3. cflowd
cflowd watches the shared memory packet buffer semaphores and
reads a packet buffer when it becomes available. cflowd uses
the CflowdRawFlow class to convert the flow-export packets into
CflowdRawFlow objects, and uses the CflowdRawFlow
objects to populate tables for which it is configured (the AS matrix,
net matrix, etc.). cflowd does not yet write raw flow data to
disk. This facility will be provided soon (but obviously be a bottleneck
in most cases since disk I/O is generally slow).
cflowd will listen() for local client connections on a
UNIX domain socket. If a client connects, cflowd will accept()
and fork(), read the client request, then send the client the data they
requested. This IPC channel is used for clients like cfdases,
cfdnets, et. al. The data sent is current data, and
cflowd does not clear any tables.
cflowd will also listen for remote client connections on a TCP
socket. When a client connects, cflowd checks to see if the
client is allowed to connect. If not, it closes the socket with
prejudice. If allowed, cflowd will fork() and the
child will send all of the tabular data to the client. The child
simply exits when done (or if it gets a SIGPIPE while writing to the
client), while the parent clears its tables, updates some timestamp
information, then continues collecting data.
Next Previous Contents