Commit 68f0dae9 authored by Håvard Moås's avatar Håvard Moås
Browse files

Update IPFIXLIB to add support for information export of min/max ttl, and of...

Update IPFIXLIB to add support for information export of min/max ttl, and of number/size of ignored packets (ignored due to invalid content), havard.mork@gmail.com

git-svn-id: file:///home/svn/mapi/branches/haavardm-mapi@79 8d5bb341-7cf1-0310-8cf6-ba355fef3186
parent 2a75b30c
......@@ -563,7 +563,7 @@ void addPktToHash(np_ctxt_t *npctxt,
u_char *fingerprint,
u_char *payload,
int payloadLen,
u_int headerLen, u_int64_t v4_options) {
u_int headerLen, u_int64_t v4_options, u_char ttl) {
u_int32_t n=0, mutexIdx, idx; /* (src+dst+sport+dport) % hashSize; */
HashBucket *bkt;
u_int32_t srcHost, dstHost;
......@@ -694,6 +694,10 @@ void addPktToHash(np_ctxt_t *npctxt,
bkt->src2dst_expval_pktlength_x2= bkt->src2dst_expval_pktlength_x2+ len*len;
}
if(ttl < bkt->src2dstMinTTL)
bkt->src2dstMinTTL = ttl;
if(ttl > bkt->src2dstMaxTTL)
bkt->src2dstMaxTTL = ttl;
} else {
bkt->bytesRcvd += len, bkt->pktRcvd += numPkts;
......@@ -739,6 +743,11 @@ void addPktToHash(np_ctxt_t *npctxt,
bkt->dst2src_expval_pktlength_x2= bkt->dst2src_expval_pktlength_x2+ len*len;
}
if(ttl < bkt->dst2srcMinTTL)
bkt->dst2srcMinTTL = ttl;
if(ttl > bkt->dst2srcMaxTTL)
bkt->dst2srcMaxTTL = ttl;
if(bkt->dst2srcflowid==0) {
bkt->dst2srcflowid = npctxt->numObservedFlows;
npctxt->numObservedFlows = npctxt->numObservedFlows + 1;
......@@ -845,6 +854,10 @@ void addPktToHash(np_ctxt_t *npctxt,
bkt->src2dstBitrateAverager10msPos = 0;
bkt->dst2srcBitrateAverager10msPos = 0;
bkt->src2dstMinTTL = ttl;
bkt->src2dstMaxTTL = ttl;
bkt->dst2srcMinTTL = 0xFF;
bkt->dst2srcMaxTTL = 0x00;
bkt->src2dstTcpFlagsFirst = flags;
bkt->dst2srcTcpFlagsFirst = (unsigned short)-1;
......
......@@ -56,7 +56,7 @@ extern void addPktToHash(np_ctxt_t *npctxt,
unsigned long long stamp, u_int8_t flags,
u_int8_t icmpType, u_char *fingerprint,
u_char *payload, int payloadLen,
u_int headerLen, u_int64_t v4_options);
u_int headerLen, u_int64_t v4_options, u_char ttl);
extern void printICMPflags(u_int32_t flags, char *icmpBuf, int icmpBufLen);
extern void printFlow(np_ctxt_t *npctxt, HashBucket *theFlow, int direction);
extern int isFlowExpired(np_ctxt_t *npctxt, HashBucket *myBucket, time_t theTime);
......
......@@ -318,6 +318,11 @@ typedef struct {
u_int64_t exportedOctetTotalCount;
u_int64_t exportedMessageTotalCount;
/* Number of packets that were malformed or uninteresting, and therefore ignored */
u_int64_t ignoredPacketTotalCount;
u_int64_t ignoredOctetTotalCount;
/* Number of seconds that one flow may be queued for export. Old flows aren't */
/* exported in order to avoid congestion. This is max num of seconds to keep. */
u_int32_t maxExportQueueLatency;
......
