static PyObject *
flow_format(FlowObject *self, PyObject *args, PyObject *kw_args)
{
static char *keywords[] = { "utc", "mask", NULL };
char buf[1024];
int utcflag = 0;
unsigned long mask = STORE_DISPLAY_BRIEF;
if (!PyArg_ParseTupleAndKeywords(args, kw_args, "|ik:format", keywords,
&utcflag, &mask))
return NULL;
if (flowobj_normalise(self) == -1)
return (NULL);
store_format_flow(&self->flow, buf, sizeof(buf), utcflag, mask, 1);
return PyString_FromString(buf);
}
static void
process_flow(struct store_flow_complete *flow, struct flowd_config *conf,
int log_fd, int log_socket)
{
char ebuf[512], fbuf[1024];
int flen;
u_int filtres;
/* Another sanity check */
if (flow->src_addr.af != flow->dst_addr.af) {
logit(LOG_WARNING, "%s: flow src(%d)/dst(%d) AF mismatch",
__func__, flow->src_addr.af, flow->dst_addr.af);
return;
}
/* Prepare for writing */
flow->hdr.fields = htonl(flow->hdr.fields);
flow->recv_time.recv_sec = htonl(flow->recv_time.recv_sec);
flow->recv_time.recv_usec = htonl(flow->recv_time.recv_usec);
filtres = filter_flow(flow, &conf->filter_list);
if (conf->opts & FLOWD_OPT_VERBOSE) {
char fmtbuf[1024];
u_int64_t pp = 0;
struct flot_node fl;
store_format_flow(flow, &fl, fmtbuf, sizeof(fmtbuf), 0,
STORE_DISPLAY_ALL, 0);
logit(LOG_DEBUG, "%s: %s flow %s", __func__,
filtres == FF_ACTION_DISCARD ? "DISCARD" : "ACCEPT", fmtbuf);
///////////////////////////////////////////////////////////////////////////////////////////////////////////
//////////////////////// IMED
sem_wait (&semFlows);
Add_flow(&fl);
//logit(LOG_WARNING, "Remplissage de|||||||| flot_flow_packets ######### %llu ###################################", flot.flow_packets);
//logit(LOG_WARNING, "Remplissage de|||||||| l'adresse source ######### %s ########estimation_flow_list ########################", flot.src_addr);
/*logit(LOG_WARNING, "packets ###### %llu ####### \n", estimation_flow_list->flow_packets);
logit(LOG_WARNING, "SRC_ADDR #### %s #### \n", estimation_flow_list->src_addr);
logit(LOG_WARNING, "DST_ADDR #### %s ##### \n", estimation_flow_list->dst_addr);
logit(LOG_WARNING, "GATEWAY ##### %s ##### \n", estimation_flow_list->gateway_addr);
logit(LOG_WARNING, "SRC_PORT #### %d ###### \n", estimation_flow_list->src_port);
logit(LOG_WARNING, "DST_PORT #### %d ####### \n", estimation_flow_list->dst_port);
logit(LOG_WARNING, "OCKTETS ##### %llu ###### \n", estimation_flow_list->flow_octets);*/
sem_post (&semFlows);
// sleep(1);
/////////////////////////////////////////////////////////////////////////////////////////////////////
}
if (filtres == FF_ACTION_DISCARD)
return;
if (store_flow_serialise_masked(flow, conf->store_mask, fbuf,
sizeof(fbuf), &flen, ebuf, sizeof(ebuf)) != STORE_ERR_OK)
logerrx("%s: exiting on %s", __func__, ebuf);
if (log_fd != -1 && output_flow_enqueue(fbuf, flen,
conf->opts & FLOWD_OPT_VERBOSE) == -1) {
output_flow_flush(log_fd, conf->opts & FLOWD_OPT_VERBOSE);
/* Must not fail after flush */
if (output_flow_enqueue(fbuf, flen,
conf->opts & FLOWD_OPT_VERBOSE) == -1)
logerrx("%s: enqueue failed after flush", __func__);
}
/* Track failures to send on log socket so we can reopen it */
if (log_socket != -1 && send(log_socket, fbuf, flen, 0) == -1) {
if (logsock_num_errors > 0 &&
(logsock_num_errors % 10) == 0) {
logit(LOG_WARNING, "log socket send: %s "
"(num errors %d)", strerror(errno),
logsock_num_errors);
}
if (errno != ENOBUFS) {
if (logsock_first_error == 0)
logsock_first_error = time(NULL);
logsock_num_errors++;
}
} else {
/* Start to disregard errors after success */
if (logsock_num_errors > 0)
logsock_num_errors--;
