From b72176373eef29e938a0788538433dc5be7f413e Mon Sep 17 00:00:00 2001 From: Olaf Rempel Date: Sun, 8 Apr 2007 17:02:24 +0200 Subject: [PATCH] add ct-status bits --- conntrack.c | 1 + ctstats.sql | 1 + database.c | 4 ++-- hashtable.c | 8 +++++--- hashtable.h | 3 ++- 5 files changed, 11 insertions(+), 6 deletions(-) diff --git a/conntrack.c b/conntrack.c index 1013f8f..79513ab 100644 --- a/conntrack.c +++ b/conntrack.c @@ -40,6 +40,7 @@ static int conntrack_event_cb(void *arg, unsigned int flags, int type, void *pri entry->src_ip = (ct->tuple[NFCT_DIR_ORIGINAL].src.v4 & netmask.s_addr); entry->protonum = ct->tuple[NFCT_DIR_ORIGINAL].protonum; entry->dst_port = ct->tuple[NFCT_DIR_ORIGINAL].l4dst.tcp.port; + entry->flags = ct->status & (IPS_EXPECTED || IPS_SEEN_REPLY || IPS_ASSURED || IPS_CONFIRMED); entry->src_bytes = ct->counters[NFCT_DIR_ORIGINAL].bytes; entry->dst_bytes = ct->counters[NFCT_DIR_REPLY].bytes; diff --git a/ctstats.sql b/ctstats.sql index fcc38df..f0ad1a3 100644 --- a/ctstats.sql +++ b/ctstats.sql @@ -12,6 +12,7 @@ CREATE TABLE IF NOT EXISTS `stats` ( `srcip` int(10) unsigned NOT NULL default '0', `proto` int(10) unsigned NOT NULL default '0', `dport` int(10) unsigned NOT NULL default '0', + `flags` int(10) unsigned NOT NULL default '0', `srcbytes` int(10) unsigned NOT NULL default '0', `dstbytes` int(10) unsigned NOT NULL default '0', `count` int(10) unsigned NOT NULL default '0', diff --git a/database.c b/database.c index 8a97040..8d1f09d 100644 --- a/database.c +++ b/database.c @@ -19,9 +19,9 @@ static void purge_hash_cb(const struct hash_entry *entry, void *privdata) char query[256]; int len = snprintf(query, sizeof(query), - "INSERT INTO stats SET timestamp='%lu', srcip='%u', proto='%u', dport='%u', srcbytes='%llu', dstbytes='%llu', count='%u'", + "INSERT INTO stats SET timestamp='%lu', srcip='%u', proto='%u', dport='%u', flags='%u', srcbytes='%llu', dstbytes='%llu', count='%u'", *now, ntohl(entry->src_ip), entry->protonum, ntohs(entry->dst_port), - entry->src_bytes, entry->dst_bytes, entry->count); + entry->flags, entry->src_bytes, entry->dst_bytes, entry->count); if (mysql_real_query(dbh, query, len +1) != 0) log_print(LOG_WARN, "purge_hash_cb: mysql_real_query(): %s", mysql_error(dbh)); diff --git a/hashtable.c b/hashtable.c index 30c8fde..43c6e9c 100644 --- a/hashtable.c +++ b/hashtable.c @@ -34,7 +34,7 @@ struct hash_table * create_hash(uint32_t buckets) table->bucket[i] = NULL; table->buckets = buckets; - table->hash_rnd = 0x56789ABC; + table->hash_rnd = time(NULL); pthread_mutex_init(&table->mutex, NULL); return table; @@ -61,6 +61,7 @@ void purge_hash(struct hash_table *table, table->bucket[i] = NULL; } + table->hash_rnd = time(NULL); pthread_mutex_unlock(&table->mutex); } @@ -74,7 +75,7 @@ void destroy_hash(struct hash_table *table) static uint32_t calc_hashkey(const struct hash_entry *entry, uint32_t initval) { uint32_t a = entry->src_ip; - uint32_t b = entry->protonum; + uint32_t b = (entry->flags << 8) | entry->protonum; uint32_t c = entry->dst_port; a += JHASH_GOLDEN_RATIO; @@ -90,7 +91,8 @@ static int cmp_entry(const struct hash_entry *a, const struct hash_entry *b) { return (a->src_ip ^ b->src_ip) | (a->protonum ^ b->protonum) | - (a->dst_port ^ b->dst_port); + (a->dst_port ^ b->dst_port) | + (a->flags ^ b->flags); } void hash_add(struct hash_table *table, struct hash_entry *entry) diff --git a/hashtable.h b/hashtable.h index fdb23bc..6974509 100644 --- a/hashtable.h +++ b/hashtable.h @@ -7,8 +7,9 @@ struct hash_entry { struct hash_entry *next; uint32_t src_ip; - uint16_t protonum; uint16_t dst_port; + uint8_t protonum; + uint8_t flags; uint64_t src_bytes; uint64_t dst_bytes;