clones/fastnetmon
1
0
Fork 0
mirror of https://github.com/pavel-odintsov/fastnetmon.git synced 2024-09-21 10:27:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Reformatted code with clang-format

Browse Source
This commit is contained in:
Pavel Odintsov 2022-04-20 21:45:43 +01:00
parent 0babd49edc
commit 242703a166
69 changed files with 1825 additions and 2220 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/.clang_formatter_excludes
View File

@ -1,6 +1,6 @@
netmap_plugin/netmap_includes/net/netmap.h
netmap_plugin/netmap_includes/net/netmap_user.h
libpatricia/patricia.c
libpatricia/patricia.h
concurrentqueue.h
simple_packet_capnp/simple_packet.capnp.c++
simple_packet_capnp/simple_packet.capnp.h
build

16
src/abstract_subnet_counters.hpp
View File

@ -3,18 +3,19 @@
#include <unordered_map>
// I keep these declaration here because of following error:
// error: there are no arguments to increment_outgoing_counters that depend on a template parameter, so a declaration of increment_outgoing_counters must be available [-fpermissive]
// error: there are no arguments to increment_outgoing_counters that depend on a template parameter, so a declaration
// of increment_outgoing_counters must be available [-fpermissive]
// increment_outgoing_counters(counter_ptr, current_packet, sampled_number_of_packets, sampled_number_of_bytes);
void increment_incoming_counters(map_element_t* current_element,
simple_packet_t& current_packet,
uint64_t sampled_number_of_packets,
uint64_t sampled_number_of_bytes);
simple_packet_t& current_packet,
uint64_t sampled_number_of_packets,
uint64_t sampled_number_of_bytes);
void build_speed_counters_from_packet_counters(map_element_t& new_speed_element, map_element_t* vector_itr, double speed_calc_period);
void increment_outgoing_counters(map_element_t* current_element,
simple_packet_t& current_packet,
uint64_t sampled_number_of_packets,
uint64_t sampled_number_of_bytes);
simple_packet_t& current_packet,
uint64_t sampled_number_of_packets,
uint64_t sampled_number_of_bytes);
void build_average_speed_counters_from_speed_counters(map_element_t* current_average_speed_element,
map_element_t& new_speed_element,
double exp_value,
@ -151,4 +152,3 @@ template <typename T> class abstract_subnet_counters_t {
TrafficComparatorClass<std::pair<T, subnet_counter_t>>(sort_direction, sorter_type));
}
};

17
src/actions/exabgp_action.cpp
View File

@ -19,20 +19,16 @@ extern bool exabgp_announce_whole_subnet;
extern log4cpp::Category& logger;
// Low level ExaBGP ban management
void exabgp_prefix_ban_manage(std::string action,
std::string prefix_as_string_with_mask,
std::string exabgp_next_hop,
std::string exabgp_community) {
void exabgp_prefix_ban_manage(std::string action, std::string prefix_as_string_with_mask, std::string exabgp_next_hop, std::string exabgp_community) {
/* Buffer for BGP message */
char bgp_message[256];
if (action == "ban") {
sprintf(bgp_message, "announce route %s next-hop %s community %s\n",
prefix_as_string_with_mask.c_str(), exabgp_next_hop.c_str(), exabgp_community.c_str());
sprintf(bgp_message, "announce route %s next-hop %s community %s\n", prefix_as_string_with_mask.c_str(),
exabgp_next_hop.c_str(), exabgp_community.c_str());
} else {
sprintf(bgp_message, "withdraw route %s next-hop %s\n", prefix_as_string_with_mask.c_str(),
exabgp_next_hop.c_str());
sprintf(bgp_message, "withdraw route %s next-hop %s\n", prefix_as_string_with_mask.c_str(), exabgp_next_hop.c_str());
}
logger << log4cpp::Priority::INFO << "ExaBGP announce message: " << bgp_message;
@ -40,8 +36,7 @@ void exabgp_prefix_ban_manage(std::string action,
int exabgp_pipe = open(exabgp_command_pipe.c_str(), O_WRONLY);
if (exabgp_pipe <= 0) {
logger << log4cpp::Priority::ERROR << "Can't open ExaBGP pipe " << exabgp_command_pipe
<< " Ban is not executed";
logger << log4cpp::Priority::ERROR << "Can't open ExaBGP pipe " << exabgp_command_pipe << " Ban is not executed";
return;
}
@ -100,5 +95,3 @@ bool exabgp_flow_spec_ban_manage(std::string action, std::string flow_spec_rule_
close(exabgp_pipe);
return true;
}

2
src/actions/exabgp_action.hpp
View File

@ -1,5 +1,5 @@
#include <string>
#include "../fastnetmon_types.h"
#include <string>
void exabgp_ban_manage(std::string action, std::string ip_as_string, attack_details_t current_attack);
bool exabgp_flow_spec_ban_manage(std::string action, std::string flow_spec_rule_as_text);

98
src/actions/gobgp_action.cpp
View File

@ -37,15 +37,15 @@ class GrpcClient {
}
bool AnnounceUnicastPrefixIPv4(std::string announced_address,
std::string announced_prefix_nexthop,
bool is_withdrawal,
unsigned int cidr_mask,
uint32_t community_as_32bit_int) {
std::string announced_prefix_nexthop,
bool is_withdrawal,
unsigned int cidr_mask,
uint32_t community_as_32bit_int) {
grpc::ClientContext context;
// Set timeout for API
std::chrono::system_clock::time_point deadline =
std::chrono::system_clock::now() + std::chrono::seconds(gobgp_client_connection_timeout);
std::chrono::system_clock::now() + std::chrono::seconds(gobgp_client_connection_timeout);
context.set_deadline(deadline);
auto gobgp_ipv4_unicast_route_family = new gobgpapi::Family;
@ -85,7 +85,7 @@ class GrpcClient {
current_next_hop->PackFrom(current_next_hop_t);
// Updating CommunitiesAttribute for current_path
google::protobuf::Any *current_communities = current_path->add_pattrs();
google::protobuf::Any* current_communities = current_path->add_pattrs();
gobgpapi::CommunitiesAttribute current_communities_t;
current_communities_t.add_communities(community_as_32bit_int);
current_communities->PackFrom(current_communities_t);
@ -98,8 +98,7 @@ class GrpcClient {
auto status = stub_->AddPath(&context, request, &response);
if (!status.ok()) {
logger << log4cpp::Priority::ERROR
<< "AddPath request to BGP daemon failed with code: " << status.error_code()
logger << log4cpp::Priority::ERROR << "AddPath request to BGP daemon failed with code: " << status.error_code()
<< " message " << status.error_message();
return false;
@ -109,15 +108,15 @@ class GrpcClient {
return true;
}
bool AnnounceUnicastPrefixIPv6(const subnet_ipv6_cidr_mask_t& client_ipv6,
const subnet_ipv6_cidr_mask_t& ipv6_next_hop,
bool is_withdrawal,
uint32_t community_as_32bit_int) {
bool AnnounceUnicastPrefixIPv6(const subnet_ipv6_cidr_mask_t& client_ipv6,
const subnet_ipv6_cidr_mask_t& ipv6_next_hop,
bool is_withdrawal,
uint32_t community_as_32bit_int) {
grpc::ClientContext context;
// Set timeout for API
std::chrono::system_clock::time_point deadline =
std::chrono::system_clock::now() + std::chrono::seconds(gobgp_client_connection_timeout);
std::chrono::system_clock::now() + std::chrono::seconds(gobgp_client_connection_timeout);
context.set_deadline(deadline);
auto gobgp_ipv6_unicast_route_family = new gobgpapi::Family;
@ -153,11 +152,11 @@ class GrpcClient {
// Updating NextHopAttribute info for current_path
google::protobuf::Any* current_next_hop = current_path->add_pattrs();
gobgpapi::NextHopAttribute current_next_hop_t;
current_next_hop_t.set_next_hop(print_ipv6_address(ipv6_next_hop.subnet_address));
current_next_hop_t.set_next_hop(print_ipv6_address(ipv6_next_hop.subnet_address));
current_next_hop->PackFrom(current_next_hop_t);
// Updating CommunitiesAttribute for current_path
google::protobuf::Any *current_communities = current_path->add_pattrs();
google::protobuf::Any* current_communities = current_path->add_pattrs();
gobgpapi::CommunitiesAttribute current_communities_t;
current_communities_t.add_communities(community_as_32bit_int);
current_communities->PackFrom(current_communities_t);
@ -170,8 +169,7 @@ class GrpcClient {
auto status = stub_->AddPath(&context, request, &response);
if (!status.ok()) {
logger << log4cpp::Priority::ERROR
<< "AddPath request to BGP daemon failed with code: " << status.error_code()
logger << log4cpp::Priority::ERROR << "AddPath request to BGP daemon failed with code: " << status.error_code()
<< " message " << status.error_message();
return false;
@ -186,27 +184,27 @@ class GrpcClient {
std::unique_ptr<GobgpApi::Stub> stub_;
};
GrpcClient* gobgp_client = NULL;
std::string gobgp_nexthop = "0.0.0.0";
GrpcClient* gobgp_client = NULL;
std::string gobgp_nexthop = "0.0.0.0";
bool gobgp_announce_whole_subnet = false;
bool gobgp_announce_host = false;
bool gobgp_announce_host = false;
bgp_community_attribute_element_t bgp_community_host;
bgp_community_attribute_element_t bgp_community_subnet;
// IPv6
bool gobgp_announce_whole_subnet_ipv6 = false;
bool gobgp_announce_host_ipv6 = false;
bool gobgp_announce_host_ipv6 = false;
bgp_community_attribute_element_t bgp_community_host_ipv6;
bgp_community_attribute_element_t bgp_community_subnet_ipv6;;
bgp_community_attribute_element_t bgp_community_subnet_ipv6;
;
subnet_ipv6_cidr_mask_t ipv6_next_hop;
void gobgp_action_init() {
logger << log4cpp::Priority::INFO << "GoBGP action module loaded";
gobgp_client =
new GrpcClient(grpc::CreateChannel("localhost:50051", grpc::InsecureChannelCredentials()));
gobgp_client = new GrpcClient(grpc::CreateChannel("localhost:50051", grpc::InsecureChannelCredentials()));
if (configuration_map.count("gobgp_next_hop")) {
gobgp_nexthop = configuration_map["gobgp_next_hop"];
@ -221,7 +219,8 @@ void gobgp_action_init() {
read_ipv6_host_from_string(configuration_map["gobgp_next_hop_ipv6"], ipv6_next_hop.subnet_address);
if (!parsed_next_hop_result) {
logger << log4cpp::Priority::ERROR << "Can't parse specified IPv6 next hop to IPv6 address: " << configuration_map["gobgp_next_hop_ipv6"];
logger << log4cpp::Priority::ERROR
<< "Can't parse specified IPv6 next hop to IPv6 address: " << configuration_map["gobgp_next_hop_ipv6"];
}
}
@ -245,53 +244,61 @@ void gobgp_action_init() {
// Set them to safe defaults
bgp_community_host.asn_number = 65001;
bgp_community_host.asn_number = 65001;
bgp_community_host.community_number = 666;
if (configuration_map.count("gobgp_community_host")) {
if (!read_bgp_community_from_string(configuration_map["gobgp_community_host"], bgp_community_host)) {
logger << log4cpp::Priority::ERROR << "Cannot parse GoBGP community for host " << configuration_map["gobgp_community_host"];
logger << log4cpp::Priority::ERROR << "Cannot parse GoBGP community for host "
<< configuration_map["gobgp_community_host"];
}
}
logger << log4cpp::Priority::INFO << "GoBGP host IPv4 community: " << bgp_community_host.asn_number << ":" << bgp_community_host.community_number;
logger << log4cpp::Priority::INFO << "GoBGP host IPv4 community: " << bgp_community_host.asn_number << ":"
<< bgp_community_host.community_number;
// Set them to safe defaults
bgp_community_subnet.asn_number = 65001;
bgp_community_subnet.asn_number = 65001;
bgp_community_subnet.community_number = 666;
if (configuration_map.count("gobgp_community_subnet")) {
if (!read_bgp_community_from_string(configuration_map["gobgp_community_subnet"], bgp_community_subnet)) {
logger << log4cpp::Priority::ERROR << "Cannot parse GoBGP community for subnet " << configuration_map["gobgp_community_subnet"];
logger << log4cpp::Priority::ERROR << "Cannot parse GoBGP community for subnet "
<< configuration_map["gobgp_community_subnet"];
}
}
logger << log4cpp::Priority::INFO << "GoBGP subnet IPv4 community: " << bgp_community_subnet.asn_number << ":" << bgp_community_subnet.community_number;
logger << log4cpp::Priority::INFO << "GoBGP subnet IPv4 community: " << bgp_community_subnet.asn_number << ":"
<< bgp_community_subnet.community_number;
// IPv6 communities
bgp_community_host_ipv6.asn_number = 65001;
bgp_community_host_ipv6.asn_number = 65001;
bgp_community_host_ipv6.community_number = 666;
if (configuration_map.count("gobgp_community_host_ipv6")) {
if (!read_bgp_community_from_string(configuration_map["gobgp_community_host_ipv6"], bgp_community_host_ipv6)) {
logger << log4cpp::Priority::ERROR << "Cannot parse GoBGP community for IPv6 host " << configuration_map["gobgp_community_host_ipv6"];
logger << log4cpp::Priority::ERROR << "Cannot parse GoBGP community for IPv6 host "
<< configuration_map["gobgp_community_host_ipv6"];
}
}
logger << log4cpp::Priority::INFO << "GoBGP host IPv6 community: " << bgp_community_host_ipv6.asn_number << ":" << bgp_community_host_ipv6.community_number;
logger << log4cpp::Priority::INFO << "GoBGP host IPv6 community: " << bgp_community_host_ipv6.asn_number << ":"
<< bgp_community_host_ipv6.community_number;
// Set them to safe defaults
bgp_community_subnet_ipv6.asn_number = 65001;
bgp_community_subnet_ipv6.asn_number = 65001;
bgp_community_subnet_ipv6.community_number = 666;
if (configuration_map.count("gobgp_community_subnet_ipv6")) {
if (!read_bgp_community_from_string(configuration_map["gobgp_community_subnet_ipv6"], bgp_community_subnet_ipv6)) {
logger << log4cpp::Priority::ERROR << "Cannot parse GoBGP community for IPv6 subnet " << configuration_map["gobgp_community_subnet_ipv6"];
logger << log4cpp::Priority::ERROR << "Cannot parse GoBGP community for IPv6 subnet "
<< configuration_map["gobgp_community_subnet_ipv6"];
}
}
logger << log4cpp::Priority::INFO << "GoBGP subnet IPv6 community: " << bgp_community_subnet_ipv6.asn_number << ":" << bgp_community_subnet_ipv6.community_number;
logger << log4cpp::Priority::INFO << "GoBGP subnet IPv6 community: " << bgp_community_subnet_ipv6.asn_number << ":"
<< bgp_community_subnet_ipv6.community_number;
}
void gobgp_action_shutdown() {
@ -305,10 +312,10 @@ void gobgp_ban_manage(std::string action, bool ipv6, std::string ip_as_string, s
if (action == "ban") {
is_withdrawal = false;
action_name = "announce";
action_name = "announce";
} else {
is_withdrawal = true;
action_name = "withdraw";
action_name = "withdraw";
}
if (ipv6) {
@ -318,7 +325,8 @@ void gobgp_ban_manage(std::string action, bool ipv6, std::string ip_as_string, s
if (gobgp_announce_host_ipv6) {
logger << log4cpp::Priority::INFO << action_name << " " << print_ipv6_cidr_subnet(client_ipv6) << " to GoBGP";
uint32_t community_as_32bit_int = uint32_t(bgp_community_host_ipv6.asn_number << 16 | bgp_community_host_ipv6.community_number);
uint32_t community_as_32bit_int =
uint32_t(bgp_community_host_ipv6.asn_number << 16 | bgp_community_host_ipv6.community_number);
gobgp_client->AnnounceUnicastPrefixIPv6(client_ipv6, ipv6_next_hop, is_withdrawal, community_as_32bit_int);
}
@ -329,12 +337,12 @@ void gobgp_ban_manage(std::string action, bool ipv6, std::string ip_as_string, s
<< convert_subnet_to_string(current_attack.customer_network) << " to GoBGP";
// https://github.com/osrg/gobgp/blob/0aff30a74216f499b8abfabc50016b041b319749/internal/pkg/table/policy_test.go#L2870
uint32_t community_as_32bit_int = uint32_t(bgp_community_subnet.asn_number << 16 | bgp_community_subnet.community_number);
uint32_t community_as_32bit_int =
uint32_t(bgp_community_subnet.asn_number << 16 | bgp_community_subnet.community_number);
gobgp_client->AnnounceUnicastPrefixIPv4(convert_ip_as_uint_to_string(
current_attack.customer_network.subnet_address),
gobgp_nexthop, is_withdrawal,
current_attack.customer_network.cidr_prefix_length, community_as_32bit_int);
gobgp_client->AnnounceUnicastPrefixIPv4(convert_ip_as_uint_to_string(current_attack.customer_network.subnet_address),
gobgp_nexthop, is_withdrawal,
current_attack.customer_network.cidr_prefix_length, community_as_32bit_int);
}
if (gobgp_announce_host) {