......@@ -102,7 +102,11 @@ nprobeProcessPacket(void *ctxt, mapid_pkthdr_t *pkt_head, const void *pkt)
if(eth_type == ETHERTYPE_IP) {
memcpy(&ip, (char *)pkt+ehshift, sizeof(struct ip));
if(ip.ip_v != 4) return; /* IP v4 only */
if(ip.ip_v != 4) {
npctxt->ignoredPacketTotalCount = npctxt->ignoredPacketTotalCount + 1;
npctxt->ignoredOctetTotalCount = npctxt->ignoredOctetTotalCount + length;
return; /* IP v4 only */
}
estimatedLen = ehshift+htons(ip.ip_len);
hlen = (u_int)ip.ip_hl * 4;
......@@ -133,7 +137,11 @@ nprobeProcessPacket(void *ctxt, mapid_pkthdr_t *pkt_head, const void *pkt)
} else if(eth_type == ETHERTYPE_IPV6) {
memcpy(&ipv6, (char *)pkt+ehshift, sizeof(struct ip6_hdr));
if(((ipv6.ip6_vfc >> 4) & 0x0f) != 6) return; /* IP v6 only */
if(((ipv6.ip6_vfc >> 4) & 0x0f) != 6) {
npctxt->ignoredPacketTotalCount = npctxt->ignoredPacketTotalCount + 1;
npctxt->ignoredOctetTotalCount = npctxt->ignoredOctetTotalCount + length;
return; /* IP v6 only */
}
estimatedLen = sizeof(struct ip6_hdr)+htons(ipv6.ip6_plen);
hlen = sizeof(struct ip6_hdr);
......@@ -159,7 +167,11 @@ nprobeProcessPacket(void *ctxt, mapid_pkthdr_t *pkt_head, const void *pkt)
switch(proto) {
case IPPROTO_TCP:
if(plen < (hlen+sizeof(struct tcphdr))) return; /* packet too short */
if(plen < (hlen+sizeof(struct tcphdr))) {
npctxt->ignoredPacketTotalCount = npctxt->ignoredPacketTotalCount + 1;
npctxt->ignoredOctetTotalCount = npctxt->ignoredOctetTotalCount + length;
return; /* packet too short */
}
memcpy(&tp, (char *)pkt+offset, sizeof(struct tcphdr));
if(!npctxt->ignoreTcpUdpPorts)
sport = ntohs(tp.th_sport), dport = ntohs(tp.th_dport);
......@@ -243,7 +255,11 @@ nprobeProcessPacket(void *ctxt, mapid_pkthdr_t *pkt_head, const void *pkt)
break;
case IPPROTO_UDP:
if(plen < (hlen+sizeof(struct udphdr))) return; /* packet too short */
if(plen < (hlen+sizeof(struct udphdr))) {
npctxt->ignoredPacketTotalCount = npctxt->ignoredPacketTotalCount + 1;
npctxt->ignoredOctetTotalCount = npctxt->ignoredOctetTotalCount + length;
return; /* packet too short */
}
memcpy(&up, (char *)pkt+offset, sizeof(struct udphdr));
if(!npctxt->ignoreTcpUdpPorts)
sport = ntohs(up.uh_sport), dport = ntohs(up.uh_dport);
......@@ -256,7 +272,11 @@ nprobeProcessPacket(void *ctxt, mapid_pkthdr_t *pkt_head, const void *pkt)
}
break;
case IPPROTO_ICMP:
if(plen < (hlen+sizeof(struct icmp))) return; /* packet too short */
if(plen < (hlen+sizeof(struct icmp))) {
npctxt->ignoredPacketTotalCount = npctxt->ignoredPacketTotalCount + 1;
npctxt->ignoredOctetTotalCount = npctxt->ignoredOctetTotalCount + length;
return; /* packet too short */
}
memcpy(&icmpPkt, (char *)pkt+offset, sizeof(struct icmp));
payloadLen = caplen - offset;
if(payloadLen > 0)
......@@ -342,6 +362,8 @@ nprobeProcessPacket(void *ctxt, mapid_pkthdr_t *pkt_head, const void *pkt)
free(list);
} else {
/* More fragments: we'll handle the packet later */
npctxt->ignoredPacketTotalCount = npctxt->ignoredPacketTotalCount + 1;
npctxt->ignoredOctetTotalCount = npctxt->ignoredOctetTotalCount + length;
return;
}
}
......@@ -372,7 +394,7 @@ nprobeProcessPacket(void *ctxt, mapid_pkthdr_t *pkt_head, const void *pkt)
(proto == IPPROTO_ICMP) ? icmpPkt.icmp_type : 0,
npctxt->computeFingerprint ? fingerprint : NULL,
payload, payloadLen,
hlen,v4_options);
hlen,v4_options, ip.ip_ttl);
}
#ifdef DEBUG
else {
......
