void sfl_agent_init(SFLAgent *agent, SFLAddress *myIP, /* IP address of this agent in net byte order */ u_int32_t subId, /* agent_sub_id */ time_t bootTime, /* agent boot time */ time_t now, /* time now */ void *magic, /* ptr to pass back in logging and alloc fns */ allocFn_t allocFn, freeFn_t freeFn, errorFn_t errorFn, sendFn_t sendFn) { /* first clear everything */ memset(agent, 0, sizeof(*agent)); /* now copy in the parameters */ agent->myIP = *myIP; /* structure copy */ agent->subId = subId; agent->bootTime = bootTime; agent->now = now; agent->magic = magic; agent->allocFn = allocFn; agent->freeFn = freeFn; agent->errorFn = errorFn; agent->sendFn = sendFn; if(sendFn == NULL) { /* open the socket */ if((agent->receiverSocket = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) sfl_agent_sysError(agent, "agent", "socket open failed"); } if (config.nfprobe_ipprec) { int opt = config.nfprobe_ipprec << 5; int rc; rc = setsockopt(agent->receiverSocket, IPPROTO_IP, IP_TOS, &opt, sizeof(opt)); if (rc < 0) Log(LOG_WARNING, "WARN ( %s/%s ): setsockopt() failed for IP_TOS: %s\n", config.name, config.type, strerror(errno)); } if (config.pipe_size) { int rc, value; value = MIN(config.pipe_size, INT_MAX); rc = Setsocksize(agent->receiverSocket, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)); if (rc < 0) Log(LOG_WARNING, "WARN ( %s/%s ): setsockopt() failed for SOL_SNDBUF: %s\n", config.name, config.type, strerror(errno)); } }
int main(int argc,char **argv, char **envp) { bpf_u_int32 localnet, netmask; /* pcap library stuff */ struct bpf_program filter; struct pcap_device device; char errbuf[PCAP_ERRBUF_SIZE]; int index, logf; struct plugins_list_entry *list; struct plugin_requests req; char config_file[SRVBUFLEN]; int psize = DEFAULT_SNAPLEN; struct id_table bpas_table; struct id_table blp_table; struct id_table bmed_table; struct id_table biss_table; struct id_table bta_table; struct id_table idt; struct pcap_callback_data cb_data; /* getopt() stuff */ extern char *optarg; extern int optind, opterr, optopt; int errflag, cp; #if defined ENABLE_IPV6 struct sockaddr_storage client; #else struct sockaddr client; #endif umask(077); compute_once(); /* a bunch of default definitions */ have_num_memory_pools = FALSE; reload_map = FALSE; tag_map_allocated = FALSE; bpas_map_allocated = FALSE; blp_map_allocated = FALSE; bmed_map_allocated = FALSE; biss_map_allocated = FALSE; find_id_func = PM_find_id; errflag = 0; memset(cfg_cmdline, 0, sizeof(cfg_cmdline)); memset(&config, 0, sizeof(struct configuration)); memset(&device, 0, sizeof(struct pcap_device)); memset(&config_file, 0, sizeof(config_file)); memset(&failed_plugins, 0, sizeof(failed_plugins)); memset(&req, 0, sizeof(req)); memset(dummy_tlhdr, 0, sizeof(dummy_tlhdr)); memset(sll_mac, 0, sizeof(sll_mac)); memset(&bpas_table, 0, sizeof(bpas_table)); memset(&blp_table, 0, sizeof(blp_table)); memset(&bmed_table, 0, sizeof(bmed_table)); memset(&biss_table, 0, sizeof(biss_table)); memset(&bta_table, 0, sizeof(bta_table)); memset(&client, 0, sizeof(client)); memset(&cb_data, 0, sizeof(cb_data)); memset(&tunnel_registry, 0, sizeof(tunnel_registry)); config.acct_type = ACCT_PM; rows = 0; glob_pcapt = NULL; /* getting commandline values */ while (!errflag && ((cp = getopt(argc, argv, ARGS_PMACCTD)) != -1)) { cfg_cmdline[rows] = malloc(SRVBUFLEN); switch (cp) { case 'P': strlcpy(cfg_cmdline[rows], "plugins: ", SRVBUFLEN); strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows])); rows++; break; case 'D': strlcpy(cfg_cmdline[rows], "daemonize: true", SRVBUFLEN); rows++; break; case 'd': debug = TRUE; strlcpy(cfg_cmdline[rows], "debug: true", SRVBUFLEN); rows++; break; case 'n': strlcpy(cfg_cmdline[rows], "networks_file: ", SRVBUFLEN); strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows])); rows++; break; case 'o': strlcpy(cfg_cmdline[rows], "ports_file: ", SRVBUFLEN); strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows])); rows++; break; case 'O': strlcpy(cfg_cmdline[rows], "print_output: ", SRVBUFLEN); strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows])); rows++; break; case 'u': strlcpy(cfg_cmdline[rows], "print_num_protos: true", SRVBUFLEN); rows++; break; case 'N': strlcpy(cfg_cmdline[rows], "promisc: false", SRVBUFLEN); rows++; break; case 'f': strlcpy(config_file, optarg, sizeof(config_file)); break; case 'F': strlcpy(cfg_cmdline[rows], "pidfile: ", SRVBUFLEN); strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows])); rows++; break; case 'c': strlcpy(cfg_cmdline[rows], "aggregate: ", SRVBUFLEN); strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows])); rows++; break; case 'b': strlcpy(cfg_cmdline[rows], "imt_buckets: ", SRVBUFLEN); strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows])); rows++; break; case 'm': strlcpy(cfg_cmdline[rows], "imt_mem_pools_number: ", SRVBUFLEN); strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows])); have_num_memory_pools = TRUE; rows++; break; case 'p': strlcpy(cfg_cmdline[rows], "imt_path: ", SRVBUFLEN); strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows])); rows++; break; case 'r': strlcpy(cfg_cmdline[rows], "sql_refresh_time: ", SRVBUFLEN); strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows])); rows++; cfg_cmdline[rows] = malloc(SRVBUFLEN); strlcpy(cfg_cmdline[rows], "print_refresh_time: ", SRVBUFLEN); strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows])); rows++; break; case 'v': strlcpy(cfg_cmdline[rows], "sql_table_version: ", SRVBUFLEN); strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows])); rows++; break; case 's': strlcpy(cfg_cmdline[rows], "imt_mem_pools_size: ", SRVBUFLEN); strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows])); rows++; break; case 'S': strlcpy(cfg_cmdline[rows], "syslog: ", SRVBUFLEN); strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows])); rows++; break; case 'i': strlcpy(cfg_cmdline[rows], "interface: ", SRVBUFLEN); strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows])); rows++; break; case 'I': strlcpy(cfg_cmdline[rows], "pcap_savefile: ", SRVBUFLEN); strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows])); rows++; break; case 'w': strlcpy(cfg_cmdline[rows], "interface_wait: true", SRVBUFLEN); rows++; break; case 'W': strlcpy(cfg_cmdline[rows], "savefile_wait: true", SRVBUFLEN); rows++; break; case 'L': strlcpy(cfg_cmdline[rows], "snaplen: ", SRVBUFLEN); strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows])); rows++; break; case 'R': strlcpy(cfg_cmdline[rows], "sfacctd_renormalize: true", SRVBUFLEN); rows++; break; case 'h': usage_daemon(argv[0]); exit(0); break; default: usage_daemon(argv[0]); exit(1); break; } } /* post-checks and resolving conflicts */ if (strlen(config_file)) { if (parse_configuration_file(config_file) != SUCCESS) exit(1); } else { if (parse_configuration_file(NULL) != SUCCESS) exit(1); } /* XXX: glue; i'm conscious it's a dirty solution from an engineering viewpoint; someday later i'll fix this */ list = plugins_list; while(list) { list->cfg.acct_type = ACCT_PM; set_default_preferences(&list->cfg); if (!strcmp(list->name, "default") && !strcmp(list->type.string, "core")) memcpy(&config, &list->cfg, sizeof(struct configuration)); list = list->next; } if (config.files_umask) umask(config.files_umask); /* Let's check whether we need superuser privileges */ if (config.snaplen) psize = config.snaplen; else config.snaplen = psize; if (!config.pcap_savefile) { if (getuid() != 0) { printf("%s\n\n", PMACCTD_USAGE_HEADER); printf("ERROR ( default/core ): You need superuser privileges to run this command.\nExiting ...\n\n"); exit(1); } } if (config.daemon) { list = plugins_list; while (list) { if (!strcmp(list->type.string, "print")) printf("WARN ( default/core ): Daemonizing. Hmm, bye bye screen.\n"); list = list->next; } if (debug || config.debug) printf("WARN ( default/core ): debug is enabled; forking in background. Console logging will get lost.\n"); daemonize(); } initsetproctitle(argc, argv, envp); if (config.syslog) { logf = parse_log_facility(config.syslog); if (logf == ERR) { config.syslog = NULL; printf("WARN ( default/core ): specified syslog facility is not supported; logging to console.\n"); } else openlog(NULL, LOG_PID, logf); Log(LOG_INFO, "INFO ( default/core ): Start logging ...\n"); } if (config.logfile) { config.logfile_fd = open_logfile(config.logfile); list = plugins_list; while (list) { list->cfg.logfile_fd = config.logfile_fd ; list = list->next; } } /* Enforcing policies over aggregation methods */ list = plugins_list; while (list) { if (list->type.id != PLUGIN_ID_CORE) { /* applies to all plugins */ if (config.classifiers_path && (list->cfg.sampling_rate || config.ext_sampling_rate)) { Log(LOG_ERR, "ERROR ( default/core ): Packet sampling and classification are mutual exclusive.\n"); exit(1); } if (list->cfg.sampling_rate && config.ext_sampling_rate) { Log(LOG_ERR, "ERROR ( default/core ): Internal packet sampling and external packet sampling are mutual exclusive.\n"); exit(1); } if (list->type.id == PLUGIN_ID_TEE) { Log(LOG_ERR, "ERROR ( default/core ): 'tee' plugin not supported in 'pmacctd'.\n"); exit(1); } else if (list->type.id == PLUGIN_ID_NFPROBE) { /* If we already renormalizing an external sampling rate, we cancel the sampling information from the probe plugin */ if (config.sfacctd_renormalize && list->cfg.ext_sampling_rate) list->cfg.ext_sampling_rate = 0; config.handle_fragments = TRUE; list->cfg.nfprobe_what_to_count = list->cfg.what_to_count; list->cfg.what_to_count = 0; #if defined (HAVE_L2) if (list->cfg.nfprobe_version == 9 || list->cfg.nfprobe_version == 10) { list->cfg.what_to_count |= COUNT_SRC_MAC; list->cfg.what_to_count |= COUNT_DST_MAC; list->cfg.what_to_count |= COUNT_VLAN; } #endif list->cfg.what_to_count |= COUNT_SRC_HOST; list->cfg.what_to_count |= COUNT_DST_HOST; if (list->cfg.networks_file || list->cfg.networks_mask || list->cfg.nfacctd_net) { list->cfg.what_to_count |= COUNT_SRC_NMASK; list->cfg.what_to_count |= COUNT_DST_NMASK; } list->cfg.what_to_count |= COUNT_SRC_PORT; list->cfg.what_to_count |= COUNT_DST_PORT; list->cfg.what_to_count |= COUNT_IP_TOS; list->cfg.what_to_count |= COUNT_IP_PROTO; if (list->cfg.networks_file || (list->cfg.nfacctd_bgp && list->cfg.nfacctd_as == NF_AS_BGP)) { list->cfg.what_to_count |= COUNT_SRC_AS; list->cfg.what_to_count |= COUNT_DST_AS; list->cfg.what_to_count |= COUNT_PEER_DST_IP; } if ((list->cfg.nfprobe_version == 9 || list->cfg.nfprobe_version == 10) && list->cfg.classifiers_path) { list->cfg.what_to_count |= COUNT_CLASS; config.handle_flows = TRUE; } if (list->cfg.pre_tag_map) { list->cfg.what_to_count |= COUNT_ID; list->cfg.what_to_count |= COUNT_ID2; } list->cfg.what_to_count |= COUNT_IN_IFACE; list->cfg.what_to_count |= COUNT_OUT_IFACE; if (list->cfg.what_to_count & (COUNT_STD_COMM|COUNT_EXT_COMM|COUNT_LOCAL_PREF|COUNT_MED|COUNT_AS_PATH| COUNT_PEER_SRC_AS|COUNT_PEER_DST_AS|COUNT_PEER_SRC_IP|COUNT_SRC_STD_COMM| COUNT_SRC_EXT_COMM|COUNT_SRC_AS_PATH|COUNT_SRC_MED|COUNT_SRC_LOCAL_PREF| COUNT_MPLS_VPN_RD)) { Log(LOG_ERR, "ERROR ( default/core ): 'src_as', 'dst_as' and 'peer_dst_ip' are currently the only BGP-related primitives supported within the 'nfprobe' plugin.