void events(ldp_connection_t *conn, pn_collector_t *coll) {
pn_event_t *event;
while((event = pn_collector_peek(coll))) {
switch (pn_event_type(event)) {
case PN_EVENT_NONE:
break;
case PN_CONNECTION_REMOTE_STATE:
case PN_CONNECTION_LOCAL_STATE:
process_connection(conn, event);
break;
case PN_SESSION_REMOTE_STATE:
case PN_SESSION_LOCAL_STATE:
process_session(conn, event);
break;
case PN_LINK_REMOTE_STATE:
case PN_LINK_LOCAL_STATE:
process_link(conn, event);
break;
case PN_LINK_FLOW:
process_flow(conn, event);
break;
case PN_DELIVERY:
process_delivery(conn, event);
break;
case PN_TRANSPORT:
process_transport(conn, event);
break;
}
pn_collector_pop(coll);
}
}
static void* handle_sockets(void* not_used) {
traceEvent(TRACE_INFO, "Poller thread started [threadId=%u]", pthread_self());
while(!shutting_down) {
fd_set readmask;
int sd = 0, rc, i;
FD_ZERO(&readmask);
sd = in_sock;
FD_SET(in_sock, &readmask);
FD_SET(out_sock, &readmask);
rc = select(sd+1, &readmask, NULL, NULL, NULL);
if(rc > 0) {
char msg[MAX_FLOW_LEN+1];
struct sockaddr_in cliAddr;
socklen_t cliLen = sizeof(cliAddr);
int len, i;
if(FD_ISSET(in_sock, &readmask)) {
len = recvfrom(in_sock, msg, MAX_FLOW_LEN, 0,
(struct sockaddr *) &cliAddr, &cliLen);
if(len <= 0) {
if(errno != 0)
traceEvent(TRACE_ERROR, "Error while receiving data [%s]", strerror(errno));
continue;
} else {
process_flow(msg, len, &cliAddr);
}
}
} else {
/* traceEvent(TRACE_INFO, "select() failed [%s]", strerror(errno)); */
break;
}
} /* while */
/*
traceEvent(TRACE_INFO, "Terminating thread [threadId=%u][shutting_down=%d]",
pthread_self(), shutting_down);
*/
return(NULL);
}
static void
process_netflow_v7(struct flow_packet *fp, struct flowd_config *conf,
struct peer_state *peer, struct peers *peers, int log_fd, int log_socket)
{
struct NF7_HEADER *nf7_hdr = (struct NF7_HEADER *)fp->packet;
struct NF7_FLOW *nf7_flow;
struct store_flow_complete flow;
size_t offset;
u_int i, nflows;
if (fp->len < sizeof(*nf7_hdr)) {
peer->ninvalid++;
logit(LOG_WARNING, "short netflow v.7 packet %d bytes from %s",
fp->len, addr_ntop_buf(&fp->flow_source));
return;
}
nflows = ntohs(nf7_hdr->c.flows);
if (nflows == 0 || nflows > NF7_MAXFLOWS) {
peer->ninvalid++;
logit(LOG_WARNING, "Invalid number of flows (%u) in netflow "
"v.7 packet from %s", nflows,
addr_ntop_buf(&fp->flow_source));
return;
}
if (fp->len != NF7_PACKET_SIZE(nflows)) {
peer->ninvalid++;
logit(LOG_WARNING, "Inconsistent Netflow v.7 packet from %s: "
"len %u expected %u", addr_ntop_buf(&fp->flow_source),
fp->len, NF7_PACKET_SIZE(nflows));
return;
}
logit(LOG_DEBUG, "Valid netflow v.7 packet %d flows", nflows);
update_peer(peers, peer, nflows, 7);
for (i = 0; i < nflows; i++) {
offset = NF7_PACKET_SIZE(i);
nf7_flow = (struct NF7_FLOW *)(fp->packet + offset);
bzero(&flow, sizeof(flow));
/* NB. These are converted to network byte order later */
flow.hdr.fields = STORE_FIELD_ALL;
/* flow.hdr.tag is set later */
flow.hdr.fields &= ~STORE_FIELD_TAG;
flow.hdr.fields &= ~STORE_FIELD_SRC_ADDR6;
flow.hdr.fields &= ~STORE_FIELD_DST_ADDR6;
flow.hdr.fields &= ~STORE_FIELD_GATEWAY_ADDR6;
/*
* XXX: we can parse the (undocumented) flags1 and flags2
* fields of the packet to disable flow fields not set by
* the Cat5k (e.g. destination-only mls nde mode)
*/
flow.recv_time.recv_sec = fp->recv_time.tv_sec;
flow.recv_time.recv_usec = fp->recv_time.tv_usec;
flow.pft.tcp_flags = nf7_flow->tcp_flags;
flow.pft.protocol = nf7_flow->protocol;
flow.pft.tos = nf7_flow->tos;
memcpy(&flow.agent_addr, &fp->flow_source,
sizeof(flow.agent_addr));
flow.src_addr.v4.s_addr = nf7_flow->src_ip;
flow.src_addr.af = AF_INET;
flow.dst_addr.v4.s_addr = nf7_flow->dest_ip;
flow.dst_addr.af = AF_INET;
flow.gateway_addr.v4.s_addr = nf7_flow->nexthop_ip;
flow.gateway_addr.af = AF_INET;
flow.ports.src_port = nf7_flow->src_port;
flow.ports.dst_port = nf7_flow->dest_port;
#define NTO64(a) (store_htonll(ntohl(a)))
