void refresh_opt_template(void *hdr, struct template_cache_entry *tpl, struct packet_ptrs *pptrs, u_int16_t tpl_type, u_int32_t sid, u_int8_t version)
{
struct options_template_hdr_v9 *hdr_v9 = (struct options_template_hdr_v9 *) hdr;
struct options_template_hdr_ipfix *hdr_v10 = (struct options_template_hdr_ipfix *) hdr;
struct template_cache_entry *next;
struct template_field_v9 *field;
u_int16_t slen, olen, count, type, port, tid;
u_char *ptr;
/* NetFlow v9 */
if (tpl_type == 1) {
tid = hdr_v9->template_id;
slen = ntohs(hdr_v9->scope_len)/sizeof(struct template_field_v9);
olen = ntohs(hdr_v9->option_len)/sizeof(struct template_field_v9);
}
/* IPFIX */
else if (tpl_type == 3) {
tid = hdr_v10->template_id;
slen = ntohs(hdr_v10->scope_count);
olen = ntohs(hdr_v10->option_count)-slen;
}
next = tpl->next;
memset(tpl, 0, sizeof(struct template_cache_entry));
sa_to_addr((struct sockaddr *)pptrs->f_agent, &tpl->agent, &port);
tpl->source_id = sid;
tpl->template_id = tid;
tpl->template_type = 1;
tpl->num = olen+slen;
tpl->next = next;
log_template_header(tpl, pptrs, tpl_type, sid, version);
count = tpl->num;
ptr = (u_char *) hdr;
ptr += NfOptTplHdrV9Sz;
field = (struct template_field_v9 *)ptr;
while (count) {
type = ntohs(field->type);
log_opt_template_field(type, tpl->len, ntohs(field->len), version);
if (type < NF9_MAX_DEFINED_FIELD) {
tpl->tpl[type].off = tpl->len;
tpl->tpl[type].len = ntohs(field->len);
tpl->len += tpl->tpl[type].len;
}
else tpl->len += ntohs(field->len);
count--;
field++;
}
log_template_footer(tpl->len, version);
}
struct template_cache_entry *insert_opt_template(void *hdr, struct packet_ptrs *pptrs, u_int16_t tpl_type, u_int32_t sid, u_int8_t version)
{
struct options_template_hdr_v9 *hdr_v9 = (struct options_template_hdr_v9 *) hdr;
struct options_template_hdr_ipfix *hdr_v10 = (struct options_template_hdr_ipfix *) hdr;
struct template_cache_entry *ptr, *prevptr = NULL;
struct template_field_v9 *field;
u_int16_t modulo, count, slen, olen, type, port, tid;
u_char *tpl;
/* NetFlow v9 */
if (tpl_type == 1) {
modulo = ntohs(hdr_v9->template_id)%tpl_cache.num;
tid = hdr_v9->template_id;
slen = ntohs(hdr_v9->scope_len)/sizeof(struct template_field_v9);
olen = ntohs(hdr_v9->option_len)/sizeof(struct template_field_v9);
}
/* IPFIX */
else if (tpl_type == 3) {
modulo = ntohs(hdr_v10->template_id)%tpl_cache.num;
tid = hdr_v10->template_id;
slen = ntohs(hdr_v10->scope_count);
olen = ntohs(hdr_v10->option_count)-slen;
}
ptr = tpl_cache.c[modulo];
while (ptr) {
prevptr = ptr;
ptr = ptr->next;
}
ptr = malloc(sizeof(struct template_cache_entry));
if (!ptr) {
Log(LOG_ERR, "ERROR ( default/core ): Unable to allocate enough memory for a new Options Template Cache Entry.\n");
return NULL;
}
memset(ptr, 0, sizeof(struct template_cache_entry));
sa_to_addr((struct sockaddr *)pptrs->f_agent, &ptr->agent, &port);
ptr->source_id = sid;
ptr->template_id = tid;
ptr->template_type = 1;
ptr->num = olen+slen;
log_template_header(ptr, pptrs, tpl_type, sid, version);
count = ptr->num;
tpl = (u_char *) hdr;
tpl += NfOptTplHdrV9Sz;
field = (struct template_field_v9 *)tpl;
while (count) {
type = ntohs(field->type);
log_opt_template_field(type, ptr->len, ntohs(field->len), version);
if (type < NF9_MAX_DEFINED_FIELD) {
ptr->tpl[type].off = ptr->len;
ptr->tpl[type].len = ntohs(field->len);
ptr->len += ptr->tpl[type].len;
}
else ptr->len += ntohs(field->len);
count--;
field++;
}
if (prevptr) prevptr->next = ptr;
else tpl_cache.c[modulo] = ptr;
log_template_footer(ptr->len, version);
return ptr;
}
struct template_cache_entry *refresh_opt_template(void *hdr, struct template_cache_entry *tpl, struct packet_ptrs *pptrs, u_int16_t tpl_type, u_int32_t sid, u_int8_t version, u_int16_t len)
{
struct options_template_hdr_v9 *hdr_v9 = (struct options_template_hdr_v9 *) hdr;
struct options_template_hdr_ipfix *hdr_v10 = (struct options_template_hdr_ipfix *) hdr;
struct template_cache_entry backup, *next;
struct template_field_v9 *field;
u_int16_t slen, olen, count, type, port, tid, off;
u_char *ptr;
/* NetFlow v9 */
if (tpl_type == 1) {
tid = hdr_v9->template_id;
slen = ntohs(hdr_v9->scope_len)/sizeof(struct template_field_v9);
olen = ntohs(hdr_v9->option_len)/sizeof(struct template_field_v9);
}
/* IPFIX */
else if (tpl_type == 3) {
tid = hdr_v10->template_id;
slen = ntohs(hdr_v10->scope_count);
olen = ntohs(hdr_v10->option_count)-slen;
}
next = tpl->next;
memcpy(&backup, tpl, sizeof(struct template_cache_entry));
memset(tpl, 0, sizeof(struct template_cache_entry));
sa_to_addr((struct sockaddr *)pptrs->f_agent, &tpl->agent, &port);
tpl->source_id = sid;
tpl->template_id = tid;
tpl->template_type = 1;
tpl->num = olen+slen;
tpl->next = next;
log_template_header(tpl, pptrs, tpl_type, sid, version);
off = 0;
count = tpl->num;
ptr = (u_char *) hdr;
ptr += NfOptTplHdrV9Sz;
off += NfOptTplHdrV9Sz;
field = (struct template_field_v9 *)ptr;
while (count) {
if (off >= len) {
notify_malf_packet(LOG_INFO, "INFO: unable to read next Options Template Flowset (malformed template)",
(struct sockaddr *) pptrs->f_agent);
xflow_tot_bad_datagrams++;
memcpy(tpl, &backup, sizeof(struct template_cache_entry));
return NULL;
}
type = ntohs(field->type);
log_opt_template_field(type, tpl->len, ntohs(field->len), version);
if (type < NF9_MAX_DEFINED_FIELD) {
tpl->tpl[type].off = tpl->len;
tpl->tpl[type].len = ntohs(field->len);
tpl->len += tpl->tpl[type].len;
}
else tpl->len += ntohs(field->len);
count--;
field++;
off += NfTplFieldV9Sz;
}
log_template_footer(tpl->len, version);
return tpl;
}