\n"); exit(1); } list->cfg.what_to_count |= COUNT_COUNTERS; list->cfg.data_type = PIPE_TYPE_METADATA; list->cfg.data_type |= PIPE_TYPE_EXTRAS; } else if (list->type.id == PLUGIN_ID_SFPROBE) { /* If we already renormalizing an external sampling rate, we cancel the sampling information from the probe plugin */ if (config.sfacctd_renormalize && list->cfg.ext_sampling_rate) list->cfg.ext_sampling_rate = 0; if (psize < 128) psize = config.snaplen = 128; /* SFL_DEFAULT_HEADER_SIZE */ list->cfg.what_to_count = COUNT_PAYLOAD; if (list->cfg.classifiers_path) { list->cfg.what_to_count |= COUNT_CLASS; config.handle_fragments = TRUE; config.handle_flows = TRUE; } if (list->cfg.nfacctd_bgp && list->cfg.nfacctd_as == NF_AS_BGP) { list->cfg.what_to_count |= COUNT_SRC_AS; list->cfg.what_to_count |= COUNT_DST_AS; list->cfg.what_to_count |= COUNT_PEER_DST_IP; } if (list->cfg.nfacctd_bgp && list->cfg.nfacctd_net == NF_NET_BGP) { list->cfg.what_to_count |= COUNT_SRC_NMASK; list->cfg.what_to_count |= COUNT_DST_NMASK; } if (list->cfg.pre_tag_map) { list->cfg.what_to_count |= COUNT_ID; list->cfg.what_to_count |= COUNT_ID2; } if (list->cfg.what_to_count & (COUNT_STD_COMM|COUNT_EXT_COMM|COUNT_LOCAL_PREF|COUNT_MED|COUNT_AS_PATH| COUNT_PEER_SRC_AS|COUNT_PEER_DST_AS|COUNT_PEER_SRC_IP|COUNT_SRC_STD_COMM| COUNT_SRC_EXT_COMM|COUNT_SRC_AS_PATH|COUNT_SRC_MED|COUNT_SRC_LOCAL_PREF| COUNT_MPLS_VPN_RD)) { Log(LOG_ERR, "ERROR ( default/core ): 'src_as', 'dst_as' and 'peer_dst_ip' are currently the only BGP-related primitives supported within the 'sfprobe' plugin.\n"); exit(1); } #if defined (HAVE_L2) list->cfg.what_to_count |= COUNT_VLAN; list->cfg.what_to_count |= COUNT_COS; #endif list->cfg.data_type = PIPE_TYPE_PAYLOAD; } else { evaluate_sums(&list->cfg.what_to_count, list->name, list->type.string); if (list->cfg.what_to_count & (COUNT_SRC_PORT|COUNT_DST_PORT|COUNT_SUM_PORT|COUNT_TCPFLAGS)) config.handle_fragments = TRUE; if (list->cfg.what_to_count & COUNT_FLOWS) { config.handle_fragments = TRUE; config.handle_flows = TRUE; } if (list->cfg.what_to_count & COUNT_CLASS) { config.handle_fragments = TRUE; config.handle_flows = TRUE; } if (!list->cfg.what_to_count) { Log(LOG_WARNING, "WARN ( %s/%s ): defaulting to SRC HOST aggregation.\n", list->name, list->type.string); list->cfg.what_to_count |= COUNT_SRC_HOST; } if ((list->cfg.what_to_count & (COUNT_SRC_AS|COUNT_DST_AS|COUNT_SUM_AS)) && !list->cfg.networks_file && list->cfg.nfacctd_as != NF_AS_BGP) { Log(LOG_ERR, "ERROR ( %s/%s ): AS aggregation selected but NO 'networks_file' or 'pmacctd_as' are specified. Exiting...\n\n", list->name, list->type.string); exit(1); } if (list->cfg.what_to_count & (COUNT_SRC_NET|COUNT_DST_NET|COUNT_SUM_NET|COUNT_SRC_NMASK|COUNT_DST_NMASK)) { if (!list->cfg.nfacctd_net) { if (list->cfg.networks_file) list->cfg.nfacctd_net |= NF_NET_NEW; if (list->cfg.networks_mask) list->cfg.nfacctd_net |= NF_NET_STATIC; if (!list->cfg.nfacctd_net) { Log(LOG_ERR, "ERROR ( %s/%s ): network aggregation selected but none of 'pmacctd_net', 'networks_file', 'networks_mask' is specified. Exiting ...\n\n", list->name, list->type.string); exit(1); } } else { if ((list->cfg.nfacctd_net == NF_NET_NEW && !list->cfg.networks_file) || (list->cfg.nfacctd_net == NF_NET_STATIC && !list->cfg.networks_mask) || (list->cfg.nfacctd_net == NF_NET_BGP && !list->cfg.nfacctd_bgp) || (list->cfg.nfacctd_net == NF_NET_KEEP)) { Log(LOG_ERR, "ERROR ( %s/%s ): network aggregation selected but none of 'bgp_daemon', 'networks_file', 'networks_mask' is specified. Exiting ...\n\n", list->name, list->type.string); exit(1); } } } if (list->cfg.what_to_count & COUNT_CLASS && !list->cfg.classifiers_path) { Log(LOG_ERR, "ERROR ( %s/%s ): 'class' aggregation selected but NO 'classifiers' key specified. Exiting...\n\n", list->name, list->type.string); exit(1); } bgp_config_checks(&list->cfg); list->cfg.what_to_count |= COUNT_COUNTERS; list->cfg.data_type |= PIPE_TYPE_METADATA; } } list = list->next; } /* plugins glue: creation (since 094) */ if (config.classifiers_path) { init_classifiers(config.classifiers_path); init_conntrack_table(); } load_plugins(&req); if (config.handle_fragments) init_ip_fragment_handler(); if (config.handle_flows) init_ip_flow_handler(); load_networks(config.networks_file, &nt, &nc); /* If any device/savefile have been specified, choose a suitable device where to listen for traffic */ if (!config.dev && !config.pcap_savefile) { Log(LOG_WARNING, "WARN ( default/core ): Selecting a suitable device.\n"); config.dev = pcap_lookupdev(errbuf); if (!config.dev) { Log(LOG_WARNING, "WARN ( default/core ): Unable to find a suitable device. Exiting.\n"); exit_all(1); } else Log(LOG_DEBUG, "DEBUG ( default/core ): device is %s\n", config.dev); } /* reading filter; if it exists, we'll take an action later */ if (!strlen(config_file)) config.clbuf = copy_argv(&argv[optind]); if (config.dev && config.pcap_savefile) { Log(LOG_ERR, "ERROR ( default/core ): 'interface' (-i) and 'pcap_savefile' (-I) directives are mutually exclusive. Exiting.\n"); exit_all(1); } throttle_startup: if (config.dev) { if ((device.dev_desc = pcap_open_live(config.dev, psize, config.promisc, 1000, errbuf)) == NULL) { if (!config.if_wait) { Log(LOG_ERR, "ERROR ( default/core ): pcap_open_live(): %s\n", errbuf); exit_all(1); } else { sleep(5); /* XXX: user defined ? */ goto throttle_startup; } } } else if (config.pcap_savefile) { if ((device.dev_desc = pcap_open_offline(config.pcap_savefile, errbuf)) == NULL) { Log(LOG_ERR, "ERROR ( default/core ): pcap_open_offline(): %s\n", errbuf); exit_all(1); } } device.active = TRUE; glob_pcapt = device.dev_desc; /* SIGINT/stats handling */ if (config.pipe_size) { int slen = sizeof(config.pipe_size), x; #if defined (PCAP_TYPE_linux) || (PCAP_TYPE_snoop) Setsocksize(pcap_fileno(device.dev_desc), SOL_SOCKET, SO_RCVBUF, &config.pipe_size, slen); getsockopt(pcap_fileno(device.dev_desc), SOL_SOCKET, SO_RCVBUF, &x, &slen); Log(LOG_DEBUG, "DEBUG ( default/core ): PCAP buffer: obtained %d / %d bytes.\n", x, config.pipe_size); #endif } device.link_type = pcap_datalink(device.dev_desc); for (index = 0; _devices[index].link_type != -1; index++) { if (device.link_type == _devices[index].link_type) device.data = &_devices[index]; } load_plugin_filters(device.link_type); /* we need to solve some link constraints */ if (device.data == NULL) { Log(LOG_ERR, "ERROR ( default/core ): data link not supported: %d\n", device.link_type); exit_all(1); } else Log(LOG_INFO, "OK ( default/core ): link type is: %d\n", device.link_type); if (device.link_type != DLT_EN10MB && device.link_type != DLT_IEEE802 && device.link_type != DLT_LINUX_SLL) { list = plugins_list; while (list) { if ((list->cfg.what_to_count & COUNT_SRC_MAC) || (list->cfg.what_to_count & COUNT_DST_MAC)) { Log(LOG_ERR, "ERROR ( default/core ): MAC aggregation not available for link type: %d\n", device.link_type); exit_all(1); } list = list->next; } } cb_data.device = &device; /* doing pcap stuff */ if (!config.dev || pcap_lookupnet(config.dev, &localnet, &netmask, errbuf) < 0) { localnet = 0; netmask = 0; Log(LOG_WARNING, "WARN ( default/core ): %s\n", errbuf); } if (pcap_compile(device.dev_desc, &filter, config.clbuf, 0, netmask) < 0) Log(LOG_WARNING, "WARN: %s\nWARN ( default/core ): going on without a filter\n", pcap_geterr(device.dev_desc)); else { if (pcap_setfilter(device.dev_desc, &filter) < 0) Log(LOG_WARNING, "WARN: %s\nWARN ( default/core ): going on without a filter\n", pcap_geterr(device.dev_desc)); } /* signal handling we want to inherit to plugins (when not re-defined elsewhere) */ signal(SIGCHLD, startup_handle_falling_child); /* takes note of plugins failed during startup phase */ signal(SIGHUP, reload); /* handles reopening of syslog channel */ signal(SIGUSR1, push_stats); /* logs various statistics via Log() calls */ signal(SIGUSR2, reload_maps); /* sets to true the reload_maps flag */ signal(SIGPIPE, SIG_IGN); /* we want to exit gracefully when a pipe is broken */ /* loading pre-tagging map, if any */ if (config.pre_tag_map) { load_id_file(config.acct_type, config.pre_tag_map, &idt, &req, &tag_map_allocated); cb_data.idt = (u_char *) &idt; } else { memset(&idt, 0, sizeof(idt)); cb_data.idt = NULL; } #if defined ENABLE_THREADS /* starting the BGP thread */ if (config.nfacctd_bgp) { req.bpf_filter = TRUE; load_comm_patterns(&config.nfacctd_bgp_stdcomm_pattern, &config.nfacctd_bgp_extcomm_pattern, &config.nfacctd_bgp_stdcomm_pattern_to_asn); if (config.nfacctd_bgp_peer_as_src_type == BGP_SRC_PRIMITIVES_MAP) { if (config.nfacctd_bgp_peer_as_src_map) { load_id_file(MAP_BGP_PEER_AS_SRC, config.nfacctd_bgp_peer_as_src_map, &bpas_table, &req, &bpas_map_allocated); cb_data.bpas_table = (u_char *) &bpas_table; } else { Log(LOG_ERR, "ERROR: bgp_peer_as_src_type set to 'map' but no map defined. Exiting.\n"); exit(1); } } else cb_data.bpas_table = NULL; if (config.nfacctd_bgp_src_local_pref_type == BGP_SRC_PRIMITIVES_MAP) { if (config.nfacctd_bgp_src_local_pref_map) { load_id_file(MAP_BGP_SRC_LOCAL_PREF, config.nfacctd_bgp_src_local_pref_map, &blp_table, &req, &blp_map_allocated); cb_data.blp_table = (u_char *) &blp_table; } else { Log(LOG_ERR, "ERROR: bgp_src_local_pref_type set to 'map' but no map defined. Exiting.\n"); exit(1); } } else cb_data.blp_table = NULL; if (config.nfacctd_bgp_src_med_type == BGP_SRC_PRIMITIVES_MAP) { if (config.nfacctd_bgp_src_med_map) { load_id_file(MAP_BGP_SRC_MED, config.nfacctd_bgp_src_med_map, &bmed_table, &req, &bmed_map_allocated); cb_data.bmed_table = (u_char *) &bmed_table; } else { Log(LOG_ERR, "ERROR: bgp_src_med_type set to 'map' but no map defined. Exiting.\n"); exit(1); } } else cb_data.bmed_table = NULL; if (config.nfacctd_bgp_to_agent_map) { load_id_file(MAP_BGP_TO_XFLOW_AGENT, config.nfacctd_bgp_to_agent_map, &bta_table, &req, &bta_map_allocated); cb_data.bta_table = (u_char *) &bta_table; } else { Log(LOG_ERR, "ERROR ( default/core ): 'bgp_daemon' configured but no 'bgp_agent_map' has been specified. Exiting.\n"); exit(1); } /* Limiting BGP peers to only two: one would suffice in pmacctd but in case maps are reloadable (ie. bta), it could be handy to keep a backup feed in memory */ config.nfacctd_bgp_max_peers = 2; if (config.nfacctd_bgp_iface_to_rd_map) { Log(LOG_ERR, "ERROR ( default/core ): 'bgp_iface_to_rd_map' is not supported by this daemon. Exiting.\n"); exit(1); } cb_data.f_agent = (char *)&client; nfacctd_bgp_wrapper(); /* Let's give the BGP thread some advantage to create its structures */ sleep(5); } #else if (config.nfacctd_bgp) { Log(LOG_ERR, "ERROR ( default/core ): 'bgp_daemon' is available only with threads (--enable-threads). Exiting.\n"); exit(1); } #endif /* Init tunnel handlers */ tunnel_registry_init(); /* plugins glue: creation (until 093) */ evaluate_packet_handlers(); pm_setproctitle("%s [%s]", "Core Process", "default"); if (config.pidfile) write_pid_file(config.pidfile); /* signals to be handled only by pmacctd; we set proper handlers after plugin creation */ signal(SIGINT, my_sigint_handler); signal(SIGTERM, my_sigint_handler); signal(SIGCHLD, handle_falling_child); kill(getpid(), SIGCHLD); /* When reading packets from a savefile, things are lightning fast; we will sit here just few seconds, thus allowing plugins to complete their startup operations */ if (config.pcap_savefile) { Log(LOG_INFO, "INFO ( default/core ): PCAP capture file, sleeping for 2 seconds\n"); sleep(2); } /* Main loop: if pcap_loop() exits maybe an error occurred; we will try closing and reopening again our listening device */ for(;;) { if (!device.active) { Log(LOG_WARNING, "WARN ( default/core ): %s has become unavailable; throttling ...\n", config.dev); throttle_loop: sleep(5); /* XXX: user defined ? */ if ((device.dev_desc = pcap_open_live(config.dev, psize, config.promisc, 1000, errbuf)) == NULL) goto throttle_loop; pcap_setfilter(device.dev_desc, &filter); device.active = TRUE; } pcap_loop(device.dev_desc, -1, pcap_cb, (u_char *) &cb_data); pcap_close(device.dev_desc); if (config.pcap_savefile) { if (config.sf_wait) { fill_pipe_buffer(); Log(LOG_INFO, "INFO ( default/core ): finished reading PCAP capture file\n"); wait(NULL); } stop_all_childs(); } device.active = FALSE; } }
