|
Lines 68-73
Link Here
|
| 68 |
int linktype; |
68 |
int linktype; |
| 69 |
int fatal; |
69 |
int fatal; |
| 70 |
int want_v6; |
70 |
int want_v6; |
|
|
71 |
int sample; |
| 71 |
}; |
72 |
}; |
| 72 |
|
73 |
|
| 73 |
/* Describes a datalink header and how to extract v4/v6 frames from it */ |
74 |
/* Describes a datalink header and how to extract v4/v6 frames from it */ |
|
Lines 270-276
Link Here
|
| 270 |
snprintf(ftime, sizeof(ftime), "%s", |
271 |
snprintf(ftime, sizeof(ftime), "%s", |
| 271 |
format_time(flow->flow_last.tv_sec)); |
272 |
format_time(flow->flow_last.tv_sec)); |
| 272 |
|
273 |
|
| 273 |
snprintf(buf, sizeof(buf), "seq:%llu [%s]:%hu <> [%s]:%hu proto:%u " |
274 |
snprintf(buf, sizeof(buf), "seq:%"PRIu64" [%s]:%hu <> [%s]:%hu proto:%u " |
| 274 |
"octets>:%u packets>:%u octets<:%u packets<:%u " |
275 |
"octets>:%u packets>:%u octets<:%u packets<:%u " |
| 275 |
"start:%s.%03ld finish:%s.%03ld tcp>:%02x tcp<:%02x " |
276 |
"start:%s.%03ld finish:%s.%03ld tcp>:%02x tcp<:%02x " |
| 276 |
"flowlabel>:%08x flowlabel<:%08x ", |
277 |
"flowlabel>:%08x flowlabel<:%08x ", |
|
Lines 298-304
Link Here
|
| 298 |
inet_ntop(flow->af, &flow->addr[1], addr2, sizeof(addr2)); |
299 |
inet_ntop(flow->af, &flow->addr[1], addr2, sizeof(addr2)); |
| 299 |
|
300 |
|
| 300 |
snprintf(buf, sizeof(buf), |
301 |
snprintf(buf, sizeof(buf), |
| 301 |
"seq:%llu [%s]:%hu <> [%s]:%hu proto:%u", |
302 |
"seq:%"PRIu64" [%s]:%hu <> [%s]:%hu proto:%u", |
| 302 |
flow->flow_seq, |
303 |
flow->flow_seq, |
| 303 |
addr1, ntohs(flow->port[0]), addr2, ntohs(flow->port[1]), |
304 |
addr1, ntohs(flow->port[0]), addr2, ntohs(flow->port[1]), |
| 304 |
(int)flow->protocol); |
305 |
(int)flow->protocol); |
|
Lines 811-817
Link Here
|
| 811 |
|
812 |
|
| 812 |
if (verbose_flag) |
813 |
if (verbose_flag) |
| 813 |
logit(LOG_DEBUG, |
814 |
logit(LOG_DEBUG, |
| 814 |
"Queuing flow seq:%llu (%p) for expiry " |
815 |
"Queuing flow seq:%"PRIu64" (%p) for expiry " |
| 815 |
"reason %d", expiry->flow->flow_seq, |
816 |
"reason %d", expiry->flow->flow_seq, |
| 816 |
expiry->flow, expiry->reason); |
817 |
expiry->flow, expiry->reason); |
| 817 |
|
818 |
|
|
Lines 976-988
Link Here
|
| 976 |
struct pcap_stat ps; |
977 |
struct pcap_stat ps; |
| 977 |
|
978 |
|
| 978 |
fprintf(out, "Number of active flows: %d\n", ft->num_flows); |
979 |
fprintf(out, "Number of active flows: %d\n", ft->num_flows); |
| 979 |
fprintf(out, "Packets processed: %llu\n", ft->total_packets); |
980 |
fprintf(out, "Packets processed: %"PRIu64"\n", ft->total_packets); |
| 980 |
fprintf(out, "Fragments: %llu\n", ft->frag_packets); |
981 |
fprintf(out, "Fragments: %"PRIu64"\n", ft->frag_packets); |