57
src/afpacket_plugin/afpacket_collector.cpp
View File

@ -111,7 +111,7 @@ void flush_block(struct block_desc* pbd) {
}
void walk_block(struct block_desc* pbd, const int block_num) {
int num_pkts = pbd->h1.num_pkts, i;
int num_pkts = pbd->h1.num_pkts, i;
unsigned long bytes = 0;
struct tpacket3_hdr* ppd;
@ -124,11 +124,11 @@ void walk_block(struct block_desc* pbd, const int block_num) {
struct pfring_pkthdr packet_header;
memset(&packet_header, 0, sizeof(packet_header));
packet_header.len = ppd->tp_snaplen;
packet_header.len = ppd->tp_snaplen;
packet_header.caplen = ppd->tp_snaplen;
u_int8_t timestamp = 0;
u_int8_t add_hash = 0;
u_int8_t add_hash = 0;
u_char* data_pointer = (u_char*)((uint8_t*)ppd + ppd->tp_mac);
@ -169,9 +169,8 @@ bool setup_socket(std::string interface_name, bool enable_fanout, int fanout_gro
}
// We whould use V3 bcause it could read/pool in per block basis instead per packet
int version = TPACKET_V3;
int setsockopt_packet_version =
setsockopt(packet_socket, SOL_PACKET, PACKET_VERSION, &version, sizeof(version));
int version = TPACKET_V3;
int setsockopt_packet_version = setsockopt(packet_socket, SOL_PACKET, PACKET_VERSION, &version, sizeof(version));
if (setsockopt_packet_version < 0) {
logger << log4cpp::Priority::ERROR << "Can't set packet v3 version";
@ -180,8 +179,7 @@ bool setup_socket(std::string interface_name, bool enable_fanout, int fanout_gro
int interface_number = 0;
bool get_interface_number_result =
get_interface_number_by_device_name(packet_socket, interface_name, interface_number);
bool get_interface_number_result = get_interface_number_by_device_name(packet_socket, interface_name, interface_number);
if (!get_interface_number_result) {
logger << log4cpp::Priority::ERROR << "Can't get interface number by interface name for " << interface_name;
@ -191,11 +189,10 @@ bool setup_socket(std::string interface_name, bool enable_fanout, int fanout_gro
// Switch to PROMISC mode
struct packet_mreq sock_params;
memset(&sock_params, 0, sizeof(sock_params));
sock_params.mr_type = PACKET_MR_PROMISC;
sock_params.mr_type = PACKET_MR_PROMISC;
sock_params.mr_ifindex = interface_number;
int set_promisc = setsockopt(packet_socket, SOL_PACKET, PACKET_ADD_MEMBERSHIP,
(void*)&sock_params, sizeof(sock_params));
int set_promisc = setsockopt(packet_socket, SOL_PACKET, PACKET_ADD_MEMBERSHIP, (void*)&sock_params, sizeof(sock_params));
if (set_promisc == -1) {
logger << log4cpp::Priority::ERROR << "Can't enable promisc mode";
@ -205,9 +202,9 @@ bool setup_socket(std::string interface_name, bool enable_fanout, int fanout_gro
struct sockaddr_ll bind_address;
memset(&bind_address, 0, sizeof(bind_address));
bind_address.sll_family = AF_PACKET;
bind_address.sll_family = AF_PACKET;
bind_address.sll_protocol = htons(ETH_P_ALL);
bind_address.sll_ifindex = interface_number;
bind_address.sll_ifindex = interface_number;
// We will follow http://yusufonlinux.blogspot.ru/2010/11/data-link-access-and-zero-copy.html
// And this: https://www.kernel.org/doc/Documentation/networking/packet_mmap.txt
@ -217,10 +214,10 @@ bool setup_socket(std::string interface_name, bool enable_fanout, int fanout_gro
req.tp_block_size = blocksiz;
req.tp_frame_size = framesiz;
req.tp_block_nr = blocknum;
req.tp_frame_nr = (blocksiz * blocknum) / framesiz;
req.tp_block_nr = blocknum;
req.tp_frame_nr = (blocksiz * blocknum) / framesiz;
req.tp_retire_blk_tov = 60; // Timeout in msec
req.tp_retire_blk_tov = 60; // Timeout in msec
req.tp_feature_req_word = TP_FT_REQ_FILL_RXHASH;
int setsockopt_rx_ring = setsockopt(packet_socket, SOL_PACKET, PACKET_RX_RING, (void*)&req, sizeof(req));
@ -232,7 +229,7 @@ bool setup_socket(std::string interface_name, bool enable_fanout, int fanout_gro
// We use per thread structures
uint8_t* mapped_buffer = NULL;
struct iovec* rd = NULL;
struct iovec* rd = NULL;
mapped_buffer = (uint8_t*)mmap(NULL, req.tp_block_size * req.tp_block_nr, PROT_READ | PROT_WRITE,
MAP_SHARED | MAP_LOCKED, packet_socket, 0);
@ -248,7 +245,7 @@ bool setup_socket(std::string interface_name, bool enable_fanout, int fanout_gro
// Initilize iov structures
for (int i = 0; i < req.tp_block_nr; ++i) {
rd[i].iov_base = mapped_buffer + (i * req.tp_block_size);
rd[i].iov_len = req.tp_block_size;
rd[i].iov_len = req.tp_block_size;
}
int bind_result = bind(packet_socket, (struct sockaddr*)&bind_address, sizeof(bind_address));
@ -261,8 +258,7 @@ bool setup_socket(std::string interface_name, bool enable_fanout, int fanout_gro
if (enable_fanout) {
int fanout_arg = (fanout_group_id | (fanout_type << 16));
int setsockopt_fanout =
setsockopt(packet_socket, SOL_PACKET, PACKET_FANOUT, &fanout_arg, sizeof(fanout_arg));
int setsockopt_fanout = setsockopt(packet_socket, SOL_PACKET, PACKET_FANOUT, &fanout_arg, sizeof(fanout_arg));
if (setsockopt_fanout < 0) {
logger << log4cpp::Priority::ERROR << "Can't configure fanout error number: " << errno
@ -276,8 +272,8 @@ bool setup_socket(std::string interface_name, bool enable_fanout, int fanout_gro
struct pollfd pfd;
memset(&pfd, 0, sizeof(pfd));
pfd.fd = packet_socket;
pfd.events = POLLIN | POLLERR;
pfd.fd = packet_socket;
pfd.events = POLLIN | POLLERR;
pfd.revents = 0;
while (true) {
@ -316,8 +312,7 @@ void start_afpacket_collection(process_packet_pointer func_ptr) {
logger.info("We have %d cpus for AF_PACKET", num_cpus);
if (configuration_map.count("af_packet_read_packet_length_from_ip_header") != 0) {
afpacket_read_packet_length_from_ip_header =
configuration_map["af_packet_read_packet_length_from_ip_header"] == "on";
afpacket_read_packet_length_from_ip_header = configuration_map["af_packet_read_packet_length_from_ip_header"] == "on";
}
std::string interfaces_list = "";
@ -328,7 +323,7 @@ void start_afpacket_collection(process_packet_pointer func_ptr) {
if (configuration_map.count("mirror_af_packet_custom_sampling_rate") != 0) {
mirror_af_packet_custom_sampling_rate =
convert_string_to_integer(configuration_map["mirror_af_packet_custom_sampling_rate"]);
convert_string_to_integer(configuration_map["mirror_af_packet_custom_sampling_rate"]);
}
if (configuration_map.count("mirror_af_packet_fanout_mode") != 0) {
@ -339,8 +334,7 @@ void start_afpacket_collection(process_packet_pointer func_ptr) {
std::vector<std::string> interfaces_for_listen;
boost::split(interfaces_for_listen, interfaces_list, boost::is_any_of(","), boost::token_compress_on);
logger << log4cpp::Priority::INFO << "AF_PACKET will listen on " << interfaces_for_listen.size()
<< " interfaces";
logger << log4cpp::Priority::INFO << "AF_PACKET will listen on " << interfaces_for_listen.size() << " interfaces";
if (interfaces_for_listen.size() == 0) {
logger << log4cpp::Priority::ERROR << "Please specify intreface for AF_PACKET";
@ -364,7 +358,7 @@ void start_afpacket_collection(process_packet_pointer func_ptr) {
logger << log4cpp::Priority::INFO << "AF_PACKET will listen on " << capture_interface << " interface";
boost::thread* af_packet_interface_thread =
new boost::thread(start_af_packet_capture_for_interface, capture_interface, fanout_group_id, num_cpus);
new boost::thread(start_af_packet_capture_for_interface, capture_interface, fanout_group_id, num_cpus);
af_packet_main_threads.add_thread(af_packet_interface_thread);
}
@ -400,7 +394,7 @@ void start_af_packet_capture_for_interface(std::string capture_interface, int fa
CPU_SET(cpu_to_bind, &current_cpu_set);
int set_affinity_result =
pthread_attr_setaffinity_np(thread_attrs.native_handle(), sizeof(cpu_set_t), &current_cpu_set);
pthread_attr_setaffinity_np(thread_attrs.native_handle(), sizeof(cpu_set_t), &current_cpu_set);
if (set_affinity_result != 0) {
logger << log4cpp::Priority::ERROR << "Can't set CPU affinity for thread";
@ -410,15 +404,14 @@ void start_af_packet_capture_for_interface(std::string capture_interface, int fa
bool fanout = true;
packet_receiver_thread_group.add_thread(
new boost::thread(thread_attrs, boost::bind(start_af_packet_capture, capture_interface,
fanout, fanout_group_id)));
new boost::thread(thread_attrs, boost::bind(start_af_packet_capture, capture_interface, fanout, fanout_group_id)));
#else
bool fanout = true;
logger.error("Sorry but CPU affinity did not supported for your platform");
packet_receiver_thread_group.add_thread(
new boost::thread(start_af_packet_capture, capture_interface, fanout, fanout_group_id));
new boost::thread(start_af_packet_capture, capture_interface, fanout, fanout_group_id));
#endif
}

17
src/api.hpp
View File

@ -1,7 +1,7 @@
Status FastnetmonApiServiceImpl::GetBanlist(::grpc::ServerContext* context,
const ::fastmitigation::BanListRequest* request,
::grpc::ServerWriter< ::fastmitigation::BanListReply>* writer) {
const ::fastmitigation::BanListRequest* request,
::grpc::ServerWriter<::fastmitigation::BanListReply>* writer) {
logger << log4cpp::Priority::INFO << "API we asked for banlist";
for (std::map<uint32_t, banlist_item_t>::iterator itr = ban_list.begin(); itr != ban_list.end(); ++itr) {
@ -21,7 +21,7 @@ Status FastnetmonApiServiceImpl::GetBanlist(::grpc::ServerContext* context,
for (auto itr : ban_list_copy) {
BanListReply reply;
reply.set_ip_address( print_ipv6_cidr_subnet(itr.first) );
reply.set_ip_address(print_ipv6_cidr_subnet(itr.first));
writer->Write(reply);
}
@ -29,8 +29,8 @@ Status FastnetmonApiServiceImpl::GetBanlist(::grpc::ServerContext* context,
}
Status FastnetmonApiServiceImpl::ExecuteBan(ServerContext* context,
const fastmitigation::ExecuteBanRequest* request,
fastmitigation::ExecuteBanReply* reply) {
const fastmitigation::ExecuteBanRequest* request,
fastmitigation::ExecuteBanReply* reply) {
logger << log4cpp::Priority::INFO << "API we asked for ban for IP: " << request->ip_address();
if (!validate_ipv6_or_ipv4_host(request->ip_address())) {
@ -88,14 +88,15 @@ Status FastnetmonApiServiceImpl::ExecuteBan(ServerContext* context,
}
logger << log4cpp::Priority::INFO << "API call ban handlers manually";
call_ban_handlers(client_ip, ipv6_address, ipv6, current_attack, flow_attack_details, attack_detection_source_t::Automatic, "", empty_simple_packets_buffer);
call_ban_handlers(client_ip, ipv6_address, ipv6, current_attack, flow_attack_details,
attack_detection_source_t::Automatic, "", empty_simple_packets_buffer);
return Status::OK;
}
Status FastnetmonApiServiceImpl::ExecuteUnBan(ServerContext* context,
const fastmitigation::ExecuteBanRequest* request,
fastmitigation::ExecuteBanReply* reply) {
const fastmitigation::ExecuteBanRequest* request,
fastmitigation::ExecuteBanReply* reply) {
logger << log4cpp::Priority::INFO << "API: We asked for unban for IP: " << request->ip_address();
if (!validate_ipv6_or_ipv4_host(request->ip_address())) {

3
src/ban_list.hpp
View File

@ -116,6 +116,3 @@ template <typename TemplateKeyType> class blackhole_ban_list_t {
std::map<TemplateKeyType, banlist_item_t> ban_list_storage;
std::mutex structure_mutex;
};

1
src/bgp_protocol.cpp
View File

@ -114,4 +114,3 @@ bool is_bgp_community_valid(std::string community_as_string) {
return read_bgp_community_from_string(community_as_string, bgp_community_attribute_element);
}

48
src/bgp_protocol.hpp
View File

@ -8,8 +8,7 @@
#include "fastnetmon_types.h"
// Helper for serialization by comma
template <typename T>
std::string serialize_vector_by_string(const std::vector<T> vect, std::string delimiter) {
template <typename T> std::string serialize_vector_by_string(const std::vector<T> vect, std::string delimiter) {
std::ostringstream output_buffer;
std::copy(vect.begin(), vect.end() - 1, std::ostream_iterator<T>(output_buffer, delimiter.c_str()));
@ -19,8 +18,7 @@ std::string serialize_vector_by_string(const std::vector<T> vect, std::string de
}
template <typename T>
std::string
serialize_vector_by_string_with_prefix(const std::vector<T> vect, std::string delimiter, std::string prefix) {
std::string serialize_vector_by_string_with_prefix(const std::vector<T> vect, std::string delimiter, std::string prefix) {
std::vector<std::string> elements_with_prefix;
for (typename std::vector<T>::const_iterator itr = vect.begin(); itr != vect.end(); ++itr) {
@ -91,7 +89,7 @@ class bgp_flow_spec_action_t {
public:
bgp_flow_spec_action_t() {
this->action_type = FLOW_SPEC_ACTION_ACCEPT;
this->rate_limit = 9600;
this->rate_limit = 9600;
sentence_separator = ";";
}
@ -134,7 +132,7 @@ class flow_spec_rule_t {
public:
flow_spec_rule_t() {
// We should explidictly initialize it!
source_subnet_used = false;
source_subnet_used = false;
destination_subnet_used = false;
}
@ -147,12 +145,12 @@ class flow_spec_rule_t {
}
void set_source_subnet(subnet_cidr_mask_t source_subnet) {
this->source_subnet = source_subnet;
this->source_subnet = source_subnet;
this->source_subnet_used = true;
}
void set_destination_subnet(subnet_cidr_mask_t destination_subnet) {
this->destination_subnet = destination_subnet;
this->destination_subnet = destination_subnet;
this->destination_subnet_used = true;
}
@ -216,10 +214,10 @@ class flow_spec_rule_t {
class exabgp_flow_spec_rule_t : public flow_spec_rule_t {
public:
exabgp_flow_spec_rule_t() {
four_spaces = " ";
four_spaces = " ";
sentence_separator = ";";
this->enabled_indents = true;
this->enabled_indents = true;
this->enble_block_headers = true;
}
@ -230,8 +228,7 @@ class exabgp_flow_spec_rule_t : public flow_spec_rule_t {
std::string serialize_source_ports() {
std::ostringstream output_buffer;
output_buffer << "source-port [ "
<< serialize_vector_by_string_with_prefix<uint16_t>(this->source_ports, " ", "=")
output_buffer << "source-port [ " << serialize_vector_by_string_with_prefix<uint16_t>(this->source_ports, " ", "=")
<< " ]" << sentence_separator;
return output_buffer.str();
@ -241,8 +238,8 @@ class exabgp_flow_spec_rule_t : public flow_spec_rule_t {
std::ostringstream output_buffer;
output_buffer << "destination-port [ "
<< serialize_vector_by_string_with_prefix<uint16_t>(this->destination_ports, " ", "=")
<< " ]" << sentence_separator;
<< serialize_vector_by_string_with_prefix<uint16_t>(this->destination_ports, " ", "=") << " ]"
<< sentence_separator;
return output_buffer.str();
}
@ -250,8 +247,7 @@ class exabgp_flow_spec_rule_t : public flow_spec_rule_t {
std::string serialize_packet_lengths() {
std::ostringstream output_buffer;
output_buffer << "packet-length [ "
<< serialize_vector_by_string_with_prefix<uint16_t>(this->packet_lengths, " ", "=")
output_buffer << "packet-length [ " << serialize_vector_by_string_with_prefix<uint16_t>(this->packet_lengths, " ", "=")
<< " ]" << sentence_separator;
return output_buffer.str();
@ -261,16 +257,14 @@ class exabgp_flow_spec_rule_t : public flow_spec_rule_t {
std::string serialize_protocols() {
std::ostringstream output_buffer;
output_buffer << "protocol [ " << serialize_vector_by_string(this->protocols, " ") << " ]"
<< sentence_separator;
output_buffer << "protocol [ " << serialize_vector_by_string(this->protocols, " ") << " ]" << sentence_separator;
return output_buffer.str();
}
std::string serialize_fragmentation_flags() {
std::ostringstream output_buffer;
output_buffer << "fragment [ " << serialize_vector_by_string(this->fragmentation_flags, " ")
<< " ]" << sentence_separator;
output_buffer << "fragment [ " << serialize_vector_by_string(this->fragmentation_flags, " ") << " ]" << sentence_separator;
return output_buffer.str();
}
@ -278,8 +272,7 @@ class exabgp_flow_spec_rule_t : public flow_spec_rule_t {
std::string serialize_tcp_flags() {
std::ostringstream output_buffer;
output_buffer << "tcp-flags [ " << serialize_vector_by_string(this->tcp_flags, " ") << " ]"
<< sentence_separator;
output_buffer << "tcp-flags [ " << serialize_vector_by_string(this->tcp_flags, " ") << " ]" << sentence_separator;
return output_buffer.str();
}
@ -296,14 +289,14 @@ class exabgp_flow_spec_rule_t : public flow_spec_rule_t {
// https://plus.google.com/+ThomasMangin/posts/bL6w16BXcJ4
// This format is INCOMPATIBLE with ExaBGP v3, please be careful!
std::string serialize_single_line_exabgp_v4_configuration() {
this->enabled_indents = false;
this->enabled_indents = false;
this->enble_block_headers = false;
sentence_separator = " ";
sentence_separator = " ";
return "flow route " + this->serialize_match() + this->serialize_then();
sentence_separator = ";";
this->enabled_indents = true;
sentence_separator = ";";
this->enabled_indents = true;
this->enble_block_headers = true;
}
@ -422,8 +415,7 @@ class exabgp_flow_spec_rule_t : public flow_spec_rule_t {
}
// If we have TCP in protocols list explicitly, we add flags
if (find(this->protocols.begin(), this->protocols.end(), FLOW_SPEC_PROTOCOL_TCP) !=
this->protocols.end()) {
if (find(this->protocols.begin(), this->protocols.end(), FLOW_SPEC_PROTOCOL_TCP) != this->protocols.end()) {
if (!this->tcp_flags.empty()) {
if (enabled_indents) {

12
src/example_plugin/example_collector.cpp
View File

@ -39,9 +39,9 @@ void start_example_collection(process_packet_pointer func_ptr) {
current_packet.src_ip = 0;
current_packet.dst_ip = 0;
current_packet.ts.tv_sec = 0;
current_packet.ts.tv_sec = 0;
current_packet.ts.tv_usec = 0;
current_packet.flags = 0;
current_packet.flags = 0;
// There we store packet length or total length of aggregated stream
current_packet.length = 128;
@ -56,13 +56,13 @@ void start_example_collection(process_packet_pointer func_ptr) {
current_packet.protocol = IPPROTO_ICMP;
/* TCP */
current_packet.protocol = IPPROTO_TCP;
current_packet.source_port = 0;
current_packet.protocol = IPPROTO_TCP;
current_packet.source_port = 0;
current_packet.destination_port = 0;
/* UDP */
current_packet.protocol = IPPROTO_UDP;
current_packet.source_port = 0;
current_packet.protocol = IPPROTO_UDP;
current_packet.source_port = 0;
current_packet.destination_port = 0;
example_process_func_ptr(current_packet);

1
src/fast_endianless.hpp
View File

@ -41,4 +41,3 @@ inline uint64_t fast_hton(uint64_t value) {
// host to big endian (network byte order)
return htobe64(value);
}

167
src/fast_library.cpp
View File

@ -107,8 +107,7 @@ subnet_cidr_mask_t convert_subnet_from_string_to_binary_with_cidr_format(std::st
void copy_networks_from_string_form_to_binary(std::vector<std::string> networks_list_as_string,
std::vector<subnet_cidr_mask_t>& our_networks) {
for (std::vector<std::string>::iterator ii = networks_list_as_string.begin();
ii != networks_list_as_string.end(); ++ii) {
for (std::vector<std::string>::iterator ii = networks_list_as_string.begin(); ii != networks_list_as_string.end(); ++ii) {
subnet_cidr_mask_t current_subnet = convert_subnet_from_string_to_binary(*ii);
our_networks.push_back(current_subnet);
@ -192,7 +191,7 @@ uint32_t convert_cidr_to_binary_netmask(unsigned int cidr) {
}
uint32_t binary_netmask = 0xFFFFFFFF;
binary_netmask = binary_netmask << (32 - cidr);
binary_netmask = binary_netmask << (32 - cidr);
// We need network byte order at output
return htonl(binary_netmask);
@ -249,12 +248,12 @@ bool folder_exists(std::string path) {
// 64-bit hash for 64-bit platforms
uint64_t MurmurHash64A(const void* key, int len, uint64_t seed) {
const uint64_t m = BIG_CONSTANT(0xc6a4a7935bd1e995);
const int r = 47;
const int r = 47;
uint64_t h = seed ^ (len * m);
const uint64_t* data = (const uint64_t*)key;
const uint64_t* end = data + (len / 8);
const uint64_t* end = data + (len / 8);
while (data != end) {
uint64_t k = *data++;
@ -310,7 +309,7 @@ int timeval_subtract(struct timeval* result, struct timeval* x, struct timeval*
}
/* Compute the time remaining to wait. tv_usec is certainly positive. */
result->tv_sec = x->tv_sec - y->tv_sec;
result->tv_sec = x->tv_sec - y->tv_sec;
result->tv_usec = x->tv_usec - y->tv_usec;
/* Return 1 if result is negative. */
@ -457,14 +456,14 @@ std::string print_simple_packet(simple_packet_t packet) {
buffer << convert_timeval_to_date(packet.ts) << " ";
std::string source_ip_as_string = "";
std::string source_ip_as_string = "";
std::string destination_ip_as_string = "";
if (packet.ip_protocol_version == 4) {
source_ip_as_string = convert_ip_as_uint_to_string(packet.src_ip);
source_ip_as_string = convert_ip_as_uint_to_string(packet.src_ip);
destination_ip_as_string = convert_ip_as_uint_to_string(packet.dst_ip);
} else if (packet.ip_protocol_version == 6) {
source_ip_as_string = print_ipv6_address(packet.src_ipv6);
source_ip_as_string = print_ipv6_address(packet.src_ipv6);
destination_ip_as_string = print_ipv6_address(packet.dst_ipv6);
} else {
// WTF?
@ -494,7 +493,7 @@ std::string print_simple_packet(simple_packet_t packet) {
}
std::string convert_timeval_to_date(struct timeval tv) {
time_t nowtime = tv.tv_sec;
time_t nowtime = tv.tv_sec;
struct tm* nowtm = localtime(&nowtime);
char tmbuf[64];
@ -518,7 +517,7 @@ uint64_t convert_speed_to_mbps(uint64_t speed_in_bps) {
std::string get_protocol_name_by_number(unsigned int proto_number) {
struct protoent* proto_ent = getprotobynumber(proto_number);
std::string proto_name = proto_ent->p_name;
std::string proto_name = proto_ent->p_name;
return proto_name;
}
@ -590,7 +589,7 @@ bool store_data_to_graphite(unsigned short int graphite_port, std::string graphi
memset(&serv_addr, 0, sizeof(serv_addr));
serv_addr.sin_family = AF_INET;
serv_addr.sin_port = htons(graphite_port);
serv_addr.sin_port = htons(graphite_port);
int pton_result = inet_pton(AF_INET, graphite_host.c_str(), &serv_addr.sin_addr);
@ -691,7 +690,7 @@ ip_addresses_list_t get_local_ip_v4_addresses_list() {
for (interfaces_list_t::iterator iter = interfaces_list.begin(); iter != interfaces_list.end(); ++iter) {
std::vector<std::string>::iterator iter_exclude_list =
std::find(list_of_ignored_interfaces.begin(), list_of_ignored_interfaces.end(), *iter);
std::find(list_of_ignored_interfaces.begin(), list_of_ignored_interfaces.end(), *iter);
// Skip ignored interface
if (iter_exclude_list != list_of_ignored_interfaces.end()) {
@ -722,8 +721,8 @@ std::string find_subnet_by_ip_in_string_format(patricia_tree_t* patricia_tree, s
prefix_t prefix_for_check_adreess;
prefix_for_check_adreess.add.sin.s_addr = client_ip;
prefix_for_check_adreess.family = AF_INET;
prefix_for_check_adreess.bitlen = 32;
prefix_for_check_adreess.family = AF_INET;
prefix_for_check_adreess.bitlen = 32;
found_patrica_node = patricia_search_best2(patricia_tree, &prefix_for_check_adreess, 1);
@ -743,19 +742,21 @@ std::string print_ipv6_address(const in6_addr& ipv6_address) {
// For short print
const uint8_t* b = ipv6_address.s6_addr;
sprintf(buffer, "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x", b[0], b[1],
b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15]);
sprintf(buffer, "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x", b[0], b[1], b[2], b[3],
b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15]);
std::string buffer_string(buffer);
// Compress IPv6 address
std::string result =
boost::regex_replace(buffer_string, ipv6_address_compression_algorithm, ":", boost::format_first_only);
std::string result = boost::regex_replace(buffer_string, ipv6_address_compression_algorithm, ":", boost::format_first_only);
return result;
}
direction_t get_packet_direction_ipv6(patricia_tree_t* lookup_tree, struct in6_addr src_ipv6, struct in6_addr dst_ipv6, subnet_ipv6_cidr_mask_t& subnet) {
direction_t get_packet_direction_ipv6(patricia_tree_t* lookup_tree,
struct in6_addr src_ipv6,
struct in6_addr dst_ipv6,
subnet_ipv6_cidr_mask_t& subnet) {
direction_t packet_direction;
bool our_ip_is_destination = false;
@ -950,18 +951,16 @@ bool manage_interface_promisc_mode(std::string interface_name, bool switch_on) {
json_object* serialize_attack_description_to_json(attack_details_t& current_attack) {
json_object* jobj = json_object_new_object();
attack_type_t attack_type = detect_attack_type(current_attack);
attack_type_t attack_type = detect_attack_type(current_attack);
std::string printable_attack_type = get_printable_attack_name(attack_type);
json_object_object_add(jobj, "attack_type", json_object_new_string(printable_attack_type.c_str()));
json_object_object_add(jobj, "initial_attack_power", json_object_new_int(current_attack.attack_power));
json_object_object_add(jobj, "peak_attack_power", json_object_new_int(current_attack.max_attack_power));
json_object_object_add(jobj, "attack_direction",
json_object_new_string(
get_direction_name(current_attack.attack_direction).c_str()));
json_object_new_string(get_direction_name(current_attack.attack_direction).c_str()));
json_object_object_add(jobj, "attack_protocol",
json_object_new_string(
get_printable_protocol_name(current_attack.attack_protocol).c_str()));
json_object_new_string(get_printable_protocol_name(current_attack.attack_protocol).c_str()));
json_object_object_add(jobj, "total_incoming_traffic", json_object_new_int(current_attack.in_bytes));
json_object_object_add(jobj, "total_outgoing_traffic", json_object_new_int(current_attack.out_bytes));
@ -971,21 +970,16 @@ json_object* serialize_attack_description_to_json(attack_details_t& current_atta
json_object_object_add(jobj, "total_outgoing_flows", json_object_new_int(current_attack.out_flows));
json_object_object_add(jobj, "average_incoming_traffic", json_object_new_int(current_attack.average_in_bytes));
json_object_object_add(jobj, "average_outgoing_traffic",
json_object_new_int(current_attack.average_out_bytes));
json_object_object_add(jobj, "average_outgoing_traffic", json_object_new_int(current_attack.average_out_bytes));
json_object_object_add(jobj, "average_incoming_pps", json_object_new_int(current_attack.average_in_packets));
json_object_object_add(jobj, "average_outgoing_pps", json_object_new_int(current_attack.average_out_packets));
json_object_object_add(jobj, "average_incoming_flows", json_object_new_int(current_attack.average_in_flows));
json_object_object_add(jobj, "average_outgoing_flows", json_object_new_int(current_attack.average_out_flows));
json_object_object_add(jobj, "incoming_ip_fragmented_traffic",
json_object_new_int(current_attack.fragmented_in_bytes));
json_object_object_add(jobj, "outgoing_ip_fragmented_traffic",
json_object_new_int(current_attack.fragmented_out_bytes));
json_object_object_add(jobj, "incoming_ip_fragmented_pps",
json_object_new_int(current_attack.fragmented_in_packets));
json_object_object_add(jobj, "outgoing_ip_fragmented_pps",
json_object_new_int(current_attack.fragmented_out_packets));
json_object_object_add(jobj, "incoming_ip_fragmented_traffic", json_object_new_int(current_attack.fragmented_in_bytes));
json_object_object_add(jobj, "outgoing_ip_fragmented_traffic", json_object_new_int(current_attack.fragmented_out_bytes));
json_object_object_add(jobj, "incoming_ip_fragmented_pps", json_object_new_int(current_attack.fragmented_in_packets));
json_object_object_add(jobj, "outgoing_ip_fragmented_pps", json_object_new_int(current_attack.fragmented_out_packets));
json_object_object_add(jobj, "incoming_tcp_traffic", json_object_new_int(current_attack.tcp_in_bytes));
json_object_object_add(jobj, "outgoing_tcp_traffic", json_object_new_int(current_attack.tcp_out_bytes));
@ -993,8 +987,7 @@ json_object* serialize_attack_description_to_json(attack_details_t& current_atta
json_object_object_add(jobj, "outgoing_tcp_pps", json_object_new_int(current_attack.tcp_out_packets));
json_object_object_add(jobj, "incoming_syn_tcp_traffic", json_object_new_int(current_attack.tcp_syn_in_bytes));
json_object_object_add(jobj, "outgoing_syn_tcp_traffic",
json_object_new_int(current_attack.tcp_syn_out_bytes));
json_object_object_add(jobj, "outgoing_syn_tcp_traffic", json_object_new_int(current_attack.tcp_syn_out_bytes));
json_object_object_add(jobj, "incoming_syn_tcp_pps", json_object_new_int(current_attack.tcp_syn_in_packets));
json_object_object_add(jobj, "outgoing_syn_tcp_pps", json_object_new_int(current_attack.tcp_syn_out_packets));
@ -1014,58 +1007,55 @@ json_object* serialize_attack_description_to_json(attack_details_t& current_atta
std::string serialize_attack_description(attack_details_t& current_attack) {
std::stringstream attack_description;
attack_type_t attack_type = detect_attack_type(current_attack);
attack_type_t attack_type = detect_attack_type(current_attack);
std::string printable_attack_type = get_printable_attack_name(attack_type);
attack_description
<< "Attack type: " << printable_attack_type << "\n"
<< "Initial attack power: " << current_attack.attack_power << " packets per second\n"
<< "Peak attack power: " << current_attack.max_attack_power << " packets per second\n"
<< "Attack direction: " << get_direction_name(current_attack.attack_direction) << "\n"
<< "Attack protocol: " << get_printable_protocol_name(current_attack.attack_protocol) << "\n";
attack_description << "Attack type: " << printable_attack_type << "\n"
<< "Initial attack power: " << current_attack.attack_power << " packets per second\n"
<< "Peak attack power: " << current_attack.max_attack_power << " packets per second\n"
<< "Attack direction: " << get_direction_name(current_attack.attack_direction) << "\n"
<< "Attack protocol: " << get_printable_protocol_name(current_attack.attack_protocol) << "\n";
attack_description
<< "Total incoming traffic: " << convert_speed_to_mbps(current_attack.in_bytes) << " mbps\n"
<< "Total outgoing traffic: " << convert_speed_to_mbps(current_attack.out_bytes) << " mbps\n"
<< "Total incoming pps: " << current_attack.in_packets << " packets per second\n"
<< "Total outgoing pps: " << current_attack.out_packets << " packets per second\n"
<< "Total incoming flows: " << current_attack.in_flows << " flows per second\n"
<< "Total outgoing flows: " << current_attack.out_flows << " flows per second\n";
attack_description << "Total incoming traffic: " << convert_speed_to_mbps(current_attack.in_bytes) << " mbps\n"
<< "Total outgoing traffic: " << convert_speed_to_mbps(current_attack.out_bytes) << " mbps\n"
<< "Total incoming pps: " << current_attack.in_packets << " packets per second\n"
<< "Total outgoing pps: " << current_attack.out_packets << " packets per second\n"
<< "Total incoming flows: " << current_attack.in_flows << " flows per second\n"
<< "Total outgoing flows: " << current_attack.out_flows << " flows per second\n";
// Add average counters
attack_description
<< "Average incoming traffic: " << convert_speed_to_mbps(current_attack.average_in_bytes) << " mbps\n"
<< "Average outgoing traffic: " << convert_speed_to_mbps(current_attack.average_out_bytes) << " mbps\n"
<< "Average incoming pps: " << current_attack.average_in_packets << " packets per second\n"
<< "Average outgoing pps: " << current_attack.average_out_packets << " packets per second\n"
<< "Average incoming flows: " << current_attack.average_in_flows << " flows per second\n"
<< "Average outgoing flows: " << current_attack.average_out_flows << " flows per second\n";
attack_description << "Average incoming traffic: " << convert_speed_to_mbps(current_attack.average_in_bytes) << " mbps\n"
<< "Average outgoing traffic: " << convert_speed_to_mbps(current_attack.average_out_bytes) << " mbps\n"
<< "Average incoming pps: " << current_attack.average_in_packets << " packets per second\n"
<< "Average outgoing pps: " << current_attack.average_out_packets << " packets per second\n"
<< "Average incoming flows: " << current_attack.average_in_flows << " flows per second\n"
<< "Average outgoing flows: " << current_attack.average_out_flows << " flows per second\n";
attack_description
<< "Incoming ip fragmented traffic: " << convert_speed_to_mbps(current_attack.fragmented_in_bytes) << " mbps\n"
<< "Outgoing ip fragmented traffic: " << convert_speed_to_mbps(current_attack.fragmented_out_bytes) << " mbps\n"
<< "Incoming ip fragmented pps: " << current_attack.fragmented_in_packets << " packets per second\n"
<< "Outgoing ip fragmented pps: " << current_attack.fragmented_out_packets << " packets per second\n"
<< "Incoming ip fragmented traffic: " << convert_speed_to_mbps(current_attack.fragmented_in_bytes) << " mbps\n"
<< "Outgoing ip fragmented traffic: " << convert_speed_to_mbps(current_attack.fragmented_out_bytes) << " mbps\n"
<< "Incoming ip fragmented pps: " << current_attack.fragmented_in_packets << " packets per second\n"
<< "Outgoing ip fragmented pps: " << current_attack.fragmented_out_packets << " packets per second\n"
<< "Incoming tcp traffic: " << convert_speed_to_mbps(current_attack.tcp_in_bytes) << " mbps\n"
<< "Outgoing tcp traffic: " << convert_speed_to_mbps(current_attack.tcp_out_bytes) << " mbps\n"
<< "Incoming tcp pps: " << current_attack.tcp_in_packets << " packets per second\n"
<< "Outgoing tcp pps: " << current_attack.tcp_out_packets << " packets per second\n"
<< "Incoming syn tcp traffic: " << convert_speed_to_mbps(current_attack.tcp_syn_in_bytes) << " mbps\n"
<< "Outgoing syn tcp traffic: " << convert_speed_to_mbps(current_attack.tcp_syn_out_bytes) << " mbps\n"
<< "Incoming syn tcp pps: " << current_attack.tcp_syn_in_packets << " packets per second\n"
<< "Outgoing syn tcp pps: " << current_attack.tcp_syn_out_packets << " packets per second\n"
<< "Incoming tcp traffic: " << convert_speed_to_mbps(current_attack.tcp_in_bytes) << " mbps\n"
<< "Outgoing tcp traffic: " << convert_speed_to_mbps(current_attack.tcp_out_bytes) << " mbps\n"
<< "Incoming tcp pps: " << current_attack.tcp_in_packets << " packets per second\n"
<< "Outgoing tcp pps: " << current_attack.tcp_out_packets << " packets per second\n"
<< "Incoming syn tcp traffic: " << convert_speed_to_mbps(current_attack.tcp_syn_in_bytes) << " mbps\n"
<< "Outgoing syn tcp traffic: " << convert_speed_to_mbps(current_attack.tcp_syn_out_bytes) << " mbps\n"
<< "Incoming syn tcp pps: " << current_attack.tcp_syn_in_packets << " packets per second\n"
<< "Outgoing syn tcp pps: " << current_attack.tcp_syn_out_packets << " packets per second\n"
<< "Incoming udp traffic: " << convert_speed_to_mbps(current_attack.udp_in_bytes) << " mbps\n"
<< "Outgoing udp traffic: " << convert_speed_to_mbps(current_attack.udp_out_bytes) << " mbps\n"
<< "Incoming udp pps: " << current_attack.udp_in_packets << " packets per second\n"
<< "Outgoing udp pps: " << current_attack.udp_out_packets << " packets per second\n"
<< "Incoming udp traffic: " << convert_speed_to_mbps(current_attack.udp_in_bytes) << " mbps\n"
<< "Outgoing udp traffic: " << convert_speed_to_mbps(current_attack.udp_out_bytes) << " mbps\n"
<< "Incoming udp pps: " << current_attack.udp_in_packets << " packets per second\n"
<< "Outgoing udp pps: " << current_attack.udp_out_packets << " packets per second\n"
<< "Incoming icmp traffic: " << convert_speed_to_mbps(current_attack.icmp_in_bytes) << " mbps\n"
<< "Outgoing icmp traffic: " << convert_speed_to_mbps(current_attack.icmp_out_bytes) << " mbps\n"
<< "Incoming icmp pps: " << current_attack.icmp_in_packets << " packets per second\n"
<< "Outgoing icmp pps: " << current_attack.icmp_out_packets << " packets per second\n";
<< "Incoming icmp traffic: " << convert_speed_to_mbps(current_attack.icmp_in_bytes) << " mbps\n"
<< "Outgoing icmp traffic: " << convert_speed_to_mbps(current_attack.icmp_out_bytes) << " mbps\n"
<< "Incoming icmp pps: " << current_attack.icmp_in_packets << " packets per second\n"
<< "Outgoing icmp pps: " << current_attack.icmp_out_packets << " packets per second\n";
return attack_description.str();
}
@ -1123,11 +1113,10 @@ std::string serialize_network_load_to_text(map_element_t& network_speed_meter, b
prefix = "Average network";
}
buffer
<< prefix << " incoming traffic: " << convert_speed_to_mbps(network_speed_meter.in_bytes) << " mbps\n"
<< prefix << " outgoing traffic: " << convert_speed_to_mbps(network_speed_meter.out_bytes) << " mbps\n"
<< prefix << " incoming pps: " << network_speed_meter.in_packets << " packets per second\n"
<< prefix << " outgoing pps: " << network_speed_meter.out_packets << " packets per second\n";
buffer << prefix << " incoming traffic: " << convert_speed_to_mbps(network_speed_meter.in_bytes) << " mbps\n"
<< prefix << " outgoing traffic: " << convert_speed_to_mbps(network_speed_meter.out_bytes) << " mbps\n"
<< prefix << " incoming pps: " << network_speed_meter.in_packets << " packets per second\n"
<< prefix << " outgoing pps: " << network_speed_meter.out_packets << " packets per second\n";
return buffer.str();
}
@ -1150,13 +1139,11 @@ std::string serialize_statistic_counters_about_attack(attack_details_t& current_
double average_packet_size_for_outgoing_traffic = 0;
if (current_attack.average_in_packets > 0) {
average_packet_size_for_incoming_traffic =
(double)current_attack.average_in_bytes / (double)current_attack.average_in_packets;
average_packet_size_for_incoming_traffic = (double)current_attack.average_in_bytes / (double)current_attack.average_in_packets;
}
if (current_attack.average_out_packets > 0) {
average_packet_size_for_outgoing_traffic =
(double)current_attack.average_out_bytes / (double)current_attack.average_out_packets;
average_packet_size_for_outgoing_traffic = (double)current_attack.average_out_bytes / (double)current_attack.average_out_packets;
}
// We do not need very accurate size
@ -1199,7 +1186,7 @@ bool store_data_to_stats_server(unsigned short int graphite_port, std::string gr
memset(&serv_addr, 0, sizeof(serv_addr));
serv_addr.sin_family = AF_INET;
serv_addr.sin_port = htons(graphite_port);
serv_addr.sin_port = htons(graphite_port);
int pton_result = inet_pton(AF_INET, graphite_host.c_str(), &serv_addr.sin_addr);
@ -1256,8 +1243,7 @@ bool get_interface_number_by_device_name(int socket_fd, std::string interface_na
#else
/* Fallback to if_nametoindex(3) otherwise. */
interface_number = if_nametoindex(interface_name.c_str());
if (interface_number == 0)
return false;
if (interface_number == 0) return false;
#endif /* SIOCGIFINDEX */
return true;
}
@ -1900,4 +1886,3 @@ std::string join_by_comma_and_equal(std::map<std::string, std::string>& data) {
return buffer.str();
}