/* no AMQP: when not using map_shared, 'pipe_size' is the size of the pipe created with socketpair(); when map_shared is enabled, it refers to the size of the shared memory area */ void load_plugins(struct plugin_requests *req) { u_int64_t buf_pipe_ratio_sz = 0, pipe_idx = 0; int snd_buflen = 0, rcv_buflen = 0, socklen = 0, target_buflen = 0, ret; int nfprobe_id = 0, min_sz = 0; struct plugins_list_entry *list = plugins_list; int l = sizeof(list->cfg.pipe_size), offset = 0; struct channels_list_entry *chptr = NULL; init_random_seed(); init_pipe_channels(); while (list) { if ((*list->type.func)) { if (list->cfg.data_type & (PIPE_TYPE_METADATA|PIPE_TYPE_PAYLOAD|PIPE_TYPE_MSG)); else { Log(LOG_ERR, "ERROR ( %s/%s ): Data type not supported: %d\n", list->name, list->type.string, list->cfg.data_type); exit(1); } min_sz = ChBufHdrSz; if (list->cfg.data_type & PIPE_TYPE_METADATA) min_sz += PdataSz; if (list->cfg.data_type & PIPE_TYPE_PAYLOAD) { if (list->cfg.acct_type == ACCT_PM && list->cfg.snaplen) min_sz += (PpayloadSz+list->cfg.snaplen); else min_sz += (PpayloadSz+DEFAULT_PLOAD_SIZE); } if (list->cfg.data_type & PIPE_TYPE_EXTRAS) min_sz += PextrasSz; if (list->cfg.data_type & PIPE_TYPE_MSG) min_sz += PmsgSz; if (list->cfg.data_type & PIPE_TYPE_BGP) min_sz += sizeof(struct pkt_bgp_primitives); if (list->cfg.data_type & PIPE_TYPE_NAT) min_sz += sizeof(struct pkt_nat_primitives); if (list->cfg.data_type & PIPE_TYPE_MPLS) min_sz += sizeof(struct pkt_mpls_primitives); if (list->cfg.cpptrs.len) min_sz += list->cfg.cpptrs.len; if (list->cfg.data_type & PIPE_TYPE_VLEN) min_sz += sizeof(struct pkt_vlen_hdr_primitives); /* If nothing is supplied, let's hint some working default values */ if (!list->cfg.pipe_size || !list->cfg.buffer_size) { if (!list->cfg.pipe_size) list->cfg.pipe_size = 4096000; /* 4Mb */ if (!list->cfg.buffer_size) { if (list->cfg.pcap_savefile) list->cfg.buffer_size = 10240; /* 10Kb */ else list->cfg.buffer_size = MIN(min_sz, 10240); } } /* some validations */ if (list->cfg.pipe_size < min_sz) list->cfg.pipe_size = min_sz; if (list->cfg.buffer_size < min_sz) list->cfg.buffer_size = min_sz; if (list->cfg.buffer_size > list->cfg.pipe_size) list->cfg.buffer_size = list->cfg.pipe_size; /* if required let's align plugin_buffer_size to 4 bytes boundary */ #if NEED_ALIGN while (list->cfg.buffer_size % 4 != 0) list->cfg.buffer_size--; #endif if (!list->cfg.pipe_amqp) { /* creating communication channel */ socketpair(AF_UNIX, SOCK_DGRAM, 0, list->pipe); /* checking SO_RCVBUF and SO_SNDBUF values; if different we take the smaller one */ getsockopt(list->pipe[0], SOL_SOCKET, SO_RCVBUF, &rcv_buflen, &l); getsockopt(list->pipe[1], SOL_SOCKET, SO_SNDBUF, &snd_buflen, &l); socklen = (rcv_buflen < snd_buflen) ? rcv_buflen : snd_buflen; buf_pipe_ratio_sz = (list->cfg.pipe_size/list->cfg.buffer_size)*sizeof(char *); if (buf_pipe_ratio_sz > INT_MAX) { Log(LOG_ERR, "ERROR ( %s/%s ): Current plugin_buffer_size elems per plugin_pipe_size: %d. Max: %d.\nExiting.\n", list->name, list->type.string, (list->cfg.pipe_size/list->cfg.buffer_size), (INT_MAX/sizeof(char *))); exit_all(1); } else target_buflen = buf_pipe_ratio_sz; if (target_buflen > socklen) { Setsocksize(list->pipe[0], SOL_SOCKET, SO_RCVBUF, &target_buflen, l); Setsocksize(list->pipe[1], SOL_SOCKET, SO_SNDBUF, &target_buflen, l); } getsockopt(list->pipe[0], SOL_SOCKET, SO_RCVBUF, &rcv_buflen, &l); getsockopt(list->pipe[1], SOL_SOCKET, SO_SNDBUF, &snd_buflen, &l); if (rcv_buflen < snd_buflen) snd_buflen = rcv_buflen; if (snd_buflen < socklen) { Setsocksize(list->pipe[0], SOL_SOCKET, SO_RCVBUF, &socklen, l); Setsocksize(list->pipe[1], SOL_SOCKET, SO_SNDBUF, &socklen, l); getsockopt(list->pipe[0], SOL_SOCKET, SO_RCVBUF, &rcv_buflen, &l); getsockopt(list->pipe[1], SOL_SOCKET, SO_SNDBUF, &snd_buflen, &l); if (rcv_buflen < snd_buflen) snd_buflen = rcv_buflen; } if (list->cfg.debug || (list->cfg.pipe_size > WARNING_PIPE_SIZE)) { Log(LOG_INFO, "INFO ( %s/%s ): plugin_pipe_size=%llu bytes plugin_buffer_size=%llu bytes\n", list->name, list->type.string, list->cfg.pipe_size, list->cfg.buffer_size); if (target_buflen <= snd_buflen) Log(LOG_INFO, "INFO ( %s/%s ): ctrl channel: obtained=%d bytes target=%d bytes\n", list->name, list->type.string, snd_buflen, target_buflen); else /* This should return an error and exit but we fallback to a warning in order to be backward compatible */ Log(LOG_WARNING, "WARN ( %s/%s ): ctrl channel: obtained=%d bytes target=%d bytes\n", list->name, list->type.string, snd_buflen, target_buflen); } } else { pipe_idx++; list->pipe[0] = list->pipe[1] = pipe_idx; } list->cfg.name = list->name; list->cfg.type = list->type.string; list->cfg.type_id = list->type.id; chptr = insert_pipe_channel(list->type.id, &list->cfg, list->pipe[1]); if (!chptr) { Log(LOG_ERR, "ERROR ( %s/%s ): Unable to setup a new Core Process <-> Plugin channel.\nExiting.\n", list->name, list->type.string); exit_all(1); } else chptr->plugin = list; /* sets new value to be assigned to 'wakeup'; 'TRUE' disables on-request wakeup */ if (list->type.id == PLUGIN_ID_MEMORY) chptr->request = TRUE; /* sets fixed/vlen offsets and cleaner routine; XXX: we should refine the cleaner part: 1) ie. extras assumes it's automagically piled with metadata; 2) what if multiple vlen components are stacked up? */ if (list->cfg.data_type & PIPE_TYPE_METADATA) { chptr->clean_func = pkt_data_clean; offset = sizeof(struct pkt_data); } if (list->cfg.data_type & PIPE_TYPE_PAYLOAD) chptr->clean_func = pkt_payload_clean; if (list->cfg.data_type & PIPE_TYPE_EXTRAS) { chptr->extras.off_pkt_extras = offset; offset += sizeof(struct pkt_extras); } if (list->cfg.data_type & PIPE_TYPE_MSG) chptr->clean_func = pkt_msg_clean; if (list->cfg.data_type & PIPE_TYPE_BGP) { chptr->extras.off_pkt_bgp_primitives = offset; offset += sizeof(struct pkt_bgp_primitives); } else chptr->extras.off_pkt_bgp_primitives = 0; if (list->cfg.data_type & PIPE_TYPE_NAT) { chptr->extras.off_pkt_nat_primitives = offset; offset += sizeof(struct pkt_nat_primitives); } else chptr->extras.off_pkt_nat_primitives = 0; if (list->cfg.data_type & PIPE_TYPE_MPLS) { chptr->extras.off_pkt_mpls_primitives = offset; offset += sizeof(struct pkt_mpls_primitives); } else chptr->extras.off_pkt_mpls_primitives = 0; if (list->cfg.cpptrs.len) { chptr->extras.off_custom_primitives = offset; offset += list->cfg.cpptrs.len; } /* PIPE_TYPE_VLEN at the end of the stack so to not make vlen other structures (although possible it would not make much sense) */ if (list->cfg.data_type & PIPE_TYPE_VLEN) { chptr->extras.off_pkt_vlen_hdr_primitives = offset; offset += sizeof(struct pkt_vlen_hdr_primitives); } else chptr->extras.off_pkt_vlen_hdr_primitives = 0; /* any further offset beyond this point must be set to PM_VARIABLE_LENGTH so to indicate plugins to resolve value at runtime. */ chptr->datasize = min_sz-ChBufHdrSz; /* sets nfprobe ID */ if (list->type.id == PLUGIN_ID_NFPROBE) { list->cfg.nfprobe_id = nfprobe_id; nfprobe_id++; } switch (list->pid = fork()) { case -1: /* Something went wrong */ Log(LOG_WARNING, "WARN ( %s/%s ): Unable to initialize plugin: %s\n", list->name, list->type.string, strerror(errno)); delete_pipe_channel(list->pipe[1]); break; case 0: /* Child */ /* SIGCHLD handling issue: SysV avoids zombies by ignoring SIGCHLD; to emulate such semantics on BSD systems, we need an handler like handle_falling_child() */ #if defined (IRIX) || (SOLARIS) signal(SIGCHLD, SIG_IGN); #else signal(SIGCHLD, ignore_falling_child); #endif #if defined HAVE_MALLOPT mallopt(M_CHECK_ACTION, 0); #endif close(config.sock); close(config.bgp_sock); if (!list->cfg.pipe_amqp) close(list->pipe[1]); (*list->type.func)(list->pipe[0], &list->cfg, chptr); exit(0); default: /* Parent */ if (!list->cfg.pipe_amqp) { close(list->pipe[0]); setnonblocking(list->pipe[1]); } break; } /* some residual check */ if (chptr && list->cfg.a_filter) req->bpf_filter = TRUE; } list = list->next; } sort_pipe_channels(); /* define pre_tag_map(s) now so that they don't finish unnecessarily in plugin memory space */ { int ptm_index = 0, ptm_global = FALSE; char *ptm_ptr = NULL; list = plugins_list; while (list) { if (list->cfg.pre_tag_map) { if (!ptm_index) { ptm_ptr = list->cfg.pre_tag_map; ptm_global = TRUE; } else { if (!ptm_ptr || strcmp(ptm_ptr, list->cfg.pre_tag_map)) ptm_global = FALSE; } load_pre_tag_map(config.acct_type, list->cfg.pre_tag_map, &list->cfg.ptm, req, &list->cfg.ptm_alloc, list->cfg.maps_entries, list->cfg.maps_row_len); } list = list->next; ptm_index++; } /* enforcing global flag */ list = plugins_list; while (list) { list->cfg.ptm_global = ptm_global; list = list->next; } } /* AMQP handling, if required */ #ifdef WITH_RABBITMQ { int ret, index, index2; for (index = 0; channels_list[index].aggregation || channels_list[index].aggregation_2; index++) { chptr = &channels_list[index]; list = chptr->plugin; if (list->cfg.pipe_amqp) { plugin_pipe_amqp_init_host(&chptr->amqp_host, list); ret = p_amqp_connect_to_publish(&chptr->amqp_host); if (ret) plugin_pipe_amqp_sleeper_start(chptr); } /* reset core process pipe AMQP routing key */ if (list->type.id == PLUGIN_ID_CORE) list->cfg.pipe_amqp_routing_key = NULL; } for (index = 0; channels_list[index].aggregation || channels_list[index].aggregation_2; index++) { struct plugins_list_entry *list2 = plugins_list; struct channels_list_entry *chptr2 = NULL; chptr = &channels_list[index]; list = chptr->plugin; for (index2 = index; channels_list[index2].aggregation || channels_list[index2].aggregation_2; index2++) { chptr2 = &channels_list[index2]; list2 = chptr2->plugin; if (index2 > index && list->cfg.pipe_amqp_exchange && list->cfg.pipe_amqp_routing_key) { if (!strcmp(list->cfg.pipe_amqp_exchange, list2->cfg.pipe_amqp_exchange) && !strcmp(list->cfg.pipe_amqp_routing_key, list2->cfg.pipe_amqp_routing_key)) { Log(LOG_ERR, "ERROR ( %s/%s ): Duplicated plugin_pipe_amqp_exchange, plugin_pipe_amqp_routing_key: %s, %s\nExiting.\n", list->name, list->type.string, list->cfg.pipe_amqp_exchange, list->cfg.pipe_amqp_routing_key); exit(1); } } } } } #endif /* Kafka handling, if required */ #ifdef WITH_KAFKA { int ret, index, index2; for (index = 0; channels_list[index].aggregation || channels_list[index].aggregation_2; index++) { chptr = &channels_list[index]; list = chptr->plugin; /* XXX: no sleeper thread, trusting librdkafka */ if (list->cfg.pipe_kafka) ret = plugin_pipe_kafka_init_host(&chptr->kafka_host, list, TRUE); /* reset core process pipe Kafka topic */ if (list->type.id == PLUGIN_ID_CORE) list->cfg.pipe_kafka_topic = NULL; } for (index = 0; channels_list[index].aggregation || channels_list[index].aggregation_2; index++) { struct plugins_list_entry *list2 = plugins_list; struct channels_list_entry *chptr2 = NULL; chptr = &channels_list[index]; list = chptr->plugin; for (index2 = index; channels_list[index2].aggregation || channels_list[index2].aggregation_2; index2++) { chptr2 = &channels_list[index2]; list2 = chptr2->plugin; if (index2 > index && list->cfg.pipe_kafka_broker_host && list->cfg.pipe_kafka_topic) { if (!strcmp(list->cfg.pipe_kafka_broker_host, list2->cfg.pipe_kafka_broker_host) && list->cfg.pipe_kafka_broker_port == list2->cfg.pipe_kafka_broker_port && !strcmp(list->cfg.pipe_kafka_topic, list2->cfg.pipe_kafka_topic) /* && XXX: topic partition too? */ ) { Log(LOG_ERR, "ERROR ( %s/%s ): Duplicated plugin_pipe_kafka_broker_*, plugin_pipe_kafka_topic: %s, %s, %s\nExiting.\n", list->name, list->type.string, list->cfg.pipe_kafka_broker_host, list->cfg.pipe_kafka_broker_port, list->cfg.pipe_kafka_topic); exit(1); } } } } } #endif }