| 981 |
fprintf(out, "Ignored packets: %llu (%llu non-IP, %llu too short)\n", |
982 |
fprintf(out, "Ignored packets: %"PRIu64" (%"PRIu64" non-IP, %"PRIu64" too short)\n", |
| 982 |
ft->non_ip_packets + ft->bad_packets, ft->non_ip_packets, ft->bad_packets); |
983 |
ft->non_ip_packets + ft->bad_packets, ft->non_ip_packets, ft->bad_packets); |
| 983 |
fprintf(out, "Flows expired: %llu (%llu forced)\n", |
984 |
fprintf(out, "Flows expired: %"PRIu64" (%"PRIu64" forced)\n", |
| 984 |
ft->flows_expired, ft->flows_force_expired); |
985 |
ft->flows_expired, ft->flows_force_expired); |
| 985 |
fprintf(out, "Flows exported: %llu in %llu packets (%llu failures)\n", |
986 |
fprintf(out, "Flows exported: %"PRIu64" in %"PRIu64" packets (%"PRIu64" failures)\n", |
| 986 |
ft->flows_exported, ft->packets_sent, ft->flows_dropped); |
987 |
ft->flows_exported, ft->packets_sent, ft->flows_dropped); |
| 987 |
|
988 |
|
| 988 |
if (pcap_stats(pcap, &ps) == 0) { |
989 |
if (pcap_stats(pcap, &ps) == 0) { |
|
Lines 1007-1022
Link Here
|
| 1007 |
|
1008 |
|
| 1008 |
fprintf(out, "\n"); |
1009 |
fprintf(out, "\n"); |
| 1009 |
fprintf(out, "Expired flow reasons:\n"); |
1010 |
fprintf(out, "Expired flow reasons:\n"); |
| 1010 |
fprintf(out, " tcp = %9llu tcp.rst = %9llu " |
1011 |
fprintf(out, " tcp = %9"PRIu64" tcp.rst = %9"PRIu64" " |
| 1011 |
"tcp.fin = %9llu\n", ft->expired_tcp, ft->expired_tcp_rst, |
1012 |
"tcp.fin = %9"PRIu64"\n", ft->expired_tcp, ft->expired_tcp_rst, |
| 1012 |
ft->expired_tcp_fin); |
1013 |
ft->expired_tcp_fin); |
| 1013 |
fprintf(out, " udp = %9llu icmp = %9llu " |
1014 |
fprintf(out, " udp = %9"PRIu64" icmp = %9"PRIu64" " |
| 1014 |
"general = %9llu\n", ft->expired_udp, ft->expired_icmp, |
1015 |
"general = %9"PRIu64"\n", ft->expired_udp, ft->expired_icmp, |
| 1015 |
ft->expired_general); |
1016 |
ft->expired_general); |
| 1016 |
fprintf(out, " maxlife = %9llu\n", ft->expired_maxlife); |
1017 |
fprintf(out, " maxlife = %9"PRIu64"\n", ft->expired_maxlife); |
| 1017 |
fprintf(out, "over 2 GiB = %9llu\n", ft->expired_overbytes); |
1018 |
fprintf(out, "over 2 GiB = %9"PRIu64"\n", ft->expired_overbytes); |
| 1018 |
fprintf(out, " maxflows = %9llu\n", ft->expired_maxflows); |
1019 |
fprintf(out, " maxflows = %9"PRIu64"\n", ft->expired_maxflows); |
| 1019 |
fprintf(out, " flushed = %9llu\n", ft->expired_flush); |
1020 |
fprintf(out, " flushed = %9"PRIu64"\n", ft->expired_flush); |
| 1020 |
|
1021 |
|
| 1021 |
fprintf(out, "\n"); |
1022 |
fprintf(out, "\n"); |
| 1022 |
|
1023 |
|
|
Lines 1027-1033
Link Here
|
| 1027 |
pe = getprotobynumber(i); |
1028 |
pe = getprotobynumber(i); |
| 1028 |
snprintf(proto, sizeof(proto), "%s (%d)", |
