common.c


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98

#include "common.h"
#include <assert.h>
#include <errno.h>
#include <limits.h>
#include <string.h>
#include <sys/stat.h>
#include <unistd.h>

int nfl_check_file(FILE *f) {
    struct stat s;
    assert(f);
    if (fstat(fileno(f), &s) < 0)
        return -errno;

    // Ignore file already unlinked
    if (s.st_nlink <= 0)
        return -EIDRM;

    return 0;
}

int nfl_check_dir(const char *storage_dir) {
    struct stat _d;
    if(stat(storage_dir, &_d) != 0 || !S_ISDIR(_d.st_mode)){
        return -1;
    }
    return 0;
}

const char *nfl_get_filename(const char *dir, int id) {
    char out[1024];
    sprintf(out, "%s/" STORAGE_PREFIX "_%d", dir, id);
    return strdup(out);
}

uint32_t nfl_header_cksum(nflog_header_t *header) {
    register uint64_t s = 3784672181;
    s += header->id;
    s ^= header->max_n_entries;
    s += header->n_entries;
    s ^= header->start_time;
    s += header->end_time;
    s &= ULONG_MAX;
    return s;
}

void nfl_cal_trunk(uint32_t total_size, uint32_t *trunk_cnt, uint32_t *trunk_size) {
    uint32_t pgsize = getpagesize();
    total_size *= 1024 * 1024; // MiB

    assert(trunk_cnt);
    assert(total_size);

    *trunk_cnt = CEIL_DIV(total_size, pgsize*TRUNK_SIZE_BY_PAGE);
    if(*trunk_cnt > MAX_TRUNK_ID) {
        *trunk_cnt = MAX_TRUNK_ID;
        *trunk_size = total_size / MAX_TRUNK_ID;
        *trunk_size = (*trunk_size / pgsize) * pgsize; // align with pagesize
    }
    else {
        *trunk_size = pgsize*TRUNK_SIZE_BY_PAGE;
    }
}

void nfl_cal_entries(uint32_t trunk_size, uint32_t *entries_cnt) {
    assert(entries_cnt);
    *entries_cnt = (trunk_size - sizeof(nflog_header_t)) / sizeof(nflog_entry_t);
}

const char *nfl_format_output(nflog_entry_t *entry) {
    char out[1024], dest_ip[16];
    snprintf(dest_ip, 16, "%pI4", &entry->daddr);
    sprintf(out,
          "t=%ld\t"
          "daddr=%s\t"
          "proto=%s\t"
          "uid=%d\t"
          "sport=%d\t"
          "dport=%d",
          entry->timestamp, dest_ip,
          entry->protocol == IPPROTO_TCP ? "TCP" : "UDP",
          entry->uid, entry->sport, entry->dport);
}

int nfl_setup_compression(const char *flag, enum nflog_compression_t *opt) {
    if(flag == NULL) {
        *opt=COMPRESS_NONE;
    } else if(!strcmp(flag, "zstd") || !strcmp(flag, "zstandard")) {
        *opt=COMPRESS_ZSTD;
    } else if(!strcmp(flag, "lz4")) {
        *opt=COMPRESS_LZ4;
    } else {
        fprintf(stderr, "Unknown compression algorithm: %s\n", flag);
        return 0;
    }

    return 1;
}