int Tee_prepare_sock(struct sockaddr *addr, socklen_t len) { int s, ret = 0; if (!config.tee_transparent) { struct host_addr source_ip; #if defined ENABLE_IPV6 struct sockaddr_storage ssource_ip; #else struct sockaddr ssource_ip; #endif if (config.nfprobe_source_ip) { ret = str_to_addr(config.nfprobe_source_ip, &source_ip); addr_to_sa((struct sockaddr *) &ssource_ip, &source_ip, 0); } if ((s = socket(addr->sa_family, SOCK_DGRAM, 0)) == -1) { Log(LOG_ERR, "ERROR ( %s/%s ): socket() error: %s\n", config.name, config.type, strerror(errno)); exit_plugin(1); } if (config.nfprobe_ipprec) { int opt = config.nfprobe_ipprec << 5; int rc; rc = setsockopt(s, IPPROTO_IP, IP_TOS, &opt, sizeof(opt)); if (rc < 0) Log(LOG_WARNING, "WARN ( %s/%s ): setsockopt() failed for IP_TOS: %s\n", config.name, config.type, strerror(errno)); } if (ret && bind(s, (struct sockaddr *) &ssource_ip, sizeof(ssource_ip)) == -1) Log(LOG_ERR, "ERROR ( %s/%s ): bind() error: %s\n", config.name, config.type, strerror(errno)); } else { int hincl = 1; /* 1 = on, 0 = off */ if ((s = socket(addr->sa_family, SOCK_RAW, IPPROTO_RAW)) == -1) { Log(LOG_ERR, "ERROR ( %s/%s ): socket() error: %s\n", config.name, config.type, strerror(errno)); exit_plugin(1); } #if defined BSD setsockopt(s, IPPROTO_IP, IP_HDRINCL, &hincl, sizeof(hincl)); #endif } if (config.tee_pipe_size) { int l = sizeof(config.tee_pipe_size); int saved = 0, obtained = 0; getsockopt(s, SOL_SOCKET, SO_SNDBUF, &saved, &l); Setsocksize(s, SOL_SOCKET, SO_SNDBUF, &config.tee_pipe_size, sizeof(config.tee_pipe_size)); getsockopt(s, SOL_SOCKET, SO_SNDBUF, &obtained, &l); if (obtained < saved) { Setsocksize(s, SOL_SOCKET, SO_SNDBUF, &saved, l); getsockopt(s, SOL_SOCKET, SO_SNDBUF, &obtained, &l); } Log(LOG_INFO, "INFO ( %s/%s ): tee_pipe_size: obtained=%d target=%d.\n", config.name, config.type, obtained, config.tee_pipe_size); } if (connect(s, (struct sockaddr *)addr, len) == -1) { Log(LOG_ERR, "ERROR ( %s/%s ): connect() error: %s\n", config.name, config.type, strerror(errno)); exit_plugin(1); } return(s); }
void skinny_bmp_daemon() { int slen, clen, ret, rc, peers_idx, allowed, yes=1, no=0; int peers_idx_rr = 0, max_peers_idx = 0; u_int32_t pkt_remaining_len=0; time_t now; afi_t afi; safi_t safi; struct bmp_peer *bmpp = NULL; struct bgp_peer *peer = NULL; #if defined ENABLE_IPV6 struct sockaddr_storage server, client; #else struct sockaddr server, client; #endif struct hosts_table allow; struct host_addr addr; struct bgp_peer_batch bp_batch; /* select() stuff */ fd_set read_descs, bkp_read_descs; int fd, select_fd, bkp_select_fd, recalc_fds, select_num; /* logdump time management */ time_t dump_refresh_deadline; struct timeval dump_refresh_timeout, *drt_ptr; /* initial cleanups */ reload_map_bmp_thread = FALSE; reload_log_bmp_thread = FALSE; memset(&server, 0, sizeof(server)); memset(&client, 0, sizeof(client)); memset(&allow, 0, sizeof(struct hosts_table)); clen = sizeof(client); bmp_routing_db = &inter_domain_routing_dbs[FUNC_TYPE_BMP]; memset(bmp_routing_db, 0, sizeof(struct bgp_rt_structs)); /* socket creation for BMP server: IPv4 only */ #if (defined ENABLE_IPV6) if (!config.nfacctd_bmp_ip) { struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *)&server; sa6->sin6_family = AF_INET6; sa6->sin6_port = htons(config.nfacctd_bmp_port); slen = sizeof(struct sockaddr_in6); } #else if (!config.nfacctd_bmp_ip) { struct sockaddr_in *sa4 = (struct sockaddr_in *)&server; sa4->sin_family = AF_INET; sa4->sin_addr.s_addr = htonl(0); sa4->sin_port = htons(config.nfacctd_bmp_port); slen = sizeof(struct sockaddr_in); } #endif else { trim_spaces(config.nfacctd_bmp_ip); ret = str_to_addr(config.nfacctd_bmp_ip, &addr); if (!ret) { Log(LOG_ERR, "ERROR ( %s/%s ): 'bmp_daemon_ip' value is not a valid IPv4/IPv6 address. Terminating thread.\n", config.name, bmp_misc_db->log_str); exit_all(1); } slen = addr_to_sa((struct sockaddr *)&server, &addr, config.nfacctd_bmp_port); } if (!config.nfacctd_bmp_max_peers) config.nfacctd_bmp_max_peers = BMP_MAX_PEERS_DEFAULT; Log(LOG_INFO, "INFO ( %s/%s ): maximum BMP peers allowed: %d\n", config.name, bmp_misc_db->log_str, config.nfacctd_bmp_max_peers); bmp_peers = malloc(config.nfacctd_bmp_max_peers*sizeof(struct bmp_peer)); if (!bmp_peers) { Log(LOG_ERR, "ERROR ( %s/%s ): Unable to malloc() BMP peers structure. Terminating thread.\n", config.name, bmp_misc_db->log_str); exit_all(1); } memset(bmp_peers, 0, config.nfacctd_bmp_max_peers*sizeof(struct bmp_peer)); if (config.nfacctd_bmp_msglog_file || config.nfacctd_bmp_msglog_amqp_routing_key || config.nfacctd_bmp_msglog_kafka_topic) { if (config.nfacctd_bmp_msglog_file) bmp_misc_db->msglog_backend_methods++; if (config.nfacctd_bmp_msglog_amqp_routing_key) bmp_misc_db->msglog_backend_methods++; if (config.nfacctd_bmp_msglog_kafka_topic) bmp_misc_db->msglog_backend_methods++; if (bmp_misc_db->msglog_backend_methods > 1) { Log(LOG_ERR, "ERROR ( %s/%s ): bmp_daemon_msglog_file, bmp_daemon_msglog_amqp_routing_key and bmp_daemon_msglog_kafka_topic are mutually exclusive. Terminating thread.\n", config.name, bmp_misc_db->log_str); exit_all(1); } } if (config.bmp_dump_file || config.bmp_dump_amqp_routing_key || config.bmp_dump_kafka_topic) { if (config.bmp_dump_file) bmp_misc_db->dump_backend_methods++; if (config.bmp_dump_amqp_routing_key) bmp_misc_db->dump_backend_methods++; if (config.bmp_dump_kafka_topic) bmp_misc_db->dump_backend_methods++; if (bmp_misc_db->dump_backend_methods > 1) { Log(LOG_ERR, "ERROR ( %s/%s ): bmp_dump_file, bmp_dump_amqp_routing_key and bmp_dump_kafka_topic are mutually exclusive. Terminating thread.\n", config.name, bmp_misc_db->log_str); exit_all(1); } } if (bmp_misc_db->msglog_backend_methods || bmp_misc_db->dump_backend_methods) bgp_peer_log_seq_init(&bmp_misc_db->log_seq); if (bmp_misc_db->msglog_backend_methods) { bmp_misc_db->peers_log = malloc(config.nfacctd_bmp_max_peers*sizeof(struct bgp_peer_log)); if (!bmp_misc_db->peers_log) { Log(LOG_ERR, "ERROR ( %s/%s ): Unable to malloc() BMP peers log structure. Terminating thread.\n", config.name, bmp_misc_db->log_str); exit_all(1); } memset(bmp_misc_db->peers_log, 0, config.nfacctd_bmp_max_peers*sizeof(struct bgp_peer_log)); if (config.nfacctd_bmp_msglog_amqp_routing_key) { #ifdef WITH_RABBITMQ bmp_daemon_msglog_init_amqp_host(); p_amqp_connect_to_publish(&bmp_daemon_msglog_amqp_host); if (!config.nfacctd_bmp_msglog_amqp_retry) config.nfacctd_bmp_msglog_amqp_retry = AMQP_DEFAULT_RETRY; #else Log(LOG_WARNING, "WARN ( %s/%s ): p_amqp_connect_to_publish() not possible due to missing --enable-rabbitmq\n", config.name, bmp_misc_db->log_str); #endif } if (config.nfacctd_bmp_msglog_kafka_topic) { #ifdef WITH_KAFKA bmp_daemon_msglog_init_kafka_host(); #else Log(LOG_WARNING, "WARN ( %s/%s ): p_kafka_connect_to_produce() not possible due to missing --enable-kafka\n", config.name, bmp_misc_db->log_str); #endif } } if (!config.bmp_table_attr_hash_buckets) config.bmp_table_attr_hash_buckets = HASHTABSIZE; bgp_attr_init(config.bmp_table_attr_hash_buckets, bmp_routing_db); if (!config.bmp_table_peer_buckets) config.bmp_table_peer_buckets = DEFAULT_BGP_INFO_HASH; if (!config.bmp_table_per_peer_buckets) config.bmp_table_per_peer_buckets = DEFAULT_BGP_INFO_PER_PEER_HASH; if (config.bmp_table_per_peer_hash == BGP_ASPATH_HASH_PATHID) bmp_route_info_modulo = bmp_route_info_modulo_pathid; else { Log(LOG_ERR, "ERROR ( %s/%s ): Unknown 'bmp_table_per_peer_hash' value. Terminating thread.\n", config.name, bmp_misc_db->log_str); exit_all(1); } config.bmp_sock = socket(((struct sockaddr *)&server)->sa_family, SOCK_STREAM, 0); if (config.bmp_sock < 0) { #if (defined ENABLE_IPV6) /* retry with IPv4 */ if (!config.nfacctd_bmp_ip) { struct sockaddr_in *sa4 = (struct sockaddr_in *)&server; sa4->sin_family = AF_INET; sa4->sin_addr.s_addr = htonl(0); sa4->sin_port = htons(config.nfacctd_bmp_port); slen = sizeof(struct sockaddr_in); config.bmp_sock = socket(((struct sockaddr *)&server)->sa_family, SOCK_STREAM, 0); } #endif if (config.bmp_sock < 0) { Log(LOG_ERR, "ERROR ( %s/%s ): thread socket() failed. Terminating thread.\n", config.name, bmp_misc_db->log_str); exit_all(1); } } if (config.nfacctd_bmp_ipprec) { int opt = config.nfacctd_bmp_ipprec << 5; rc = setsockopt(config.bmp_sock, IPPROTO_IP, IP_TOS, &opt, sizeof(opt)); if (rc < 0) Log(LOG_ERR, "WARN ( %s/%s ): setsockopt() failed for IP_TOS (errno: %d).\n", config.name, bmp_misc_db->log_str, errno); } rc = setsockopt(config.bmp_sock, SOL_SOCKET, SO_REUSEADDR, (char *)&yes, sizeof(yes)); if (rc < 0) Log(LOG_ERR, "WARN ( %s/%s ): setsockopt() failed for SO_REUSEADDR (errno: %d).\n", config.name, bmp_misc_db->log_str, errno); #if (defined ENABLE_IPV6) && (defined IPV6_BINDV6ONLY) rc = setsockopt(config.bmp_sock, IPPROTO_IPV6, IPV6_BINDV6ONLY, (char *) &no, (socklen_t) sizeof(no)); if (rc < 0) Log(LOG_ERR, "WARN ( %s/%s ): setsockopt() failed for IPV6_BINDV6ONLY (errno: %d).\n", config.name, bmp_misc_db->log_str, errno); #endif if (config.nfacctd_bmp_pipe_size) { int l = sizeof(config.nfacctd_bmp_pipe_size); int saved = 0, obtained = 0; getsockopt(config.bmp_sock, SOL_SOCKET, SO_RCVBUF, &saved, &l); Setsocksize(config.bmp_sock, SOL_SOCKET, SO_RCVBUF, &config.nfacctd_bmp_pipe_size, sizeof(config.nfacctd_bmp_pipe_size)); getsockopt(config.bmp_sock, SOL_SOCKET, SO_RCVBUF, &obtained, &l); Setsocksize(config.bmp_sock, SOL_SOCKET, SO_RCVBUF, &saved, l); getsockopt(config.bmp_sock, SOL_SOCKET, SO_RCVBUF, &obtained, &l); Log(LOG_INFO, "INFO ( %s/%s ): bmp_daemon_pipe_size: obtained=%d target=%d.\n", config.name, bmp_misc_db->log_str, obtained, config.nfacctd_bmp_pipe_size); } rc = bind(config.bmp_sock, (struct sockaddr *) &server, slen); if (rc < 0) { char null_ip_address[] = "0.0.0.0"; char *ip_address; ip_address = config.nfacctd_bmp_ip ? config.nfacctd_bmp_ip : null_ip_address; Log(LOG_ERR, "ERROR ( %s/%s ): bind() to ip=%s port=%d/tcp failed (errno: %d).\n", config.name, bmp_misc_db->log_str, ip_address, config.nfacctd_bmp_port, errno); exit_all(1); } rc = listen(config.bmp_sock, 1); if (rc < 0) { Log(LOG_ERR, "ERROR ( %s/%s ): listen() failed (errno: %d).\n", config.name, bmp_misc_db->log_str, errno); exit_all(1); } /* Preparing for syncronous I/O multiplexing */ select_fd = 0; FD_ZERO(&bkp_read_descs); FD_SET(config.bmp_sock, &bkp_read_descs); { char srv_string[INET6_ADDRSTRLEN]; struct host_addr srv_addr; u_int16_t srv_port; sa_to_addr((struct sockaddr *)&server, &srv_addr, &srv_port); addr_to_str(srv_string, &srv_addr); Log(LOG_INFO, "INFO ( %s/%s ): waiting for BMP data on %s:%u\n", config.name, bmp_misc_db->log_str, srv_string, srv_port); } /* Preparing ACL, if any */ if (config.nfacctd_bmp_allow_file) load_allow_file(config.nfacctd_bmp_allow_file, &allow); /* Let's initialize clean shared RIB */ for (afi = AFI_IP; afi < AFI_MAX; afi++) { for (safi = SAFI_UNICAST; safi < SAFI_MAX; safi++) { bmp_routing_db->rib[afi][safi] = bgp_table_init(afi, safi); } } /* BMP peers batching checks */ if ((config.nfacctd_bmp_batch && !config.nfacctd_bmp_batch_interval) || (config.nfacctd_bmp_batch_interval && !config.nfacctd_bmp_batch)) { Log(LOG_WARNING, "WARN ( %s/%s ): 'bmp_daemon_batch_interval' and 'bmp_daemon_batch' both set to zero.\n", config.name, bmp_misc_db->log_str); config.nfacctd_bmp_batch = 0; config.nfacctd_bmp_batch_interval = 0; } else bgp_batch_init(&bp_batch, config.nfacctd_bmp_batch, config.nfacctd_bmp_batch_interval); if (bmp_misc_db->msglog_backend_methods) { #ifdef WITH_JANSSON if (!config.nfacctd_bmp_msglog_output) config.nfacctd_bmp_msglog_output = PRINT_OUTPUT_JSON; #else Log(LOG_WARNING, "WARN ( %s/%s ): bmp_daemon_msglog_output set to json but will produce no output (missing --enable-jansson).\n", config.name, bmp_misc_db->log_str); #endif } if (bmp_misc_db->dump_backend_methods) { #ifdef WITH_JANSSON if (!config.bmp_dump_output) config.bmp_dump_output = PRINT_OUTPUT_JSON; #else Log(LOG_WARNING, "WARN ( %s/%s ): bmp_table_dump_output set to json but will produce no output (missing --enable-jansson).\n", config.name, bmp_misc_db->log_str); #endif } if (bmp_misc_db->dump_backend_methods) { char dump_roundoff[] = "m"; time_t tmp_time; if (config.bmp_dump_refresh_time) { gettimeofday(&bmp_misc_db->log_tstamp, NULL); dump_refresh_deadline = bmp_misc_db->log_tstamp.tv_sec; tmp_time = roundoff_time(dump_refresh_deadline, dump_roundoff); while ((tmp_time+config.bmp_dump_refresh_time) < dump_refresh_deadline) { tmp_time += config.bmp_dump_refresh_time; } dump_refresh_deadline = tmp_time; dump_refresh_deadline += config.bmp_dump_refresh_time; /* it's a deadline not a basetime */ } else { config.bmp_dump_file = NULL; bmp_misc_db->dump_backend_methods = FALSE; Log(LOG_WARNING, "WARN ( %s/%s ): Invalid 'bmp_dump_refresh_time'.\n", config.name, bmp_misc_db->log_str); } if (config.bmp_dump_amqp_routing_key) bmp_dump_init_amqp_host(); if (config.bmp_dump_kafka_topic) bmp_dump_init_kafka_host(); } select_fd = bkp_select_fd = (config.bmp_sock + 1); recalc_fds = FALSE; bmp_link_misc_structs(bmp_misc_db); for (;;) { select_again: if (recalc_fds) { select_fd = config.bmp_sock; max_peers_idx = -1; /* .. since valid indexes include 0 */ for (peers_idx = 0; peers_idx < config.nfacctd_bmp_max_peers; peers_idx++) { if (select_fd < bmp_peers[peers_idx].self.fd) select_fd = bmp_peers[peers_idx].self.fd; if (bmp_peers[peers_idx].self.fd) max_peers_idx = peers_idx; } select_fd++; max_peers_idx++; bkp_select_fd = select_fd; recalc_fds = FALSE; } else select_fd = bkp_select_fd; memcpy(&read_descs, &bkp_read_descs, sizeof(bkp_read_descs)); if (bmp_misc_db->dump_backend_methods) { int delta; calc_refresh_timeout_sec(dump_refresh_deadline, bmp_misc_db->log_tstamp.tv_sec, &delta); dump_refresh_timeout.tv_sec = delta; dump_refresh_timeout.tv_usec = 0; drt_ptr = &dump_refresh_timeout; } else drt_ptr = NULL; select_num = select(select_fd, &read_descs, NULL, NULL, drt_ptr); if (select_num < 0) goto select_again; if (reload_map_bmp_thread) { if (config.nfacctd_bmp_allow_file) load_allow_file(config.nfacctd_bmp_allow_file, &allow); reload_map_bmp_thread = FALSE; } if (reload_log_bmp_thread) { for (peers_idx = 0; peers_idx < config.nfacctd_bmp_max_peers; peers_idx++) { if (bmp_misc_db->peers_log[peers_idx].fd) { fclose(bmp_misc_db->peers_log[peers_idx].fd); bmp_misc_db->peers_log[peers_idx].fd = open_output_file(bmp_misc_db->peers_log[peers_idx].filename, "a", FALSE); setlinebuf(bmp_misc_db->peers_log[peers_idx].fd); } else break; } reload_log_bmp_thread = FALSE; } if (bmp_misc_db->msglog_backend_methods || bmp_misc_db->dump_backend_methods) { gettimeofday(&bmp_misc_db->log_tstamp, NULL); compose_timestamp(bmp_misc_db->log_tstamp_str, SRVBUFLEN, &bmp_misc_db->log_tstamp, TRUE, config.timestamps_since_epoch, config.timestamps_rfc3339, config.timestamps_utc); if (bmp_misc_db->dump_backend_methods) { while (bmp_misc_db->log_tstamp.tv_sec > dump_refresh_deadline) { bmp_misc_db->dump.tstamp.tv_sec = dump_refresh_deadline; bmp_misc_db->dump.tstamp.tv_usec = 0; compose_timestamp(bmp_misc_db->dump.tstamp_str, SRVBUFLEN, &bmp_misc_db->dump.tstamp, FALSE, config.timestamps_since_epoch, config.timestamps_rfc3339, config.timestamps_utc); bmp_misc_db->dump.period = config.bmp_dump_refresh_time; bmp_handle_dump_event(); dump_refresh_deadline += config.bmp_dump_refresh_time; } } #ifdef WITH_RABBITMQ if (config.nfacctd_bmp_msglog_amqp_routing_key) { time_t last_fail = P_broker_timers_get_last_fail(&bmp_daemon_msglog_amqp_host.btimers); if (last_fail && ((last_fail + P_broker_timers_get_retry_interval(&bmp_daemon_msglog_amqp_host.btimers)) <= bmp_misc_db->log_tstamp.tv_sec)) { bmp_daemon_msglog_init_amqp_host(); p_amqp_connect_to_publish(&bmp_daemon_msglog_amqp_host); } } #endif #ifdef WITH_KAFKA if (config.nfacctd_bmp_msglog_kafka_topic) { time_t last_fail = P_broker_timers_get_last_fail(&bmp_daemon_msglog_kafka_host.btimers); if (last_fail && ((last_fail + P_broker_timers_get_retry_interval(&bmp_daemon_msglog_kafka_host.btimers)) <= bmp_misc_db->log_tstamp.tv_sec)) bmp_daemon_msglog_init_kafka_host(); } #endif } /* If select_num == 0 then we got out of select() due to a timeout rather than because we had a message from a peer to handle. By now we did all routine checks and can happily return to select() again. */ if (!select_num) goto select_again; /* New connection is coming in */ if (FD_ISSET(config.bmp_sock, &read_descs)) { int peers_check_idx, peers_num; fd = accept(config.bmp_sock, (struct sockaddr *) &client, &clen); if (fd == ERR) goto read_data; #if defined ENABLE_IPV6 ipv4_mapped_to_ipv4(&client); #endif /* If an ACL is defined, here we check against and enforce it */ if (allow.num) allowed = check_allow(&allow, (struct sockaddr *)&client); else allowed = TRUE; if (!allowed) { close(fd); goto read_data; } for (peer = NULL, peers_idx = 0; peers_idx < config.nfacctd_bmp_max_peers; peers_idx++) { if (!bmp_peers[peers_idx].self.fd) { now = time(NULL); /* Admitted if: * batching feature is disabled or * we have room in the current batch or * we can start a new batch */ if (bgp_batch_is_admitted(&bp_batch, now)) { peer = &bmp_peers[peers_idx].self; bmpp = &bmp_peers[peers_idx]; if (bmp_peer_init(bmpp, FUNC_TYPE_BMP)) { peer = NULL; bmpp = NULL; } else recalc_fds = TRUE; log_notification_unset(&log_notifications.bgp_peers_throttling); if (bgp_batch_is_enabled(&bp_batch) && peer) { if (bgp_batch_is_expired(&bp_batch, now)) bgp_batch_reset(&bp_batch, now); if (bgp_batch_is_not_empty(&bp_batch)) bgp_batch_decrease_counter(&bp_batch); } break; } else { /* throttle */ /* We briefly accept the new connection to be able to drop it */ if (!log_notification_isset(&log_notifications.bmp_peers_throttling, now)) { Log(LOG_INFO, "INFO ( %s/%s ): throttling at BMP peer #%u\n", config.name, bmp_misc_db->log_str, peers_idx); log_notification_set(&log_notifications.bmp_peers_throttling, now, FALSE); } close(fd); goto read_data; } } } if (!peer) { int fd; /* We briefly accept the new connection to be able to drop it */ Log(LOG_ERR, "ERROR ( %s/%s ): Insufficient number of BMP peers has been configured by 'bmp_daemon_max_peers' (%d).\n", config.name, bmp_misc_db->log_str, config.nfacctd_bmp_max_peers); close(fd); goto read_data; } peer->fd = fd; FD_SET(peer->fd, &bkp_read_descs); peer->addr.family = ((struct sockaddr *)&client)->sa_family; if (peer->addr.family == AF_INET) { peer->addr.address.ipv4.s_addr = ((struct sockaddr_in *)&client)->sin_addr.s_addr; peer->tcp_port = ntohs(((struct sockaddr_in *)&client)->sin_port); } #if defined ENABLE_IPV6 else if (peer->addr.family == AF_INET6) { memcpy(&peer->addr.address.ipv6, &((struct sockaddr_in6 *)&client)->sin6_addr, 16); peer->tcp_port = ntohs(((struct sockaddr_in6 *)&client)->sin6_port); } #endif addr_to_str(peer->addr_str, &peer->addr); memcpy(&peer->id, &peer->addr, sizeof(struct host_addr)); /* XXX: some inet_ntoa()'s could be around against peer->id */ if (bmp_misc_db->msglog_backend_methods) bgp_peer_log_init(peer, config.nfacctd_bmp_msglog_output, FUNC_TYPE_BMP); if (bmp_misc_db->dump_backend_methods) bmp_dump_init_peer(peer); /* Check: multiple TCP connections per peer */ for (peers_check_idx = 0, peers_num = 0; peers_check_idx < config.nfacctd_bmp_max_peers; peers_check_idx++) { if (peers_idx != peers_check_idx && !memcmp(&bmp_peers[peers_check_idx].self.addr, &peer->addr, sizeof(bmp_peers[peers_check_idx].self.addr))) { if (bmp_misc_db->is_thread && !config.nfacctd_bgp_to_agent_map) { Log(LOG_WARNING, "WARN ( %s/%s ): [%s] Multiple connections from peer and no bgp_agent_map defined.\n", config.name, bmp_misc_db->log_str, bmp_peers[peers_check_idx].self.addr_str); } } else { if (bmp_peers[peers_check_idx].self.fd) peers_num++; } } Log(LOG_INFO, "INFO ( %s/%s ): [%s] BMP peers usage: %u/%u\n", config.name, bmp_misc_db->log_str, peer->addr_str, peers_num, config.nfacctd_bmp_max_peers); } read_data: /* We have something coming in: let's lookup which peer is that. FvD: To avoid starvation of the "later established" peers, we offset the start of the search in a round-robin style. */ for (peer = NULL, peers_idx = 0; peers_idx < max_peers_idx; peers_idx++) { int loc_idx = (peers_idx + peers_idx_rr) % max_peers_idx; if (bmp_peers[loc_idx].self.fd && FD_ISSET(bmp_peers[loc_idx].self.fd, &read_descs)) { peer = &bmp_peers[loc_idx].self; bmpp = &bmp_peers[loc_idx]; peers_idx_rr = (peers_idx_rr + 1) % max_peers_idx; break; } } if (!peer) goto select_again; ret = recv(peer->fd, &peer->buf.base[peer->buf.truncated_len], (peer->buf.len - peer->buf.truncated_len), 0); peer->msglen = (ret + peer->buf.truncated_len); if (ret <= 0) { Log(LOG_INFO, "INFO ( %s/%s ): [%s] BMP connection reset by peer (%d).\n", config.name, bmp_misc_db->log_str, peer->addr_str, errno); FD_CLR(peer->fd, &bkp_read_descs); bmp_peer_close(bmpp, FUNC_TYPE_BMP); recalc_fds = TRUE; goto select_again; } else { pkt_remaining_len = bmp_process_packet(peer->buf.base, peer->msglen, bmpp); /* handling offset for TCP segment reassembly */ if (pkt_remaining_len) peer->buf.truncated_len = bmp_packet_adj_offset(peer->buf.base, peer->buf.len, peer->msglen, pkt_remaining_len, peer->addr_str); else peer->buf.truncated_len = 0; } } }
void skinny_bmp_daemon() { int slen, clen, ret, rc, peers_idx, allowed, yes=1; char bmp_packet[BMP_MAX_PACKET_SIZE], *bmp_packet_ptr; time_t now; afi_t afi; safi_t safi; struct bgp_peer *peer; #if defined ENABLE_IPV6 struct sockaddr_storage server, client; struct ipv6_mreq multi_req6; #else struct sockaddr server, client; #endif struct hosts_table allow; struct host_addr addr; /* BMP peer batching vars */ int bmp_current_batch_elem = 0; time_t bmp_current_batch_stamp_base = 0; /* select() stuff */ fd_set read_descs, bkp_read_descs; int select_fd, select_num; /* logdump time management */ time_t dump_refresh_deadline; struct timeval dump_refresh_timeout, *drt_ptr; /* initial cleanups */ reload_log_bmp_thread = FALSE; memset(&server, 0, sizeof(server)); memset(&client, 0, sizeof(client)); memset(bmp_packet, 0, BMP_MAX_PACKET_SIZE); memset(&allow, 0, sizeof(struct hosts_table)); clen = sizeof(client); /* socket creation for BMP server: IPv4 only */ #if (defined ENABLE_IPV6) if (!config.nfacctd_bmp_ip) { struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *)&server; sa6->sin6_family = AF_INET6; sa6->sin6_port = htons(config.nfacctd_bmp_port); slen = sizeof(struct sockaddr_in6); } #else if (!config.nfacctd_bmp_ip) { struct sockaddr_in *sa4 = (struct sockaddr_in *)&server; sa4->sin_family = AF_INET; sa4->sin_addr.s_addr = htonl(0); sa4->sin_port = htons(config.nfacctd_bmp_port); slen = sizeof(struct sockaddr_in); } #endif else { trim_spaces(config.nfacctd_bmp_ip); ret = str_to_addr(config.nfacctd_bmp_ip, &addr); if (!ret) { Log(LOG_ERR, "ERROR ( %s/core/BMP ): 'bmp_daemon_ip' value is not a valid IPv4/IPv6 address. Terminating thread.\n", config.name); exit_all(1); } slen = addr_to_sa((struct sockaddr *)&server, &addr, config.nfacctd_bmp_port); } if (!config.nfacctd_bmp_max_peers) config.nfacctd_bmp_max_peers = BMP_MAX_PEERS_DEFAULT; Log(LOG_INFO, "INFO ( %s/core/BMP ): maximum BMP peers allowed: %d\n", config.name, config.nfacctd_bmp_max_peers); bmp_peers = malloc(config.nfacctd_bmp_max_peers*sizeof(struct bgp_peer)); if (!bmp_peers) { Log(LOG_ERR, "ERROR ( %s/core/BMP ): Unable to malloc() BMP peers structure. Terminating thread.\n", config.name); exit_all(1); } memset(bmp_peers, 0, config.nfacctd_bmp_max_peers*sizeof(struct bgp_peer)); if (config.nfacctd_bmp_msglog_file && config.nfacctd_bmp_msglog_amqp_routing_key) { Log(LOG_ERR, "ERROR ( %s/core/BMP ): bmp_daemon_msglog_file and bmp_daemon_msglog_amqp_routing_key are mutually exclusive. Terminating thread.\n", config.name); exit_all(1); } if (config.bmp_dump_file && config.bmp_dump_amqp_routing_key) { Log(LOG_ERR, "ERROR ( %s/core/BMP ): bmp_dump_file and bmp_dump_amqp_routing_key are mutually exclusive. Terminating thread.