14
src/fast_library.h
View File

@ -83,12 +83,10 @@ int convert_string_to_integer(std::string line);
bool print_pid_to_file(pid_t pid, std::string pid_path);
bool read_pid_from_file(pid_t& pid, std::string pid_path);
direction_t get_packet_direction(patricia_tree_t* lookup_tree,
uint32_t src_ip,
uint32_t dst_ip,
subnet_cidr_mask_t& subnet);
direction_t get_packet_direction(patricia_tree_t* lookup_tree, uint32_t src_ip, uint32_t dst_ip, subnet_cidr_mask_t& subnet);
direction_t get_packet_direction_ipv6(patricia_tree_t* lookup_tree, struct in6_addr src_ipv6, struct in6_addr dst_ipv6, subnet_ipv6_cidr_mask_t& subnet);
direction_t
get_packet_direction_ipv6(patricia_tree_t* lookup_tree, struct in6_addr src_ipv6, struct in6_addr dst_ipv6, subnet_ipv6_cidr_mask_t& subnet);
std::string convert_prefix_to_string_representation(prefix_t* prefix);
std::string find_subnet_by_ip_in_string_format(patricia_tree_t* patricia_tree, std::string ip);
@ -116,10 +114,10 @@ bool store_data_to_stats_server(unsigned short int graphite_port, std::string gr
bool get_interface_number_by_device_name(int socket_fd, std::string interface_name, int& interface_number);
bool set_boost_process_name(boost::thread* thread, std::string process_name);
std::string convert_subnet_to_string(subnet_cidr_mask_t my_subnet);
std::string convert_subnet_to_string(subnet_cidr_mask_t my_subnet);
std::string print_ipv6_cidr_subnet(subnet_ipv6_cidr_mask_t subnet);
std::string convert_any_ip_to_string(subnet_ipv6_cidr_mask_t subnet);
std::string print_ipv6_cidr_subnet(subnet_ipv6_cidr_mask_t subnet);
std::string convert_any_ip_to_string(subnet_ipv6_cidr_mask_t subnet);
bool convert_string_to_positive_integer_safe(std::string line, int& value);
bool read_ipv6_host_from_string(std::string ipv6_host_as_string, in6_addr& result);
bool validate_ipv6_or_ipv4_host(const std::string host);

3
src/fast_priority_queue.cpp
View File

@ -39,8 +39,7 @@ order_by_template_type fast_priority_queue<order_by_template_type>::get_min_elem
return internal_list.front();
}
template <class order_by_template_type>
void fast_priority_queue<order_by_template_type>::print_internal_list() {
template <class order_by_template_type> void fast_priority_queue<order_by_template_type>::print_internal_list() {
for (unsigned int i = 0; i < internal_list.size(); i++) {
std::cout << internal_list[i] << std::endl;
}