1029 |
snprintf(proto, sizeof(proto), "%s (%d)", |
| 1029 |
pe != NULL ? pe->p_name : "Unknown", i); |
1030 |
pe != NULL ? pe->p_name : "Unknown", i); |
| 1030 |
fprintf(out, " %17s: %14llu %12llu %8.2fs " |
1031 |
fprintf(out, " %17s: %14"PRIu64" %12"PRIu64" %8.2fs " |
| 1031 |
"%10.2fs\n", proto, |
1032 |
"%10.2fs\n", proto, |
| 1032 |
ft->octets_pp[i], |
1033 |
ft->octets_pp[i], |
| 1033 |
ft->packets_pp[i], |
1034 |
ft->packets_pp[i], |
|
Lines 1052-1063
Link Here
|
| 1052 |
fprintf(out, "ACTIVE %s\n", format_flow(expiry->flow)); |
1053 |
fprintf(out, "ACTIVE %s\n", format_flow(expiry->flow)); |
| 1053 |
if ((long int) expiry->expires_at - now < 0) { |
1054 |
if ((long int) expiry->expires_at - now < 0) { |
| 1054 |
fprintf(out, |
1055 |
fprintf(out, |
| 1055 |
"EXPIRY EVENT for flow %llu now%s\n", |
1056 |
"EXPIRY EVENT for flow %"PRIu64" now%s\n", |
| 1056 |
expiry->flow->flow_seq, |
1057 |
expiry->flow->flow_seq, |
| 1057 |
expiry->expires_at == 0 ? " (FORCED)": ""); |
1058 |
expiry->expires_at == 0 ? " (FORCED)": ""); |
| 1058 |
} else { |
1059 |
} else { |
| 1059 |
fprintf(out, |
1060 |
fprintf(out, |
| 1060 |
"EXPIRY EVENT for flow %llu in %ld seconds\n", |
1061 |
"EXPIRY EVENT for flow %"PRIu64" in %ld seconds\n", |
| 1061 |
expiry->flow->flow_seq, |
1062 |
expiry->flow->flow_seq, |
| 1062 |
(long int) expiry->expires_at - now); |
1063 |
(long int) expiry->expires_at - now); |
| 1063 |
} |
1064 |
} |
|
Lines 1128-1133
Link Here
|
| 1128 |
struct CB_CTXT *cb_ctxt = (struct CB_CTXT *)user_data; |
1129 |
struct CB_CTXT *cb_ctxt = (struct CB_CTXT *)user_data; |
| 1129 |
struct timeval tv; |
1130 |
struct timeval tv; |
| 1130 |
|
1131 |
|
|
|
1132 |
if (cb_ctxt->sample && cb_ctxt->ft->total_packets % cb_ctxt->sample > 0) { |
| 1133 |
cb_ctxt->ft->total_packets++; |
| 1134 |
return; |
| 1135 |
} |
| 1131 |
s = datalink_check(cb_ctxt->linktype, pkt, phdr->caplen, &af); |
1136 |
s = datalink_check(cb_ctxt->linktype, pkt, phdr->caplen, &af); |
| 1132 |
if (s < 0 || (!cb_ctxt->want_v6 && af == AF_INET6)) { |
1137 |
if (s < 0 || (!cb_ctxt->want_v6 && af == AF_INET6)) { |
| 1133 |
cb_ctxt->ft->non_ip_packets++; |
1138 |
cb_ctxt->ft->non_ip_packets++; |
|
Lines 1681-1686
Link Here
|
| 1681 |
extern int optind; |
1686 |
extern int optind; |
| 1682 |
int ch, dontfork_flag, linktype, ctlsock, i, err, always_v6, r; |
1687 |
int ch, dontfork_flag, linktype, ctlsock, i, err, always_v6, r; |
| 1683 |
int stop_collection_flag, exit_request, hoplimit; |
1688 |
int stop_collection_flag, exit_request, hoplimit; |
|
|
1689 |
unsigned int sample; |
| 1684 |
pcap_t *pcap = NULL; |
1690 |
pcap_t *pcap = NULL; |
| 1685 |
struct sockaddr_storage dest; |