\n", config.name); exit_all(1); } if (config.nfacctd_bmp_msglog_file || config.nfacctd_bmp_msglog_amqp_routing_key) { bmp_peers_log = malloc(config.nfacctd_bmp_max_peers*sizeof(struct bgp_peer_log)); if (!bmp_peers_log) { Log(LOG_ERR, "ERROR ( %s/core/BMP ): Unable to malloc() BMP peers log structure. Terminating thread.\n", config.name); exit_all(1); } memset(bmp_peers_log, 0, config.nfacctd_bmp_max_peers*sizeof(struct bgp_peer_log)); bgp_peer_log_seq_init(&bmp_log_seq); if (config.nfacctd_bmp_msglog_amqp_routing_key) { #ifdef WITH_RABBITMQ bmp_daemon_msglog_init_amqp_host(); p_amqp_connect_to_publish(&bmp_daemon_msglog_amqp_host); if (!config.nfacctd_bmp_msglog_amqp_retry) config.nfacctd_bmp_msglog_amqp_retry = AMQP_DEFAULT_RETRY; #else Log(LOG_WARNING, "WARN ( %s/core/BMP ): p_amqp_connect_to_publish() not possible due to missing --enable-rabbitmq\n", config.name); #endif } } if (!config.bmp_table_attr_hash_buckets) config.bmp_table_attr_hash_buckets = HASHTABSIZE; bmp_attr_init(); if (!config.bmp_table_peer_buckets) config.bmp_table_peer_buckets = DEFAULT_BGP_INFO_HASH; if (!config.bmp_table_per_peer_buckets) config.bmp_table_per_peer_buckets = DEFAULT_BGP_INFO_PER_PEER_HASH; if (config.bmp_table_per_peer_hash == BGP_ASPATH_HASH_PATHID) bmp_route_info_modulo = bgp_route_info_modulo_pathid; else { Log(LOG_ERR, "ERROR ( %s/core/BMP ): Unknown 'bmp_table_per_peer_hash' value. Terminating thread.\n", config.name); exit_all(1); } config.bmp_sock = socket(((struct sockaddr *)&server)->sa_family, SOCK_STREAM, 0); if (config.bmp_sock < 0) { #if (defined ENABLE_IPV6) /* retry with IPv4 */ if (!config.nfacctd_bmp_ip) { struct sockaddr_in *sa4 = (struct sockaddr_in *)&server; sa4->sin_family = AF_INET; sa4->sin_addr.s_addr = htonl(0); sa4->sin_port = htons(config.nfacctd_bmp_port); slen = sizeof(struct sockaddr_in); config.bmp_sock = socket(((struct sockaddr *)&server)->sa_family, SOCK_STREAM, 0); } #endif if (config.bmp_sock < 0) { Log(LOG_ERR, "ERROR ( %s/core/BMP ): thread socket() failed. Terminating thread.\n", config.name); exit_all(1); } } if (config.nfacctd_bmp_ipprec) { int opt = config.nfacctd_bmp_ipprec << 5; rc = setsockopt(config.bmp_sock, IPPROTO_IP, IP_TOS, &opt, sizeof(opt)); if (rc < 0) Log(LOG_ERR, "WARN ( %s/core/BMP ): setsockopt() failed for IP_TOS (errno: %d).\n", config.name, errno); } rc = setsockopt(config.bmp_sock, SOL_SOCKET, SO_REUSEADDR, (char *)&yes, sizeof(yes)); if (rc < 0) Log(LOG_ERR, "WARN ( %s/core/BMP ): setsockopt() failed for SO_REUSEADDR (errno: %d).\n", config.name, errno); if (config.nfacctd_bmp_pipe_size) { int l = sizeof(config.nfacctd_bmp_pipe_size); int saved = 0, obtained = 0; getsockopt(config.bmp_sock, SOL_SOCKET, SO_RCVBUF, &saved, &l); Setsocksize(config.bmp_sock, SOL_SOCKET, SO_RCVBUF, &config.nfacctd_bmp_pipe_size, sizeof(config.nfacctd_bmp_pipe_size)); getsockopt(config.bmp_sock, SOL_SOCKET, SO_RCVBUF, &obtained, &l); Setsocksize(config.bmp_sock, SOL_SOCKET, SO_RCVBUF, &saved, l); getsockopt(config.bmp_sock, SOL_SOCKET, SO_RCVBUF, &obtained, &l); Log(LOG_INFO, "INFO ( %s/core/BMP ): bmp_daemon_pipe_size: obtained=%d target=%d.\n", config.name, obtained, config.nfacctd_bmp_pipe_size); } rc = bind(config.bmp_sock, (struct sockaddr *) &server, slen); if (rc < 0) { char null_ip_address[] = "0.0.0.0"; char *ip_address; ip_address = config.nfacctd_bmp_ip ? config.nfacctd_bmp_ip : null_ip_address; Log(LOG_ERR, "ERROR ( %s/core/BMP ): bind() to ip=%s port=%d/tcp failed (errno: %d).\n", config.name, ip_address, config.nfacctd_bmp_port, errno); exit_all(1); } rc = listen(config.bmp_sock, 1); if (rc < 0) { Log(LOG_ERR, "ERROR ( %s/core/BMP ): listen() failed (errno: %d).\n", config.name, errno); exit_all(1); } /* Preparing for syncronous I/O multiplexing */ select_fd = 0; FD_ZERO(&bkp_read_descs); FD_SET(config.bmp_sock, &bkp_read_descs); { char srv_string[INET6_ADDRSTRLEN]; struct host_addr srv_addr; u_int16_t srv_port; sa_to_addr(&server, &srv_addr, &srv_port); addr_to_str(srv_string, &srv_addr); Log(LOG_INFO, "INFO ( %s/core/BMP ): waiting for BMP data on %s:%u\n", config.name, srv_string, srv_port); } /* Preparing ACL, if any */ if (config.nfacctd_bmp_allow_file) load_allow_file(config.nfacctd_bmp_allow_file, &allow); /* Let's initialize clean shared RIB */ for (afi = AFI_IP; afi < AFI_MAX; afi++) { for (safi = SAFI_UNICAST; safi < SAFI_MAX; safi++) { bmp_rib[afi][safi] = bgp_table_init(afi, safi); } } /* BMP peers batching checks */ if ((config.nfacctd_bmp_batch && !config.nfacctd_bmp_batch_interval) || (config.nfacctd_bmp_batch_interval && !config.nfacctd_bmp_batch)) { Log(LOG_WARNING, "WARN ( %s/core/BMP ): 'bmp_daemon_batch_interval' and 'bmp_daemon_batch' both set to zero.\n", config.name); config.nfacctd_bmp_batch = 0; config.nfacctd_bmp_batch_interval = 0; } if (!config.nfacctd_bmp_msglog_output && (config.nfacctd_bmp_msglog_file || config.nfacctd_bmp_msglog_amqp_routing_key)) #ifdef WITH_JANSSON config.nfacctd_bmp_msglog_output = PRINT_OUTPUT_JSON; #else Log(LOG_WARNING, "WARN ( %s/core/BMP ): bmp_daemon_msglog_output set to json but will produce no output (missing --enable-jansson).\n", config.name); #endif if (!config.bmp_dump_output && (config.bmp_dump_file || config.bmp_dump_amqp_routing_key)) #ifdef WITH_JANSSON config.bmp_dump_output = PRINT_OUTPUT_JSON; #else Log(LOG_WARNING, "WARN ( %s/core/BMP ): bmp_table_dump_output set to json but will produce no output (missing --enable-jansson).\n", config.name); #endif if (config.bmp_dump_file || config.bmp_dump_amqp_routing_key) { char dump_roundoff[] = "m"; time_t tmp_time; if (config.bmp_dump_refresh_time) { gettimeofday(&bmp_log_tstamp, NULL); dump_refresh_deadline = bmp_log_tstamp.tv_sec; tmp_time = roundoff_time(dump_refresh_deadline, dump_roundoff); while ((tmp_time+config.bmp_dump_refresh_time) < dump_refresh_deadline) { tmp_time += config.bmp_dump_refresh_time; } dump_refresh_deadline = tmp_time; dump_refresh_deadline += config.bmp_dump_refresh_time; /* it's a deadline not a basetime */ } else { config.bmp_dump_file = NULL; Log(LOG_WARNING, "WARN ( %s/core/BMP ): Invalid 'bmp_dump_refresh_time'.\n", config.name); } bmp_dump_init_amqp_host(); } for (;;) { select_again: select_fd = config.bmp_sock; for (peers_idx = 0; peers_idx < config.nfacctd_bmp_max_peers; peers_idx++) if (select_fd < bmp_peers[peers_idx].fd) select_fd = bmp_peers[peers_idx].fd; select_fd++; memcpy(&read_descs, &bkp_read_descs, sizeof(bkp_read_descs)); if (config.bmp_dump_file || config.bmp_dump_amqp_routing_key) { int delta; calc_refresh_timeout_sec(dump_refresh_deadline, bmp_log_tstamp.tv_sec, &delta); dump_refresh_timeout.tv_sec = delta; dump_refresh_timeout.tv_usec = 0; drt_ptr = &dump_refresh_timeout; } else drt_ptr = NULL; select_num = select(select_fd, &read_descs, NULL, NULL, drt_ptr); if (select_num < 0) goto select_again; if (reload_log_bmp_thread) { for (peers_idx = 0; peers_idx < config.nfacctd_bmp_max_peers; peers_idx++) { if (bmp_peers_log[peers_idx].fd) { fclose(bmp_peers_log[peers_idx].fd); bmp_peers_log[peers_idx].fd = open_logfile(bmp_peers_log[peers_idx].filename, "a"); } else break; } } if (config.nfacctd_bmp_msglog_file || config.nfacctd_bmp_msglog_amqp_routing_key || config.bmp_dump_file || config.bmp_dump_amqp_routing_key) { gettimeofday(&bmp_log_tstamp, NULL); compose_timestamp(bmp_log_tstamp_str, SRVBUFLEN, &bmp_log_tstamp, TRUE, config.sql_history_since_epoch); if (config.bmp_dump_file || config.bmp_dump_amqp_routing_key) { while (bmp_log_tstamp.tv_sec > dump_refresh_deadline) { bmp_handle_dump_event(); dump_refresh_deadline += config.bmp_dump_refresh_time; } } #ifdef WITH_RABBITMQ if (config.nfacctd_bmp_msglog_amqp_routing_key) { time_t last_fail = p_amqp_get_last_fail(&bmp_daemon_msglog_amqp_host); if (last_fail && ((last_fail + p_amqp_get_retry_interval(&bmp_daemon_msglog_amqp_host)) <= log_tstamp.tv_sec)) { bmp_daemon_msglog_init_amqp_host(); p_amqp_connect_to_publish(&bmp_daemon_msglog_amqp_host); } } #endif } /* If select_num == 0 then we got out of select() due to a timeout rather than because we had a message from a peeer to handle. By now we did all routine checks and can happily return to selet() again. */ if (!select_num) goto select_again; /* New connection is coming in */ if (FD_ISSET(config.bmp_sock, &read_descs)) { int peers_check_idx, peers_num; for (peer = NULL, peers_idx = 0; peers_idx < config.nfacctd_bmp_max_peers; peers_idx++) { if (bmp_peers[peers_idx].fd == 0) { now = time(NULL); if (bmp_current_batch_elem > 0 || now > (bmp_current_batch_stamp_base + config.nfacctd_bmp_batch_interval)) { peer = &bmp_peers[peers_idx]; if (bgp_peer_init(peer)) peer = NULL; log_notification_unset(&log_notifications.bmp_peers_throttling); if (config.nfacctd_bmp_batch && peer) { if (now > (bmp_current_batch_stamp_base + config.nfacctd_bmp_batch_interval)) { bmp_current_batch_elem = config.nfacctd_bmp_batch; bmp_current_batch_stamp_base = now; } if (bmp_current_batch_elem > 0) bmp_current_batch_elem--; } break; } else { /* throttle */ int fd = 0; /* We briefly accept the new connection to be able to drop it */ if (!log_notification_isset(log_notifications.bmp_peers_throttling)) { Log(LOG_INFO, "INFO ( %s/core/BMP ): throttling at BMP peer #%u\n", config.name, peers_idx); log_notification_set(&log_notifications.bmp_peers_throttling); } fd = accept(config.bmp_sock, (struct sockaddr *) &client, &clen); close(fd); goto select_again; } } } if (!peer) { int fd; /* We briefly accept the new connection to be able to drop it */ Log(LOG_ERR, "ERROR ( %s/core/BMP ): Insufficient number of BMP peers has been configured by 'bmp_daemon_max_peers' (%d).\n", config.name, config.nfacctd_bmp_max_peers); fd = accept(config.bmp_sock, (struct sockaddr *) &client, &clen); close(fd); goto select_again; } peer->fd = accept(config.bmp_sock, (struct sockaddr *) &client, &clen); #if defined ENABLE_IPV6 ipv4_mapped_to_ipv4(&client); #endif /* If an ACL is defined, here we check against and enforce it */ if (allow.num) allowed = check_allow(&allow, (struct sockaddr *)&client); else allowed = TRUE; if (!allowed) { bgp_peer_close(peer, FUNC_TYPE_BMP); goto select_again; } FD_SET(peer->fd, &bkp_read_descs); peer->addr.family = ((struct sockaddr *)&client)->sa_family; if (peer->addr.family == AF_INET) { peer->addr.address.ipv4.s_addr = ((struct sockaddr_in *)&client)->sin_addr.s_addr; peer->tcp_port = ntohs(((struct sockaddr_in *)&client)->sin_port); } #if defined ENABLE_IPV6 else if (peer->addr.family == AF_INET6) { memcpy(&peer->addr.address.ipv6, &((struct sockaddr_in6 *)&client)->sin6_addr, 16); peer->tcp_port = ntohs(((struct sockaddr_in6 *)&client)->sin6_port); } #endif addr_to_str(peer->addr_str, &peer->addr); memcpy(&peer->id, &peer->addr, sizeof(struct host_addr)); /* XXX: some inet_ntoa()'s could be around against peer->id */ if (config.nfacctd_bmp_msglog_file || config.nfacctd_bmp_msglog_amqp_routing_key) bgp_peer_log_init(peer, config.nfacctd_bmp_msglog_output, FUNC_TYPE_BMP); if (config.bmp_dump_file || config.bmp_dump_amqp_routing_key) bmp_dump_init_peer(peer); /* Check: only one TCP connection is allowed per peer */ for (peers_check_idx = 0, peers_num = 0; peers_check_idx < config.nfacctd_bmp_max_peers; peers_check_idx++) { if (peers_idx != peers_check_idx && !memcmp(&bmp_peers[peers_check_idx].addr, &peer->addr, sizeof(bmp_peers[peers_check_idx].addr))) { Log(LOG_ERR, "ERROR ( %s/core/BMP ): [Id: %s] Refusing new connection from existing peer.\n", config.name, bmp_peers[peers_check_idx].addr_str); FD_CLR(peer->fd, &bkp_read_descs); bgp_peer_close(peer, FUNC_TYPE_BMP); goto select_again; } else { if (bmp_peers[peers_check_idx].fd) peers_num++; } } Log(LOG_INFO, "INFO ( %s/core/BMP ): BMP peers usage: %u/%u\n", config.name, peers_num, config.nfacctd_bmp_max_peers); if (config.nfacctd_bmp_neighbors_file) write_neighbors_file(config.nfacctd_bmp_neighbors_file); goto select_again; } /* We have something coming in: let's lookup which peer is that; XXX old: to be optimized */ for (peer = NULL, peers_idx = 0; peers_idx < config.nfacctd_bmp_max_peers; peers_idx++) { if (bmp_peers[peers_idx].fd && FD_ISSET(bmp_peers[peers_idx].fd, &read_descs)) { peer = &bmp_peers[peers_idx]; break; } } if (!peer) { Log(LOG_ERR, "ERROR ( %s/core/BMP ): message delivered to an unknown peer (FD bits: %d; FD max: %d)\n", config.name, select_num, select_fd); goto select_again; } peer->msglen = ret = recv(peer->fd, bmp_packet, BMP_MAX_PACKET_SIZE, 0); if (ret <= 0) { Log(LOG_INFO, "INFO ( %s/core/BMP ): [Id: %s] Existing BMP connection was reset (%d).\n", config.name, peer->addr_str, errno); FD_CLR(peer->fd, &bkp_read_descs); bgp_peer_close(peer, FUNC_TYPE_BMP); goto select_again; } else bmp_process_packet(bmp_packet, peer->msglen, peer); } }