flow.octets.flow_octets = NTO64(nf7_flow->flow_octets);
flow.packets.flow_packets = NTO64(nf7_flow->flow_packets);
#undef NTO64
flow.ifndx.if_index_in = htonl(ntohs(nf7_flow->if_index_in));
flow.ifndx.if_index_out = htonl(ntohs(nf7_flow->if_index_out));
flow.ainfo.sys_uptime_ms = nf7_hdr->uptime_ms;
flow.ainfo.time_sec = nf7_hdr->time_sec;
flow.ainfo.time_nanosec = nf7_hdr->time_nanosec;
flow.ainfo.netflow_version = nf7_hdr->c.version;
flow.ftimes.flow_start = nf7_flow->flow_start;
flow.ftimes.flow_finish = nf7_flow->flow_finish;
flow.asinf.src_as = htonl(ntohs(nf7_flow->src_as));
flow.asinf.dst_as = htonl(ntohs(nf7_flow->dest_as));
flow.asinf.src_mask = nf7_flow->src_mask;
flow.asinf.dst_mask = nf7_flow->dst_mask;
flow.finf.flow_sequence = nf7_hdr->flow_sequence;
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// ADD IMED
/*sem_wait (&semFlows);
Add_flow(&flow);
sem_post (&semFlows);
*/
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
process_flow(&flow, conf, log_fd, log_socket);
}
}
void process_netflow_v5(struct flow_packet* fp, struct peer_state* peer)
{
struct NF5_HEADER* nf5_hdr = (struct NF5_HEADER*)fp->packet;
struct NF5_FLOW* nf5_flow;
struct store_flow_complete flow;
size_t offset;
u_int i, nflows;
if (fp->len < sizeof(*nf5_hdr)) {
peer->ninvalid++;
logit(LOG_WARNING, "short netflow v.5 packet %d bytes from %s",
fp->len, addr_ntop_buf(&fp->flow_source));
return;
}
nflows = ntohs(nf5_hdr->c.flows);
if (nflows == 0 || nflows > NF5_MAXFLOWS) {
peer->ninvalid++;
logit(LOG_WARNING, "Invalid number of flows (%u) in netflow "
"v.5 packet from %s", nflows,
addr_ntop_buf(&fp->flow_source));
return;
}
if (fp->len != NF5_PACKET_SIZE(nflows)) {
peer->ninvalid++;
logit(LOG_WARNING, "Inconsistent Netflow v.5 packet from %s: "
"len %u expected %zu", addr_ntop_buf(&fp->flow_source),
fp->len, NF5_PACKET_SIZE(nflows));
return;
}
logit(LOG_DEBUG, "Valid netflow v.5 packet %d flows", nflows);
update_peer(peer, nflows, 5);
for (i = 0; i < nflows; i++) {
offset = NF5_PACKET_SIZE(i);
nf5_flow = (struct NF5_FLOW*)(fp->packet + offset);
bzero(&flow, sizeof(flow));
/* NB. These are converted to network byte order later */
flow.hdr.fields = STORE_FIELD_ALL;
/* flow.hdr.tag is set later */
flow.hdr.fields &= ~STORE_FIELD_TAG;
flow.hdr.fields &= ~STORE_FIELD_SRC_ADDR6;
flow.hdr.fields &= ~STORE_FIELD_DST_ADDR6;
flow.hdr.fields &= ~STORE_FIELD_GATEWAY_ADDR6;
flow.recv_time.recv_sec = fp->recv_time.tv_sec;
flow.recv_time.recv_usec = fp->recv_time.tv_usec;
flow.pft.tcp_flags = nf5_flow->tcp_flags;
flow.pft.protocol = nf5_flow->protocol;
flow.pft.tos = nf5_flow->tos;
rte_memcpy(&flow.agent_addr, &fp->flow_source,
sizeof(flow.agent_addr));
flow.src_addr.v4.s_addr = nf5_flow->src_ip;
flow.src_addr.af = AF_INET;
flow.dst_addr.v4.s_addr = nf5_flow->dest_ip;
flow.dst_addr.af = AF_INET;
flow.gateway_addr.v4.s_addr = nf5_flow->nexthop_ip;
flow.gateway_addr.af = AF_INET;
flow.ports.src_port = nf5_flow->src_port;
flow.ports.dst_port = nf5_flow->dest_port;
#define NTO64(a) (netflow_htonll(ntohl(a)))
flow.octets.flow_octets = NTO64(nf5_flow->flow_octets);
flow.packets.flow_packets = NTO64(nf5_flow->flow_packets);
#undef NTO64
flow.ifndx.if_index_in = htonl(ntohs(nf5_flow->if_index_in));
flow.ifndx.if_index_out = htonl(ntohs(nf5_flow->if_index_out));
flow.ainfo.sys_uptime_ms = nf5_hdr->uptime_ms;
flow.ainfo.time_sec = nf5_hdr->time_sec;
flow.ainfo.time_nanosec = nf5_hdr->time_nanosec;
flow.ainfo.netflow_version = nf5_hdr->c.version;
flow.ftimes.flow_start = nf5_flow->flow_start;
flow.ftimes.flow_finish = nf5_flow->flow_finish;
flow.asinf.src_as = htonl(ntohs(nf5_flow->src_as));
flow.asinf.dst_as = htonl(ntohs(nf5_flow->dest_as));
flow.asinf.src_mask = nf5_flow->src_mask;
flow.asinf.dst_mask = nf5_flow->dst_mask;
flow.finf.engine_type = nf5_hdr->engine_type;
flow.finf.engine_id = nf5_hdr->engine_id;
flow.finf.flow_sequence = nf5_hdr->flow_sequence;
process_flow(&flow);
}
}
