* [ns]fprobe_ifindex now supports semi-dynamic lookups against either…

… 'tag'

  or 'tag2'. This is in addition to previously implemented static ifIndex
  support. Updated docs and examples.

CONFIG-KEYS

@@ -904,12 +904,17 @@ DESC:           defines traffic direction. Can be statically defined via 'in' an
 		mapped to 'in' direction, whereas tag value of 2 will be mapped to 'out'. The idea underlying
 		tag lookups is that pre_tag_map supports, among the other features, 'filter' matching against
 		a supplied tcpdump-like filter expression; doing so against L2 primitives (ie. source or
-		destination MAC addresses) allows to dynamically determine traffic direction (default: none)
+		destination MAC addresses) allows to dynamically determine traffic direction (see example at
+		'examples/pretag.map.example') (default: none)
 
 KEY:            [ nfprobe_ifindex | sfprobe_ifindex ]
-DESC:           statically associates an interface index (ifIndex) to a given nfprobe or sfprobe plugin. This
-		definition will be always overridden when the ifIndex can be determined dynamically (ie. via
-		ULOG). 
+VALUES:		[tag,tag2,<1-4294967295>]
+DESC:           associates an interface index (ifIndex) to a given nfprobe or sfprobe plugin. This is meant as
+		an add-on to [ns]probe_direction directive, ie. when multiplexing mirrored traffic from different
+		sources on the same interface (ie. split by VLAN). Can be statically defined via a 32-bit integer
+		or semi-dynamically determined via lookup to either 'tag' or 'tag2' values (read full elaboration
+		on [ns]probe_direction directive). This definition will be also always overridden whenever the
+		ifIndex can be determined dynamically (ie. via ULOG framework).
 
 KEY:		sfprobe_receiver
 DESC:           defines the remote IP address/hostname and port to which sFlow dagagrams are to be exported.

examples/pretag.map.example

@@ -229,3 +229,26 @@ id=100 ip=192.168.1.1 comms=65000:2345 label=65000:2345 jeq=65000:3456
 id=200 ip=192.168.1.1 comms=65000:3456 label=65000:3456
 !
 ! ===
+!
+! === sfprobe/nfprobe: determining semi-dynamically direction and ifindex 
+! - Two steps approach:
+!   > determine direction first (1=in, 2=out)
+!   > then short circuit it to return an ifindex value
+! - Configuration would look like the following fragment:
+!   ...
+!   nfprobe_direction: tag
+!   nfprobe_ifindex: tag2
+!   ...
+!
+id=1 filter='ether dst 00:11:22:33:44:55' jeq=fivefive
+id=1 filter='ether dst 00:11:22:33:44:66' jeq=sixsix
+id=1 filter='ether dst 00:11:22:33:44:77' jeq=sevenseven
+id=2 filter='ether src 00:11:22:33:44:55' jeq=fivefive
+id=2 filter='ether src 00:11:22:33:44:66' jeq=sixsix
+id=2 filter='ether src 00:11:22:33:44:77' jeq=sevenseven
+!
+id2=5 label=fivefive
+id2=6 label=sixsix
+id2=7 label=sevenseven
+! 
+! ===

src/cfg.h

@@ -171,6 +171,7 @@ struct configuration {
   int nfprobe_ipprec;
   int nfprobe_direction;
   u_int32_t nfprobe_ifindex;
+  int nfprobe_ifindex_type;
   char *sfprobe_receiver;
   char *sfprobe_agentip;
   int sfprobe_agentsubid;

src/cfg_handlers.c

@@ -2539,7 +2539,7 @@ int cfg_key_nfprobe_direction(char *filename, char *name, char *value_ptr)
   else if (!strcmp(value_ptr, "out"))
     value = DIRECTION_OUT;
   else {
-    Log(LOG_ERR, "WARN ( %s ): Invalid direction value '%s'\n", filename, value_ptr);
+    Log(LOG_ERR, "WARN ( %s ): Invalid nfprobe_direction or sfprobe_direction value '%s'\n", filename, value_ptr);
     return ERR;
   }
 
@@ -2563,10 +2563,19 @@ int cfg_key_nfprobe_direction(char *filename, char *name, char *value_ptr)
 int cfg_key_nfprobe_ifindex(char *filename, char *name, char *value_ptr)
 {
   struct plugins_list_entry *list = plugins_list;
-  int changes = 0;
-  u_int32_t value;
+  int changes = 0, value2 = 0;
+  u_int32_t value = 0;
 
-  value = strtol(value_ptr, NULL, 0);
+  if (!strcmp(value_ptr, "tag"))
+    value2 = IFINDEX_TAG;
+  else if (!strcmp(value_ptr, "tag2"))
+    value2 = IFINDEX_TAG2;
+  else if (value = strtol(value_ptr, NULL, 0))
+    value2 = IFINDEX_STATIC;
+  else {
+    Log(LOG_ERR, "WARN ( %s ): Invalid nfprobe_ifindex or sfprobe_ifindex value '%s'\n", filename, value_ptr);
+    return ERR;
+  }
 
   if (!name) {
     Log(LOG_ERR, "ERROR ( %s ): nfprobe_ifindex and sfprobe_ifindex cannot be global. Not loaded.\n", filename);
@@ -2576,6 +2585,7 @@ int cfg_key_nfprobe_ifindex(char *filename, char *name, char *value_ptr)
     for (; list; list = list->next) {
       if (!strcmp(name, list->name)) {
 	list->cfg.nfprobe_ifindex = value;
+	list->cfg.nfprobe_ifindex_type = value2;
 	changes++;
 	break;
       }

