Commit 417c18d9 authored by 's avatar

MAPIRES_IPC introduced, uses shared memory space as MAPIRES_SHM does. Call

to daemon's result getting function is performed every time.
                                                     
DAGIPF_BPF_FILTER, PKT_COUNTER, BYTE_COUNTER, PKTBYTE_COUNTER functions
added to dagflib. See the new manpage mapi_dagflib for details.

dagflib's INTERFACE function enhanced: It cannot be applied twice to one
flow, cleanup routine added.

Fixed some omissions in other man pages.

Fixed and lined up the function template (etc/funct_template.c).


git-svn-id: file:///home/svn/mapi/trunk@1037 8d5bb341-7cf1-0310-8cf6-ba355fef3186
parent 3632692f
......@@ -7,3 +7,6 @@ description=DAG capture card
format=MFF_DAG_ERF
driver=mapidagdrv.so
description=Offline dag-capture
[dag]
ipf_loader_bin=dag_ipf_loader.sh
......@@ -440,7 +440,7 @@ AS_HELP_STRING([--with-libdag=DIR], [Manual libdag path configuration, in case t
owd=`pwd`
if cd $withval; then withval=`pwd`; cd $owd; fi
DAGINC="-I$withval/include"
DAGLIB="-L$withval/lib -ldag"
DAGLIB="-L$withval/lib -ldag -ldagconf -ldag37t -ldagema -lpthread"
else
AC_MSG_ERROR(dagapi.h or libdag.a not found in $withval/include and $withval/lib)
fi
......@@ -450,15 +450,15 @@ AS_HELP_STRING([--with-libdag=DIR], [Manual libdag path configuration, in case t
[ if test x$dag = xtrue; then
if test -f ${prefix}/include/dagapi.h -a -f ${prefix}/lib/libdag.a; then
DAGINC="-I${prefix}/include"
DAGLIB="-L${prefix}/lib -ldag"
DAGLIB="-L${prefix}/lib -ldag -ldagconf -ldag37t -ldagema -lpthread"
elif test -f /usr/local/include/dagapi.h -a -f /usr/local/lib/libdag.a; then
DAGINC="-I${prefix}/include"
DAGLIB="-L${prefix}/lib -ldag"
DAGLIB="-L${prefix}/lib -ldag -ldagconf -ldag37t -ldagema -lpthread"
elif test -f /usr/include/dag/dagapi.h; then
DAGINC="-I/usr/include/dag"
DAGLIB="-ldag"
DAGLIB="-ldag -ldagconf -ldag37t -ldagema -lpthread"
elif test -f /usr/include/dagapi.h; then
DAGLIB="-ldag"
DAGLIB="-ldag -ldagconf -ldag37t -ldagema -lpthread"
else
AC_MSG_RESULT(no)
AC_MSG_ERROR([libdag not found])
......
......@@ -6,6 +6,9 @@ pdf:
echo "\begin{verbatim}" > man_mapi_stdflib.tex
man ./mapi_stdflib.3 >> man_mapi_stdflib.tex
echo "\end{verbatim}" >> man_mapi_stdflib.tex
echo "\begin{verbatim}" > man_mapi_dagflib.tex
man ./mapi_dagflib.3 >> man_mapi_dagflib.tex
echo "\end{verbatim}" >> man_mapi_dagflib.tex
echo "\begin{verbatim}" > man_mapi_extraflib.tex
man ./mapi_extraflib.3 >> man_mapi_extraflib.tex
echo "\end{verbatim}" >> man_mapi_extraflib.tex
......@@ -23,7 +26,7 @@ clean:
rm -rf *.aux *.bbl *.blg *.log *.dvi *.toc *.lof mapitutor.ps *.bak man_mapi*tex
dist_man_MANS = mapi.3 mapi_stdflib.3 mapi_extraflib.3 mapi_trackflib.3 mapi_anonflib.3
dist_man_MANS = mapi.3 mapi_stdflib.3 mapi_dagflib.3 mapi_extraflib.3 mapi_trackflib.3 mapi_anonflib.3
EXTRA_DIST = ipfixlib.txt \
mapi_functions_tutorial.pdf \
......