......@@ -1173,6 +1173,9 @@ npInitContext(void)
npctxt->exportedOctetTotalCount = 0;
npctxt->exportedMessageTotalCount = 0;
npctxt->ignoredPacketTotalCount = 0;
npctxt->ignoredOctetTotalCount = 0;
// Attempt to get own IP address
if (gethostname(ac, sizeof(ac))==0) {
struct hostent *phe = gethostbyname(ac);
......
......@@ -179,6 +179,12 @@ typedef struct hashBucket {
/* The time which the bucket was put in export queue, time() value */
u_int32_t time_exported;
u_char src2dstMinTTL;
u_char src2dstMaxTTL;
u_char dst2srcMinTTL;
u_char dst2srcMaxTTL;
} HashBucket;
......@@ -709,6 +709,9 @@ static V9TemplateId ver9_templates[] = {
{ 41, 8, "TOTAL_PKTS_EXP" },
{ 42, 8, "TOTAL_FLOWS_EXP" },
// NOT 43-59
{ 52, 1, "MIN_TTL" },
{ 53, 1, "MAX_TTL" },
{ 60, 1, "IP_PROTOCOL_VERSION" },
//{ 61, 1, "DIRECTION" },
//{ 62, 16, "IPV6_NEXT_HOP" },
......@@ -1167,6 +1170,14 @@ static void handleTemplate(np_ctxt_t *npctxt, V9TemplateId *theTemplate,
case 42: /* TOTAL_FLOWS_EXP */
copyInt64(0, outBuffer, outBufferBegin, outBufferMax); /* FIX */
break;
case 52:
copyInt8(direction==0?theFlow->src2dstMinTTL:theFlow->dst2srcMinTTL,
outBuffer, outBufferBegin, outBufferMax);
break;
case 53:
copyInt8(direction==0?theFlow->src2dstMaxTTL:theFlow->dst2srcMaxTTL,
outBuffer, outBufferBegin, outBufferMax);
break;
case 60: /* IP_PROTOCOL_VERSION */
copyInt8(4, outBuffer, outBufferBegin, outBufferMax); /* FIX */
break;
......@@ -1323,10 +1334,10 @@ static void handleTemplate(np_ctxt_t *npctxt, V9TemplateId *theTemplate,
copyInt64(npctxt->numObservedFlows,outBuffer, outBufferBegin, outBufferMax);
break;
case 164: /* ignoredPacketTotalCount */
copyInt64(0,outBuffer, outBufferBegin, outBufferMax);
copyInt64(npctxt->ignoredPacketTotalCount,outBuffer, outBufferBegin, outBufferMax);
break;
case 165: /* ignoredOctetTotalCount */
copyInt64(0,outBuffer, outBufferBegin, outBufferMax);
copyInt64(npctxt->ignoredOctetTotalCount,outBuffer, outBufferBegin, outBufferMax);
break;
case 166: /* NOTSENT_FLOWS */
copyInt64(npctxt->notsent_flows,outBuffer, outBufferBegin, outBufferMax);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment