diff --git a/bin/ipfix.c b/bin/ipfix.c index ba071ea..f998b72 100644 --- a/bin/ipfix.c +++ b/bin/ipfix.c @@ -42,7 +42,6 @@ #include #include #include -#include #include #include #include @@ -322,7 +321,7 @@ int i; cache.lookup_info = (struct element_param_s *)calloc(65536, sizeof(struct element_param_s)); cache.common_extensions = (uint32_t *)malloc((Max_num_extensions+1)*sizeof(uint32_t)); if ( !cache.common_extensions || !cache.lookup_info ) { - syslog(LOG_ERR, "Process_ipfix: Panic! malloc(): %s line %d: %s", __FILE__, __LINE__, strerror (errno)); + LogError("Process_ipfix: Panic! malloc(): %s line %d: %s", __FILE__, __LINE__, strerror (errno)); return 0; } @@ -336,7 +335,7 @@ int i; } cache.max_ipfix_elements = i; - syslog(LOG_DEBUG,"Init IPFIX: Max number of IPFIX tags: %u", cache.max_ipfix_elements); + LogError("Init IPFIX: Max number of IPFIX tags: %u", cache.max_ipfix_elements); return 1; @@ -370,7 +369,7 @@ uint32_t ObservationDomain = ntohl(ipfix_header->ObservationDomain); // nothing found *e = (exporter_ipfix_domain_t *)malloc(sizeof(exporter_ipfix_domain_t)); if ( !(*e)) { - syslog(LOG_ERR, "Process_ipfix: Panic! malloc() %s line %d: %s", __FILE__, __LINE__, strerror (errno)); + LogError("Process_ipfix: Panic! malloc() %s line %d: %s", __FILE__, __LINE__, strerror (errno)); return NULL; } memset((void *)(*e), 0, sizeof(exporter_ipfix_domain_t)); @@ -392,7 +391,7 @@ uint32_t ObservationDomain = ntohl(ipfix_header->ObservationDomain); dbg_printf("[%u] New exporter: SysID: %u, Observation domain %u from: %s\n", ObservationDomain, (*e)->info.sysid, ObservationDomain, ipstr); - syslog(LOG_INFO, "Process_ipfix: New exporter: SysID: %u, Observation domain %u from: %s\n", + LogInfo("Process_ipfix: New exporter: SysID: %u, Observation domain %u from: %s\n", (*e)->info.sysid, ObservationDomain, ipstr); @@ -460,12 +459,12 @@ input_translation_t **table; // so template refreshing may change the table size without danger of overflowing *table = calloc(1, sizeof(input_translation_t)); if ( !(*table) ) { - syslog(LOG_ERR, "Process_ipfix: Panic! calloc() %s line %d: %s", __FILE__, __LINE__, strerror (errno)); + LogError("Process_ipfix: Panic! calloc() %s line %d: %s", __FILE__, __LINE__, strerror (errno)); return NULL; } (*table)->sequence = calloc(cache.max_ipfix_elements, sizeof(sequence_map_t)); if ( !(*table)->sequence ) { - syslog(LOG_ERR, "Process_ipfix: Panic! malloc() %s line %d: %s", __FILE__, __LINE__, strerror (errno)); + LogError("Process_ipfix: Panic! malloc() %s line %d: %s", __FILE__, __LINE__, strerror (errno)); return NULL; } @@ -481,7 +480,7 @@ input_translation_t **table; static void remove_translation_table(FlowSource_t *fs, exporter_ipfix_domain_t *exporter, uint16_t id) { input_translation_t *table, *parent; - syslog(LOG_INFO, "Process_ipfix: [%u] Withdraw template id: %i", + LogInfo("Process_ipfix: [%u] Withdraw template id: %i", exporter->info.id, id); parent = NULL; @@ -492,7 +491,7 @@ input_translation_t *table, *parent; } if ( table == NULL ) { - syslog(LOG_ERR, "Process_ipfix: [%u] Withdraw template id: %i. translation table not found", + LogError("Process_ipfix: [%u] Withdraw template id: %i. translation table not found", exporter->info.id, id); return; } @@ -521,7 +520,7 @@ input_translation_t *table, *parent; static void remove_all_translation_tables(exporter_ipfix_domain_t *exporter) { input_translation_t *table, *next; - syslog(LOG_INFO, "Process_ipfix: Withdraw all templates from observation domain %u\n", + LogInfo("Process_ipfix: Withdraw all templates from observation domain %u\n", exporter->info.id); table = exporter->input_translation_table; @@ -548,7 +547,7 @@ uint32_t i = table->number_of_sequences; uint32_t index = cache.lookup_info[Type].index; if ( table->number_of_sequences >= cache.max_ipfix_elements ) { - syslog(LOG_ERR, "Process_ipfix: Software bug! Sequence table full. at %s line %d", + LogError("Process_ipfix: Software bug! Sequence table full. at %s line %d", __FILE__, __LINE__); dbg_printf("Software bug! Sequence table full. at %s line %d", __FILE__, __LINE__); @@ -584,7 +583,7 @@ size_t size_required; table = GetTranslationTable(exporter, id); if ( !table ) { - syslog(LOG_INFO, "Process_ipfix: [%u] Add template %u", exporter->info.id, id); + LogInfo("Process_ipfix: [%u] Add template %u", exporter->info.id, id); table = add_translation_table(exporter, id); if ( !table ) { return NULL; @@ -597,7 +596,7 @@ size_t size_required; size_required = (size_required + 3) &~(size_t)3; extension_map = malloc(size_required); if ( !extension_map ) { - syslog(LOG_ERR, "Process_ipfix: Panic! malloc() error in %s line %d: %s", __FILE__, __LINE__, strerror (errno)); + LogError("Process_ipfix: Panic! malloc() error in %s line %d: %s", __FILE__, __LINE__, strerror (errno)); return NULL; } extension_map->type = ExtensionMapType; @@ -912,6 +911,13 @@ uint16_t Offset = 0; // a template flowset can contain multiple records ( templates ) while ( size_left ) { + if ( size_left && size_left < 4 ) { + LogError("Process_ipfix [%u] Template size error at %s line %u" , + exporter->info.id, __FILE__, __LINE__, strerror (errno)); + size_left = 0; + continue; + } + // clear helper tables memset((void *)cache.common_extensions, 0, (Max_num_extensions+1)*sizeof(uint32_t)); memset((void *)cache.lookup_info, 0, 65536 * sizeof(struct element_param_s)); @@ -940,7 +946,7 @@ uint16_t Offset = 0; size_required = 4*count; if ( size_left < size_required ) { // if we fail this check, this flowset must be skipped. - syslog(LOG_ERR, "Process_ipfix: [%u] Not enough data for template elements! required: %i, left: %u", + LogError("Process_ipfix: [%u] Not enough data for template elements! required: %i, left: %u", exporter->info.id, size_required, size_left); dbg_printf("ERROR: Not enough data for template elements! required: %i, left: %u", size_required, size_left); return; @@ -974,7 +980,7 @@ uint16_t Offset = 0; ipfix_template_elements_e_t *e = (ipfix_template_elements_e_t *)NextElement; size_required += 4; // ad 4 for enterprise value if ( size_left < size_required ) { - syslog(LOG_ERR, "Process_ipfix: [%u] Not enough data for template elements! required: %i, left: %u", + LogError("Process_ipfix: [%u] Not enough data for template elements! required: %i, left: %u", exporter->info.id, size_required, size_left); dbg_printf("ERROR: Not enough data for template elements! required: %i, left: %u", size_required, size_left); return; @@ -1097,7 +1103,7 @@ uint16_t offset_std_sampler_interval, offset_std_sampler_algorithm, found_std_sa i = 0; // keep compiler happy size_left = GET_FLOWSET_LENGTH(option_template_flowset) - 4; // -4 for flowset header -> id and length if ( size_left < 6 ) { - syslog(LOG_ERR, "Process_ipfix: [%u] option template length error: size left %u too small for an options template", + LogError("Process_ipfix: [%u] option template length error: size left %u too small for an options template", exporter->info.id, size_left); return; } @@ -1110,16 +1116,16 @@ uint16_t offset_std_sampler_interval, offset_std_sampler_algorithm, found_std_sa size_left -= 6; if ( scope_field_count == 0 ) { - syslog(LOG_ERR, "Process_ipfx: [%u] scope field count error: length must not be zero", + LogError("Process_ipfx: [%u] scope field count error: length must not be zero", exporter->info.id); dbg_printf("scope field count error: length must not be zero\n"); return; } - size_required = field_count * 2 * sizeof(uint16_t); + size_required = (field_count + scope_field_count) * 2 * sizeof(uint16_t); dbg_printf("Size left: %u, size required: %u\n", size_left, size_required); if ( size_left < size_required ) { - syslog(LOG_ERR, "Process_ipfix: [%u] option template length error: size left %u too small for %u scopes length and %u options length", + LogError("Process_ipfix: [%u] option template length error: size left %u too small for %u scopes length and %u options length", exporter->info.id, size_left, field_count, scope_field_count); dbg_printf("option template length error: size left %u too small for field_count %u\n", size_left, field_count); @@ -1130,7 +1136,7 @@ uint16_t offset_std_sampler_interval, offset_std_sampler_algorithm, found_std_sa id, field_count, scope_field_count); if ( scope_field_count == 0 ) { - syslog(LOG_ERR, "Process_ipfxi: [%u] scope field count error: length must not be zero", + LogError("Process_ipfxi: [%u] scope field count error: length must not be zero", exporter->info.id); return; } @@ -1140,14 +1146,20 @@ uint16_t offset_std_sampler_interval, offset_std_sampler_algorithm, found_std_sa uint16_t id, length; int Enterprise; + if ( size_left && size_left < 4 ) { + LogError("Process_ipfix [%u] Template size error at %s line %u" , + exporter->info.id, __FILE__, __LINE__, strerror (errno)); + return; + } id = Get_val16(DataPtr); DataPtr += 2; length = Get_val16(DataPtr); DataPtr += 2; + size_left -= 4; Enterprise = id & 0x8000 ? 1 : 0; if ( Enterprise ) { size_required += 4; dbg_printf("Adjusted: Size left: %u, size required: %u\n", size_left, size_required); if ( size_left < size_required ) { - syslog(LOG_ERR, "Process_ipfix: [%u] option template length error: size left %u too small for %u scopes length and %u options length", + LogError("Process_ipfix: [%u] option template length error: size left %u too small for %u scopes length and %u options length", exporter->info.id, size_left, field_count, scope_field_count); dbg_printf("option template length error: size left %u too small for field_count %u\n", size_left, field_count); @@ -1155,6 +1167,7 @@ uint16_t offset_std_sampler_interval, offset_std_sampler_algorithm, found_std_sa } enterprise_value = Get_val32(DataPtr); DataPtr += 4; + size_left -= 4; dbg_printf(" [%i] Enterprise: 1, scope id: %u, scope length %u enterprise value: %u\n", i, id, length, enterprise_value); } else { @@ -1168,12 +1181,13 @@ uint16_t offset_std_sampler_interval, offset_std_sampler_algorithm, found_std_sa id = Get_val16(DataPtr); DataPtr += 2; length = Get_val16(DataPtr); DataPtr += 2; + size_left -= 4; Enterprise = id & 0x8000 ? 1 : 0; if ( Enterprise ) { size_required += 4; dbg_printf("Adjusted: Size left: %u, size required: %u\n", size_left, size_required); if ( size_left < size_required ) { - syslog(LOG_ERR, "Process_ipfix: [%u] option template length error: size left %u too small for %u scopes length and %u options length", + LogError("Process_ipfix: [%u] option template length error: size left %u too small for %u scopes length and %u options length", exporter->info.id, size_left, field_count, scope_field_count); dbg_printf("option template length error: size left %u too small for field_count %u\n", size_left, field_count); @@ -1181,6 +1195,7 @@ uint16_t offset_std_sampler_interval, offset_std_sampler_algorithm, found_std_sa } enterprise_value = Get_val32(DataPtr); DataPtr += 4; + size_left -= 4; dbg_printf(" [%i] Enterprise: 1, option id: %u, option length %u enterprise value: %u\n", i, id, length, enterprise_value); } else { @@ -1300,7 +1315,7 @@ char *string; if ( (size_left < table->input_record_size) ) { if ( size_left > 3 ) { - syslog(LOG_WARNING,"Process_ipfix: Corrupt data flowset? Pad bytes: %u", size_left); + LogError("Process_ipfix: Corrupt data flowset? Pad bytes: %u", size_left); dbg_printf("Process_ipfix: Corrupt data flowset? Pad bytes: %u, table record_size: %u\n", size_left, table->input_record_size); } @@ -1311,7 +1326,7 @@ char *string; // check for enough space in output buffer if ( !CheckBufferSpace(fs->nffile, table->output_record_size) ) { // this should really never occur, because the buffer gets flushed ealier - syslog(LOG_ERR,"Process_ipfix: output buffer size error. Abort ipfix record processing"); + LogError("Process_ipfix: output buffer size error. Abort ipfix record processing"); dbg_printf("Process_ipfix: output buffer size error. Abort ipfix record processing"); return; } @@ -1455,7 +1470,7 @@ char *string; break; default: - syslog(LOG_ERR, "Process_ipfix: Software bug! Unknown Sequence: %u. at %s line %d", + LogError("Process_ipfix: Software bug! Unknown Sequence: %u. at %s line %d", table->sequence[i].id, __FILE__, __LINE__); dbg_printf("Software bug! Unknown Sequence: %u. at %s line %d\n", table->sequence[i].id, __FILE__, __LINE__); @@ -1587,9 +1602,9 @@ char *string; // buffer size sanity check if ( fs->nffile->block_header->size > BUFFSIZE ) { // should never happen - syslog(LOG_ERR,"### Software error ###: %s line %d", __FILE__, __LINE__); - syslog(LOG_ERR,"Process ipfix: Output buffer overflow! Flush buffer and skip records."); - syslog(LOG_ERR,"Buffer size: %u > %u", fs->nffile->block_header->size, BUFFSIZE); + LogError("### Software error ###: %s line %d", __FILE__, __LINE__); + LogError("Process ipfix: Output buffer overflow! Flush buffer and skip records."); + LogError("Buffer size: %u > %u", fs->nffile->block_header->size, BUFFSIZE); // reset buffer fs->nffile->block_header->size = 0; @@ -1614,7 +1629,7 @@ static uint32_t packet_cntr = 0; size_left = in_buff_cnt; if ( size_left < IPFIX_HEADER_LENGTH ) { - syslog(LOG_ERR, "Process_ipfix: Too little data for ipfix packet: '%lli'", (long long)size_left); + LogError("Process_ipfix: Too little data for ipfix packet: '%lli'", (long long)size_left); return; } @@ -1625,7 +1640,7 @@ static uint32_t packet_cntr = 0; exporter = GetExporter(fs, ipfix_header); if ( !exporter ) { - syslog(LOG_ERR,"Process_ipfix: Exporter NULL: Abort ipfix record processing"); + LogError("Process_ipfix: Exporter NULL: Abort ipfix record processing"); return; } exporter->packets++; @@ -1665,6 +1680,13 @@ static uint32_t packet_cntr = 0; while (size_left) { uint16_t flowset_id; + if ( size_left && size_left < 4 ) { + LogError("Process_ipfix [%u] Template size error at %s line %u" , + exporter->info.id, __FILE__, __LINE__, strerror (errno)); + size_left = 0; + continue; + } + flowset_header = flowset_header + flowset_length; flowset_id = GET_FLOWSET_ID(flowset_header); @@ -1677,7 +1699,7 @@ static uint32_t packet_cntr = 0; and smaller is an illegal flowset anyway ... if it happends, we can't determine the next flowset, so skip the entire export packet */ - syslog(LOG_ERR,"Process_ipfix: flowset zero length error."); + LogError("Process_ipfix: flowset zero length error."); dbg_printf("Process_ipfix: flowset zero length error.\n"); return; @@ -1690,7 +1712,7 @@ static uint32_t packet_cntr = 0; } if ( flowset_length > size_left ) { - syslog(LOG_ERR,"Process_ipfix: flowset length error. Expected bytes: %u > buffersize: %lli", + LogError("Process_ipfix: flowset length error. Expected bytes: %u > buffersize: %lli", flowset_length, (long long)size_left); size_left = 0; continue; @@ -1713,7 +1735,7 @@ static uint32_t packet_cntr = 0; default: { if ( flowset_id < IPFIX_MIN_RECORD_FLOWSET_ID ) { dbg_printf("Invalid flowset id: %u. Skip flowset\n", flowset_id); - syslog(LOG_ERR,"Process_ipfix: Invalid flowset id: %u. Skip flowset", flowset_id); + LogError("Process_ipfix: Invalid flowset id: %u. Skip flowset", flowset_id); } else { input_translation_t *table; dbg_printf("Process data flowset, length: %u\n", flowset_length); diff --git a/bin/netflow_v9.c b/bin/netflow_v9.c index 1264ee3..55386c7 100644 --- a/bin/netflow_v9.c +++ b/bin/netflow_v9.c @@ -43,7 +43,6 @@ #include #include #include -#include #include #include #include @@ -451,7 +450,7 @@ int i; cache.lookup_info = (struct element_param_s *)calloc(65536, sizeof(struct element_param_s)); cache.common_extensions = (uint32_t *)malloc((Max_num_extensions+1)*sizeof(uint32_t)); if ( !cache.common_extensions || !cache.lookup_info ) { - syslog(LOG_ERR, "Process_v9: Panic! malloc(): %s line %d: %s", __FILE__, __LINE__, strerror (errno)); + LogError( "Process_v9: Panic! malloc(): %s line %d: %s", __FILE__, __LINE__, strerror (errno)); return 0; } @@ -465,7 +464,7 @@ int i; } cache.max_v9_elements = i; - syslog(LOG_DEBUG,"Init v9: Max number of v9 tags: %u", cache.max_v9_elements); + dbg_printf("Init v9: Max number of v9 tags: %u", cache.max_v9_elements); return 1; @@ -499,7 +498,7 @@ exporter_v9_domain_t **e = (exporter_v9_domain_t **)&(fs->exporter_data); // nothing found *e = (exporter_v9_domain_t *)malloc(sizeof(exporter_v9_domain_t)); if ( !(*e)) { - syslog(LOG_ERR, "Process_v9: Panic! malloc() %s line %d: %s", __FILE__, __LINE__, strerror (errno)); + LogError( "Process_v9: Panic! malloc() %s line %d: %s", __FILE__, __LINE__, strerror (errno)); return NULL; } memset((void *)(*e), 0, sizeof(exporter_v9_domain_t)); @@ -521,7 +520,7 @@ exporter_v9_domain_t **e = (exporter_v9_domain_t **)&(fs->exporter_data); dbg_printf("Process_v9: New exporter: SysID: %u, Domain: %u, IP: %s\n", (*e)->info.sysid, exporter_id, ipstr); - syslog(LOG_INFO, "Process_v9: New exporter: SysID: %u, Domain: %u, IP: %s\n", + LogInfo("Process_v9: New exporter: SysID: %u, Domain: %u, IP: %s\n", (*e)->info.sysid, exporter_id, ipstr); @@ -591,12 +590,12 @@ input_translation_t **table; // so template refreshing may change the table size without danger of overflowing *table = calloc(1, sizeof(input_translation_t)); if ( !(*table) ) { - syslog(LOG_ERR, "Process_v9: Panic! calloc() %s line %d: %s", __FILE__, __LINE__, strerror (errno)); + LogError( "Process_v9: Panic! calloc() %s line %d: %s", __FILE__, __LINE__, strerror (errno)); return NULL; } (*table)->sequence = calloc(cache.max_v9_elements, sizeof(sequence_map_t)); if ( !(*table)->sequence ) { - syslog(LOG_ERR, "Process_v9: Panic! malloc() %s line %d: %s", __FILE__, __LINE__, strerror (errno)); + LogError( "Process_v9: Panic! malloc() %s line %d: %s", __FILE__, __LINE__, strerror (errno)); return NULL; } @@ -614,7 +613,7 @@ uint32_t i = table->number_of_sequences; uint32_t index = cache.lookup_info[Type].index; if ( table->number_of_sequences >= cache.max_v9_elements ) { - syslog(LOG_ERR, "Process_v9: Software bug! Sequence table full. at %s line %d", + LogError( "Process_v9: Software bug! Sequence table full. at %s line %d", __FILE__, __LINE__); dbg_printf("Software bug! Sequence table full. at %s line %d", __FILE__, __LINE__); @@ -656,7 +655,7 @@ size_t size_required; table = GetTranslationTable(exporter, id); if ( !table ) { - syslog(LOG_INFO, "Process_v9: [%u] Add template %u", exporter->info.id, id); + LogInfo( "Process_v9: [%u] Add template %u", exporter->info.id, id); dbg_printf("[%u] Add template %u\n", exporter->info.id, id); table = add_translation_table(exporter, id); if ( !table ) { @@ -670,7 +669,7 @@ size_t size_required; size_required = (size_required + 3) &~(size_t)3; extension_map = malloc(size_required); if ( !extension_map ) { - syslog(LOG_ERR, "Process_v9: Panic! malloc() error in %s line %d: %s", __FILE__, __LINE__, strerror (errno)); + LogError( "Process_v9: Panic! malloc() error in %s line %d: %s", __FILE__, __LINE__, strerror (errno)); return NULL; } extension_map->type = ExtensionMapType; @@ -1099,7 +1098,7 @@ size_t size_required; dbg_printf("%d byte Sampling ID included at offset %u\n", length, table->sampler_offset); break; default: - syslog(LOG_ERR, "Process_v9: Unexpected SAMPLER ID field length: %d", + LogError( "Process_v9: Unexpected SAMPLER ID field length: %d", cache.lookup_info[NF9_FLOW_SAMPLER_ID].length); dbg_printf("Unexpected SAMPLER ID field length: %d", cache.lookup_info[NF9_FLOW_SAMPLER_ID].length); @@ -1189,7 +1188,7 @@ option_offset_t **t; fprintf(stderr, "malloc() allocation error: %s\n", strerror(errno)); return ; } - syslog(LOG_ERR, "Process_v9: New std sampler: interval: %i, algorithm: %i", + LogError( "Process_v9: New std sampler: interval: %i, algorithm: %i", offset_std_sampler_interval, offset_std_sampler_algorithm); } // else existing table @@ -1240,7 +1239,7 @@ int i; dbg_printf("template size: %u buffersize: %u\n", size_required, size_left); if ( size_left < size_required ) { - syslog(LOG_ERR, "Process_v9: [%u] buffer size error: expected %u available %u", + LogError( "Process_v9: [%u] buffer size error: expected %u available %u", exporter->info.id, size_required, size_left); size_left = 0; continue; @@ -1348,19 +1347,19 @@ uint16_t offset_std_sampler_interval, offset_std_sampler_algorithm, found_std_sa option_length = GET_OPTION_TEMPLATE_OPTION_LENGTH(option_template); if ( scope_length & 0x3 ) { - syslog(LOG_ERR, "Process_v9: [%u] scope length error: length %u not multiple of 4", + LogError( "Process_v9: [%u] scope length error: length %u not multiple of 4", exporter->info.id, scope_length); return; } if ( option_length & 0x3 ) { - syslog(LOG_ERR, "Process_v9: [%u] option length error: length %u not multiple of 4", + LogError( "Process_v9: [%u] option length error: length %u not multiple of 4", exporter->info.id, option_length); return; } if ( (scope_length + option_length) > size_left ) { - syslog(LOG_ERR, "Process_v9: [%u] option template length error: size left %u too small for %u scopes length and %u options length", + LogError( "Process_v9: [%u] option template length error: size left %u too small for %u scopes length and %u options length", exporter->info.id, size_left, scope_length, option_length); return; } @@ -1410,7 +1409,7 @@ uint16_t offset_std_sampler_interval, offset_std_sampler_algorithm, found_std_sa } if ( index && v9_element_map[index].length != length ) { - syslog(LOG_ERR,"Process_v9: Option field Type: %u, length %u not supported\n", type, length); + LogError("Process_v9: Option field Type: %u, length %u not supported\n", type, length); dbg_printf("Process_v9: Option field Type: %u, length %u not supported\n", type, length); continue; } @@ -1529,9 +1528,15 @@ char *string; while (size_left) { common_record_t *data_record; + if ( (table->input_record_size == 0 )) { + LogError("Process_v9: Corrupt data flowset? table input_record_sizei = 0 "); + size_left = 0; + continue; + } + if ( (size_left < table->input_record_size) ) { if ( size_left > 3 ) { - syslog(LOG_WARNING,"Process_v9: Corrupt data flowset? Pad bytes: %u", size_left); + LogError("Process_v9: Corrupt data flowset? Pad bytes: %u", size_left); dbg_printf("Process_v9: Corrupt data flowset? Pad bytes: %u, table record_size: %u\n", size_left, table->input_record_size); } @@ -1542,7 +1547,7 @@ char *string; // check for enough space in output buffer if ( !CheckBufferSpace(fs->nffile, table->output_record_size) ) { // this should really never occur, because the buffer gets flushed ealier - syslog(LOG_ERR,"Process_v9: output buffer size error. Abort v9 record processing"); + LogError("Process_v9: output buffer size error. Abort v9 record processing"); dbg_printf("Process_v9: output buffer size error. Abort v9 record processing"); return; } @@ -1738,7 +1743,7 @@ char *string; *((uint32_t *)&out[output_offset+12]) = 0; } break; default: - syslog(LOG_ERR, "Process_v9: Software bug! Unknown Sequence: %u. at %s line %d", + LogError( "Process_v9: Software bug! Unknown Sequence: %u. at %s line %d", table->sequence[i].id, __FILE__, __LINE__); dbg_printf("Software bug! Unknown Sequence: %u. at %s line %d", table->sequence[i].id, __FILE__, __LINE__); @@ -1936,9 +1941,9 @@ char *string; // buffer size sanity check if ( fs->nffile->block_header->size > BUFFSIZE ) { // should never happen - syslog(LOG_ERR,"### Software error ###: %s line %d", __FILE__, __LINE__); - syslog(LOG_ERR,"Process v9: Output buffer overflow! Flush buffer and skip records."); - syslog(LOG_ERR,"Buffer size: %u > %u", fs->nffile->block_header->size, BUFFSIZE); + LogError("### Software error ###: %s line %d", __FILE__, __LINE__); + LogError("Process v9: Output buffer overflow! Flush buffer and skip records."); + LogError("Buffer size: %u > %u", fs->nffile->block_header->size, BUFFSIZE); // reset buffer fs->nffile->block_header->size = 0; @@ -1963,7 +1968,7 @@ uint8_t *in; if ( !offset_table ) { // should never happen - catch it anyway - syslog(LOG_ERR, "Process_v9: Panic! - No Offset table found! : %s line %d", __FILE__, __LINE__); + LogError( "Process_v9: Panic! - No Offset table found! : %s line %d", __FILE__, __LINE__); return; } @@ -2007,7 +2012,7 @@ uint8_t *in; dbg_printf("Sampler algorithm: %u\n", mode); dbg_printf("Sampler interval : %u\n", interval); - syslog(LOG_INFO, "Set std sampler: algorithm: %u, interval: %u\n", + LogInfo( "Set std sampler: algorithm: %u, interval: %u\n", mode, interval); dbg_printf("Set std sampler: algorithm: %u, interval: %u\n", mode, interval); @@ -2029,7 +2034,7 @@ static int pkg_num = 0; pkg_num++; size_left = in_buff_cnt; if ( size_left < NETFLOW_V9_HEADER_LENGTH ) { - syslog(LOG_ERR, "Process_v9: Too little data for v9 packet: '%lli'", (long long)size_left); + LogError( "Process_v9: Too little data for v9 packet: '%lli'", (long long)size_left); return; } @@ -2039,7 +2044,7 @@ static int pkg_num = 0; exporter = GetExporter(fs, exporter_id); if ( !exporter ) { - syslog(LOG_ERR,"Process_v9: Exporter NULL: Abort v9 record processing"); + LogError("Process_v9: Exporter NULL: Abort v9 record processing"); return; } exporter->packets++; @@ -2078,7 +2083,7 @@ static int pkg_num = 0; exporter->info.id, (long long)exporter->last_sequence, (long long)exporter->sequence, (long long)distance); /* if ( report_seq ) - syslog(LOG_ERR,"Flow sequence mismatch. Missing: %lli packets", delta(last_count,distance)); + LogError("Flow sequence mismatch. Missing: %lli packets", delta(last_count,distance)); */ } } @@ -2102,7 +2107,7 @@ static int pkg_num = 0; and smaller is an illegal flowset anyway ... if it happends, we can't determine the next flowset, so skip the entire export packet */ - syslog(LOG_ERR,"Process_v9: flowset zero length error."); + LogError("Process_v9: flowset zero length error."); dbg_printf("Process_v9: flowset zero length error.