......@@ -61,7 +61,7 @@ of remote and distributed monitoring sensors.
This page provides a description of the main operations provided by
MAPI. For information regarding the functions that can be applied
to network flows please refer to the
.BR mapi_stdlib (3)
.BR mapi_stdflib (3)
page.
.SH ROUTINES
.BI "int mapi_create_flow(char *" dev ");"
......@@ -172,7 +172,7 @@ to all packets of the network flow denoted by the flow descriptor
.IR fd .
Depending on the applied function, additional arguments may be passed.
For information regarding the available functions please refer to the
.BR mapi_stdlib (3)
.BR mapi_stdflib (3)
page.
Upon success it returns a newly allocated relevant function descriptor
.IR fid ,
......@@ -422,6 +422,7 @@ If the flow does not exist, it returns -1.
Please send bug reports to mapi@uninett.no
.SH "SEE ALSO"
.BR mapi_stdflib (3),
.BR mapi_dagflib (3),
.BR mapi_trackflib (3),
.BR mapi_anonflib (3),
.BR tcpdump (1),
......
.\" MAPI man page
.\" for a quick overview:
.\" nroff -man -Tascii mapi_stdlib.3 |less
.\" nroff -man -Tascii mapi_anonflib.3 |less
.\"
.TH MAPI_ANONFLIB 3 "June, 2006"
.SH NAME
......@@ -138,6 +138,7 @@ Please send bug reports to mapi@uninett.no
.SH "SEE ALSO"
.BR mapi (3),
.BR mapi_stdflib (3),
.BR mapi_dagflib (3),
.BR mapi_trackflib (3),
.BR tcpdump (1),
.BR pcap (3)
.\" MAPI man page
.\" for a quick overview:
.\" nroff -man -Tascii mapi_dagflib.3 |less
.\"
.TH MAPI_DAGFLIB 3 "December, 2006"
.SH NAME
MAPI dagflib \- Endace DAG Function Library
.SH SYNOPSIS
.nf
\fBINTERFACE\fP Selects packets from a specific DAG interface only
\fBDAGIPF_BPF_FILTER\fP Filters the packets of a flow using hardware
\fBPKT_COUNTER\fP Keeps the number of frames seen by a network flow
\fBBYTE_COUNTER\fP Keeps the number of bytes seen by a network flow
\fBPKTBYTE_COUNTER\fP Atomic combination of PKT_COUNTER and BYTE_COUNTER
.fi
.SH DESCRIPTION
This library provides functions intended to better use the capabilities of
the DAG capturing card hardware (produced by Endace), thus to alleviate the
main CPU burden. Once applied to DAG bound flow, the function from dagflib
is tried first. In case it cannot be installed, the correspondingly named
software function from stdflib is used instead (if existing). See
.BR mapi_stdflib (3).
.BR INTERFACE ,
.B DAGIPF_BPF_FILTER
and
.B PKTBYTE_COUNTER
do not have a counterpart in stdflib, so the the failing
instantiation/initialization does not have where to fallback.
The DAG version 4.3GE (with coprocessor) is supported so far.
.SH FUNCTIONS
.TP
.BI "INTERFACE (int " ifnumber ")"
Software function to pass only frames originating from the DAG interface
(AKA port) identified by
.IR ifnumber .
Even when this is software function, its existence in the flow is honoured
by
.BR *_COUNTER
(see below) functions installed later to the flow. Counting functions then
return statistics for the appropriate DAG interface only.
Type of results: \fBnone\fP.
.\"--------------------------------------------------------
.TP
.BI "DAGIPF_BPF_FILTER (char *" expression ")"
Programs the DAG card's hardware IPF filter to drop all frames that do not
match the filtering
.IR expression ,
which is in the syntax used by
.BR tcpdump (8) .
The function affects all MAPI DAG flows and is unretractable: It stays
active even after the initiating function is destroyed. Only new
initialization of this function reprograms the filter.
Due to licensing, programming is performed by a script
.BR dag_ipf_loader.sh ,
that calls Endace's utilities
.BR tcpdump_compiler
and
.BR filter_loader .
The path to the script must be defined in the variable
.I ipf_loader_bin
in the section
.I [dag]
of the MAPI configuration file
.BR mapi.conf .
Type of results: \fBnone\fP.
.\"--------------------------------------------------------
.PP
.TP
.B PKT_COUNTER
Returns the number of frames seen by the DAG capturing card so far on its
one or all interfaces (selected by the presence of previous
.B INTERFACE
function). See also
.B STATUS API
below.
Type of results: \fBunsigned long long\fP.
.\"--------------------------------------------------------
.TP
.B BYTE_COUNTER
Returns the number of bytes seen by the DAG capturing card so far on its
one or all interfaces (selected by the presence of previous
.B INTERFACE
function). See also
.B STATUS API
below.
.B Please note:
There is a difference in results returned by this function for dagflib and
stdflib. DAG also counts the link layer for each frame. Even when taking
this into account, the results are not completely same, but close. To be
able to "correct" the value by the number of frames captured, use atomic
.B PKTBYTE_COUNTER
function.
Type of results: \fBunsigned long long\fP.
.\"--------------------------------------------------------
.TP
.B PKTBYTE_COUNTER
This returns the same values as
.B PKT_COUNTER
and
.B BYTE_COUNTER
do, but harvested from hardware at the same time. The hardware registers are
latched at once, thus the values match the same time periods exactly. See also
.B STATUS API
below.
Type of results: 2 * \fBunsigned long long\fP.
.fi
.\"--------------------------------------------------------
.SH STATUS API
The statistical functions
.B *_COUNTER
are implemented as getters of the DAG hardware
registers
.B kUint64AttributeRxFrames
and
.B kUint64AttributeRxBytes
(see
.I Configuration & Status API Programming Guide
for DAG).
Upon each call of
.B mapi_read_results()
the counters for all interfaces are latched and the difference values from
the last reading are added to mapid internal counters. In respect to
preceding existence of
.B INTERFACE
function in the flow, appropriate value is returned.
These function can be applied to the DAG-bound flow only in case no modifying or
filtering (except
.BR INTERFACE )
function was previously applied to the flow. Also they fallback to their
stdflib's counterparts in case the DAG Status API failed to initialize.
.SH BUGS
Please send bug reports to mapi@uninett.no
.SH "SEE ALSO"
.BR mapi (3),
.BR mapi_stdflib (3),
.BR mapi_trackflib (3),
.BR mapi_anonflib (3),
.BR mapi_extraflib (3),
.BR tcpdump (1),
.BR pcap (3)
.\" MAPI man page
.\" for a quick overview:
.\" nroff -man -Tascii mapi_stdlib.3 |less
.\" nroff -man -Tascii mapi_extraflib.3 |less
.\"
.TH MAPI_EXTRAFLIB 3 "December, 2004"
.SH NAME
......
.\" MAPI man page
.\" for a quick overview:
.\" nroff -man -Tascii mapi_stdlib.3 |less
.\" nroff -man -Tascii mapi_stdflib.3 |less
.\"
.TH MAPI_STDLIB 3 "July, 2006"
.TH MAPI_STDFLIB 3 "July, 2006"
.SH NAME
MAPI stdflib \- Standard MAPI Function Library
.SH SYNOPSIS
......@@ -30,7 +30,7 @@ MAPI stdflib \- Standard MAPI Function Library
.fi
.SH DESCRIPTION
The Standard MAPI function library (stdlib) provides
The Standard MAPI function library (stdflib) provides
a set of predefined functions that cover
several frequently used monitoring needs.
MAPI functions can be associated with network flows
......@@ -362,6 +362,7 @@ void die(){
Please send bug reports to mapi@uninett.no
.SH "SEE ALSO"
.BR mapi (3),
.BR mapi_dagflib (3),
.BR mapi_trackflib (3),
.BR mapi_anonflib (3),
.BR mapi_extraflib (3),
......
.\" MAPI TRACKLIB man page
.\" for a quick overview:
.\" nroff -man -Tascii mapi_tracklib.3 |less
.\" nroff -man -Tascii mapi_trackflib.3 |less
.\"
.TH MAPI_TRACKLIB 3 "January, 2006"
.TH MAPI_TRACKFLIB 3 "January, 2006"
.SH NAME
MAPI tracklib \- Tracker MAPI Function Library
MAPI trackflib \- Tracker MAPI Function Library
.SH SYNOPSIS
.nf
\fBTRACK_FTP \fP Tracks FTP flows.
......@@ -14,7 +14,7 @@ MAPI tracklib \- Tracker MAPI Function Library
\fBTRACK_TORRENT\fP Tracks BitTorrent flows.
.fi
.SH DESCRIPTION
The TRACKER MAPI function library (tracklib) provides
The TRACKER MAPI function library (trackflib) provides
a set of predefined functions that track
Application Traffic. All TRACKER functions work as a filter to network
packets. If a packet is found to belong to the specific protocol then
......@@ -88,7 +88,7 @@ void die(){
Please send bug reports to mapi@uninett.no
.SH "SEE ALSO"
.BR mapi (3),
.BR mapi_stdlib (3),
.BR mapi_stdflib (3),
.BR mapi_anonflib (3),
.BR tcpdump (1),
.BR pcap (3)
......@@ -1165,6 +1165,10 @@ So, MAPI should be configured with \textit{--enable-anonflib}.
\input{man_mapi_stdflib}
\end{scriptsize}
\begin{scriptsize}
\input{man_mapi_dagflib}
\end{scriptsize}
\newpage
\section{MAPI {\tt extraflib} man page}
\label{sec:manextraflib}
......
......@@ -15,6 +15,9 @@ install-confDATA: $(conf_DATA)
fi \
fi \
done
if BINARY_DAGFLIB
$(INSTALL) -m 755 dag_ipf_loader.sh.example $(sbindir)
endif
# ssl stuff
if SSL_IS_ENABLED
......
#!/bin/sh
#
# IPFilter loading script for Endace DAG capturing cards
#
# It is run by the mapid daemon upon initialization of
# DAGIPF_BPF_FILTER function for DAG device type.
#
# Expects a tcpdump style expression on standard input.
# For more information please see the docs for your DAG card.
# Paths to required binaries (Endace utilities):
TCPDUMP_COMPILER=tcpdump_compiler
FILTER_LOADER=filter_loader
# Device to put filter on.
DEVICE="/dev/dag0"
# Number of interfaces in the coprocessor configuration.
IFNUM="2"
LINKTYPE="ethernet"
##############################################################################
TMPFILE="/tmp/dag_ipf_loader.temp.$$"
"$TCPDUMP_COMPILER" --reject --outfile "$TMPFILE".ipf 1>"$TMPFILE".tcout 2>&1
RC="$?"
if [ "$RC" -eq 0 ]; then
# When you specify an option --iface <0/1> here, then filter will be
# applied to the appropriate interface only, not to all interfaces.
"$FILTER_LOADER" --initialize --drop --device "$1" --link "$LINKTYPE" \
--mapping color --init-ifaces "$IFNUM" --init-rulesets 1 \
--infile "$TMPFILE".ipf 1>"$TMPFILE".flout 2>&1
RC="$?"