205
src/fastnetmon.cpp
View File

@ -11,7 +11,6 @@
#include <time.h>
#include <unistd.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <net/if_arp.h> // struct arphdr
#include <netinet/if_ether.h>
@ -21,6 +20,7 @@
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <sys/resource.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include "bgp_protocol.hpp"
@ -128,7 +128,7 @@ std::string cli_stats_file_path = "/tmp/fastnetmon.dat";
std::string cli_stats_ipv6_file_path = "/tmp/fastnetmon_ipv6.dat";
unsigned int stats_thread_sleep_time = 3600;
unsigned int stats_thread_sleep_time = 3600;
unsigned int stats_thread_initial_call_delay = 30;
// Each this seconds we will check about available data in bucket
@ -174,9 +174,9 @@ bool gobgp_enabled = false;
#endif
#ifdef MONGO
std::string mongodb_host = "localhost";
std::string mongodb_host = "localhost";
unsigned int mongodb_port = 27017;
bool mongodb_enabled = false;
bool mongodb_enabled = false;
std::string mongodb_database_name = "fastnetmon";
#endif
@ -184,7 +184,7 @@ std::string mongodb_database_name = "fastnetmon";
/* Configuration block, we must move it to configuration file */
#ifdef REDIS
unsigned int redis_port = 6379;
std::string redis_host = "127.0.0.1";
std::string redis_host = "127.0.0.1";
// redis key prefix
std::string redis_prefix = "";
@ -214,8 +214,8 @@ ban_settings_t global_ban_settings;
void init_global_ban_settings() {
// ban Configuration params
global_ban_settings.enable_ban_for_pps = false;
global_ban_settings.enable_ban_for_bandwidth = false;
global_ban_settings.enable_ban_for_pps = false;
global_ban_settings.enable_ban_for_bandwidth = false;
global_ban_settings.enable_ban_for_flows_per_second = false;
// We must ban IP if it exceeed this limit in PPS
@ -228,13 +228,13 @@ void init_global_ban_settings() {
global_ban_settings.ban_threshold_mbps = 1000;
// Disable per protocol thresholds too
global_ban_settings.enable_ban_for_tcp_pps = false;
global_ban_settings.enable_ban_for_tcp_pps = false;
global_ban_settings.enable_ban_for_tcp_bandwidth = false;
global_ban_settings.enable_ban_for_udp_pps = false;
global_ban_settings.enable_ban_for_udp_pps = false;
global_ban_settings.enable_ban_for_udp_bandwidth = false;
global_ban_settings.enable_ban_for_icmp_pps = false;
global_ban_settings.enable_ban_for_icmp_pps = false;
global_ban_settings.enable_ban_for_icmp_bandwidth = false;
// Ban enable/disable flag
@ -243,12 +243,12 @@ void init_global_ban_settings() {
bool enable_connection_tracking = true;
bool enable_afpacket_collection = false;
bool enable_afpacket_collection = false;
bool enable_data_collection_from_mirror = true;
bool enable_netmap_collection = false;
bool enable_sflow_collection = false;
bool enable_netflow_collection = false;
bool enable_pcap_collection = false;
bool enable_netmap_collection = false;
bool enable_sflow_collection = false;
bool enable_netflow_collection = false;
bool enable_pcap_collection = false;
// Time consumed by reaclculation for all IPs
struct timeval speed_calculation_time;
@ -332,7 +332,7 @@ total_counter_element_t total_speed_counters_ipv6[4];
total_counter_element_t total_speed_average_counters_ipv6[4];
// Total amount of non parsed packets
uint64_t total_unparsed_packets = 0;
uint64_t total_unparsed_packets = 0;
uint64_t total_unparsed_packets_speed = 0;
// Total amount of IPv4 packets
@ -396,7 +396,7 @@ blackhole_ban_list_t<subnet_ipv6_cidr_mask_t> ban_list_ipv6_ng;
// In ddos info we store attack power and direction
std::map<uint32_t, banlist_item_t> ban_list;
std::map<uint32_t, std::vector<simple_packet_t> > ban_list_details;
std::map<uint32_t, std::vector<simple_packet_t>> ban_list_details;
host_group_map_t host_groups;
@ -409,21 +409,21 @@ std::vector<subnet_cidr_mask_t> our_networks;
std::vector<subnet_cidr_mask_t> whitelist_networks;
// ExaBGP support flag
bool exabgp_enabled = false;
bool exabgp_enabled = false;
std::string exabgp_community = "";
// We could use separate communities for subnet and host announces
std::string exabgp_community_subnet = "";
std::string exabgp_community_host = "";
std::string exabgp_community_host = "";
std::string exabgp_command_pipe = "/var/run/exabgp.cmd";
std::string exabgp_next_hop = "";
std::string exabgp_next_hop = "";
// Graphite monitoring
bool graphite_enabled = false;
std::string graphite_host = "127.0.0.1";
unsigned short int graphite_port = 2003;
bool graphite_enabled = false;
std::string graphite_host = "127.0.0.1";
unsigned short int graphite_port = 2003;
unsigned int graphite_push_period = 1;
// Time consumed by pushing data to Graphite
@ -440,13 +440,13 @@ uint64_t influxdb_writes_total = 0;
uint64_t influxdb_writes_failed = 0;
// InfluxDB
bool influxdb_enabled = false;
std::string influxdb_database = "fastnetmon";
std::string influxdb_host = "127.0.0.1";
unsigned short int influxdb_port = 8086;
bool influxdb_auth = false;
std::string influxdb_user = "";
std::string influxdb_password = "";
bool influxdb_enabled = false;
std::string influxdb_database = "fastnetmon";
std::string influxdb_host = "127.0.0.1";
unsigned short int influxdb_port = 8086;
bool influxdb_auth = false;
std::string influxdb_user = "";
std::string influxdb_password = "";
unsigned int influxdb_push_period = 1;
bool process_incoming_traffic = true;
@ -454,8 +454,7 @@ bool process_outgoing_traffic = true;
logging_configuration_t read_logging_settings(configuration_map_t configuration_map);
std::string get_amplification_attack_type(amplification_attack_type_t attack_type);
std::string generate_flow_spec_for_amplification_attack(amplification_attack_type_t amplification_attack_type,
std::string destination_ip);
std::string generate_flow_spec_for_amplification_attack(amplification_attack_type_t amplification_attack_type, std::string destination_ip);
ban_settings_t read_ban_settings(configuration_map_t configuration_map, std::string host_group_name = "");
bool load_configuration_file();
void free_up_all_resources();
@ -497,10 +496,9 @@ void RunApiServer() {
#endif
void sigpipe_handler_for_popen(int signo) {
logger
<< log4cpp::Priority::ERROR << "Sorry but we experienced error with popen. "
<< "Please check your scripts. They should receive data on stdin! Optionally you could disable "
"passing any details with configuration param: notify_script_pass_details = no";
logger << log4cpp::Priority::ERROR << "Sorry but we experienced error with popen. "
<< "Please check your scripts. They should receive data on stdin! Optionally you could disable "
"passing any details with configuration param: notify_script_pass_details = no";
// Well, we do not need exit here because we have another options to notifying about atatck
// exit(1);
@ -562,22 +560,18 @@ void parse_hostgroups(std::string name, std::string value) {
std::string host_group_name = splitted_new_host_group[0];
if (host_groups.count(host_group_name) > 0) {
logger << log4cpp::Priority::WARN << "We already have this host group (" << host_group_name
<< "). Please check!";
logger << log4cpp::Priority::WARN << "We already have this host group (" << host_group_name << "). Please check!";
return;
}
// Split networks
std::vector<std::string> hostgroup_subnets =
split_strings_to_vector_by_comma(splitted_new_host_group[1]);
for (std::vector<std::string>::iterator itr = hostgroup_subnets.begin();
itr != hostgroup_subnets.end(); ++itr) {
std::vector<std::string> hostgroup_subnets = split_strings_to_vector_by_comma(splitted_new_host_group[1]);
for (std::vector<std::string>::iterator itr = hostgroup_subnets.begin(); itr != hostgroup_subnets.end(); ++itr) {
subnet_cidr_mask_t subnet = convert_subnet_from_string_to_binary_with_cidr_format(*itr);
host_groups[host_group_name].push_back(subnet);
logger << log4cpp::Priority::WARN << "We add subnet " << convert_subnet_to_string(subnet)
<< " to host group " << host_group_name;
logger << log4cpp::Priority::WARN << "We add subnet " << convert_subnet_to_string(subnet) << " to host group " << host_group_name;
// And add to subnet to host group lookup hash
if (subnet_to_host_groups.count(subnet) > 0) {
@ -589,8 +583,8 @@ void parse_hostgroups(std::string name, std::string value) {
}
}
logger << log4cpp::Priority::INFO << "We have created host group " << host_group_name
<< " with " << host_groups[host_group_name].size() << " subnets";
logger << log4cpp::Priority::INFO << "We have created host group " << host_group_name << " with "
<< host_groups[host_group_name].size() << " subnets";
}
// Load configuration
@ -669,13 +663,12 @@ bool load_configuration_file() {
}
if (configuration_map.count("average_calculation_time") != 0) {
average_calculation_amount =
convert_string_to_integer(configuration_map["average_calculation_time"]);
average_calculation_amount = convert_string_to_integer(configuration_map["average_calculation_time"]);
}
if (configuration_map.count("average_calculation_time_for_subnets") != 0) {
average_calculation_amount_for_subnets =
convert_string_to_integer(configuration_map["average_calculation_time_for_subnets"]);
convert_string_to_integer(configuration_map["average_calculation_time_for_subnets"]);
}
if (configuration_map.count("speed_calculation_delay") != 0) {
@ -687,7 +680,7 @@ bool load_configuration_file() {
}
if (configuration_map.count("monitor_openvz_vps_ip_addresses") != 0) {
monitor_openvz_vps_ip_addresses = configuration_map["monitor_openvz_vps_ip_addresses"] == "on" ? true : false;
monitor_openvz_vps_ip_addresses = configuration_map["monitor_openvz_vps_ip_addresses"] == "on" ? true : false;
}
#ifdef FASTNETMON_API
@ -738,9 +731,7 @@ bool load_configuration_file() {
}
if (exabgp_enabled && exabgp_announce_host && exabgp_community_host.empty()) {
logger
<< log4cpp::Priority::ERROR
<< "You enabled exabgp for host but not specified community, we disable exabgp support";
logger << log4cpp::Priority::ERROR << "You enabled exabgp for host but not specified community, we disable exabgp support";
exabgp_enabled = false;
}
@ -763,9 +754,7 @@ bool load_configuration_file() {
exabgp_next_hop = configuration_map["exabgp_next_hop"];
if (exabgp_next_hop.empty()) {
logger
<< log4cpp::Priority::ERROR
<< "You enabled exabgp but not specified exabgp_next_hop, so we disable exabgp support";
logger << log4cpp::Priority::ERROR << "You enabled exabgp but not specified exabgp_next_hop, so we disable exabgp support";
exabgp_enabled = false;
}
@ -909,8 +898,7 @@ bool load_configuration_file() {
// logger << log4cpp::Priority::INFO << "We read global ban settings: " << print_ban_thresholds(global_ban_settings);
// Read host group ban settings
for (host_group_map_t::iterator hostgroup_itr = host_groups.begin();
hostgroup_itr != host_groups.end(); ++hostgroup_itr) {
for (host_group_map_t::iterator hostgroup_itr = host_groups.begin(); hostgroup_itr != host_groups.end(); ++hostgroup_itr) {
std::string host_group_name = hostgroup_itr->first;
logger << log4cpp::Priority::INFO << "We will read ban settings for " << host_group_name;
@ -944,8 +932,7 @@ bool load_configuration_file() {
if (configuration_map.count("redis_enabled") != 0) {
// We use yes and on because it's stupid typo :(
if (configuration_map["redis_enabled"] == "on" or
configuration_map["redis_enabled"] == "yes") {
if (configuration_map["redis_enabled"] == "on" or configuration_map["redis_enabled"] == "yes") {
redis_enabled = true;
} else {
redis_enabled = false;
@ -974,8 +961,7 @@ bool load_configuration_file() {
#endif
if (configuration_map.count("ban_details_records_count") != 0) {
ban_details_records_count =
convert_string_to_integer(configuration_map["ban_details_records_count"]);
ban_details_records_count = convert_string_to_integer(configuration_map["ban_details_records_count"]);
}
if (configuration_map.count("check_period") != 0) {
@ -1031,13 +1017,13 @@ void subnet_vectors_allocator(prefix_t* prefix, void* data) {
// Network byte order
uint32_t subnet_as_integer = prefix->add.sin.s_addr;
u_short bitlen = prefix->bitlen;
double base = 2;
u_short bitlen = prefix->bitlen;
double base = 2;
int network_size_in_ips = pow(base, 32 - bitlen);
// logger<< log4cpp::Priority::INFO<<"Subnet: "<<prefix->add.sin.s_addr<<" network size:
// "<<network_size_in_ips;
logger << log4cpp::Priority::INFO << "I will allocate " << network_size_in_ips
<< " records for subnet " << subnet_as_integer << " cidr mask: " << bitlen;
logger << log4cpp::Priority::INFO << "I will allocate " << network_size_in_ips << " records for subnet "
<< subnet_as_integer << " cidr mask: " << bitlen;
subnet_cidr_mask_t current_subnet(subnet_as_integer, bitlen);
@ -1046,8 +1032,8 @@ void subnet_vectors_allocator(prefix_t* prefix, void* data) {
// Initilize our counters with fill constructor
try {
SubnetVectorMap[current_subnet] = vector_of_counters(network_size_in_ips, zero_map_element);
SubnetVectorMapSpeed[current_subnet] = vector_of_counters(network_size_in_ips, zero_map_element);
SubnetVectorMap[current_subnet] = vector_of_counters(network_size_in_ips, zero_map_element);
SubnetVectorMapSpeed[current_subnet] = vector_of_counters(network_size_in_ips, zero_map_element);
SubnetVectorMapSpeedAverage[current_subnet] = vector_of_counters(network_size_in_ips, zero_map_element);
} catch (std::bad_alloc& ba) {
logger << log4cpp::Priority::ERROR << "Can't allocate memory for counters";
@ -1059,11 +1045,10 @@ void subnet_vectors_allocator(prefix_t* prefix, void* data) {
// On creating it initilizes by zeros
conntrack_main_struct_t zero_conntrack_main_struct;
std::fill(SubnetVectorMapFlow[current_subnet].begin(),
SubnetVectorMapFlow[current_subnet].end(), zero_conntrack_main_struct);
std::fill(SubnetVectorMapFlow[current_subnet].begin(), SubnetVectorMapFlow[current_subnet].end(), zero_conntrack_main_struct);
PerSubnetCountersMap[current_subnet] = zero_map_element;
PerSubnetSpeedMap[current_subnet] = zero_map_element;
PerSubnetSpeedMap[current_subnet] = zero_map_element;
}
void zeroify_all_counters() {
@ -1078,11 +1063,10 @@ void zeroify_all_counters() {
bool load_our_networks_list() {
if (file_exists(fastnetmon_platform_configuration.white_list_path)) {
unsigned int network_entries = 0;
unsigned int network_entries = 0;
std::vector<std::string> network_list_from_config = read_file_to_vector(fastnetmon_platform_configuration.white_list_path);
for (std::vector<std::string>::iterator ii = network_list_from_config.begin();
ii != network_list_from_config.end(); ++ii) {
for (std::vector<std::string>::iterator ii = network_list_from_config.begin(); ii != network_list_from_config.end(); ++ii) {
std::string text_subnet = *ii;
if (text_subnet.empty()) {
continue;
@ -1140,11 +1124,9 @@ bool load_our_networks_list() {
}
}
logger << log4cpp::Priority::INFO << "We loaded " << networks_list_ipv4_as_string.size()
<< " IPv4 networks from /proc/vz/veip";
logger << log4cpp::Priority::INFO << "We loaded " << networks_list_ipv4_as_string.size() << " IPv4 networks from /proc/vz/veip";
logger << log4cpp::Priority::INFO << "We loaded " << networks_list_ipv6_as_string.size()
<< " IPv6 networks from /proc/vz/veip";
logger << log4cpp::Priority::INFO << "We loaded " << networks_list_ipv6_as_string.size() << " IPv6 networks from /proc/vz/veip";
}
if (monitor_local_ip_addresses && file_exists("/sbin/ip")) {
@ -1152,8 +1134,7 @@ bool load_our_networks_list() {
ip_addresses_list_t ip_list = get_local_ip_v4_addresses_list();
logger << log4cpp::Priority::INFO << "We found " << ip_list.size()
<< " local IP addresses and will monitor they";
logger << log4cpp::Priority::INFO << "We found " << ip_list.size() << " local IP addresses and will monitor they";
for (ip_addresses_list_t::iterator iter = ip_list.begin(); iter != ip_list.end(); ++iter) {
// TODO: add IPv6 here
@ -1162,7 +1143,8 @@ bool load_our_networks_list() {
}
if (file_exists(fastnetmon_platform_configuration.networks_list_path)) {
std::vector<std::string> network_list_from_config = read_file_to_vector(fastnetmon_platform_configuration.networks_list_path);
std::vector<std::string> network_list_from_config =
read_file_to_vector(fastnetmon_platform_configuration.networks_list_path);
for (std::vector<std::string>::iterator line_itr = network_list_from_config.begin();
line_itr != network_list_from_config.end(); ++line_itr) {
@ -1179,8 +1161,7 @@ bool load_our_networks_list() {
}
}
logger << log4cpp::Priority::INFO << "We loaded " << network_list_from_config.size()
<< " networks from networks file";
logger << log4cpp::Priority::INFO << "We loaded " << network_list_from_config.size() << " networks from networks file";
}
// Some consistency checks
@ -1200,23 +1181,23 @@ bool load_our_networks_list() {
std::string network_address_in_cidr_form = *ii;
unsigned int cidr_mask = get_cidr_mask_from_network_as_string(network_address_in_cidr_form);
unsigned int cidr_mask = get_cidr_mask_from_network_as_string(network_address_in_cidr_form);
std::string network_address = get_net_address_from_network_as_string(network_address_in_cidr_form);
double base = 2;
total_number_of_hosts_in_our_networks += pow(base, 32 - cidr_mask);
// Make sure it's "subnet address" and not an host address
uint32_t subnet_address_as_uint = convert_ip_as_string_to_uint(network_address);
uint32_t subnet_address_as_uint = convert_ip_as_string_to_uint(network_address);
uint32_t subnet_address_netmask_binary = convert_cidr_to_binary_netmask(cidr_mask);
uint32_t generated_subnet_address = subnet_address_as_uint & subnet_address_netmask_binary;
uint32_t generated_subnet_address = subnet_address_as_uint & subnet_address_netmask_binary;
if (subnet_address_as_uint != generated_subnet_address) {
std::string new_network_address_as_string =
convert_ip_as_uint_to_string(generated_subnet_address) + "/" + convert_int_to_string(cidr_mask);
convert_ip_as_uint_to_string(generated_subnet_address) + "/" + convert_int_to_string(cidr_mask);
logger << log4cpp::Priority::WARN << "We will use " << new_network_address_as_string
<< " instead of " << network_address_in_cidr_form << " because it's host address";
logger << log4cpp::Priority::WARN << "We will use " << new_network_address_as_string << " instead of "
<< network_address_in_cidr_form << " because it's host address";
network_address_in_cidr_form = new_network_address_as_string;
}
@ -1231,14 +1212,13 @@ bool load_our_networks_list() {
make_and_lookup_ipv6(lookup_tree_ipv6, (char*)ii->c_str());
}
logger << log4cpp::Priority::INFO << "Total number of monitored hosts (total size of all networks): "
<< total_number_of_hosts_in_our_networks;
logger << log4cpp::Priority::INFO
<< "Total number of monitored hosts (total size of all networks): " << total_number_of_hosts_in_our_networks;
// 3 - speed counter, average speed counter and data counter
uint64_t memory_requirements = 3 * sizeof(map_element_t) * total_number_of_hosts_in_our_networks / 1024 / 1024;
logger << log4cpp::Priority::INFO << "We need " << memory_requirements
<< " MB of memory for storing counters for your networks";
logger << log4cpp::Priority::INFO << "We need " << memory_requirements << " MB of memory for storing counters for your networks";
/* Preallocate data structures */
patricia_process(lookup_tree_ipv4, (void_fn_t)subnet_vectors_allocator);
@ -1255,7 +1235,7 @@ bool load_our_networks_list() {
#ifdef GEOIP
unsigned int get_asn_for_ip(uint32_t ip) {
char* asn_raw = GeoIP_org_by_name(geo_ip, convert_ip_as_uint_to_string(remote_ip).c_str());
char* asn_raw = GeoIP_org_by_name(geo_ip, convert_ip_as_uint_to_string(remote_ip).c_str());
uint32_t asn_number = 0;
if (asn_raw == NULL) {
@ -1365,8 +1345,7 @@ void reconfigure_logging() {
layout->setConversionPattern("[%p] %m%n");
if (logging_configuration.local_syslog_logging) {
log4cpp::Appender* local_syslog_appender =
new log4cpp::SyslogAppender("fastnetmon", "fastnetmon", LOG_USER);
log4cpp::Appender* local_syslog_appender = new log4cpp::SyslogAppender("fastnetmon", "fastnetmon", LOG_USER);
local_syslog_appender->setLayout(layout);
logger.addAppender(local_syslog_appender);
@ -1375,8 +1354,8 @@ void reconfigure_logging() {
if (logging_configuration.remote_syslog_logging) {
log4cpp::Appender* remote_syslog_appender =
new log4cpp::RemoteSyslogAppender("fastnetmon", "fastnetmon", logging_configuration.remote_syslog_server,
LOG_USER, logging_configuration.remote_syslog_port);
new log4cpp::RemoteSyslogAppender("fastnetmon", "fastnetmon", logging_configuration.remote_syslog_server,
LOG_USER, logging_configuration.remote_syslog_port);
remote_syslog_appender->setLayout(layout);
logger.addAppender(remote_syslog_appender);
@ -1420,12 +1399,12 @@ void redirect_fds() {
// Create copy of zero decriptor for 1 and 2 fd's
// We do not need return codes here but we need do it for suppressing complaints from compiler
int first_dup_result = dup(0);
int first_dup_result = dup(0);
int second_dup_result = dup(0);
}
int main(int argc, char** argv) {
bool daemonize = false;
bool daemonize = false;
bool only_configuration_check = false;
namespace po = boost::program_options;
@ -1466,7 +1445,8 @@ int main(int argc, char** argv) {
if (vm.count("configuration_file")) {
fastnetmon_platform_configuration.global_config_path = vm["configuration_file"].as<std::string>();
std::cout << "We will use custom path to configuration file: " << fastnetmon_platform_configuration.global_config_path << std::endl;
std::cout << "We will use custom path to configuration file: " << fastnetmon_platform_configuration.global_config_path
<< std::endl;
}
if (vm.count("log_file")) {
@ -1521,7 +1501,8 @@ int main(int argc, char** argv) {
bool load_config_result = load_configuration_file();
if (!load_config_result) {
std::cerr << "Can't open config file " << fastnetmon_platform_configuration.global_config_path << " please create it!" << std::endl;
std::cerr << "Can't open config file " << fastnetmon_platform_configuration.global_config_path
<< " please create it!" << std::endl;
exit(1);
}
@ -1540,8 +1521,7 @@ int main(int argc, char** argv) {
int kill_result = kill(pid_from_file, 0);
if (kill_result == 0) {
logger << log4cpp::Priority::ERROR
<< "FastNetMon is already running with pid: " << pid_from_file;
logger << log4cpp::Priority::ERROR << "FastNetMon is already running with pid: " << pid_from_file;
exit(1);
} else {
// Yes, we have pid with pid but it's zero
@ -1560,25 +1540,26 @@ int main(int argc, char** argv) {
bool print_pid_to_file_result = print_pid_to_file(getpid(), fastnetmon_platform_configuration.pid_path);
if (!print_pid_to_file_result) {
logger << log4cpp::Priority::ERROR << "Could not create pid file, please check permissions: " << fastnetmon_platform_configuration.pid_path;
logger << log4cpp::Priority::ERROR
<< "Could not create pid file, please check permissions: " << fastnetmon_platform_configuration.pid_path;
exit(EXIT_FAILURE);
}
lookup_tree_ipv4 = New_Patricia(32);
lookup_tree_ipv4 = New_Patricia(32);
whitelist_tree_ipv4 = New_Patricia(32);
lookup_tree_ipv6 = New_Patricia(128);
lookup_tree_ipv6 = New_Patricia(128);
whitelist_tree_ipv6 = New_Patricia(128);
// nullify total counters
for (int index = 0; index < 4; index++) {
total_counters[index].bytes = 0;
total_counters[index].bytes = 0;
total_counters[index].packets = 0;
total_speed_counters[index].bytes = 0;
total_speed_counters[index].bytes = 0;
total_speed_counters[index].packets = 0;
total_speed_average_counters[index].bytes = 0;
total_speed_average_counters[index].bytes = 0;
total_speed_average_counters[index].packets = 0;
}
@ -1587,7 +1568,8 @@ int main(int argc, char** argv) {
int mkdir_result = mkdir(fastnetmon_platform_configuration.attack_details_folder.c_str(), S_IRWXU);
if (mkdir_result != 0) {
logger << log4cpp::Priority::ERROR << "Can't create folder for attack details: " << fastnetmon_platform_configuration.attack_details_folder;
logger << log4cpp::Priority::ERROR
<< "Can't create folder for attack details: " << fastnetmon_platform_configuration.attack_details_folder;
exit(1);
}
}
@ -1762,4 +1744,3 @@ void interruption_signal_handler(int signal_number) {
// TODO: we should REMOVE this exit command and wait for correct toolkit shutdown
exit(1);
}

2
src/fastnetmon_api_client.cpp
View File

@ -61,7 +61,7 @@ class FastnetmonClient {
// Set timeout for API
std::chrono::system_clock::time_point deadline =
std::chrono::system_clock::now() + std::chrono::seconds(client_connection_timeout);
std::chrono::system_clock::now() + std::chrono::seconds(client_connection_timeout);
context.set_deadline(deadline);

851
src/fastnetmon_logic.cpp
View File

File diff suppressed because it is too large Load Diff

42
src/fastnetmon_logic.hpp
View File

@ -1,5 +1,5 @@
#include "fastnetmon_types.h"
#include "bgp_protocol.hpp"
#include "fastnetmon_types.h"
#ifdef REDIS
#include <hiredis/hiredis.h>
@ -13,18 +13,15 @@
typedef std::map<std::string, uint32_t> active_flow_spec_announces_t;
void build_speed_counters_from_packet_counters(map_element_t& new_speed_element,
map_element_t* vector_itr,
double speed_calc_period) ;
void build_speed_counters_from_packet_counters(map_element_t& new_speed_element, map_element_t* vector_itr, double speed_calc_period);
void build_average_speed_counters_from_speed_counters(map_element_t* current_average_speed_element,
map_element_t& new_speed_element,
double exp_value,
double exp_power);
map_element_t& new_speed_element,
double exp_value,
double exp_power);
std::string get_amplification_attack_type(amplification_attack_type_t attack_type);
std::string generate_flow_spec_for_amplification_attack(amplification_attack_type_t amplification_attack_type,
std::string destination_ip);
std::string generate_flow_spec_for_amplification_attack(amplification_attack_type_t amplification_attack_type, std::string destination_ip);
bool we_should_ban_this_entity(map_element_t* average_speed_element,
ban_settings_t& current_ban_settings,
@ -41,12 +38,9 @@ std::string print_ban_thresholds(ban_settings_t current_ban_settings);
std::string print_subnet_ipv4_load();
std::string print_subnet_ipv6_load();
std::string print_flow_tracking_for_ip(conntrack_main_struct_t& conntrack_element, std::string client_ip);
std::string print_flow_tracking_for_specified_protocol(contrack_map_type& protocol_map,
std::string client_ip,
direction_t flow_direction);
std::string print_flow_tracking_for_specified_protocol(contrack_map_type& protocol_map, std::string client_ip, direction_t flow_direction);
void convert_integer_to_conntrack_hash_struct(packed_session* packed_connection_data,
packed_conntrack_hash_t* unpacked_data);
void convert_integer_to_conntrack_hash_struct(packed_session* packed_connection_data, packed_conntrack_hash_t* unpacked_data);
void cleanup_ban_list();
@ -59,11 +53,11 @@ void call_unban_handlers(uint32_t client_ip,
std::string print_ddos_attack_details();
std::string get_attack_description(uint32_t client_ip, attack_details_t& current_attack) ;
std::string get_attack_description(uint32_t client_ip, attack_details_t& current_attack);
std::string get_attack_description_in_json(uint32_t client_ip, attack_details_t& current_attack) ;
std::string get_attack_description_in_json(uint32_t client_ip, attack_details_t& current_attack);
std::string generate_simple_packets_dump(std::vector<simple_packet_t>& ban_list_details) ;
std::string generate_simple_packets_dump(std::vector<simple_packet_t>& ban_list_details);
void send_attack_details(uint32_t client_ip, attack_details_t current_attack_details);
@ -73,10 +67,7 @@ uint64_t convert_conntrack_hash_struct_to_integer(packed_conntrack_hash_t* struc
bool process_flow_tracking_table(conntrack_main_struct_t& conntrack_element, std::string client_ip);
bool exec_with_stdin_params(std::string cmd, std::string params);
ban_settings_t get_ban_settings_for_this_subnet(subnet_cidr_mask_t subnet, std::string& host_group_name);
void exabgp_prefix_ban_manage(std::string action,
std::string prefix_as_string_with_mask,
std::string exabgp_next_hop,
std::string exabgp_community);
void exabgp_prefix_ban_manage(std::string action, std::string prefix_as_string_with_mask, std::string exabgp_next_hop, std::string exabgp_community);
bool exabgp_flow_spec_ban_manage(std::string action, std::string flow_spec_rule_as_text);
#ifdef REDIS
@ -107,7 +98,7 @@ std::string draw_table_ipv4(direction_t data_direction, bool do_redis_update, so
std::string draw_table_ipv6(direction_t data_direction, bool do_redis_update, sort_type_t sort_item);
void print_screen_contents_into_file(std::string screen_data_stats_param, std::string file_path);
void zeroify_all_flow_counters();
void process_packet(simple_packet_t& current_packet) ;
void process_packet(simple_packet_t& current_packet);
void increment_outgoing_counters(map_element_t* current_element,
simple_packet_t& current_packet,
@ -164,13 +155,10 @@ using grpc::Status;
class FastnetmonApiServiceImpl final : public Fastnetmon::Service {
Status GetBanlist(::grpc::ServerContext* context,
const ::fastmitigation::BanListRequest* request,
::grpc::ServerWriter< ::fastmitigation::BanListReply>* writer) override;
::grpc::ServerWriter<::fastmitigation::BanListReply>* writer) override;
Status ExecuteBan(ServerContext* context,
const fastmitigation::ExecuteBanRequest* request,
fastmitigation::ExecuteBanReply* reply) override;
Status ExecuteBan(ServerContext* context, const fastmitigation::ExecuteBanRequest* request, fastmitigation::ExecuteBanReply* reply) override;
Status ExecuteUnBan(ServerContext* context,
const fastmitigation::ExecuteBanRequest* request,
fastmitigation::ExecuteBanReply* reply) override;
};

