Next Previous Contents

3. cflowd

cflowd watches the shared memory packet buffer semaphores and reads a packet buffer when it becomes available. cflowd uses the CflowdRawFlow class to convert the flow-export packets into CflowdRawFlow objects, and uses the CflowdRawFlow objects to populate tables for which it is configured (the AS matrix, net matrix, etc.). cflowd does not yet write raw flow data to disk. This facility will be provided soon (but obviously be a bottleneck in most cases since disk I/O is generally slow).

cflowd will listen() for local client connections on a UNIX domain socket. If a client connects, cflowd will accept() and fork(), read the client request, then send the client the data they requested. This IPC channel is used for clients like cfdases, cfdnets, et. al. The data sent is current data, and cflowd does not clear any tables.

cflowd will also listen for remote client connections on a TCP socket. When a client connects, cflowd checks to see if the client is allowed to connect. If not, it closes the socket with prejudice. If allowed, cflowd will fork() and the child will send all of the tabular data to the client. The child simply exits when done (or if it gets a SIGPIPE while writing to the client), while the parent clears its tables, updates some timestamp information, then continues collecting data.


Next Previous Contents