src/nfprobe_plugin/nfprobe_plugin.c

@@ -310,8 +310,25 @@ l2_to_flowrec(struct FLOW *flow, struct pkt_data *data, struct pkt_extras *extra
 #endif
 
   if (!p->ifindex_in && !p->ifindex_out) {
-    flow->ifindex[ndx] = (direction == DIRECTION_IN) ? config.nfprobe_ifindex : 0;
-    flow->ifindex[ndx ^ 1] = (direction == DIRECTION_OUT) ? config.nfprobe_ifindex : 0;
+    if (config.nfprobe_ifindex) {
+      switch (config.nfprobe_ifindex) {
+      case IFINDEX_STATIC:
+        flow->ifindex[ndx] = (direction == DIRECTION_IN) ? config.nfprobe_ifindex : 0;
+        flow->ifindex[ndx ^ 1] = (direction == DIRECTION_OUT) ? config.nfprobe_ifindex : 0;
+        break;
+      case IFINDEX_TAG:
+        flow->ifindex[ndx] = (direction == DIRECTION_IN) ? p->id : 0;
+	flow->ifindex[ndx ^ 1] = (direction == DIRECTION_OUT) ? p->id : 0;
+	break;
+      case IFINDEX_TAG2:
+        flow->ifindex[ndx] = (direction == DIRECTION_IN) ? p->id2 : 0;
+	flow->ifindex[ndx ^ 1] = (direction == DIRECTION_OUT) ? p->id2 : 0;
+        break;
+      default:
+        flow->ifindex[ndx] = 0;
+	flow->ifindex[ndx ^ 1] = 0;
+      }
+    }
   }
   else {
     flow->ifindex[ndx] = p->ifindex_in;

src/pmacct-defines.h

@@ -200,6 +200,10 @@
 #define DIRECTION_TAG		0x00000004
 #define DIRECTION_TAG2		0x00000008
 
+#define IFINDEX_STATIC		0x00000001
+#define IFINDEX_TAG		0x00000002
+#define IFINDEX_TAG2		0x00000004
+
 typedef u_int32_t pm_class_t;
 typedef u_int32_t pm_id_t;
 

src/sfprobe_plugin/sfprobe_plugin.c

@@ -27,6 +27,7 @@ typedef struct _SflSp {
   int verbose;
   char *device;
   u_int32_t ifIndex;
+  int ifIndex_Type;
   int ifType;
   u_int64_t ifSpeed;
   int ifDirection;
@@ -103,6 +104,7 @@ static void setDefaults(SflSp *sp)
 {
   sp->device = NULL;
   sp->ifIndex = 1;
+  sp->ifIndex_Type = IFINDEX_STATIC;
   sp->ifType = 6; // ethernet_csmacd 
   sp->ifSpeed = 100000000L;  // assume 100 MBit
   sp->ifDirection = 1; // assume full duplex 
@@ -340,15 +342,23 @@ static void readPacket(SflSp *sp, struct pkt_payload *hdr, const unsigned char *
       SFL_FLOW_SAMPLE_TYPE fs;
       memset(&fs, 0, sizeof(fs));
 
-      // Since we are an end host, we are not switching or routing
-      // this packet.  On a switch or router this is just like a
-      // packet going to or from the management agent.  That means
-      // the local interface index should be filled in as the special
-      // value 0x3FFFFFFF, which is defined in the sFlow spec as
-      // an "internal" interface.
       if (!hdr->ifindex_in && !hdr->ifindex_out) {
-        fs.input = (direction == SFL_DIRECTION_IN) ? sp->ifIndex : 0x3FFFFFFF;
-        fs.output = (direction == SFL_DIRECTION_OUT) ? sp->ifIndex : 0x3FFFFFFF;
+	if (sp->ifIndex_Type) {
+	  switch (sp->ifIndex_Type) {
+	  case IFINDEX_STATIC:
+            fs.input = (direction == SFL_DIRECTION_IN) ? sp->ifIndex : 0x3FFFFFFF;
+            fs.output = (direction == SFL_DIRECTION_OUT) ? sp->ifIndex : 0x3FFFFFFF;
+	    break;
+	  case IFINDEX_TAG:
+	    fs.input = (direction == SFL_DIRECTION_IN) ? hdr->tag : 0x3FFFFFFF;
+	    fs.output = (direction == SFL_DIRECTION_OUT) ? hdr->tag : 0x3FFFFFFF;
+	    break;
+	  case IFINDEX_TAG2:
+	    fs.input = (direction == SFL_DIRECTION_IN) ? hdr->tag2 : 0x3FFFFFFF;
+	    fs.output = (direction == SFL_DIRECTION_OUT) ? hdr->tag2 : 0x3FFFFFFF;
+	    break;
+	  }
+	}
       }
       else {
         fs.input = (hdr->ifindex_in) ? hdr->ifindex_in : 0x3FFFFFFF;
@@ -496,6 +506,7 @@ static void parse_receiver(char *string, struct in_addr *addr, u_int32_t *port)
 
 static void process_config_options(SflSp *sp)
 {
+  if (config.nfprobe_ifindex_type) sp->ifIndex_Type = config.nfprobe_ifindex_type;
   if (config.nfprobe_ifindex) sp->ifIndex = config.nfprobe_ifindex;
   if (config.sfprobe_ifspeed) sp->ifSpeed = config.sfprobe_ifspeed;
   if (config.sfprobe_agentip) sp->agentIP.s_addr = Name_to_IP(config.sfprobe_agentip);