razzor
/
ctstats
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Activity
Browse Source

add ct-status bits

master
Olaf Rempel 13 years ago
parent
0cf8957c81
commit
b72176373e
5 changed files with 11 additions and 6 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -0
      conntrack.c
  2. +1
    -0
      ctstats.sql
  3. +2
    -2
      database.c
  4. +5
    -3
      hashtable.c
  5. +2
    -1
      hashtable.h

+ 1
- 0
conntrack.c View File

@ -40,6 +40,7 @@ static int conntrack_event_cb(void *arg, unsigned int flags, int type, void *pri
entry->src_ip = (ct->tuple[NFCT_DIR_ORIGINAL].src.v4 & netmask.s_addr);
entry->protonum = ct->tuple[NFCT_DIR_ORIGINAL].protonum;
entry->dst_port = ct->tuple[NFCT_DIR_ORIGINAL].l4dst.tcp.port;
entry->flags = ct->status & (IPS_EXPECTED || IPS_SEEN_REPLY || IPS_ASSURED || IPS_CONFIRMED);
entry->src_bytes = ct->counters[NFCT_DIR_ORIGINAL].bytes;
entry->dst_bytes = ct->counters[NFCT_DIR_REPLY].bytes;


+ 1
- 0
ctstats.sql View File

@ -12,6 +12,7 @@ CREATE TABLE IF NOT EXISTS `stats` (
`srcip` int(10) unsigned NOT NULL default '0',
`proto` int(10) unsigned NOT NULL default '0',
`dport` int(10) unsigned NOT NULL default '0',
`flags` int(10) unsigned NOT NULL default '0',
`srcbytes` int(10) unsigned NOT NULL default '0',
`dstbytes` int(10) unsigned NOT NULL default '0',
`count` int(10) unsigned NOT NULL default '0',


+ 2
- 2
database.c View File

@ -19,9 +19,9 @@ static void purge_hash_cb(const struct hash_entry *entry, void *privdata)
char query[256];
int len = snprintf(query, sizeof(query),
"INSERT INTO stats SET timestamp='%lu', srcip='%u', proto='%u', dport='%u', srcbytes='%llu', dstbytes='%llu', count='%u'",
"INSERT INTO stats SET timestamp='%lu', srcip='%u', proto='%u', dport='%u', flags='%u', srcbytes='%llu', dstbytes='%llu', count='%u'",
*now, ntohl(entry->src_ip), entry->protonum, ntohs(entry->dst_port),
entry->src_bytes, entry->dst_bytes, entry->count);
entry->flags, entry->src_bytes, entry->dst_bytes, entry->count);
if (mysql_real_query(dbh, query, len +1) != 0)
log_print(LOG_WARN, "purge_hash_cb: mysql_real_query(): %s", mysql_error(dbh));


+ 5
- 3
hashtable.c View File

@ -34,7 +34,7 @@ struct hash_table * create_hash(uint32_t buckets)
table->bucket[i] = NULL;
table->buckets = buckets;
table->hash_rnd = 0x56789ABC;
table->hash_rnd = time(NULL);
pthread_mutex_init(&table->mutex, NULL);
return table;
@ -61,6 +61,7 @@ void purge_hash(struct hash_table *table,
table->bucket[i] = NULL;
}
table->hash_rnd = time(NULL);
pthread_mutex_unlock(&table->mutex);
}
@ -74,7 +75,7 @@ void destroy_hash(struct hash_table *table)
static uint32_t calc_hashkey(const struct hash_entry *entry, uint32_t initval)
{
uint32_t a = entry->src_ip;
uint32_t b = entry->protonum;
uint32_t b = (entry->flags << 8) | entry->protonum;
uint32_t c = entry->dst_port;
a += JHASH_GOLDEN_RATIO;
@ -90,7 +91,8 @@ static int cmp_entry(const struct hash_entry *a, const struct hash_entry *b)
{
return (a->src_ip ^ b->src_ip) |
(a->protonum ^ b->protonum) |
(a->dst_port ^ b->dst_port);
(a->dst_port ^ b->dst_port) |
(a->flags ^ b->flags);
}
void hash_add(struct hash_table *table, struct hash_entry *entry)


+ 2
- 1
hashtable.h View File

@ -7,8 +7,9 @@
struct hash_entry {
struct hash_entry *next;
uint32_t src_ip;
uint16_t protonum;
uint16_t dst_port;
uint8_t protonum;
uint8_t flags;
uint64_t src_bytes;
uint64_t dst_bytes;


Write Preview
Loading…
Cancel
Save