static char *
print(char *buf, size_t *len, char * const args[])
{
static char s[2048];
char src[20], dst[20];
struct in_addr saddr, daddr;
FLOWDESC *x;
time_t ts;
if (buf == NULL && args != NULL) {
*len = sprintf(s, PRETTYHDR);
return s;
}
if (buf == NULL && args == NULL) {
*len = 0;
return s;
}
x = (FLOWDESC *) buf;
ts = (time_t)ntohl(x->ts);
saddr.s_addr = N32(x->src_ip);
daddr.s_addr = N32(x->dst_ip);
sprintf(src, "%s", inet_ntoa(saddr));
sprintf(dst, "%s", inet_ntoa(daddr));
*len = sprintf(s, PRETTYFMT,
asctime(localtime(&ts)), (uint) x->proto,
src, (uint) H16(x->src_port),
dst, (uint) H16(x->dst_port),
NTOHLL(x->bytes), NTOHLL(x->pkts));
return s;
};
static uint32_t
hash(void *self, pkt_t *pkt)
{
if (pkt->l3type != ETHERTYPE_IP)
return 0;
/* must be the same source ip, dest ip, source port, dest port */
return (H32(IP(src_ip)) ^ H32(IP(dst_ip)) ^ (H16(TCP(dst_port)) << 3) ^
(H16(TCP(dst_port)) << 3));
}
static int
update(pkt_t *pkt, void *fh, int isnew)
{
FLOWDESC *x = F(fh);
if (isnew) {
x->ts = TS2SEC(pkt->ts);
x->bytes = 0;
x->pkts = 0;
x->proto = IP(proto);
x->src_ip = IP(src_ip);
x->dst_ip = IP(dst_ip);
N16(x->src_port) = N16(x->dst_port) = 0;
if (IP(proto) == IPPROTO_TCP || IP(proto) == IPPROTO_UDP) {
x->src_port = UDP(src_port);
x->dst_port = UDP(dst_port);
}
}
x->bytes += H16(IP(len));
x->pkts++;
return 0;
}
static int
update(pkt_t *pkt, void *fh, int isnew)
{
FLOWDESC *x = F(fh);
if (isnew) {
x->ts = TS2SEC(pkt->ts);
x->bytes = 0;
x->bytes_ivl = 0;
x->hi_watermark = 0;
x->last_watermark = pkt->ts;
}
x->bytes += H16(IP(len));
if (pkt->ts - x->last_watermark > WATERMARK_IVL) {
x->last_watermark = pkt->ts;
x->bytes_ivl = 0;
}
x->bytes_ivl += pkt->len;
if (x->bytes_ivl > x->hi_watermark)
x->hi_watermark = x->bytes_ivl;
return 0;
}
static int
ematch(void *self, void *efh, void *fh)
{
pkt_t* pkt;
int ret = 0;
FLOWDESC *x = F(fh);
EFLOWDESC *ex = EF(efh);
pkt = (pkt_t *)x->buf;
if (ex->full_flow == 0) { /* if its full, go to next export record */
ret = ((ex->dst_port == H16(TCP(dst_port))) &&
(ex->src_port == H16(TCP(src_port))) &&
(ex->src_ip == H32(IP(src_ip))) &&
(ex->dst_ip == H32(IP(dst_ip))));
}
return ret;
}
static int
update(void * self, pkt_t *pkt, void *fh, int isnew)
{
FLOWDESC *x = F(fh);
config_t * cf = CONFIG(self);
if (isnew) {
bzero(x, sizeof(FLOWDESC));
x->ts = COMO(ts);
}
if (COMO(type) == COMOTYPE_NF) {
if (cf->iface == -1 || H16(NF(input)) == cf->iface) {
x->bytes[0] += H32(NF(pktcount)) * COMO(len) * H16(NF(sampling));
x->pkts[0] += H32(NF(pktcount)) * (uint32_t) H16(NF(sampling));
} else if (H16(NF(output)) == cf->iface) {
x->bytes[1] += H32(NF(pktcount)) * COMO(len) * H16(NF(sampling));
x->pkts[1] += H32(NF(pktcount)) * (uint32_t) H16(NF(sampling));
}
} else if (COMO(type) == COMOTYPE_SFLOW) {
x->bytes[0] += (uint64_t) COMO(len) *
(uint64_t) H32(SFLOW(sampling_rate));
x->pkts[0] += H32(SFLOW(sampling_rate));
} else {
x->bytes[0] += COMO(len);
x->pkts[0]++;
}
return 0;
}
void idt_dev_get_info(int fd, idt_dev_info_t* info)
{
uint32_t data;
memset(info, 0, sizeof(idt_dev_info_t));
data = idt_reg_r32(fd, IDTR_DEV_IDENT_CAR);
info->dev_id = H16(data);
info->vendor_id = L16(data);
data = idt_reg_r32(fd, IDTR_DEV_INF_CAR);
info->major = (data >> DS2CPU(10)) & 0x03;
info->minor = (data >> DS2CPU(15)) & 0x1f;
}
/*
* -- updateofs
*
* updates type and offset information in the pkt_t data structure.