1
src/fastnetmon_networks.hpp
View File

@ -195,4 +195,3 @@ template <> struct hash<subnet_cidr_mask_t> {
};
} // namespace std

216
src/fastnetmon_packet_parser.c
View File

@ -234,22 +234,17 @@ u_int32_t pfring_hash_pkt(struct pfring_pkthdr* hdr) {
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_ip_dst.v6.__u6_addr.__u6_addr32[1] +
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_ip_dst.v6.__u6_addr.__u6_addr32[2] +
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_ip_dst.v6.__u6_addr.__u6_addr32[3] +
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_l4_src_port +
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_l4_dst_port;
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_l4_src_port + hdr->extended_hdr.parsed_pkt.tunnel.tunneled_l4_dst_port;
}
}
#else
u_int32_t pfring_hash_pkt(struct pfring_pkthdr* hdr) {
if (hdr->extended_hdr.parsed_pkt.tunnel.tunnel_id == NO_TUNNEL_ID) {
return hdr->extended_hdr.parsed_pkt.vlan_id + hdr->extended_hdr.parsed_pkt.l3_proto +
hdr->extended_hdr.parsed_pkt.ip_src.v6.s6_addr32[0] +
hdr->extended_hdr.parsed_pkt.ip_src.v6.s6_addr32[1] +
hdr->extended_hdr.parsed_pkt.ip_src.v6.s6_addr32[2] +
hdr->extended_hdr.parsed_pkt.ip_src.v6.s6_addr32[3] +
hdr->extended_hdr.parsed_pkt.ip_dst.v6.s6_addr32[0] +
hdr->extended_hdr.parsed_pkt.ip_dst.v6.s6_addr32[1] +
hdr->extended_hdr.parsed_pkt.ip_dst.v6.s6_addr32[2] +
hdr->extended_hdr.parsed_pkt.ip_dst.v6.s6_addr32[3] +
hdr->extended_hdr.parsed_pkt.ip_src.v6.s6_addr32[0] + hdr->extended_hdr.parsed_pkt.ip_src.v6.s6_addr32[1] +
hdr->extended_hdr.parsed_pkt.ip_src.v6.s6_addr32[2] + hdr->extended_hdr.parsed_pkt.ip_src.v6.s6_addr32[3] +
hdr->extended_hdr.parsed_pkt.ip_dst.v6.s6_addr32[0] + hdr->extended_hdr.parsed_pkt.ip_dst.v6.s6_addr32[1] +
hdr->extended_hdr.parsed_pkt.ip_dst.v6.s6_addr32[2] + hdr->extended_hdr.parsed_pkt.ip_dst.v6.s6_addr32[3] +
hdr->extended_hdr.parsed_pkt.l4_src_port + hdr->extended_hdr.parsed_pkt.l4_dst_port;
} else {
return hdr->extended_hdr.parsed_pkt.vlan_id + hdr->extended_hdr.parsed_pkt.tunnel.tunneled_proto +
@ -260,13 +255,12 @@ u_int32_t pfring_hash_pkt(struct pfring_pkthdr* hdr) {
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_ip_dst.v6.s6_addr32[1] +
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_ip_dst.v6.s6_addr32[2] +
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_ip_dst.v6.s6_addr32[3] +
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_l4_src_port +
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_l4_dst_port;
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_l4_src_port + hdr->extended_hdr.parsed_pkt.tunnel.tunneled_l4_dst_port;
}
}
#endif
static int __pfring_parse_tunneled_pkt(u_char* pkt, struct pfring_pkthdr* hdr, u_int16_t ip_version, u_int16_t tunnel_offset) {
u_int32_t ip_len = 0;
u_int32_t ip_len = 0;
u_int16_t fragment_offset = 0;
if (ip_version == 4 /* IPv4 */) {
@ -276,12 +270,12 @@ static int __pfring_parse_tunneled_pkt(u_char* pkt, struct pfring_pkthdr* hdr, u
tunneled_ip = (struct iphdr*)(&pkt[tunnel_offset]);
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_proto = tunneled_ip->protocol;
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_proto = tunneled_ip->protocol;
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_ip_src.v4 = ntohl(tunneled_ip->saddr);
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_ip_dst.v4 = ntohl(tunneled_ip->daddr);
fragment_offset = tunneled_ip->frag_off & htons(IP_OFFSET); /* fragment, but not the first */
ip_len = tunneled_ip->ihl * 4;
ip_len = tunneled_ip->ihl * 4;
tunnel_offset += ip_len;
} else if (ip_version == 6 /* IPv6 */) {
@ -294,10 +288,8 @@ static int __pfring_parse_tunneled_pkt(u_char* pkt, struct pfring_pkthdr* hdr, u
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_proto = tunneled_ipv6->nexthdr;
/* Values of IPv6 addresses are stored as network byte order */
memcpy(&hdr->extended_hdr.parsed_pkt.tunnel.tunneled_ip_src.v6, &tunneled_ipv6->saddr,
sizeof(tunneled_ipv6->saddr));
memcpy(&hdr->extended_hdr.parsed_pkt.tunnel.tunneled_ip_dst.v6, &tunneled_ipv6->daddr,
sizeof(tunneled_ipv6->daddr));
memcpy(&hdr->extended_hdr.parsed_pkt.tunnel.tunneled_ip_src.v6, &tunneled_ipv6->saddr, sizeof(tunneled_ipv6->saddr));
memcpy(&hdr->extended_hdr.parsed_pkt.tunnel.tunneled_ip_dst.v6, &tunneled_ipv6->daddr, sizeof(tunneled_ipv6->daddr));
ip_len = sizeof(struct kcompact_ipv6_hdr);
@ -308,8 +300,7 @@ static int __pfring_parse_tunneled_pkt(u_char* pkt, struct pfring_pkthdr* hdr, u
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_proto == NEXTHDR_FRAGMENT) {
struct kcompact_ipv6_opt_hdr* ipv6_opt;
if (hdr->caplen < tunnel_offset + ip_len + sizeof(struct kcompact_ipv6_opt_hdr))
return 1;
if (hdr->caplen < tunnel_offset + ip_len + sizeof(struct kcompact_ipv6_opt_hdr)) return 1;
ipv6_opt = (struct kcompact_ipv6_opt_hdr*)(&pkt[tunnel_offset + ip_len]);
ip_len += sizeof(struct kcompact_ipv6_opt_hdr);
@ -361,8 +352,8 @@ int fastnetmon_parse_pkt(unsigned char* pkt,
u_int8_t level /* L2..L4, 5 (tunnel) */,
u_int8_t add_timestamp /* 0,1 */,
u_int8_t add_hash /* 0,1 */) {
struct ethhdr* eh = (struct ethhdr*)pkt;
u_int32_t displ = 0, ip_len;
struct ethhdr* eh = (struct ethhdr*)pkt;
u_int32_t displ = 0, ip_len;
u_int16_t analyzed = 0, fragment_offset = 0;
hdr->extended_hdr.parsed_pkt.tunnel.tunnel_id = NO_TUNNEL_ID;
@ -377,10 +368,10 @@ int fastnetmon_parse_pkt(unsigned char* pkt,
memcpy(&hdr->extended_hdr.parsed_pkt.dmac, eh->h_dest, sizeof(eh->h_dest));
memcpy(&hdr->extended_hdr.parsed_pkt.smac, eh->h_source, sizeof(eh->h_source));
hdr->extended_hdr.parsed_pkt.eth_type = ntohs(eh->h_proto);
hdr->extended_hdr.parsed_pkt.offset.eth_offset = 0;
hdr->extended_hdr.parsed_pkt.eth_type = ntohs(eh->h_proto);
hdr->extended_hdr.parsed_pkt.offset.eth_offset = 0;
hdr->extended_hdr.parsed_pkt.offset.vlan_offset = 0;
hdr->extended_hdr.parsed_pkt.vlan_id = 0; /* Any VLAN */
hdr->extended_hdr.parsed_pkt.vlan_id = 0; /* Any VLAN */
if (hdr->extended_hdr.parsed_pkt.eth_type == 0x8100 /* 802.1q (VLAN) */) {
struct eth_vlan_hdr* vh;
@ -388,14 +379,13 @@ int fastnetmon_parse_pkt(unsigned char* pkt,
while (hdr->extended_hdr.parsed_pkt.eth_type == 0x8100 /* 802.1q (VLAN) */) {
hdr->extended_hdr.parsed_pkt.offset.vlan_offset += sizeof(struct eth_vlan_hdr);
vh = (struct eth_vlan_hdr*)&pkt[hdr->extended_hdr.parsed_pkt.offset.vlan_offset];
hdr->extended_hdr.parsed_pkt.vlan_id = ntohs(vh->h_vlan_id) & 0x0fff;
hdr->extended_hdr.parsed_pkt.vlan_id = ntohs(vh->h_vlan_id) & 0x0fff;
hdr->extended_hdr.parsed_pkt.eth_type = ntohs(vh->h_proto);
displ += sizeof(struct eth_vlan_hdr);
}
}
hdr->extended_hdr.parsed_pkt.offset.l3_offset =
hdr->extended_hdr.parsed_pkt.offset.eth_offset + displ + sizeof(struct ethhdr);
hdr->extended_hdr.parsed_pkt.offset.l3_offset = hdr->extended_hdr.parsed_pkt.offset.eth_offset + displ + sizeof(struct ethhdr);
L3:
@ -410,17 +400,16 @@ L3:
hdr->extended_hdr.parsed_pkt.ip_version = 4;
if (hdr->caplen < hdr->extended_hdr.parsed_pkt.offset.l3_offset + sizeof(struct iphdr))
goto TIMESTAMP;
if (hdr->caplen < hdr->extended_hdr.parsed_pkt.offset.l3_offset + sizeof(struct iphdr)) goto TIMESTAMP;
ip = (struct iphdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.l3_offset]);
hdr->extended_hdr.parsed_pkt.ipv4_src = ntohl(ip->saddr);
hdr->extended_hdr.parsed_pkt.ipv4_dst = ntohl(ip->daddr);
hdr->extended_hdr.parsed_pkt.l3_proto = ip->protocol;
hdr->extended_hdr.parsed_pkt.ipv4_tos = ip->tos;
fragment_offset = ip->frag_off & htons(IP_OFFSET); /* fragment, but not the first */
ip_len = ip->ihl * 4;
hdr->extended_hdr.parsed_pkt.ipv4_src = ntohl(ip->saddr);
hdr->extended_hdr.parsed_pkt.ipv4_dst = ntohl(ip->daddr);
hdr->extended_hdr.parsed_pkt.l3_proto = ip->protocol;
hdr->extended_hdr.parsed_pkt.ipv4_tos = ip->tos;
fragment_offset = ip->frag_off & htons(IP_OFFSET); /* fragment, but not the first */
ip_len = ip->ihl * 4;
hdr->extended_hdr.parsed_pkt.ip_total_size = ntohs(ip->tot_len);
// Parse fragmentation info:
// Very good examples about IPv4 flags: http://lwn.net/Articles/136319/
@ -429,7 +418,7 @@ L3:
hdr->extended_hdr.parsed_pkt.ip_ttl = ip->ttl;
int fast_frag_off = ntohs(ip->frag_off);
int fast_offset = (fast_frag_off & IP_OFFSET);
int fast_offset = (fast_frag_off & IP_OFFSET);
if (fast_frag_off & IP_MF) {
// printf("Packet with MF flag\n");
@ -449,7 +438,7 @@ L3:
if (hdr->caplen < hdr->extended_hdr.parsed_pkt.offset.l3_offset + sizeof(struct kcompact_ipv6_hdr))
goto TIMESTAMP;
ipv6 = (struct kcompact_ipv6_hdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.l3_offset]);
ipv6 = (struct kcompact_ipv6_hdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.l3_offset]);
ip_len = sizeof(struct kcompact_ipv6_hdr);
/* Values of IPv6 addresses are stored as network byte order */
@ -460,29 +449,23 @@ L3:
hdr->extended_hdr.parsed_pkt.ipv6_tos = ipv6->priority; /* IPv6 class of service */
/* Note: NEXTHDR_AUTH, NEXTHDR_ESP, NEXTHDR_IPV6, NEXTHDR_MOBILITY are not handled */
while (hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_HOP ||
hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_DEST ||
hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_ROUTING ||
hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_FRAGMENT) {
while (hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_HOP || hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_DEST ||
hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_ROUTING || hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_FRAGMENT) {
struct kcompact_ipv6_opt_hdr* ipv6_opt;
if (hdr->caplen < hdr->extended_hdr.parsed_pkt.offset.l3_offset + ip_len +
sizeof(struct kcompact_ipv6_opt_hdr))
if (hdr->caplen < hdr->extended_hdr.parsed_pkt.offset.l3_offset + ip_len + sizeof(struct kcompact_ipv6_opt_hdr))
goto TIMESTAMP;
ipv6_opt =
(struct kcompact_ipv6_opt_hdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.l3_offset + ip_len]);
ipv6_opt = (struct kcompact_ipv6_opt_hdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.l3_offset + ip_len]);
ip_len += sizeof(struct kcompact_ipv6_opt_hdr);
if (hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_HOP ||
hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_DEST ||
if (hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_HOP || hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_DEST ||
hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_ROUTING)
ip_len += ipv6_opt->hdrlen * 8;
hdr->extended_hdr.parsed_pkt.l3_proto = ipv6_opt->nexthdr;
}
if (hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_NONE)
hdr->extended_hdr.parsed_pkt.l3_proto = 0;
if (hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_NONE) hdr->extended_hdr.parsed_pkt.l3_proto = 0;
} else {
hdr->extended_hdr.parsed_pkt.l3_proto = 0;
goto TIMESTAMP;
@ -499,34 +482,30 @@ L4:
if (hdr->extended_hdr.parsed_pkt.l3_proto == IPPROTO_TCP) {
struct tcphdr* tcp;
if (hdr->caplen < hdr->extended_hdr.parsed_pkt.offset.l4_offset + sizeof(struct tcphdr))
goto TIMESTAMP;
if (hdr->caplen < hdr->extended_hdr.parsed_pkt.offset.l4_offset + sizeof(struct tcphdr)) goto TIMESTAMP;
tcp = (struct tcphdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.l4_offset]);
hdr->extended_hdr.parsed_pkt.l4_src_port = ntohs(tcp->source);
hdr->extended_hdr.parsed_pkt.l4_dst_port = ntohs(tcp->dest);
hdr->extended_hdr.parsed_pkt.offset.payload_offset =
hdr->extended_hdr.parsed_pkt.offset.l4_offset + (tcp->doff * 4);
hdr->extended_hdr.parsed_pkt.tcp.seq_num = ntohl(tcp->seq);
hdr->extended_hdr.parsed_pkt.tcp.ack_num = ntohl(tcp->ack_seq);
hdr->extended_hdr.parsed_pkt.tcp.flags =
(tcp->fin * TH_FIN_MULTIPLIER) + (tcp->syn * TH_SYN_MULTIPLIER) + (tcp->rst * TH_RST_MULTIPLIER) +
(tcp->psh * TH_PUSH_MULTIPLIER) + (tcp->ack * TH_ACK_MULTIPLIER) + (tcp->urg * TH_URG_MULTIPLIER);
hdr->extended_hdr.parsed_pkt.l4_src_port = ntohs(tcp->source);
hdr->extended_hdr.parsed_pkt.l4_dst_port = ntohs(tcp->dest);
hdr->extended_hdr.parsed_pkt.offset.payload_offset = hdr->extended_hdr.parsed_pkt.offset.l4_offset + (tcp->doff * 4);
hdr->extended_hdr.parsed_pkt.tcp.seq_num = ntohl(tcp->seq);
hdr->extended_hdr.parsed_pkt.tcp.ack_num = ntohl(tcp->ack_seq);
hdr->extended_hdr.parsed_pkt.tcp.flags = (tcp->fin * TH_FIN_MULTIPLIER) + (tcp->syn * TH_SYN_MULTIPLIER) +
(tcp->rst * TH_RST_MULTIPLIER) + (tcp->psh * TH_PUSH_MULTIPLIER) +
(tcp->ack * TH_ACK_MULTIPLIER) + (tcp->urg * TH_URG_MULTIPLIER);
analyzed = 4;
} else if (hdr->extended_hdr.parsed_pkt.l3_proto == IPPROTO_UDP) {
struct udphdr* udp;
if (hdr->caplen < hdr->extended_hdr.parsed_pkt.offset.l4_offset + sizeof(struct udphdr))
goto TIMESTAMP;
if (hdr->caplen < hdr->extended_hdr.parsed_pkt.offset.l4_offset + sizeof(struct udphdr)) goto TIMESTAMP;
udp = (struct udphdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.l4_offset]);
hdr->extended_hdr.parsed_pkt.l4_src_port = ntohs(udp->source),
hdr->extended_hdr.parsed_pkt.l4_dst_port = ntohs(udp->dest);
hdr->extended_hdr.parsed_pkt.offset.payload_offset =
hdr->extended_hdr.parsed_pkt.offset.l4_offset + sizeof(struct udphdr);
hdr->extended_hdr.parsed_pkt.offset.payload_offset = hdr->extended_hdr.parsed_pkt.offset.l4_offset + sizeof(struct udphdr);
analyzed = 4;
@ -543,7 +522,7 @@ L4:
if (hdr->caplen < (hdr->extended_hdr.parsed_pkt.offset.payload_offset + sizeof(struct gtp_v1_hdr)))
goto TIMESTAMP;
gtp = (struct gtp_v1_hdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.payload_offset]);
gtp = (struct gtp_v1_hdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.payload_offset]);
gtp_len = sizeof(struct gtp_v1_hdr);
if (((gtp->flags & GTP_FLAGS_VERSION) >> GTP_FLAGS_VERSION_SHIFT) == GTP_VERSION_1) {
@ -556,12 +535,10 @@ L4:
if (gtp->flags & (GTP_FLAGS_EXTENSION | GTP_FLAGS_SEQ_NUM | GTP_FLAGS_NPDU_NUM)) {
struct gtp_v1_opt_hdr* gtpopt;
if (hdr->caplen < (hdr->extended_hdr.parsed_pkt.offset.payload_offset +
gtp_len + sizeof(struct gtp_v1_opt_hdr)))
if (hdr->caplen < (hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len + sizeof(struct gtp_v1_opt_hdr)))
goto TIMESTAMP;
gtpopt =
(struct gtp_v1_opt_hdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len]);
gtpopt = (struct gtp_v1_opt_hdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len]);
gtp_len += sizeof(struct gtp_v1_opt_hdr);
if ((gtp->flags & GTP_FLAGS_EXTENSION) && gtpopt->next_ext_hdr) {
@ -569,31 +546,25 @@ L4:
u_int8_t* next_ext_hdr;
do {
if (hdr->caplen < (hdr->extended_hdr.parsed_pkt.offset.payload_offset +
gtp_len + 1 /* 8bit len field */))
if (hdr->caplen < (hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len + 1 /* 8bit len field */))
goto TIMESTAMP;
gtpext =
(struct gtp_v1_ext_hdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len]);
gtpext = (struct gtp_v1_ext_hdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len]);
gtp_len += (gtpext->len * GTP_EXT_HDR_LEN_UNIT_BYTES);
if (gtpext->len == 0 ||
hdr->caplen < (hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len))
if (gtpext->len == 0 || hdr->caplen < (hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len))
goto TIMESTAMP;
next_ext_hdr =
(u_int8_t*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len - 1 /* 8bit next_ext_hdr field*/]);
(u_int8_t*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len - 1 /* 8bit next_ext_hdr field*/]);
} while (*next_ext_hdr);
}
}
if (hdr->caplen < (hdr->extended_hdr.parsed_pkt.offset.payload_offset +
gtp_len + sizeof(struct iphdr)))
if (hdr->caplen < (hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len + sizeof(struct iphdr)))
goto TIMESTAMP;
tunneled_ip =
(struct iphdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len]);
tunneled_ip = (struct iphdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len]);
analyzed +=
__pfring_parse_tunneled_pkt(pkt, hdr, tunneled_ip->version,
hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len);
analyzed += __pfring_parse_tunneled_pkt(pkt, hdr, tunneled_ip->version,
hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len);
}
}
}
@ -602,23 +573,20 @@ L4:
int gre_offset;
gre->flags_and_version = ntohs(gre->flags_and_version);
gre->proto = ntohs(gre->proto);
gre->proto = ntohs(gre->proto);
gre_offset = sizeof(struct gre_header);
if ((gre->flags_and_version & GRE_HEADER_VERSION) == 0) {
if (gre->flags_and_version & (GRE_HEADER_CHECKSUM | GRE_HEADER_ROUTING))
gre_offset += 4;
if (gre->flags_and_version & (GRE_HEADER_CHECKSUM | GRE_HEADER_ROUTING)) gre_offset += 4;
if (gre->flags_and_version & GRE_HEADER_KEY) {
u_int32_t* tunnel_id =
(u_int32_t*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.l4_offset + gre_offset]);
u_int32_t* tunnel_id = (u_int32_t*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.l4_offset + gre_offset]);
gre_offset += 4;
hdr->extended_hdr.parsed_pkt.tunnel.tunnel_id = ntohl(*tunnel_id);
}
if (gre->flags_and_version & GRE_HEADER_SEQ_NUM) gre_offset += 4;
hdr->extended_hdr.parsed_pkt.offset.payload_offset =
hdr->extended_hdr.parsed_pkt.offset.l4_offset + gre_offset;
hdr->extended_hdr.parsed_pkt.offset.payload_offset = hdr->extended_hdr.parsed_pkt.offset.l4_offset + gre_offset;
analyzed = 4;
@ -641,8 +609,7 @@ TIMESTAMP:
if (add_timestamp && hdr->ts.tv_sec == 0)
gettimeofday(&hdr->ts, NULL); /* TODO What about using clock_gettime(CLOCK_REALTIME, ts) ? */
if (add_hash && hdr->extended_hdr.pkt_hash == 0)
hdr->extended_hdr.pkt_hash = pfring_hash_pkt(hdr);
if (add_hash && hdr->extended_hdr.pkt_hash == 0) hdr->extended_hdr.pkt_hash = pfring_hash_pkt(hdr);
return analyzed;
}
@ -656,30 +623,24 @@ int fastnetmon_print_parsed_pkt(char* buff, u_int buff_len, const u_char* p, con
etheraddr2string(h->extended_hdr.parsed_pkt.dmac, buf2));
if (h->extended_hdr.parsed_pkt.offset.vlan_offset)
buff_used +=
snprintf(&buff[buff_used], buff_len - buff_used, "[vlan %u] ", h->extended_hdr.parsed_pkt.vlan_id);
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[vlan %u] ", h->extended_hdr.parsed_pkt.vlan_id);
if (h->extended_hdr.parsed_pkt.eth_type == 0x0800 /* IPv4*/ ||
h->extended_hdr.parsed_pkt.eth_type == 0x86DD /* IPv6*/) {
if (h->extended_hdr.parsed_pkt.eth_type == 0x0800 /* IPv4*/ || h->extended_hdr.parsed_pkt.eth_type == 0x86DD /* IPv6*/) {
if (h->extended_hdr.parsed_pkt.eth_type == 0x0800 /* IPv4*/) {
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[IPv4][%s:%d ",
intoa(h->extended_hdr.parsed_pkt.ipv4_src),
h->extended_hdr.parsed_pkt.l4_src_port);
intoa(h->extended_hdr.parsed_pkt.ipv4_src), h->extended_hdr.parsed_pkt.l4_src_port);
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "-> %s:%d] ",
intoa(h->extended_hdr.parsed_pkt.ipv4_dst),
h->extended_hdr.parsed_pkt.l4_dst_port);
intoa(h->extended_hdr.parsed_pkt.ipv4_dst), h->extended_hdr.parsed_pkt.l4_dst_port);
} else {
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[IPv6][%s:%d ",
in6toa(h->extended_hdr.parsed_pkt.ipv6_src),
h->extended_hdr.parsed_pkt.l4_src_port);
in6toa(h->extended_hdr.parsed_pkt.ipv6_src), h->extended_hdr.parsed_pkt.l4_src_port);
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "-> %s:%d] ",
in6toa(h->extended_hdr.parsed_pkt.ipv6_dst),
h->extended_hdr.parsed_pkt.l4_dst_port);
in6toa(h->extended_hdr.parsed_pkt.ipv6_dst), h->extended_hdr.parsed_pkt.l4_dst_port);
}
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[l3_proto=%s]",
proto2str(h->extended_hdr.parsed_pkt.l3_proto));
buff_used +=
snprintf(&buff[buff_used], buff_len - buff_used, "[l3_proto=%s]", proto2str(h->extended_hdr.parsed_pkt.l3_proto));
if (h->extended_hdr.parsed_pkt.tunnel.tunnel_id != NO_TUNNEL_ID) {
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[TEID=0x%08X][tunneled_proto=%s]",
@ -703,8 +664,7 @@ int fastnetmon_print_parsed_pkt(char* buff, u_int buff_len, const u_char* p, con
}
}
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[ip_fragmented: %d]",
h->extended_hdr.parsed_pkt.ip_fragmented);
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[ip_fragmented: %d]", h->extended_hdr.parsed_pkt.ip_fragmented);
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[hash=%u][tos=%d][tcp_seq_num=%u]",
h->extended_hdr.pkt_hash, h->extended_hdr.parsed_pkt.ipv4_tos,
@ -713,28 +673,24 @@ int fastnetmon_print_parsed_pkt(char* buff, u_int buff_len, const u_char* p, con
} else if (h->extended_hdr.parsed_pkt.eth_type == 0x0806 /* ARP */) {
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[ARP]");
if (buff_len >= h->extended_hdr.parsed_pkt.offset.l3_offset + 30) {
buff_used +=
snprintf(&buff[buff_used], buff_len - buff_used, "[Sender=%s/%s]",
etheraddr2string(&p[h->extended_hdr.parsed_pkt.offset.l3_offset + 8], buf1),
intoa(ntohl(*((u_int32_t*)&p[h->extended_hdr.parsed_pkt.offset.l3_offset + 14]))));
buff_used +=
snprintf(&buff[buff_used], buff_len - buff_used, "[Target=%s/%s]",
etheraddr2string(&p[h->extended_hdr.parsed_pkt.offset.l3_offset + 18], buf2),
intoa(ntohl(*((u_int32_t*)&p[h->extended_hdr.parsed_pkt.offset.l3_offset + 24]))));
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[Sender=%s/%s]",
etheraddr2string(&p[h->extended_hdr.parsed_pkt.offset.l3_offset + 8], buf1),
intoa(ntohl(*((u_int32_t*)&p[h->extended_hdr.parsed_pkt.offset.l3_offset + 14]))));
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[Target=%s/%s]",
etheraddr2string(&p[h->extended_hdr.parsed_pkt.offset.l3_offset + 18], buf2),
intoa(ntohl(*((u_int32_t*)&p[h->extended_hdr.parsed_pkt.offset.l3_offset + 24]))));
}
} else {
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[eth_type=0x%04X]",
h->extended_hdr.parsed_pkt.eth_type);
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[eth_type=0x%04X]", h->extended_hdr.parsed_pkt.eth_type);
}
buff_used +=
snprintf(&buff[buff_used], buff_len - buff_used,
" [caplen=%d][len=%d][parsed_header_len=%d]["
"eth_offset=%d][l3_offset=%d][l4_offset=%d]["
"payload_offset=%d]\n",
h->caplen, h->len, h->extended_hdr.parsed_header_len,
h->extended_hdr.parsed_pkt.offset.eth_offset, h->extended_hdr.parsed_pkt.offset.l3_offset,
h->extended_hdr.parsed_pkt.offset.l4_offset, h->extended_hdr.parsed_pkt.offset.payload_offset);
buff_used += snprintf(&buff[buff_used], buff_len - buff_used,
" [caplen=%d][len=%d][parsed_header_len=%d]["
"eth_offset=%d][l3_offset=%d][l4_offset=%d]["
"payload_offset=%d]\n",
h->caplen, h->len, h->extended_hdr.parsed_header_len,
h->extended_hdr.parsed_pkt.offset.eth_offset, h->extended_hdr.parsed_pkt.offset.l3_offset,
h->extended_hdr.parsed_pkt.offset.l4_offset, h->extended_hdr.parsed_pkt.offset.payload_offset);
return buff_used;
}
@ -776,12 +732,12 @@ char* _intoa(unsigned int addr, char* buf, u_short bufLen) {
u_int byte;
int n;
cp = &buf[bufLen];
cp = &buf[bufLen];
*--cp = '\0';
n = 4;
do {
byte = addr & 0xff;
byte = addr & 0xff;
*--cp = byte % 10 + '0';
byte /= 10;
if (byte > 0) {