fi
# In case of success we remove the temporary file
if [ "$RC" -eq 0 ]; then
rm -f "$TMPFILE".ipf
fi
# We purge empty output files, leaving nonempty for diagnostics.
for f in "$TMPFILE".tcout "$TMPFILE".flout; do
[ -s "$f" ] || rm -f "$f"
done
exit "$RC"
......@@ -3,6 +3,7 @@
#include <sys/shm.h>
#include <string.h>
#include <errno.h>
#include "mapi_errors.h"
#include "mapidflib.h"
#include "mapidlib.h"
#include "mapidevices.h"
......@@ -64,24 +65,25 @@ static int <funct_name>_client_cleanup(mapidflib_function_instance_t* instance)
}
static mapidflib_function_def_t finfo={
"", //libname
"<funct_name>", //name
"<description>", //descr
"<argdescr>", //argdescr
MAPI_DEVICE_ALL, //devtype
MAPIRES_<SHM|IPC|FUNCT|NONE>, //Method for returning results
0, //shm size
0, //modifies_pkts
MAPIOPT_<NONE|AUTO|MANUAL>,
<funct_name>_instance, //instance
<funct_name>_init, //init
<funct_name>_process, //process
<funct_name>_get_result, //get_result,
<funct_name>_reset, //reset
<funct_name>_cleanup, //cleanup
<funct_name>_client_init, //client_init
"", //libname (set at runtime)
"<funct_name>", //name
"<description>", //descr: multiline description
"<argdescr>", //argdescr: letter describing arguments
MAPI_DEVICE_ALL, //devtype
MAPIRES_<SHM|IPC|FUNCT|NONE>, //method for returning results
0, //shm size
0, //modifies_pkts
0, //filters_pkts
MAPIOPT_<NONE|AUTO|MANUAL>, //global optimization method
<funct_name>_instance, //instance
<funct_name>_init, //init
<funct_name>_process, //process
<funct_name>_get_result, //get_result,
<funct_name>_reset, //reset
<funct_name>_cleanup, //cleanup
<funct_name>_client_init, //client_init
<funct_name>_client_read_result, //client_read_result
<funct_name>_client_cleanup //client_cleanup
<funct_name>_client_cleanup //client_cleanup
};
mapidflib_function_def_t* <funct_name>_get_funct_info();
......@@ -90,5 +92,3 @@ mapidflib_function_def_t* <funct_name>_get_funct_info() {
return &finfo;
};
......@@ -10,5 +10,8 @@ dagflib_la_LIBADD = \
../common/libflist.la \
../common/libmsearch.la \
../common/libfhelp.la \
../common/libmapiipc.la
dagflib_la_SOURCES = dagflib.c interface.c to_erf.c
../common/libparseconf.la \
../common/libprintfstring.la \
../common/libmapiipc.la @DAGLIB@
dagflib_la_SOURCES = dagflib.c dagipfbpffilter.c bytecounter.c pktcounter.c \
pktbytecounter.c interface.c to_erf.c dagstat.c dagstat.h
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <limits.h>
#include "mapi_errors.h"
#include "mapidflib.h"
#include "mapidlib.h"
#include "mapidevices.h"
#include "mapid.h"
#include "dagstat.h"
static int bytecounter_get_result(mapidflib_function_instance_t* instance,
mapidflib_result_t **res)
{
dagstat_instance_t *i = instance->internal_data;
dag_counter_t cnt[2];
dag_get_stats(instance->hwinfo->adapterinfo, i->which_port, DAG_GET_BYTES, cnt);
*(dag_counter_t *)instance->result.data = cnt[1] - i->initial_counts[1];
*res = &instance->result; // must point to actual value
return 0;
}
static mapidflib_function_def_t finfo={
"", //libname
"BYTE_COUNTER", //name
"Counts number of bytes captured (minus those from the link layer)", //descr
"", //argdescr
MAPI_DEVICE_DAG, //devtype
MAPIRES_IPC, //method for returning results
sizeof(dag_counter_t), //shm size (used for data storage, but data sent via socket)
0, //modifies_pkts
0, //filters packets
MAPIOPT_NONE, //Optimization
dagstat_instance, //instance
dagstat_init, //init
NULL, //process
bytecounter_get_result, //get_result
dagstat_reset,
dagstat_cleanup, //cleanup
NULL, //client_init
NULL, //client_read_result
NULL //client_cleanup
};
mapidflib_function_def_t* bytecounter_get_funct_info();
mapidflib_function_def_t* bytecounter_get_funct_info() {
return &finfo;
};
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
//Fri Mar 4 07:28:48 2005
//Tue Dec 5 18:08:25 2006
//This file was created automatically by createlib.pl
#include <stdio.h>
......@@ -13,20 +10,40 @@
__attribute__ ((constructor)) void init ();
__attribute__ ((destructor)) void fini ();
mapidflib_functionlist_t functions[2];
mapidflib_functionlist_t functions[6];
extern mapidflib_function_def_t * bytecounter_get_funct_info();
extern mapidflib_function_def_t * dagipfbpffilter_get_funct_info();
extern mapidflib_function_def_t * interface_get_funct_info();
extern mapidflib_function_def_t * pktbytecounter_get_funct_info();
extern mapidflib_function_def_t * pktcounter_get_funct_info();
extern mapidflib_function_def_t * to_erf_get_funct_info();
mapidflib_functionlist_t* mapidflib_get_function_list()
{
functions[0].def=interface_get_funct_info();
functions[0].def=bytecounter_get_funct_info();
functions[0].def->libname=libname;
functions[0].next=&functions[1];
functions[1].def=to_erf_get_funct_info();
functions[1].def=dagipfbpffilter_get_funct_info();
functions[1].def->libname=libname;
functions[1].next=NULL;
functions[1].next=&functions[2];
functions[2].def=interface_get_funct_info();
functions[2].def->libname=libname;
functions[2].next=&functions[3];
functions[3].def=pktbytecounter_get_funct_info();
functions[3].def->libname=libname;
functions[3].next=&functions[4];
functions[4].def=pktcounter_get_funct_info();
functions[4].def->libname=libname;
functions[4].next=&functions[5];
functions[5].def=to_erf_get_funct_info();
functions[5].def->libname=libname;
functions[5].next=NULL;
return &functions[0];
}
......