* requires the type of interface as input.
*/
__inline__ void
updateofs(pkt_t * pkt, int type)
{
pkt->type = type;
pkt->l2type = 0xFFFF; /* implies field unused */
switch (pkt->type) {
case COMOTYPE_ETH:
if (H16(ETH(type)) == ETHERTYPE_VLAN) {
pkt->type = COMOTYPE_VLAN;
pkt->l3type = H16(VLAN(ethtype));
} else if (isISL(pkt)) {
pkt->type = COMOTYPE_ISL;
pkt->l3type = H16(ISL(ethtype));
} else {
pkt->l3type = H16(ETH(type));
}
break;
case COMOTYPE_HDLC:
pkt->l3type = H16(HDLC(type));
break;
case COMOTYPE_80211:
pkt->l2type = H16(IEEE80211_HDR(fc));
if (FCTRL_TYPE(pkt->l2type) == WLANTYPE_DATA)
pkt->l3type = H16(LLC_HDR(type));
else
pkt->l3type = 0;
break;
case COMOTYPE_RADIO:
pkt->l2type = H16(IEEE80211_HDR(fc)); /* 802.11 + XX byte capture hdr */
if (FCTRL_TYPE(pkt->l2type) == WLANTYPE_DATA)
pkt->l3type = H16(LLC_HDR(type));
else
pkt->l3type = 0;
break;
default:
pkt->l3type = 0;
break;
}
updatel4(pkt);
}
static int
update(__unused void * self, pkt_t *pkt, void *fh, int isnew)
{
FLOWDESC *x = F(fh);
if (isnew) {
x->ts = COMO(ts);
x->bytes = 0;
x->pkts = 0;
}
if (COMO(type) == COMOTYPE_NF) {
x->bytes += H32(NF(pktcount)) * COMO(len) * H16(NF(sampling));
x->pkts += H32(NF(pktcount)) * (uint32_t) H16(NF(sampling));
} else if (COMO(type) == COMOTYPE_SFLOW) {
x->bytes += (uint64_t) COMO(len) * (uint64_t) H32(SFLOW(sampling_rate));
x->pkts += (uint64_t) H32(SFLOW(sampling_rate));
} else {
x->bytes += COMO(len);
x->pkts++;
}
return 0;
}
static int
check(void *self, pkt_t *pkt)
{
CONFIGDESC *config = CONFIG(self);
if (TCP(syn) == 0) {
if (H16(IP(len)) == (IP(ihl)*4 + TCP(hlen)*4) ||
pkt->caplen == pkt->l7ofs) {
/* captured length is equal to the data offset, so no data. */
return 0;
}
}
return 1;
}
/*
* update callback
*/
static int
update(void * self, pkt_t *pkt, void *fh, int isnew)
{
CONFIGDESC * config = CONFIG(self);
FLOWDESC *x = F(fh);
if (isnew) {
x->ts = COMO(ts) - COMO(ts) % TIME2TS(config->meas_ivl, 0);
x->channel = -1;
x->signal = x->noise = 0;
x->samples = 0;
/* now find the information in the management frame.