15
src/fastnetmon_pcap_format.cpp
View File

@ -11,8 +11,7 @@ int pcap_reader(const char* pcap_file_path, pcap_packet_parser_callback pcap_par
}
struct fastnetmon_pcap_file_header pcap_header;
ssize_t file_header_readed_bytes =
read(filedesc, &pcap_header, sizeof(struct fastnetmon_pcap_file_header));
ssize_t file_header_readed_bytes = read(filedesc, &pcap_header, sizeof(struct fastnetmon_pcap_file_header));
if (file_header_readed_bytes != sizeof(struct fastnetmon_pcap_file_header)) {
printf("Can't read pcap file header");
@ -33,8 +32,7 @@ int pcap_reader(const char* pcap_file_path, pcap_packet_parser_callback pcap_par
while (1) {
// printf("Start packet %d processing\n", read_packets);
struct fastnetmon_pcap_pkthdr pcap_packet_header;
ssize_t packet_header_readed_bytes =
read(filedesc, &pcap_packet_header, sizeof(struct fastnetmon_pcap_pkthdr));
ssize_t packet_header_readed_bytes = read(filedesc, &pcap_packet_header, sizeof(struct fastnetmon_pcap_pkthdr));
if (packet_header_readed_bytes != sizeof(struct fastnetmon_pcap_pkthdr)) {
// We haven't any packets
@ -56,8 +54,7 @@ int pcap_reader(const char* pcap_file_path, pcap_packet_parser_callback pcap_par
}
// printf("packet payload read\n");
pcap_parse_packet_function_ptr(packet_buffer, pcap_packet_header.orig_len,
pcap_packet_header.incl_len);
pcap_parse_packet_function_ptr(packet_buffer, pcap_packet_header.orig_len, pcap_packet_header.incl_len);
// printf("Process packet %d\n", read_packets);
read_packets++;
@ -69,11 +66,11 @@ int pcap_reader(const char* pcap_file_path, pcap_packet_parser_callback pcap_par
}
bool fill_pcap_header(struct fastnetmon_pcap_file_header* pcap_header, bpf_u_int32 snap_length) {
pcap_header->magic = 0xa1b2c3d4;
pcap_header->magic = 0xa1b2c3d4;
pcap_header->version_major = 2;
pcap_header->version_minor = 4;
pcap_header->thiszone = 0;
pcap_header->sigfigs = 0;
pcap_header->thiszone = 0;
pcap_header->sigfigs = 0;
// TODO: fix this!!!
pcap_header->snaplen = snap_length;
// http://www.tcpdump.org/linktypes.html

1
src/fastnetmon_plugin.h
View File

@ -14,4 +14,3 @@
// Get log4cpp logger from main programm
extern log4cpp::Category& logger;

11
src/fastnetmon_simple_packet.h
View File

@ -11,12 +11,12 @@ enum source_t { UNKNOWN = 0, MIRROR = 1, SFLOW = 2, NETFLOW = 3, TERAFLOW = 4 };
class simple_packet_t {
public:
simple_packet_t()
: sample_ratio(1), src_ip(0), dst_ip(0), source_port(0), destination_port(0), protocol(0),
length(0), flags(0), number_of_packets(1), ip_fragmented(false), ip_protocol_version(4),
ttl(0), packet_payload_pointer(NULL), packet_payload_length(0), packet_direction(OTHER) {
: sample_ratio(1), src_ip(0), dst_ip(0), source_port(0), destination_port(0), protocol(0), length(0), flags(0),
number_of_packets(1), ip_fragmented(false), ip_protocol_version(4), ttl(0), packet_payload_pointer(NULL),
packet_payload_length(0), packet_direction(OTHER) {
ts.tv_usec = 0;
ts.tv_sec = 0;
ts.tv_sec = 0;
}
// Source plugin for this traffic type
source_t source = UNKNOWN;
@ -49,7 +49,7 @@ class simple_packet_t {
uint8_t flags; /* tcp flags */
bool ip_fragmented; /* If IP packet fragmented */
bool ip_dont_fragment = false; /* If IP has don't fragment flag */
bool ip_dont_fragment = false; /* If IP has don't fragment flag */
struct timeval ts;
void* packet_payload_pointer;
@ -70,4 +70,3 @@ class simple_packet_t {
// IP address of device which send this flow
uint32_t agent_ip_address = 0;
};

67
src/fastnetmon_tests.cpp
View File

@ -59,16 +59,14 @@ TEST(BgpFlowSpec, packet_length) {
TEST(BgpFlowSpec, source_subnet) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.set_source_subnet(
convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
exabgp_rule.set_source_subnet(convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
EXPECT_EQ(exabgp_rule.serialize_source_subnet(), "source 4.0.0.0/24;");
}
TEST(BgpFlowSpec, destination_subnet) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.set_destination_subnet(
convert_subnet_from_string_to_binary_with_cidr_format("77.0.0.0/24"));
exabgp_rule.set_destination_subnet(convert_subnet_from_string_to_binary_with_cidr_format("77.0.0.0/24"));
EXPECT_EQ(exabgp_rule.serialize_destination_subnet(), "destination 77.0.0.0/24;");
}
@ -201,10 +199,8 @@ TEST(BgpFlowSpec, serialize_match_first) {
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_IS_A_FRAGMENT);
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_DONT_FRAGMENT);
exabgp_rule.set_destination_subnet(
convert_subnet_from_string_to_binary_with_cidr_format("127.0.0.0/24"));
exabgp_rule.set_source_subnet(
convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
exabgp_rule.set_destination_subnet(convert_subnet_from_string_to_binary_with_cidr_format("127.0.0.0/24"));
exabgp_rule.set_source_subnet(convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
// Disable indentation
exabgp_rule.disable_indents();
@ -247,10 +243,8 @@ TEST(BgpFlowSpec, serialize_signle_line) {
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_IS_A_FRAGMENT);
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_DONT_FRAGMENT);
exabgp_rule.set_destination_subnet(
convert_subnet_from_string_to_binary_with_cidr_format("127.0.0.0/24"));
exabgp_rule.set_source_subnet(
convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
exabgp_rule.set_destination_subnet(convert_subnet_from_string_to_binary_with_cidr_format("127.0.0.0/24"));
exabgp_rule.set_source_subnet(convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
exabgp_rule.set_action(my_action);
@ -277,10 +271,8 @@ TEST(BgpFlowSpec, serialize_whole_single_line_form) {
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_IS_A_FRAGMENT);
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_DONT_FRAGMENT);
exabgp_rule.set_destination_subnet(
convert_subnet_from_string_to_binary_with_cidr_format("127.0.0.0/24"));
exabgp_rule.set_source_subnet(
convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
exabgp_rule.set_destination_subnet(convert_subnet_from_string_to_binary_with_cidr_format("127.0.0.0/24"));
exabgp_rule.set_source_subnet(convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
exabgp_rule.set_action(my_action);
@ -304,10 +296,8 @@ TEST(BgpFlowSpec, serialize_with_real_exabgp) {
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_IS_A_FRAGMENT);
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_DONT_FRAGMENT);
exabgp_rule.set_destination_subnet(
convert_subnet_from_string_to_binary_with_cidr_format("127.0.0.0/24"));
exabgp_rule.set_source_subnet(
convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
exabgp_rule.set_destination_subnet(convert_subnet_from_string_to_binary_with_cidr_format("127.0.0.0/24"));
exabgp_rule.set_source_subnet(convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
exabgp_rule.set_action(my_action);
@ -322,8 +312,7 @@ TEST(BgpFlowSpec, serialize_with_real_exabgp) {
config_file.close();
}
int system_ret_code =
system("/usr/src/exabgp/sbin/exabgp --test /tmp/exabgp_test_config.conf 2>/dev/null");
int system_ret_code = system("/usr/src/exabgp/sbin/exabgp --test /tmp/exabgp_test_config.conf 2>/dev/null");
EXPECT_EQ(system_ret_code, 0);
}
@ -437,24 +426,22 @@ TEST(patricia, positive_lookup_ipv6_prefix) {
TEST(serialize_attack_description, blank_attack) {
attack_details current_attack;
std::string result = serialize_attack_description(current_attack);
EXPECT_EQ(
result,
"Attack type: unknown\nInitial attack power: 0 packets per second\nPeak attack power: 0 "
"packets per second\nAttack direction: other\nAttack protocol: unknown\nTotal incoming "
"traffic: 0 mbps\nTotal outgoing traffic: 0 mbps\nTotal incoming pps: 0 packets per "
"second\nTotal outgoing pps: 0 packets per second\nTotal incoming flows: 0 flows per "
"second\nTotal outgoing flows: 0 flows per second\nAverage incoming traffic: 0 mbps\nAverage "
"outgoing traffic: 0 mbps\nAverage incoming pps: 0 packets per second\nAverage outgoing pps: 0 "
"packets per second\nAverage incoming flows: 0 flows per second\nAverage outgoing flows: 0 "
"flows per second\nIncoming ip fragmented traffic: 0 mbps\nOutgoing ip fragmented traffic: 0 "
"mbps\nIncoming ip fragmented pps: 0 packets per second\nOutgoing ip fragmented pps: 0 packets "
"per second\nIncoming tcp traffic: 0 mbps\nOutgoing tcp traffic: 0 mbps\nIncoming tcp pps: 0 "
"packets per second\nOutgoing tcp pps: 0 packets per second\nIncoming syn tcp traffic: 0 "
"mbps\nOutgoing syn tcp traffic: 0 mbps\nIncoming syn tcp pps: 0 packets per second\nOutgoing "
"syn tcp pps: 0 packets per second\nIncoming udp traffic: 0 mbps\nOutgoing udp traffic: 0 "
"mbps\nIncoming udp pps: 0 packets per second\nOutgoing udp pps: 0 packets per "
"second\nIncoming icmp traffic: 0 mbps\nOutgoing icmp traffic: 0 mbps\nIncoming icmp pps: 0 "
"packets per second\nOutgoing icmp pps: 0 packets per second\n");
EXPECT_EQ(result, "Attack type: unknown\nInitial attack power: 0 packets per second\nPeak attack power: 0 "
"packets per second\nAttack direction: other\nAttack protocol: unknown\nTotal incoming "
"traffic: 0 mbps\nTotal outgoing traffic: 0 mbps\nTotal incoming pps: 0 packets per "
"second\nTotal outgoing pps: 0 packets per second\nTotal incoming flows: 0 flows per "
"second\nTotal outgoing flows: 0 flows per second\nAverage incoming traffic: 0 mbps\nAverage "
"outgoing traffic: 0 mbps\nAverage incoming pps: 0 packets per second\nAverage outgoing pps: 0 "
"packets per second\nAverage incoming flows: 0 flows per second\nAverage outgoing flows: 0 "
"flows per second\nIncoming ip fragmented traffic: 0 mbps\nOutgoing ip fragmented traffic: 0 "
"mbps\nIncoming ip fragmented pps: 0 packets per second\nOutgoing ip fragmented pps: 0 packets "
"per second\nIncoming tcp traffic: 0 mbps\nOutgoing tcp traffic: 0 mbps\nIncoming tcp pps: 0 "
"packets per second\nOutgoing tcp pps: 0 packets per second\nIncoming syn tcp traffic: 0 "
"mbps\nOutgoing syn tcp traffic: 0 mbps\nIncoming syn tcp pps: 0 packets per second\nOutgoing "
"syn tcp pps: 0 packets per second\nIncoming udp traffic: 0 mbps\nOutgoing udp traffic: 0 "
"mbps\nIncoming udp pps: 0 packets per second\nOutgoing udp pps: 0 packets per "
"second\nIncoming icmp traffic: 0 mbps\nOutgoing icmp traffic: 0 mbps\nIncoming icmp pps: 0 "
"packets per second\nOutgoing icmp pps: 0 packets per second\n");
}
TEST(serialize_attack_description_to_json, blank_attack) {