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdlib.h>
#include <stdio.h>
#include <sys/shm.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include "mapi_errors.h"
#include "mapidflib.h"
#include "mapidlib.h"
#include "mapidevices.h"
#include "mapid.h"
#include "fhelp.h"
#include "parseconf.h"
#include "printfstring.h"
/* FIXME: Error logging should be improved in this function. */
static int dagipfbpffilter_instance(mapidflib_function_instance_t *instance,
MAPI_UNUSED int fd,
MAPI_UNUSED mapidflib_flow_mod_t *flow_mod)
{
mapiFunctArg* fargs=instance->args;
char *binpath, *filter_string = getargstr(&fargs);
int rc = MFUNCT_COULD_NOT_APPLY_FUNCT;
if(filter_string == NULL)
return MFUNCT_INVALID_ARGUMENT_1;
if(strlen(filter_string) < 1) // could also force a maximum length for the filter expression
return MFUNCT_INVALID_ARGUMENT_1;
/* We merely check whether we can execute the loading script. */
if (pc_load(CONFDIR "/" CONF_FILE)) {
binpath = pc_get_param(pc_get_category("dag"), "ipf_loader_bin");
if (binpath && *binpath && (access(binpath, X_OK) == 0))
rc = 0;
pc_close();
}
return rc;
};
/* FIXME: Error logging should be improved in this function. */
static int dagipfbpffilter_init(mapidflib_function_instance_t *instance,
MAPI_UNUSED int fd)
{
int rc;
FILE *fp;
mapiFunctArg* fargs=instance->args;
char *binpath = NULL, *tmpfile, *command, *filter_string = getargstr(&fargs);
if (pc_load(CONFDIR "/" CONF_FILE))
binpath = pc_get_param(pc_get_category("dag"), "ipf_loader_bin");
if ((binpath == NULL) || (*binpath == '\0') || (filter_string == NULL)) {
pc_close();
return MFUNCT_COULD_NOT_INIT_FUNCT;
}
if (NULL == (tmpfile = printf_string("/tmp/dag_ipf_loader.temp.%d.bpf", getpid()))) {
pc_close();
return MFUNCT_COULD_NOT_INIT_FUNCT;
}
if (NULL == (command = printf_string("%s < %s", binpath, tmpfile))) {
free(tmpfile);
pc_close();
return MFUNCT_COULD_NOT_INIT_FUNCT;
}
pc_close();
if (NULL == (fp = fopen(tmpfile, "w"))) {
free(tmpfile);
free(command);
return MFUNCT_COULD_NOT_INIT_FUNCT;
}
fprintf(fp, "%s\n", filter_string);
fclose(fp);
rc = system(command);
if ((rc == -1) || !WIFEXITED(rc) || (WEXITSTATUS(rc) != 0)) {
rc = MFUNCT_COULD_NOT_INIT_FUNCT;
} else {
unlink(tmpfile); /* can delete on success */
rc = 0;
}
free(tmpfile);
free(command);