if (logsock_num_errors == 0)
logsock_first_error = 0;
}
/* XXX reopen log file on one failure, exit on multiple */
}
int
main(int argc, char **argv)
{
int ch, i, fd, utc, r, verbose, debug, csv;
extern char *optarg;
extern int optind;
struct store_flow_complete flow;
struct store_v2_flow_complete flow_v2;
char buf[2048], ebuf[512];
const char *ffile, *ofile;
FILE *ffilef;
int ofd, read_legacy, head, nflows;
u_int32_t disp_mask;
struct flowd_config filter_config;
struct store_v2_header hdr_v2;
utc = verbose = debug = read_legacy = csv = 0;
ofile = ffile = NULL;
ofd = -1;
ffilef = NULL;
head = 0;
bzero(&filter_config, sizeof(filter_config));
while ((ch = getopt(argc, argv, "H:LUdf:ho:qvc")) != -1) {
switch (ch) {
case 'h':
usage();
return (0);
case 'H':
if ((head = atoi(optarg)) <= 0) {
fprintf(stderr, "Invalid -H value.\n");
usage();
exit(1);
}
break;
case 'L':
read_legacy = 1;
break;
case 'U':
utc = 1;
break;
case 'd':
debug = 1;
filter_config.opts |= FLOWD_OPT_VERBOSE;
break;
case 'f':
ffile = optarg;
break;
case 'o':
ofile = optarg;
break;
case 'q':
verbose = -1;
break;
case 'v':
verbose = 1;
break;
case 'c':
csv = 1;
break;
default:
usage();
exit(1);
}
}
loginit(PROGNAME, 1, debug);
if (argc - optind < 1) {
fprintf(stderr, "No logfile specified\n");
usage();
exit(1);
}
if (ffile != NULL) {
if ((ffilef = fopen(ffile, "r")) == NULL)
logerr("fopen(%s)", ffile);
if (parse_config(ffile, ffilef, &filter_config, 1) != 0)
exit(1);
fclose(ffilef);
}
if (ofile != NULL) {
if (strcmp(ofile, "-") == 0) {
if (!debug)
verbose = -1;
ofile = NULL;
if (isatty(STDOUT_FILENO))
logerrx("Refusing to write binary flow data to "
"standard output.");
}
ofd = open_start_log(ofile, debug);
}
if (filter_config.store_mask == 0)
filter_config.store_mask = STORE_FIELD_ALL;
disp_mask = (verbose > 0) ? STORE_DISPLAY_ALL: STORE_DISPLAY_BRIEF;
disp_mask &= filter_config.store_mask;
for (i = optind; i < argc; i++) {
if (strcmp(argv[i], "-") == 0)
fd = STDIN_FILENO;
else if ((fd = open(argv[i], O_RDONLY)) == -1)
logerr("open(%s)", argv[i]);
if (read_legacy && store_v2_get_header(fd, &hdr_v2, ebuf,
sizeof(ebuf)) != STORE_ERR_OK)
logerrx("%s", ebuf);
if (verbose >= 1) {
printf("LOGFILE %s", argv[i]);
if (read_legacy)
printf(" started at %s",
iso_time(ntohl(hdr_v2.start_time), utc));
printf("\n");
fflush(stdout);
}
if (csv == 1) {
csv++;
printf("#:unix_secs,unix_nsecs,sysuptime,exaddr,"
"dpkts,doctets,first,last,engine_type,engine_id,"
"srcaddr,dstaddr,nexthop,input,output,srcport,"
"dstport,prot,tos,tcp_flags,src_mask,dst_mask,"
"src_as,dst_as\n");
}
for (nflows = 0; head == 0 || nflows < head; nflows++) {
bzero(&flow, sizeof(flow));
if (read_legacy)
r = store_v2_get_flow(fd, &flow_v2, ebuf,
sizeof(ebuf));
else
r = store_get_flow(fd, &flow, ebuf,
sizeof(ebuf));
if (r == STORE_ERR_EOF)
break;
else if (r != STORE_ERR_OK)
logerrx("%s", ebuf);
if (read_legacy &&
store_v2_flow_convert(&flow_v2, &flow) == -1)
logerrx("legacy flow conversion failed");
if (ffile != NULL && filter_flow(&flow,
&filter_config.filter_list) == FF_ACTION_DISCARD)
continue;
if (csv) {
store_format_flow_flowtools_csv(&flow, buf,
sizeof(buf), utc, disp_mask, 0);
printf("%s\n", buf);
}
else if (verbose >= 0) {
store_format_flow(&flow, buf, sizeof(buf),
utc, disp_mask, 0);
printf("%s\n", buf);
fflush(stdout);
}
if (ofd != -1 && store_put_flow(ofd, &flow,
filter_config.store_mask, ebuf,
sizeof(ebuf)) == -1)
logerrx("%s", ebuf);
}
if (fd != STDIN_FILENO)
close(fd);
}
if (ofd != -1)
close(ofd);
if (ffile != NULL && debug)
dump_config(&filter_config, "final", 1);
return (0);
}
