.tag));
json_object_object_add(jobject, "tag", item);
}
if (SHASFIELD(RECV_TIME)) {
item = json_object_new_string(iso_time(fmt_ntoh32(flow->recv_time.recv_sec), utc_flag));
json_object_object_add(jobject, "flow_sec", item);
item = json_object_new_int(fmt_ntoh32(flow->recv_time.recv_usec));
json_object_object_add(jobject, "flow_usec", item);
}
if (SHASFIELD(PROTO_FLAGS_TOS)) {
item = json_object_new_int(flow->pft.protocol);
json_object_object_add(jobject, "ip_protocol", item);
item = json_object_new_int(flow->pft.tcp_flags);
json_object_object_add(jobject, "tcp_flags", item);
item = json_object_new_int(flow->pft.tos);
json_object_object_add(jobject, "ip_tos", item);
}
if (SHASFIELD(AGENT_ADDR4) || SHASFIELD(AGENT_ADDR6)) {
item = json_object_new_string(addr_ntop_buf(&flow->agent_addr));
json_object_object_add(jobject, "agentip", item);
}
if (SHASFIELD(SRC_ADDR4) || SHASFIELD(SRC_ADDR6)) {
item = json_object_new_string(addr_ntop_buf(&flow->src_addr));
json_object_object_add(jobject, "sip", item);
item = json_object_new_int(fmt_ntoh16(flow->ports.src_port));
json_object_object_add(jobject, "sport", item);
}
if (SHASFIELD(DST_ADDR4) || SHASFIELD(DST_ADDR6)) {
item = json_object_new_string(addr_ntop_buf(&flow->dst_addr));
json_object_object_add(jobject, "dip", item);
item = json_object_new_int(fmt_ntoh16(flow->ports.dst_port));
json_object_object_add(jobject, "dport", item);
}
if (SHASFIELD(GATEWAY_ADDR4) || SHASFIELD(GATEWAY_ADDR6)) {
item = json_object_new_string(addr_ntop_buf(&flow->gateway_addr));
json_object_object_add(jobject, "gatewayip", item);
}
if (SHASFIELD(PACKETS)) {
item = json_object_new_int(fmt_ntoh64(flow->packets.flow_packets));
json_object_object_add(jobject, "packets", item);
}
if (SHASFIELD(OCTETS)) {
item = json_object_new_int(fmt_ntoh64(flow->octets.flow_octets));
json_object_object_add(jobject, "bytes", item);
}
if (SHASFIELD(IF_INDICES)) {
item = json_object_new_int(fmt_ntoh32(flow->ifndx.if_index_in));
json_object_object_add(jobject, "sifindex", item);
item = json_object_new_int(fmt_ntoh32(flow->ifndx.if_index_out));
json_object_object_add(jobject, "difindex", item);
}
if (SHASFIELD(AGENT_INFO)) {
item = json_object_new_string(interval_time(fmt_ntoh32(flow->ainfo.sys_uptime_ms) / 1000));
json_object_object_add(jobject, "sys_uptime_sec", item);
item = json_object_new_int(fmt_ntoh32(flow->ainfo.sys_uptime_ms) % 1000);
json_object_object_add(jobject, "sys_uptime_msec", item);
item = json_object_new_string(iso_time(fmt_ntoh32(flow->ainfo.time_sec), utc_flag));
json_object_object_add(jobject, "sys_time_sec", item);
item = json_object_new_int((u_long)fmt_ntoh32(flow->ainfo.time_nanosec));
json_object_object_add(jobject, "sys_time_nsec", item);
item = json_object_new_int(fmt_ntoh16(flow->ainfo.netflow_version));
json_object_object_add(jobject, "netflow_version", item);
}
if (SHASFIELD(FLOW_TIMES)) {
item = json_object_new_string(interval_time(fmt_ntoh32(flow->ftimes.flow_start) / 1000));
json_object_object_add(jobject, "flow_start_sec", item);
item = json_object_new_int(fmt_ntoh32(flow->ftimes.flow_start) % 1000);
json_object_object_add(jobject, "flow_start_msec", item);
item = json_object_new_string(interval_time(fmt_ntoh32(flow->ftimes.flow_finish) / 1000));
json_object_object_add(jobject, "flow_stop_sec", item);
item = json_object_new_int(fmt_ntoh32(flow->ftimes.flow_finish) % 1000);
json_object_object_add(jobject, "flow_stop_msec", item);
}
if (SHASFIELD(AS_INFO)) {
item = json_object_new_int(fmt_ntoh32(flow->asinf.src_as));
json_object_object_add(jobject, "src_as", item);
item = json_object_new_int(fmt_ntoh32(flow->asinf.src_mask));
json_object_object_add(jobject, "src_masklen", item);
item = json_object_new_int(fmt_ntoh32(flow->asinf.dst_as));
json_object_object_add(jobject, "dst_as", item);
item = json_object_new_int(fmt_ntoh32(flow->asinf.dst_mask));
json_object_object_add(jobject, "dst_masklen", item);
}
if (SHASFIELD(FLOW_ENGINE_INFO)) {
item = json_object_new_int(fmt_ntoh16(flow->finf.engine_type));
json_object_object_add(jobject, "engine_type", item);
item = json_object_new_int(fmt_ntoh16(flow->finf.engine_id));
json_object_object_add(jobject, "engine_id", item);
item = json_object_new_int((u_long)fmt_ntoh32(flow->finf.flow_sequence));
json_object_object_add(jobject, "seq_num", item);
item = json_object_new_int((u_long)fmt_ntoh32(flow->finf.source_id));
json_object_object_add(jobject, "source_id", item);
}
if (SHASFIELD(CRC32)) {
item = json_object_new_int(fmt_ntoh32(flow->crc32.crc32));
json_object_object_add(jobject, "crc32", item);
}
item = NULL;
rv = 0;
// XXX: NOTE: String pointer is internal to JSON object.
jstring = (uint8_t*) json_object_to_json_string_ext(jobject, JSON_C_TO_STRING_SPACED);
rv = (uint8_t*) je_strdup((char*)jstring);
if (!rv) goto error_out;
json_object_put(jobject); jobject = NULL;
return rv;
error_out:
fprintf(stderr, "could not serialize packet metadata\n");
if (rv) { je_free(rv); rv = NULL; }
if (jobject) { json_object_put(jobject); jobject = NULL; }
if (item) { json_object_put(item); item = NULL; }
return NULL;
}