* get privacy bit to determine if wep is enabled
*/
x->wepmode = CAPINFO_PRIVACY(H16(MGMT_BODY(cap))) ? 1 : 0;
/* get to the SSID information element */
if (MGMT_BODY(ssid_len) > 0) {
x->len = (MGMT_BODY(ssid_len));
bcopy(MGMT_BODY(ssid), x->ssid, x->len);
} else {
x->len = 3;
sprintf(x->ssid, "ANY");
}
x->channel = MGMT_BODY(ch);
}
x->samples++;
if (COMO(type) == COMOTYPE_RADIO) {
x->signal += H32(RADIO(ssisignal));
x->noise += H32(RADIO(ssinoise));
}
return 0; /* records are never full */
}
void
capture(mdl_t *self, pkt_t *pkt, tuple_t *st, double srate)
{
config_t *config = mdl_get_config(self, config_t);
int app, app1, app2;
double b, p;
if (! isTCP && ! isUDP) /* non-TCP, non-UDP traffic */
app = 1;
else { /* TCP and UDP traffic */
if (isTCP) {
app1 = config->tcp_port2app[H16(TCP(src_port))];
app2 = config->tcp_port2app[H16(TCP(dst_port))];
} else {
app1 = config->udp_port2app[H16(UDP(src_port))];
app2 = config->tcp_port2app[H16(UDP(dst_port))];
}
if (app1 == 0 || app2 == 0) /* at most 1 port matches a known app */
app = app1 + app2;
else if (app1 == app2) /* both ports match the same app */
app = app1;
else /* ports match different apps, unknown */
app = 0;
}
if (COMO(type) == COMOTYPE_NF) {
b = H32(NF(pktcount)) * COMO(len) * H16(NF(sampling));
p = H32(NF(pktcount)) * (uint32_t) H16(NF(sampling));
} else if (COMO(type) == COMOTYPE_SFLOW) {
b = (uint64_t) COMO(len) * (uint64_t) H32(SFLOW(sampling_rate));
p = H32(SFLOW(sampling_rate));
} else {
b = COMO(len);
p = 1;
}
/* scale with sampling rate */
st->bytes[app] += b / srate;
st->pkts[app] += p / srate;
}
/*
* sniffer_next
*
* Fill a structure with a copy of the next packet and its metadata.
* Return number of packets read.
*
*/
static int
sniffer_next(source_t * src, void *out_buf, size_t out_buf_size)
{
struct _snifferinfo * info = (struct _snifferinfo *) src->ptr;
uint npkts; /* processed pkts */
uint out_buf_used; /* bytes in output buffer */
npkts = out_buf_used = 0;
mb();
while (info->m->k2u_cons != info->m->k2u_prod) {
uint ind;
uint token;
ushort iface;
struct timeval tv;
int len, pktofs;
pkt_t *pkt;
char * base;
ind = info->m->k2u_cons % RING_SIZE;
token = info->m->k2u_pipe[ind].token;
iface = info->m->k2u_pipe[ind].interface;
if (iface == (ushort)-1) {
/* Kernel decided not to use this token. Return it. */
return_token(info->m, token);
info->m->k2u_cons++;
continue;
}
if (iface >= info->retimer_size || info->clock_retimers[iface] == NULL){
/* Clock calibration was incomplete. Uh oh. */
return_token(info->m, token);
info->m->k2u_cons++;
continue;
}
/* we have a good incoming packet; deal with it. */
base = info->packet_pool[token].payload;
len = info->m->k2u_pipe[ind].len;
getTime(info->clock_retimers[iface], info->m->k2u_pipe[ind].tstamp,
&tv, NULL);
/* check if we have enough space in output buffer */
if (sizeof(pkt_t) + len > out_buf_size - out_buf_used)
break;
/*
* Now we have a packet: start filling a new pkt_t struct
* (beware that it could be discarded later on)
*/
pkt = (pkt_t *) ((char *)out_buf + out_buf_used);
pkt->ts = TIME2TS(tv.tv_sec, tv.tv_usec);
pkt->len = len;
pkt->type = COMO_L2_ETH;
pkt->flags = 0;
pkt->caplen = 0; /* NOTE: we update caplen as we go given
* that we may not store all fields that
* exists in the actual bpf packet (e.g.,
* IP options)
*/
bcopy(base, &pkt->layer2.eth, 14);
if (H16(pkt->layer2.eth.type) != 0x0800) {
/*
* this is not an IP packet. discard and
* go to next packet.
*/
logmsg(LOGSNIFFER, "non-IP packet received (%04x)\n",
H16(pkt->layer2.eth.type));
continue;
}
pktofs = 14;
base += 14;
/* copy IP header */
pkt->ih = *(struct _como_iphdr *) base;
pkt->caplen += sizeof(struct _como_iphdr);
/* skip the IP header
*
* XXX we are losing IP options if any in the packets.
* need to find a place to put them in the como packet
* data structure...
*/
base += (IP(vhl) & 0x0f) << 2;
pktofs += (IP(vhl) & 0x0f) << 2;
/* copy layer 4 header and payload */
bcopy(base, &pkt->layer4, len - pktofs);
pkt->caplen += (len - pktofs);
/* done with this packet. return the token */
info->m->k2u_cons++;
return_token(info->m, token);
/* increment the number of processed packets */
npkts++;
out_buf_used += STDPKT_LEN(pkt);
}
return npkts;
}