1691 |
struct sockaddr_storage dest; |
| 1686 |
struct FLOWTRACK flowtrack; |
1692 |
struct FLOWTRACK flowtrack; |
|
Lines 1706-1713
Link Here
|
| 1706 |
ctlsock_path = DEFAULT_CTLSOCK; |
1712 |
ctlsock_path = DEFAULT_CTLSOCK; |
| 1707 |
dontfork_flag = 0; |
1713 |
dontfork_flag = 0; |
| 1708 |
always_v6 = 0; |
1714 |
always_v6 = 0; |
|
|
1715 |
sample = 0; |
| 1709 |
|
1716 |
|
| 1710 |
while ((ch = getopt(argc, argv, "6hdDL:T:i:r:f:t:n:m:p:c:v:")) != -1) { |
1717 |
while ((ch = getopt(argc, argv, "6hdDL:T:i:r:f:t:n:m:p:c:v:s:")) != -1) { |
| 1711 |
switch (ch) { |
1718 |
switch (ch) { |
| 1712 |
case '6': |
1719 |
case '6': |
| 1713 |
always_v6 = 1; |
1720 |
always_v6 = 1; |
|
Lines 1807-1812
Link Here
|
| 1807 |
} |
1814 |
} |
| 1808 |
target.dialect = &nf[i]; |
1815 |
target.dialect = &nf[i]; |
| 1809 |
break; |
1816 |
break; |
|
|
1817 |
case 's': |
| 1818 |
sample = atoi(optarg); |
| 1819 |
if (sample < 2) { |
| 1820 |
sample = 0; |
| 1821 |
} |
| 1822 |
break; |
| 1810 |
default: |
1823 |
default: |
| 1811 |
fprintf(stderr, "Invalid commandline option.\n"); |
1824 |
fprintf(stderr, "Invalid commandline option.\n"); |
| 1812 |
usage(); |
1825 |
usage(); |
|
Lines 1847-1853
Link Here
|
| 1847 |
} else { |
1860 |
} else { |
| 1848 |
FILE *pidfile; |
1861 |
FILE *pidfile; |
| 1849 |
|
1862 |
|
| 1850 |
daemon(0, 0); |
1863 |
r = daemon(0, 0); |
| 1851 |
loginit(PROGNAME, 0); |
1864 |
loginit(PROGNAME, 0); |
| 1852 |
|
1865 |
|
| 1853 |
if ((pidfile = fopen(pidfile_path, "w")) == NULL) { |
1866 |
if ((pidfile = fopen(pidfile_path, "w")) == NULL) { |
|
Lines 1880-1885
Link Here
|
| 1880 |
cb_ctxt.ft = &flowtrack; |
1893 |
cb_ctxt.ft = &flowtrack; |
| 1881 |
cb_ctxt.linktype = linktype; |
1894 |
cb_ctxt.linktype = linktype; |
| 1882 |
cb_ctxt.want_v6 = target.dialect->v6_capable || always_v6; |
1895 |
cb_ctxt.want_v6 = target.dialect->v6_capable || always_v6; |
|
|
1896 |
cb_ctxt.sample = sample; |
| 1883 |
|
1897 |
|
| 1884 |
for (r = 0; graceful_shutdown_request == 0; r = 0) { |
1898 |
for (r = 0; graceful_shutdown_request == 0; r = 0) { |
| 1885 |
/* |
1899 |
/* |
|
Lines 1925-1930
Link Here
|
| 1925 |
pcap_geterr(pcap)); |
1939 |
pcap_geterr(pcap)); |
| 1926 |
break; |
1940 |
break; |
| 1927 |
} else if (r == 0) { |
1941 |
} else if (r == 0) { |
|
|
1942 |
if (capfile == NULL) { |
| 1943 |
logit(LOG_DEBUG, "Continueing after " |
| 1944 |
"pcap EOF"); |
| 1945 |
continue; |
| 1946 |
} |
| 1928 |
logit(LOG_NOTICE, "Shutting down after " |
1947 |
logit(LOG_NOTICE, "Shutting down after " |
| 1929 |
"pcap EOF"); |
1948 |
"pcap EOF"); |
| 1930 |
graceful_shutdown_request = 1; |
1949 |
graceful_shutdown_request = 1; |