void telemetry_daemon(void *t_data_void) { struct telemetry_data *t_data = t_data_void; telemetry_peer_udp_cache tpuc; int slen, clen, ret, rc, peers_idx, allowed, yes=1, no=0; int peers_idx_rr = 0, max_peers_idx = 0, peers_num = 0; int decoder = 0, data_decoder = 0, recv_flags = 0; u_int16_t port = 0; char *srv_proto = NULL; time_t now, last_udp_timeout_check; telemetry_peer *peer = NULL; telemetry_peer_z *peer_z = NULL; #if defined ENABLE_IPV6 struct sockaddr_storage server, client; #else struct sockaddr server, client; #endif struct hosts_table allow; struct host_addr addr; /* select() stuff */ fd_set read_descs, bkp_read_descs; int fd, select_fd, bkp_select_fd, recalc_fds, select_num; /* logdump time management */ time_t dump_refresh_deadline; struct timeval dump_refresh_timeout, *drt_ptr; if (!t_data) { Log(LOG_ERR, "ERROR ( %s/%s ): telemetry_daemon(): missing telemetry data. Terminating.\n", config.name, t_data->log_str); exit_all(1); } /* initial cleanups */ reload_log_telemetry_thread = FALSE; memset(&server, 0, sizeof(server)); memset(&client, 0, sizeof(client)); memset(&allow, 0, sizeof(struct hosts_table)); clen = sizeof(client); telemetry_peers_udp_cache = NULL; last_udp_timeout_check = FALSE; telemetry_misc_db = &inter_domain_misc_dbs[FUNC_TYPE_TELEMETRY]; memset(telemetry_misc_db, 0, sizeof(telemetry_misc_structs)); /* initialize variables */ if (config.telemetry_port_tcp && config.telemetry_port_udp) { Log(LOG_ERR, "ERROR ( %s/%s ): telemetry_daemon_port_tcp and telemetry_daemon_port_udp are mutually exclusive. Terminating.\n", config.name, t_data->log_str); exit_all(1); } else if (!config.telemetry_port_tcp && !config.telemetry_port_udp) { /* defaulting to TCP */ port = config.telemetry_port_tcp = TELEMETRY_TCP_PORT; srv_proto = malloc(strlen("tcp") + 1); strcpy(srv_proto, "tcp"); } else { if (config.telemetry_port_tcp) { port = config.telemetry_port_tcp; srv_proto = malloc(strlen("tcp") + 1); strcpy(srv_proto, "tcp"); } if (config.telemetry_port_udp) { port = config.telemetry_port_udp; srv_proto = malloc(strlen("udp") + 1); strcpy(srv_proto, "udp"); } } /* socket creation for telemetry server: IPv4 only */ #if (defined ENABLE_IPV6) if (!config.telemetry_ip) { struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *)&server; sa6->sin6_family = AF_INET6; sa6->sin6_port = htons(port); slen = sizeof(struct sockaddr_in6); } #else if (!config.telemetry_ip) { struct sockaddr_in *sa4 = (struct sockaddr_in *)&server; sa4->sin_family = AF_INET; sa4->sin_addr.s_addr = htonl(0); sa4->sin_port = htons(port); slen = sizeof(struct sockaddr_in); } #endif else { trim_spaces(config.telemetry_ip); ret = str_to_addr(config.telemetry_ip, &addr); if (!ret) { Log(LOG_ERR, "ERROR ( %s/%s ): telemetry_daemon_ip value is not a valid IPv4/IPv6 address. Terminating.\n", config.name, t_data->log_str); exit_all(1); } slen = addr_to_sa((struct sockaddr *)&server, &addr, port); } if (!config.telemetry_decoder) { Log(LOG_ERR, "ERROR ( %s/%s ): telemetry_daemon_decoder is not specified. Terminating.\n", config.name, t_data->log_str); exit_all(1); } else { if (!strcmp(config.telemetry_decoder, "json")) decoder = TELEMETRY_DECODER_JSON; else if (!strcmp(config.telemetry_decoder, "zjson")) { #if defined (HAVE_ZLIB) decoder = TELEMETRY_DECODER_ZJSON; #else Log(LOG_ERR, "ERROR ( %s/%s ): telemetry_daemon_decoder set to 'zjson' but zlib not available. Terminating.\n", config.name, t_data->log_str); exit_all(1); #endif } else if (!strcmp(config.telemetry_decoder, "cisco_json")) decoder = TELEMETRY_DECODER_CISCO_JSON; else if (!strcmp(config.telemetry_decoder, "cisco_zjson")) { #if defined (HAVE_ZLIB) decoder = TELEMETRY_DECODER_CISCO_ZJSON; #else Log(LOG_ERR, "ERROR ( %s/%s ): telemetry_daemon_decoder set to 'cisco_zjson' but zlib not available. Terminating.\n", config.name, t_data->log_str); exit_all(1); #endif } else if (!strcmp(config.telemetry_decoder, "cisco")) decoder = TELEMETRY_DECODER_CISCO; else if (!strcmp(config.telemetry_decoder, "cisco_gpb")) decoder = TELEMETRY_DECODER_CISCO_GPB; else if (!strcmp(config.telemetry_decoder, "cisco_gpb_kv")) decoder = TELEMETRY_DECODER_CISCO_GPB_KV; else { Log(LOG_ERR, "ERROR ( %s/%s ): telemetry_daemon_decoder set to unknown value. Terminating.\n", config.name, t_data->log_str); exit_all(1); } } if (!config.telemetry_max_peers) config.telemetry_max_peers = TELEMETRY_MAX_PEERS_DEFAULT; Log(LOG_INFO, "INFO ( %s/%s ): maximum telemetry peers allowed: %d\n", config.name, t_data->log_str, config.telemetry_max_peers); if (config.telemetry_port_udp) { if (!config.telemetry_udp_timeout) config.telemetry_udp_timeout = TELEMETRY_UDP_TIMEOUT_DEFAULT; Log(LOG_INFO, "INFO ( %s/%s ): telemetry UDP peers timeout: %u\n", config.name, t_data->log_str, config.telemetry_udp_timeout); } telemetry_peers = malloc(config.telemetry_max_peers*sizeof(telemetry_peer)); if (!telemetry_peers) { Log(LOG_ERR, "ERROR ( %s/%s ): Unable to malloc() telemetry_peers structure. Terminating.\n", config.name, t_data->log_str); exit_all(1); } memset(telemetry_peers, 0, config.telemetry_max_peers*sizeof(telemetry_peer)); if (telemetry_is_zjson(decoder)) { telemetry_peers_z = malloc(config.telemetry_max_peers*sizeof(telemetry_peer_z)); if (!telemetry_peers_z) { Log(LOG_ERR, "ERROR ( %s/%s ): Unable to malloc() telemetry_peers_z structure. Terminating.\n", config.name, t_data->log_str); exit_all(1); } memset(telemetry_peers_z, 0, config.telemetry_max_peers*sizeof(telemetry_peer_z)); } if (config.telemetry_port_udp) { telemetry_peers_udp_timeout = malloc(config.telemetry_max_peers*sizeof(telemetry_peer_udp_timeout)); if (!telemetry_peers_udp_timeout) { Log(LOG_ERR, "ERROR ( %s/%s ): Unable to malloc() telemetry_peers_udp_timeout structure. Terminating.\n", config.name, t_data->log_str); exit_all(1); } memset(telemetry_peers_udp_timeout, 0, config.telemetry_max_peers*sizeof(telemetry_peer_udp_timeout)); } if (config.telemetry_msglog_file || config.telemetry_msglog_amqp_routing_key || config.telemetry_msglog_kafka_topic) { if (config.telemetry_msglog_file) telemetry_misc_db->msglog_backend_methods++; if (config.telemetry_msglog_amqp_routing_key) telemetry_misc_db->msglog_backend_methods++; if (config.telemetry_msglog_kafka_topic) telemetry_misc_db->msglog_backend_methods++; if (telemetry_misc_db->msglog_backend_methods > 1) { Log(LOG_ERR, "ERROR ( %s/%s ): telemetry_daemon_msglog_file, telemetry_daemon_msglog_amqp_routing_key and telemetry_daemon_msglog_kafka_topic are mutually exclusive. Terminating.\n", config.name, t_data->log_str); exit_all(1); } } if (config.telemetry_dump_file || config.telemetry_dump_amqp_routing_key || config.telemetry_dump_kafka_topic) { if (config.telemetry_dump_file) telemetry_misc_db->dump_backend_methods++; if (config.telemetry_dump_amqp_routing_key) telemetry_misc_db->dump_backend_methods++; if (config.telemetry_dump_kafka_topic) telemetry_misc_db->dump_backend_methods++; if (telemetry_misc_db->dump_backend_methods > 1) { Log(LOG_ERR, "ERROR ( %s/%s ): telemetry_dump_file, telemetry_dump_amqp_routing_key and telemetry_dump_kafka_topic are mutually exclusive. Terminating.\n", config.name, t_data->log_str); exit_all(1); } } if (telemetry_misc_db->msglog_backend_methods) { telemetry_misc_db->peers_log = malloc(config.telemetry_max_peers*sizeof(telemetry_peer_log)); if (!telemetry_misc_db->peers_log) { Log(LOG_ERR, "ERROR ( %s/%s ): Unable to malloc() telemetry peers_log structure. Terminating.\n", config.name, t_data->log_str); exit_all(1); } memset(telemetry_misc_db->peers_log, 0, config.telemetry_max_peers*sizeof(telemetry_peer_log)); telemetry_peer_log_seq_init(&telemetry_misc_db->log_seq); if (config.telemetry_msglog_amqp_routing_key) { #ifdef WITH_RABBITMQ telemetry_daemon_msglog_init_amqp_host(); p_amqp_connect_to_publish(&telemetry_daemon_msglog_amqp_host); if (!config.telemetry_msglog_amqp_retry) config.telemetry_msglog_amqp_retry = AMQP_DEFAULT_RETRY; #else Log(LOG_WARNING, "WARN ( %s/%s ): p_amqp_connect_to_publish() not possible due to missing --enable-rabbitmq\n", config.name, t_data->log_str); #endif } if (config.telemetry_msglog_kafka_topic) { #ifdef WITH_KAFKA telemetry_daemon_msglog_init_kafka_host(); #else Log(LOG_WARNING, "WARN ( %s/%s ): p_kafka_connect_to_produce() not possible due to missing --enable-kafka\n", config.name, t_data->log_str); #endif } } if (config.telemetry_port_tcp) config.telemetry_sock = socket(((struct sockaddr *)&server)->sa_family, SOCK_STREAM, 0); else if (config.telemetry_port_udp) config.telemetry_sock = socket(((struct sockaddr *)&server)->sa_family, SOCK_DGRAM, 0); if (config.telemetry_sock < 0) { #if (defined ENABLE_IPV6) /* retry with IPv4 */ if (!config.telemetry_ip) { struct sockaddr_in *sa4 = (struct sockaddr_in *)&server; sa4->sin_family = AF_INET; sa4->sin_addr.s_addr = htonl(0); sa4->sin_port = htons(port); slen = sizeof(struct sockaddr_in); if (config.telemetry_port_tcp) config.telemetry_sock = socket(((struct sockaddr *)&server)->sa_family, SOCK_STREAM, 0); else if (config.telemetry_port_udp) config.telemetry_sock = socket(((struct sockaddr *)&server)->sa_family, SOCK_DGRAM, 0); } #endif if (config.telemetry_sock < 0) { Log(LOG_ERR, "ERROR ( %s/%s ): socket() failed. Terminating.\n", config.name, t_data->log_str); exit_all(1); } } if (config.telemetry_ipprec) { int opt = config.telemetry_ipprec << 5; rc = setsockopt(config.telemetry_sock, IPPROTO_IP, IP_TOS, &opt, sizeof(opt)); if (rc < 0) Log(LOG_ERR, "WARN ( %s/%s ): setsockopt() failed for IP_TOS (errno: %d).\n", config.name, t_data->log_str, errno); } rc = setsockopt(config.telemetry_sock, SOL_SOCKET, SO_REUSEADDR, (char *)&yes, sizeof(yes)); if (rc < 0) Log(LOG_ERR, "WARN ( %s/%s ): setsockopt() failed for SO_REUSEADDR (errno: %d).\n", config.name, t_data->log_str, errno); #if (defined ENABLE_IPV6) && (defined IPV6_BINDV6ONLY) rc = setsockopt(config.telemetry_sock, IPPROTO_IPV6, IPV6_BINDV6ONLY, (char *) &no, (socklen_t) sizeof(no)); if (rc < 0) Log(LOG_ERR, "WARN ( %s/%s ): setsockopt() failed for IPV6_BINDV6ONLY (errno: %d).\n", config.name, t_data->log_str, errno); #endif if (config.telemetry_pipe_size) { int l = sizeof(config.telemetry_pipe_size); int saved = 0, obtained = 0; getsockopt(config.telemetry_sock, SOL_SOCKET, SO_RCVBUF, &saved, &l); Setsocksize(config.telemetry_sock, SOL_SOCKET, SO_RCVBUF, &config.telemetry_pipe_size, sizeof(config.telemetry_pipe_size)); getsockopt(config.telemetry_sock, SOL_SOCKET, SO_RCVBUF, &obtained, &l); Setsocksize(config.telemetry_sock, SOL_SOCKET, SO_RCVBUF, &saved, l); getsockopt(config.telemetry_sock, SOL_SOCKET, SO_RCVBUF, &obtained, &l); Log(LOG_INFO, "INFO ( %s/%s ): telemetry_daemon_pipe_size: obtained=%d target=%d.