meter.cc

网络流量采集及分析软件

}


/* -------------------- getHelloMsg -------------------- */

string Meter::getHelloMsg()
{
    ostringstream s;
    
    static char name[128] = "\0";

    if (name[0] == '\0') { // first time
        gethostname(name, sizeof(name));
    }

    s << "netmate build " << BUILD_TIME 
      << ", running at host \"" << name << "\"," << endl
      << "compile options: "
#ifndef ENABLE_THREADS
      << "_no_ "
#endif
      << "multi-threading support, "
#ifndef USE_SSL
      << "_no_ "
#endif
      << "secure sockets (SSL) support"
      << endl;
    
    return s.str();
}


/* -------------------- getInfo -------------------- */

string Meter::getInfo(infoType_t what, string param)
{  
    time_t uptime;
    ostringstream s;
    
    s << "<info name=\"" << MeterInfo::getInfoString(what) << "\" >";

    switch (what) {
    case I_METER_VERSION:
        s << getHelloMsg();
        break;
    case I_UPTIME:
      uptime = ::time(NULL) - startTime;
        s << uptime << " s, since " << noNewline(ctime(&startTime));
        break;
    case I_TASKS_STORED:
        s << rulm->getNumTasks();
        break;
    case I_FUNCTIONS_LOADED:
        s << proc->numModules();
        break;
    case I_CONFIGFILE:
        s << configFileName;
        break;
    case I_USE_SSL:
        s << (httpd_uses_ssl() ? "yes" : "no");
        break;
    case I_HELLO:
        s << getHelloMsg();
        break;
    case I_TASKLIST:
        s << CtrlComm::xmlQuote(rulm->getInfo());
        break;
    case I_MODLIST:
        s << proc->getInfo();
        break;
    case I_TASK:
        if (param.empty()) {
            throw Error("get_info: missing parameter for rule = <rulename>" );
        } else {
            int n = param.find(".");
            if (n > 0) {
                s << CtrlComm::xmlQuote(rulm->getInfo(param.substr(0,n), param.substr(n+1, param.length())));
            } else {
                s << CtrlComm::xmlQuote(rulm->getInfo(param));
            }
        }
        break;
    case I_NUMMETERINFOS:
    default:
        return string();
    }

    s << "</info>" << endl;
    
    return s.str();
}


string Meter::getMeterInfo(infoList_t *i)
{
    ostringstream s;
    infoListIter_t iter;
   
    s << "<meterinfos>\n";

    for (iter = i->begin(); iter != i->end(); iter++) {
        s << getInfo(iter->type, iter->param);
    }

    s << "</meterinfos>\n";

    return s.str();
}


/* -------------------- handleEvent -------------------- */

void Meter::handleEvent(Event *e, fd_sets_t *fds)
{
   
    switch (e->getType()) {
    case TEST:
      {

      }
      break;
    case GET_INFO:
      {
          // get info types from event
          try {
              infoList_t *i = ((GetInfoEvent *)e)->getInfos(); 
              // send meter info
              comm->sendMsg(getMeterInfo(i), ((GetInfoEvent *)e)->getReq(), fds, 0 /* do not html quote */ );
          } catch(Error &err) {
              comm->sendErrMsg(err.getError(), ((GetInfoEvent *)e)->getReq(), fds);
          }
      }
      break;
    case GET_MODINFO:
      {
          // get module information from loaded module (proc mods only now)
          try {
              string s = proc->getModuleInfoXML(((GetModInfoEvent *)e)->getModName());
              // send module info
              comm->sendMsg(s, ((GetModInfoEvent *)e)->getReq(), fds, 0);
          } catch(Error &err) {
              comm->sendErrMsg(err.getError(), ((GetModInfoEvent *)e)->getReq(), fds);
          }
      }
      break;
    case PUSH_EXPORT:
      {
          ruleDB_t     *rules = ((PushExportEvent *)e)->getRules();

          // multiple rules can export at the same time
          for (ruleDBIter_t iter = rules->begin(); iter != rules->end(); iter++) {

	      FlowRecord *rec;

              // retrieve flow data via evaluation module(s) for that rule
              rec = proc->exportRule((*iter)->getUId(), (*iter)->getRuleName());

	      // set final status
	      rec->setFinal(((PushExportEvent *)e)->isFinal());

              // schedule this data for export via export module(s) for that rule
              expt->storeData((*iter)->getUId(), ((PushExportEvent *)e)->getExpMods(), rec);   
          }
      }
      break;
    case PULL_EXPORT:
      {
          // not implemented yet
      }
      break;
    case FLOW_TIMEOUT:
      {
          int rid = ((FlowTimeoutEvent *)e)->getUId();
	  unsigned long timeout = ((FlowTimeoutEvent *)e)->getTimeout();
          time_t now = Timeval::time(NULL);
          int res;

          // retrieve timestamp of last packet for this flow
          res = proc->ruleTimeout(rid, timeout, now);

          if (res > 1) {
              // no timeout!