\n"); return; } @@ -2116,7 +2121,7 @@ static int pkg_num = 0; if ( flowset_length > size_left ) { dbg_printf("flowset length error. Expected bytes: %u > buffersize: %lli", flowset_length, (long long)size_left); - syslog(LOG_ERR,"Process_v9: flowset length error. Expected bytes: %u > buffersize: %lli", + LogError("Process_v9: flowset length error. Expected bytes: %u > buffersize: %lli", flowset_length, (long long)size_left); size_left = 0; continue; @@ -2135,14 +2140,14 @@ static int pkg_num = 0; break; case NF9_OPTIONS_FLOWSET_ID: option_flowset = (option_template_flowset_t *)flowset_header; - syslog(LOG_DEBUG,"Process_v9: Found options flowset: template %u", ntohs(option_flowset->template_id)); + dbg_printf("Process_v9: Found options flowset: template %u", ntohs(option_flowset->template_id)); Process_v9_option_templates(exporter, flowset_header, fs); break; default: { input_translation_t *table; if ( flowset_id < NF9_MIN_RECORD_FLOWSET_ID ) { dbg_printf("Invalid flowset id: %u\n", flowset_id); - syslog(LOG_ERR,"Process_v9: Invalid flowset id: %u", flowset_id); + LogError("Process_v9: Invalid flowset id: %u", flowset_id); } else { dbg_printf("[%u] ID %u Data flowset\n", exporter->info.id, flowset_id); @@ -2168,7 +2173,7 @@ static int pkg_num = 0; #ifdef DEVEL if ( processed_records != expected_records ) { - syslog(LOG_ERR, "Process_v9: Processed records %u, expected %u", processed_records, expected_records); + LogError( "Process_v9: Processed records %u, expected %u", processed_records, expected_records); printf("Process_v9: Processed records %u, expected %u\n", processed_records, expected_records); } #endif @@ -2990,7 +2995,7 @@ generic_sampler_t *sampler; // no samplers so far sampler = (generic_sampler_t *)malloc(sizeof(generic_sampler_t)); if ( !sampler ) { - syslog(LOG_ERR, "Process_v9: Panic! malloc(): %s line %d: %s", __FILE__, __LINE__, strerror (errno)); + LogError( "Process_v9: Panic! malloc(): %s line %d: %s", __FILE__, __LINE__, strerror (errno)); return; } @@ -3004,7 +3009,7 @@ generic_sampler_t *sampler; exporter->sampler = sampler; FlushInfoSampler(fs, &(sampler->info)); - syslog(LOG_INFO, "Add new sampler: ID: %i, mode: %u, interval: %u\n", + LogInfo( "Add new sampler: ID: %i, mode: %u, interval: %u\n", id, mode, interval); dbg_printf("Add new sampler: ID: %i, mode: %u, interval: %u\n", id, mode, interval); @@ -3015,7 +3020,7 @@ generic_sampler_t *sampler; // test for update of existing sampler if ( sampler->info.id == id ) { // found same sampler id - update record - syslog(LOG_INFO, "Update existing sampler id: %i, mode: %u, interval: %u\n", + LogInfo( "Update existing sampler id: %i, mode: %u, interval: %u\n", id, mode, interval); dbg_printf("Update existing sampler id: %i, mode: %u, interval: %u\n", id, mode, interval); @@ -3037,7 +3042,7 @@ generic_sampler_t *sampler; // end of sampler chain - insert new sampler sampler->next = (generic_sampler_t *)malloc(sizeof(generic_sampler_t)); if ( !sampler->next ) { - syslog(LOG_ERR, "Process_v9: Panic! malloc(): %s line %d: %s", __FILE__, __LINE__, strerror (errno)); + LogError( "Process_v9: Panic! malloc(): %s line %d: %s", __FILE__, __LINE__, strerror (errno)); return; } sampler = sampler->next; @@ -3053,7 +3058,7 @@ generic_sampler_t *sampler; FlushInfoSampler(fs, &(sampler->info)); - syslog(LOG_INFO, "Append new sampler: ID: %u, mode: %u, interval: %u\n", + LogInfo( "Append new sampler: ID: %u, mode: %u, interval: %u\n", id, mode, interval); dbg_printf("Append new sampler: ID: %u, mode: %u, interval: %u\n", id, mode, interval);