\n", config.name, t_data->log_str, obtained, config.telemetry_pipe_size); } rc = bind(config.telemetry_sock, (struct sockaddr *) &server, slen); if (rc < 0) { char null_ip_address[] = "0.0.0.0"; char *ip_address; ip_address = config.telemetry_ip ? config.telemetry_ip : null_ip_address; Log(LOG_ERR, "ERROR ( %s/%s ): bind() to ip=%s port=%u/%s failed (errno: %d).\n", config.name, t_data->log_str, ip_address, port, srv_proto, errno); exit_all(1); } if (config.telemetry_port_tcp) { rc = listen(config.telemetry_sock, 1); if (rc < 0) { Log(LOG_ERR, "ERROR ( %s/%s ): listen() failed (errno: %d).\n", config.name, t_data->log_str, errno); exit_all(1); } } /* Preparing for syncronous I/O multiplexing */ select_fd = 0; FD_ZERO(&bkp_read_descs); FD_SET(config.telemetry_sock, &bkp_read_descs); { char srv_string[INET6_ADDRSTRLEN]; struct host_addr srv_addr; u_int16_t srv_port; sa_to_addr(&server, &srv_addr, &srv_port); addr_to_str(srv_string, &srv_addr); Log(LOG_INFO, "INFO ( %s/%s ): waiting for telemetry data on %s:%u/%s\n", config.name, t_data->log_str, srv_string, srv_port, srv_proto); } /* Preparing ACL, if any */ if (config.telemetry_allow_file) load_allow_file(config.telemetry_allow_file, &allow); if (telemetry_misc_db->msglog_backend_methods) { #ifdef WITH_JANSSON if (!config.telemetry_msglog_output) config.telemetry_msglog_output = PRINT_OUTPUT_JSON; #else Log(LOG_WARNING, "WARN ( %s/%s ): telemetry_daemon_msglog_output set to json but will produce no output (missing --enable-jansson).\n", config.name, t_data->log_str); #endif } if (telemetry_misc_db->dump_backend_methods) { #ifdef WITH_JANSSON if (!config.telemetry_dump_output) config.telemetry_dump_output = PRINT_OUTPUT_JSON; #else Log(LOG_WARNING, "WARN ( %s/%s ): telemetry_table_dump_output set to json but will produce no output (missing --enable-jansson).\n", config.name, t_data->log_str); #endif } if (telemetry_misc_db->dump_backend_methods) { char dump_roundoff[] = "m"; time_t tmp_time; if (config.telemetry_dump_refresh_time) { gettimeofday(&telemetry_misc_db->log_tstamp, NULL); dump_refresh_deadline = telemetry_misc_db->log_tstamp.tv_sec; tmp_time = roundoff_time(dump_refresh_deadline, dump_roundoff); while ((tmp_time+config.telemetry_dump_refresh_time) < dump_refresh_deadline) { tmp_time += config.telemetry_dump_refresh_time; } dump_refresh_deadline = tmp_time; dump_refresh_deadline += config.telemetry_dump_refresh_time; /* it's a deadline not a basetime */ } else { config.telemetry_dump_file = NULL; telemetry_misc_db->dump_backend_methods = FALSE; Log(LOG_WARNING, "WARN ( %s/%s ): Invalid 'telemetry_dump_refresh_time'.\n", config.name, t_data->log_str); } if (config.telemetry_dump_amqp_routing_key) telemetry_dump_init_amqp_host(); if (config.telemetry_dump_kafka_topic) telemetry_dump_init_kafka_host(); } select_fd = bkp_select_fd = (config.telemetry_sock + 1); recalc_fds = FALSE; telemetry_link_misc_structs(telemetry_misc_db); for (;;) { select_again: if (recalc_fds) { select_fd = config.telemetry_sock; max_peers_idx = -1; /* .. since valid indexes include 0 */ for (peers_idx = 0, peers_num = 0; peers_idx < config.telemetry_max_peers; peers_idx++) { if (select_fd < telemetry_peers[peers_idx].fd) select_fd = telemetry_peers[peers_idx].fd; if (telemetry_peers[peers_idx].fd) { max_peers_idx = peers_idx; peers_num++; } } select_fd++; max_peers_idx++; bkp_select_fd = select_fd; recalc_fds = FALSE; } else select_fd = bkp_select_fd; memcpy(&read_descs, &bkp_read_descs, sizeof(bkp_read_descs)); if (telemetry_misc_db->dump_backend_methods) { int delta; calc_refresh_timeout_sec(dump_refresh_deadline, telemetry_misc_db->log_tstamp.tv_sec, &delta); dump_refresh_timeout.tv_sec = delta; dump_refresh_timeout.tv_usec = 0; drt_ptr = &dump_refresh_timeout; } else drt_ptr = NULL; select_num = select(select_fd, &read_descs, NULL, NULL, drt_ptr); if (select_num < 0) goto select_again; // XXX: UDP case: timeout handling (to be tested) if (config.telemetry_port_udp) { now = time(NULL); if (now > (last_udp_timeout_check + TELEMETRY_UDP_TIMEOUT_INTERVAL)) { for (peers_idx = 0; peers_idx < config.telemetry_max_peers; peers_idx++) { telemetry_peer_udp_timeout *peer_udp_timeout; peer = &telemetry_peers[peers_idx]; peer_z = &telemetry_peers_z[peers_idx]; peer_udp_timeout = &telemetry_peers_udp_timeout[peers_idx]; if (peer->fd) { if (now > (peer_udp_timeout->last_msg + config.telemetry_udp_timeout)) { Log(LOG_INFO, "INFO ( %s/%s ): [%s] telemetry UDP peer removed (timeout).\n", config.name, t_data->log_str, peer->addr_str); telemetry_peer_close(peer, FUNC_TYPE_TELEMETRY); if (telemetry_is_zjson(decoder)) telemetry_peer_z_close(peer_z); recalc_fds = TRUE; } } } } } if (reload_log_telemetry_thread) { for (peers_idx = 0; peers_idx < config.telemetry_max_peers; peers_idx++) { if (telemetry_misc_db->peers_log[peers_idx].fd) { fclose(telemetry_misc_db->peers_log[peers_idx].fd); telemetry_misc_db->peers_log[peers_idx].fd = open_output_file(telemetry_misc_db->peers_log[peers_idx].filename, "a", FALSE); setlinebuf(telemetry_misc_db->peers_log[peers_idx].fd); } else break; } } if (telemetry_misc_db->msglog_backend_methods || telemetry_misc_db->dump_backend_methods) { gettimeofday(&telemetry_misc_db->log_tstamp, NULL); compose_timestamp(telemetry_misc_db->log_tstamp_str, SRVBUFLEN, &telemetry_misc_db->log_tstamp, TRUE, config.timestamps_since_epoch); if (telemetry_misc_db->dump_backend_methods) { while (telemetry_misc_db->log_tstamp.tv_sec > dump_refresh_deadline) { telemetry_handle_dump_event(t_data); dump_refresh_deadline += config.telemetry_dump_refresh_time; } } #ifdef WITH_RABBITMQ if (config.telemetry_msglog_amqp_routing_key) { time_t last_fail = P_broker_timers_get_last_fail(&telemetry_daemon_msglog_amqp_host.btimers); if (last_fail && ((last_fail + P_broker_timers_get_retry_interval(&telemetry_daemon_msglog_amqp_host.btimers)) <= telemetry_misc_db->log_tstamp.tv_sec)) { telemetry_daemon_msglog_init_amqp_host(); p_amqp_connect_to_publish(&telemetry_daemon_msglog_amqp_host); } } #endif #ifdef WITH_KAFKA if (config.telemetry_msglog_kafka_topic) { time_t last_fail = P_broker_timers_get_last_fail(&telemetry_daemon_msglog_kafka_host.btimers); if (last_fail && ((last_fail + P_broker_timers_get_retry_interval(&telemetry_daemon_msglog_kafka_host.btimers)) <= telemetry_misc_db->log_tstamp.tv_sec)) telemetry_daemon_msglog_init_kafka_host(); } #endif } /* If select_num == 0 then we got out of select() due to a timeout rather than because we had a message from a peeer to handle. By now we did all routine checks and can happily return to selet() again. */ if (!select_num) goto select_again; /* New connection is coming in */ if (FD_ISSET(config.telemetry_sock, &read_descs)) { if (config.telemetry_port_tcp) { fd = accept(config.telemetry_sock, (struct sockaddr *) &client, &clen); if (fd == ERR) goto read_data; } else if (config.telemetry_port_udp) { char dummy_local_buf[TRUE]; ret = recvfrom(config.telemetry_sock, dummy_local_buf, TRUE, MSG_PEEK, (struct sockaddr *) &client, &clen); if (ret <= 0) goto select_again; else fd = config.telemetry_sock; } #if defined ENABLE_IPV6 ipv4_mapped_to_ipv4(&client); #endif /* If an ACL is defined, here we check against and enforce it */ if (allow.num) allowed = check_allow(&allow, (struct sockaddr *)&client); else allowed = TRUE; if (!allowed) { if (config.telemetry_port_tcp) close(fd); goto read_data; } /* XXX: UDP case may be optimized further */ if (config.telemetry_port_udp) { telemetry_peer_udp_cache *tpuc_ret; u_int16_t client_port; sa_to_addr(&client, &tpuc.addr, &client_port); tpuc_ret = pm_tfind(&tpuc, &telemetry_peers_udp_cache, telemetry_tpuc_addr_cmp); if (tpuc_ret) { peer = &telemetry_peers[tpuc_ret->index]; telemetry_peers_udp_timeout[tpuc_ret->index].last_msg = now; goto read_data; } } for (peer = NULL, peers_idx = 0; peers_idx < config.telemetry_max_peers; peers_idx++) { if (!telemetry_peers[peers_idx].fd) { peer = &telemetry_peers[peers_idx]; if (telemetry_peer_init(peer, FUNC_TYPE_TELEMETRY)) peer = NULL; if (telemetry_is_zjson(decoder)) { peer_z = &telemetry_peers_z[peers_idx]; if (telemetry_peer_z_init(peer_z)) { peer = NULL; peer_z = NULL; } } if (peer) { recalc_fds = TRUE; if (config.telemetry_port_udp) { tpuc.index = peers_idx; telemetry_peers_udp_timeout[peers_idx].last_msg = now; if (!pm_tsearch(&tpuc, &telemetry_peers_udp_cache, telemetry_tpuc_addr_cmp, sizeof(telemetry_peer_udp_cache))) Log(LOG_WARNING, "WARN ( %s/%s ): tsearch() unable to insert in UDP peers cache.\n", config.name, t_data->log_str); } } break; } } if (!peer) { /* We briefly accept the new connection to be able to drop it */ Log(LOG_ERR, "ERROR ( %s/%s ): Insufficient number of telemetry peers has been configured by telemetry_max_peers (%d).\n", config.name, t_data->log_str, config.telemetry_max_peers); if (config.telemetry_port_tcp) close(fd); goto read_data; } peer->fd = fd; if (config.telemetry_port_tcp) FD_SET(peer->fd, &bkp_read_descs); peer->addr.family = ((struct sockaddr *)&client)->sa_family; if (peer->addr.family == AF_INET) { peer->addr.address.ipv4.s_addr = ((struct sockaddr_in *)&client)->sin_addr.s_addr; peer->tcp_port = ntohs(((struct sockaddr_in *)&client)->sin_port); } #if defined ENABLE_IPV6 else if (peer->addr.family == AF_INET6) { memcpy(&peer->addr.address.ipv6, &((struct sockaddr_in6 *)&client)->sin6_addr, 16); peer->tcp_port = ntohs(((struct sockaddr_in6 *)&client)->sin6_port); } #endif addr_to_str(peer->addr_str, &peer->addr); if (telemetry_misc_db->msglog_backend_methods) telemetry_peer_log_init(peer, config.telemetry_msglog_output, FUNC_TYPE_TELEMETRY); if (telemetry_misc_db->dump_backend_methods) telemetry_dump_init_peer(peer); peers_num++; Log(LOG_INFO, "INFO ( %s/%s ): [%s] telemetry peers usage: %u/%u\n", config.name, t_data->log_str, peer->addr_str, peers_num, config.telemetry_max_peers); } read_data: /* We have something coming in: let's lookup which peer is that. FvD: To avoid starvation of the "later established" peers, we offset the start of the search in a round-robin style. */ if (config.telemetry_port_tcp) { for (peer = NULL, peers_idx = 0; peers_idx < max_peers_idx; peers_idx++) { int loc_idx = (peers_idx + peers_idx_rr) % max_peers_idx; if (telemetry_peers[loc_idx].fd && FD_ISSET(telemetry_peers[loc_idx].fd, &read_descs)) { peer = &telemetry_peers[loc_idx]; if (telemetry_is_zjson(decoder)) peer_z = &telemetry_peers_z[loc_idx]; peers_idx_rr = (peers_idx_rr + 1) % max_peers_idx; break; } } } if (!peer) goto select_again; recv_flags = 0; switch (decoder) { case TELEMETRY_DECODER_JSON: ret = telemetry_recv_json(peer, 0, &recv_flags); data_decoder = TELEMETRY_DATA_DECODER_JSON; break; case TELEMETRY_DECODER_ZJSON: ret = telemetry_recv_zjson(peer, peer_z, 0, &recv_flags); data_decoder = TELEMETRY_DATA_DECODER_JSON; break; case TELEMETRY_DECODER_CISCO: ret = telemetry_recv_cisco(peer, &recv_flags, &data_decoder); break; case TELEMETRY_DECODER_CISCO_JSON: ret = telemetry_recv_cisco_json(peer, &recv_flags); data_decoder = TELEMETRY_DATA_DECODER_JSON; break; case TELEMETRY_DECODER_CISCO_ZJSON: ret = telemetry_recv_cisco_zjson(peer, peer_z, &recv_flags); data_decoder = TELEMETRY_DATA_DECODER_JSON; break; case TELEMETRY_DECODER_CISCO_GPB: ret = telemetry_recv_cisco_gpb(peer, &recv_flags); data_decoder = TELEMETRY_DATA_DECODER_GPB; break; case TELEMETRY_DECODER_CISCO_GPB_KV: ret = telemetry_recv_cisco_gpb_kv(peer, &recv_flags); data_decoder = TELEMETRY_DATA_DECODER_GPB; break; default: ret = TRUE; recv_flags = ERR; data_decoder = TELEMETRY_DATA_DECODER_UNKNOWN; break; } if (ret <= 0) { Log(LOG_INFO, "INFO ( %s/%s ): [%s] connection reset by peer (%d).\n", config.name, t_data->log_str, peer->addr_str, errno); FD_CLR(peer->fd, &bkp_read_descs); telemetry_peer_close(peer, FUNC_TYPE_TELEMETRY); if (telemetry_is_zjson(decoder)) telemetry_peer_z_close(peer_z); recalc_fds = TRUE; } else { if (recv_flags != ERR) telemetry_process_data(peer, t_data, data_decoder); } } }