              // readjust exp time so that next (possible) flow expiration can
              // be detected just in time
              e->setTime(res);
          } else if (res == 0) {
              // timeout has expired ->collect data
	      FlowRecord *rec;
	
              // retrieve idle flow data via evaluation module(s) for that rule
              // and reset flow to idle in packet processor
              rec = proc->exportRule(rid, rulm->getRule(rid)->getRuleName(), now, timeout);
              
	      // final flow record
	      rec->setFinal(1);

              // export this data to via export module(s) for that rule
              expt->storeData(rid, "", rec);
          } // else (still) idle
      }
      
      break;
    case ADD_RULES:
      {
          ruleDB_t *new_rules = NULL;

          try {
              // support only XML rules from file
              new_rules = rulm->parseRules(((AddRulesEvent *)e)->getFileName());
             
              // test rule spec 
              expt->checkRules(new_rules);
              proc->checkRules(new_rules);
              clss->checkRules(new_rules);

              // no error so lets add the rules and schedule for activation
              // and removal
              rulm->addRules(new_rules, evnt.get());
              saveDelete(new_rules);

	      /*
		above 'addRules' produces an RuleActivation event.
		If rule addition shall be performed _immediately_
		(fds == NULL) then we need to execute this
		activation event _now_ and not wait for the
		EventScheduler to do this some time later.
	      */
	      if (fds == NULL ) {
		  Event *e = evnt->getNextEvent();
		  handleEvent(e, NULL);
		  saveDelete(e);
	      }

          } catch (Error &e) {
              // error in rule(s)
              if (new_rules) {
                  saveDelete(new_rules);
              }
              throw e;
          }
      }
      break;
    case ADD_RULES_CTRLCOMM:
      {
          ruleDB_t *new_rules = NULL;

          try {
              
              new_rules = rulm->parseRulesBuffer(
                ((AddRulesCtrlEvent *)e)->getBuf(),
                ((AddRulesCtrlEvent *)e)->getLen(), ((AddRulesCtrlEvent *)e)->isMAPI());

              // test rule spec 
              expt->checkRules(new_rules);
              proc->checkRules(new_rules);
              clss->checkRules(new_rules);
	  
              // no error so let's add the rules and 
              // schedule for activation and removal
              rulm->addRules(new_rules, evnt.get());
              comm->sendMsg("rule(s) added", ((AddRulesCtrlEvent *)e)->getReq(), fds);
              saveDelete(new_rules);

          } catch (Error &err) {
              // error in rule(s)
              if (new_rules) {
                  saveDelete(new_rules);
              }
              comm->sendErrMsg(err.getError(), ((AddRulesCtrlEvent *)e)->getReq(), fds); 
          }
      }
      break; 	

    case ACTIVATE_RULES:
      {
          ruleDB_t *rules = ((ActivateRulesEvent *)e)->getRules();

          expt->addRules(rules, evnt.get());
          proc->addRules(rules, evnt.get());
          clss->addRules(rules);
          // activate
          rulm->activateRules(rules, evnt.get());
      }
      break;
    case REMOVE_RULES:
      {
          ruleDB_t *rules = ((ActivateRulesEvent *)e)->getRules();
	  
          // export final result data
          for (ruleDBIter_t iter = rules->begin(); iter != rules->end(); iter++) {
              if ((*iter)->isFlagEnabled(RULE_FINAL_EXPORT)) {

		  FlowRecord *rec;

                  // retrieve flow data via evaluation module(s) for that rule
                  rec = proc->exportRule((*iter)->getUId(), (*iter)->getRuleName());

                  // export flow records directly
                  expt->exportFlowRecord(rec, "");

                  saveDelete(rec);
              }
          }
	  
          // now get rid of the expired rule
          clss->delRules(rules);
          proc->delRules(rules);
          expt->delRules(rules);
          rulm->delRules(rules, evnt.get());
      }
      break;

    case REMOVE_RULES_CTRLCOMM:
      {
          try {
              string r = ((RemoveRulesCtrlEvent *)e)->getRule();
              int n = r.find(".");
              if (n > 0) {
                  // delete 1 rule
                  Rule *rptr = rulm->getRule(r.substr(0,n), 
                                             r.substr(n+1, r.length()-n));
                  if (rptr == NULL) {
                      throw Error("no such rule");
                  }
	  
                  // export final result data
                  if (rptr->isFlagEnabled(RULE_FINAL_EXPORT)) {
		      FlowRecord *rec;

                      // retrieve flow data via evaluation module(s)
                      // for that rule
                      rec = proc->exportRule(rptr->getUId(),rptr->getRuleName());
		      
                      // export the flow record directly
                      expt->exportFlowRecord(rec, "");

                      saveDelete(rec);
                  }

                  clss->delRule(rptr);
                  proc->delRule(rptr);
                  expt->delRule(rptr);
                  rulm->delRule(rptr, evnt.get());

              } else {
                  // delete rule set
                  ruleIndex_t *rules = rulm->getRules(r);
                  if (rules == NULL) {
                      throw Error("no such rule set");
                  }

                  for (ruleIndexIter_t i = rules->begin(); i != rules->end(); i++) {
                      Rule *rptr = rulm->getRule(i->second);

                      // export final result data
                      if (rptr->isFlagEnabled(RULE_FINAL_EXPORT)) {
			  FlowRecord *rec;

                          // retrieve flow data via evaluation module(s) for that rule
                          rec = proc->exportRule(rptr->getUId(),rptr->getRuleName());
			  
                          // export this data via export module(s) for that rule
                          expt->exportFlowRecord(rec, "");

                          saveDelete(rec);
                      }
			
                      clss->delRule(rptr);
                      proc->delRule(rptr);
                      expt->delRule(rptr);
                      rulm->delRule(rptr, evnt.get());
                  }
              }

              comm->sendMsg("rule(s) deleted", ((RemoveRulesCtrlEvent *)e)->getReq(), fds);
          } catch (Error &err) {
              comm->sendErrMsg(err.getError(), ((RemoveRulesCtrlEvent *)e)->getReq(), fds);
          }
      }
      break;

    case PROC_MODULE_TIMER:

        proc->timeout(((ProcTimerEvent *)e)->getRID(), ((ProcTimerEvent *)e)->getAID(),
                      ((ProcTimerEvent *)e)->getTID());
        break;
    
    case EXPORT_MODULE_TIMER:
        
        ((ExportTimerEvent *)e)->signalTimeout();
        break;
        
    default:
        throw Error("unknown event");
    }
}


/* ----------------------- run ----------------------------- */

void Meter::run()
{