39
src/fastnetmon_types.h
View File

@ -6,9 +6,9 @@
#include <sys/time.h> // struct timeval
#include <utility> // std::pair
#include <unordered_map>
#include <map>
#include <string>
#include <unordered_map>
#include <vector>
#include "packet_storage.h"
@ -79,7 +79,7 @@ template <typename T> class TrafficComparatorClass {
public:
TrafficComparatorClass(direction_t sort_direction, sort_type_t sort_field) {
this->sort_field = sort_field;
this->sort_field = sort_field;
this->sort_direction = sort_direction;
}
@ -115,12 +115,10 @@ template <typename T> class TrafficComparatorClass {
};
class logging_configuration_t {
public:
logging_configuration_t()
: filesystem_logging(true), local_syslog_logging(false), remote_syslog_logging(false),
remote_syslog_port(0) {
: filesystem_logging(true), local_syslog_logging(false), remote_syslog_logging(false), remote_syslog_port(0) {
}
bool filesystem_logging;
std::string filesystem_logging_path;
@ -141,20 +139,20 @@ typedef void (*process_packet_pointer)(simple_packet_t&);
// Attack types
enum attack_type_t {
ATTACK_UNKNOWN = 1,
ATTACK_SYN_FLOOD = 2,
ATTACK_ICMP_FLOOD = 3,
ATTACK_UDP_FLOOD = 4,
ATTACK_UNKNOWN = 1,
ATTACK_SYN_FLOOD = 2,
ATTACK_ICMP_FLOOD = 3,
ATTACK_UDP_FLOOD = 4,
ATTACK_IP_FRAGMENTATION_FLOOD = 5,
};
// Amplification types
enum amplification_attack_type_t {
AMPLIFICATION_ATTACK_UNKNOWN = 1,
AMPLIFICATION_ATTACK_DNS = 2,
AMPLIFICATION_ATTACK_NTP = 3,
AMPLIFICATION_ATTACK_SSDP = 4,
AMPLIFICATION_ATTACK_SNMP = 5,
AMPLIFICATION_ATTACK_DNS = 2,
AMPLIFICATION_ATTACK_NTP = 3,
AMPLIFICATION_ATTACK_SSDP = 4,
AMPLIFICATION_ATTACK_SNMP = 5,
AMPLIFICATION_ATTACK_CHARGEN = 6,
};
@ -175,9 +173,9 @@ class total_counter_element_t {
class attack_details_t : public map_element_t {
public:
attack_details_t()
: attack_protocol(0), attack_power(0), max_attack_power(0), average_in_bytes(0),
average_out_bytes(0), average_in_packets(0), average_out_packets(0), average_in_flows(0),
average_out_flows(0), ban_time(0), attack_direction(OTHER), unban_enabled(true) {
: attack_protocol(0), attack_power(0), max_attack_power(0), average_in_bytes(0), average_out_bytes(0),
average_in_packets(0), average_out_packets(0), average_in_flows(0), average_out_flows(0), ban_time(0),
attack_direction(OTHER), unban_enabled(true) {
customer_network.subnet_address = 0;
customer_network.cidr_prefix_length = 0;
@ -284,12 +282,11 @@ class ban_settings_t {
public:
ban_settings_t()
: enable_ban(false), enable_ban_ipv6(false), enable_ban_for_pps(false), enable_ban_for_bandwidth(false),
enable_ban_for_flows_per_second(false), enable_ban_for_tcp_pps(false),
enable_ban_for_tcp_bandwidth(false), enable_ban_for_udp_pps(false),
enable_ban_for_udp_bandwidth(false), enable_ban_for_icmp_pps(false),
enable_ban_for_flows_per_second(false), enable_ban_for_tcp_pps(false), enable_ban_for_tcp_bandwidth(false),
enable_ban_for_udp_pps(false), enable_ban_for_udp_bandwidth(false), enable_ban_for_icmp_pps(false),
enable_ban_for_icmp_bandwidth(false), ban_threshold_tcp_mbps(0), ban_threshold_tcp_pps(0),
ban_threshold_udp_mbps(0), ban_threshold_udp_pps(0), ban_threshold_icmp_mbps(0),
ban_threshold_icmp_pps(0), ban_threshold_mbps(0), ban_threshold_flows(0), ban_threshold_pps(0) {
ban_threshold_udp_mbps(0), ban_threshold_udp_pps(0), ban_threshold_icmp_mbps(0), ban_threshold_icmp_pps(0),
ban_threshold_mbps(0), ban_threshold_flows(0), ban_threshold_pps(0) {
}
bool enable_ban;
bool enable_ban_ipv6;

1
src/fixed_size_packet_storage.hpp
View File

@ -42,4 +42,3 @@ class fixed_size_packet_storage_t {
// Packet itself. Let's zeroify packet payload
uint8_t packet_payload[2048] = {};
};

4
src/ipfix_rfc.cpp
View File

@ -14,12 +14,12 @@ unsigned int ipfix_information_element_t::get_length() {
}
ipfix_information_element_t::ipfix_information_element_t(std::string name, unsigned int length) {
this->name = name;
this->name = name;
this->length = length;
}
ipfix_information_element_t::ipfix_information_element_t() {
this->name = std::string("");
this->name = std::string("");
this->length = 0;
}

1060
src/libpatricia/patricia.c
View File

File diff suppressed because it is too large Load Diff

157
src/libpatricia/patricia.h
View File

@ -24,9 +24,9 @@ extern "C" {
/* typedef unsigned int u_int; */
typedef void (*void_fn_t)();
/* { from defs.h */
#define prefix_touchar(prefix) ((u_char *)&(prefix)->add.sin)
#define prefix_touchar(prefix) ((u_char*)&(prefix)->add.sin)
#define MAXLINE 1024
#define BIT_TEST(f, b) ((f) & (b))
#define BIT_TEST(f, b) ((f) & (b))
/* } */
#define addroute make_and_lookup
@ -35,10 +35,10 @@ typedef void (*void_fn_t)();
#include <errno.h> /* for EAFNOSUPPORT */
#ifndef EAFNOSUPPORT
# defined EAFNOSUPPORT WSAEAFNOSUPPORT
# include <winsock.h>
#defined EAFNOSUPPORT WSAEAFNOSUPPORT
#include <winsock.h>
#else
# include <netinet/in.h> /* for struct in_addr */
#include <netinet/in.h> /* for struct in_addr */
#endif
#include <sys/socket.h> /* for AF_INET */
@ -46,20 +46,20 @@ typedef void (*void_fn_t)();
/* { from mrt.h */
typedef struct _prefix4_t {
u_short family; /* AF_INET | AF_INET6 */
u_short bitlen; /* same as mask? */
int ref_count; /* reference count */
u_short family; /* AF_INET | AF_INET6 */
u_short bitlen; /* same as mask? */
int ref_count; /* reference count */
struct in_addr sin;
} prefix4_t;
typedef struct _prefix_t {
u_short family; /* AF_INET | AF_INET6 */
u_short bitlen; /* same as mask? */
int ref_count; /* reference count */
u_short family; /* AF_INET | AF_INET6 */
u_short bitlen; /* same as mask? */
int ref_count; /* reference count */
union {
struct in_addr sin;
struct in_addr sin;
#ifdef HAVE_IPV6
struct in6_addr sin6;
struct in6_addr sin6;
#endif /* IPV6 */
} add;
} prefix_t;
@ -67,94 +67,93 @@ typedef struct _prefix_t {
/* } */
typedef struct _patricia_node_t {
u_int bit; /* flag if this node used */
prefix_t *prefix; /* who we are in patricia tree */
struct _patricia_node_t *l, *r; /* left and right children */
struct _patricia_node_t *parent;/* may be used */
void *data; /* pointer to data */
void *user1; /* pointer to usr data (ex. route flap info) */
u_int bit; /* flag if this node used */
prefix_t* prefix; /* who we are in patricia tree */
struct _patricia_node_t *l, *r; /* left and right children */
struct _patricia_node_t* parent; /* may be used */
void* data; /* pointer to data */
void* user1; /* pointer to usr data (ex. route flap info) */
} patricia_node_t;
typedef struct _patricia_tree_t {
patricia_node_t *head;
u_int maxbits; /* for IP, 32 bit addresses */
int num_active_node; /* for debug purpose */
patricia_node_t* head;
u_int maxbits; /* for IP, 32 bit addresses */
int num_active_node; /* for debug purpose */
} patricia_tree_t;
patricia_node_t *patricia_search_exact (patricia_tree_t *patricia, prefix_t *prefix);
patricia_node_t *patricia_search_best (patricia_tree_t *patricia, prefix_t *prefix);
patricia_node_t * patricia_search_best2 (patricia_tree_t *patricia, prefix_t *prefix,
int inclusive);
patricia_node_t *patricia_lookup (patricia_tree_t *patricia, prefix_t *prefix);
void patricia_remove (patricia_tree_t *patricia, patricia_node_t *node);
patricia_tree_t *New_Patricia (int maxbits);
void Clear_Patricia (patricia_tree_t *patricia, void_fn_t func);
void Destroy_Patricia (patricia_tree_t *patricia, void_fn_t func);
patricia_node_t* patricia_search_exact(patricia_tree_t* patricia, prefix_t* prefix);
patricia_node_t* patricia_search_best(patricia_tree_t* patricia, prefix_t* prefix);
patricia_node_t* patricia_search_best2(patricia_tree_t* patricia, prefix_t* prefix, int inclusive);
patricia_node_t* patricia_lookup(patricia_tree_t* patricia, prefix_t* prefix);
void patricia_remove(patricia_tree_t* patricia, patricia_node_t* node);
patricia_tree_t* New_Patricia(int maxbits);
void Clear_Patricia(patricia_tree_t* patricia, void_fn_t func);
void Destroy_Patricia(patricia_tree_t* patricia, void_fn_t func);
void patricia_process (patricia_tree_t *patricia, void_fn_t func);
void patricia_process(patricia_tree_t* patricia, void_fn_t func);
char *prefix_toa (prefix_t * prefix);
char* prefix_toa(prefix_t* prefix);
/* { from demo.c */
prefix_t *
ascii2prefix (int family, char *string);
prefix_t* ascii2prefix(int family, char* string);
patricia_node_t *
make_and_lookup (patricia_tree_t *tree, char *string);
patricia_node_t* make_and_lookup(patricia_tree_t* tree, char* string);
patricia_node_t *
make_and_lookup_ipv6 (patricia_tree_t *tree, char *string);
patricia_node_t* make_and_lookup_ipv6(patricia_tree_t* tree, char* string);
/* } */
#define PATRICIA_MAXBITS (sizeof(struct in6_addr) * 8)
#define PATRICIA_NBIT(x) (0x80 >> ((x) & 0x7f))
#define PATRICIA_NBYTE(x) ((x) >> 3)
#define PATRICIA_MAXBITS (sizeof(struct in6_addr) * 8)
#define PATRICIA_NBIT(x) (0x80 >> ((x)&0x7f))
#define PATRICIA_NBYTE(x) ((x) >> 3)
#define PATRICIA_DATA_GET(node, type) (type *)((node)->data)
#define PATRICIA_DATA_SET(node, value) ((node)->data = (void *)(value))
#define PATRICIA_DATA_GET(node, type) (type*)((node)->data)
#define PATRICIA_DATA_SET(node, value) ((node)->data = (void*)(value))
#define PATRICIA_WALK(Xhead, Xnode) \
do { \
patricia_node_t *Xstack[PATRICIA_MAXBITS+1]; \
patricia_node_t **Xsp = Xstack; \
patricia_node_t *Xrn = (Xhead); \
while ((Xnode = Xrn)) { \
#define PATRICIA_WALK(Xhead, Xnode) \
do { \
patricia_node_t* Xstack[PATRICIA_MAXBITS + 1]; \
patricia_node_t** Xsp = Xstack; \
patricia_node_t* Xrn = (Xhead); \
while ((Xnode = Xrn)) { \
if (Xnode->prefix)
#define PATRICIA_WALK_ALL(Xhead, Xnode) \
do { \
patricia_node_t *Xstack[PATRICIA_MAXBITS+1]; \
patricia_node_t **Xsp = Xstack; \
patricia_node_t *Xrn = (Xhead); \
while ((Xnode = Xrn)) { \
if (1)
#define PATRICIA_WALK_ALL(Xhead, Xnode) \
do { \
patricia_node_t* Xstack[PATRICIA_MAXBITS + 1]; \
patricia_node_t** Xsp = Xstack; \
patricia_node_t* Xrn = (Xhead); \
while ((Xnode = Xrn)) { \
if (1)
#define PATRICIA_WALK_BREAK { \
if (Xsp != Xstack) { \
Xrn = *(--Xsp); \
} else { \
Xrn = (patricia_node_t *) 0; \
} \
continue; }
#define PATRICIA_WALK_BREAK \
{ \
if (Xsp != Xstack) { \
Xrn = *(--Xsp); \
} else { \
Xrn = (patricia_node_t*)0; \
} \
continue; \
}
#define PATRICIA_WALK_END \
if (Xrn->l) { \
if (Xrn->r) { \
*Xsp++ = Xrn->r; \
} \
Xrn = Xrn->l; \
} else if (Xrn->r) { \
Xrn = Xrn->r; \
} else if (Xsp != Xstack) { \
Xrn = *(--Xsp); \
} else { \
Xrn = (patricia_node_t *) 0; \
} \
} \
} while (0)
#define PATRICIA_WALK_END \
if (Xrn->l) { \
if (Xrn->r) { \
*Xsp++ = Xrn->r; \
} \
Xrn = Xrn->l; \
} else if (Xrn->r) { \
Xrn = Xrn->r; \
} else if (Xsp != Xstack) { \
Xrn = *(--Xsp); \
} else { \
Xrn = (patricia_node_t*)0; \
} \
} \
} \
while (0)
#endif /* PATRICIA_H */

18
src/libsflow/libsflow.cpp
View File

@ -127,11 +127,11 @@ bool get_records(vector_tuple_t& vector_tuple,
int32_t element_length = get_int_value_by_32bit_shift(flow_record_start, 1);
// sFlow v5 standard does not constrain size of each sample but
// we need to apply some reasonable limits on this value to avoid possible integer overflows in boundary checks code below
// and I've decided to limit sample size by maximum UDP packet size
// we need to apply some reasonable limits on this value to avoid possible integer overflows in boundary checks
// code below and I've decided to limit sample size by maximum UDP packet size
if (element_length > max_udp_packet_size) {
logger << log4cpp::Priority::ERROR << sflow_parser_log_prefix << "Element length " << element_length
<< " exceeds maximum allowed size: " << max_udp_packet_size;
<< " exceeds maximum allowed size: " << max_udp_packet_size;
return false;
}
@ -190,11 +190,11 @@ bool get_all_samples(vector_sample_tuple_t& vector_sample,
int32_t sample_length = get_int_value_by_32bit_shift(sample_start, 1);
// sFlow v5 standard does not constrain size of each sample but
// we need to apply some reasonable limits on this value to avoid possible integer overflows in boundary checks code below
// and I've decided to limit sample size by maximum UDP packet size
// we need to apply some reasonable limits on this value to avoid possible integer overflows in boundary checks
// code below and I've decided to limit sample size by maximum UDP packet size
if (sample_length > max_udp_packet_size) {
logger << log4cpp::Priority::ERROR << sflow_parser_log_prefix << "Sample length " << sample_length
<< " exceeds maximum allowed size: " << max_udp_packet_size;
<< " exceeds maximum allowed size: " << max_udp_packet_size;
return false;
}
@ -260,11 +260,11 @@ bool get_all_counter_records(counter_record_sample_vector_t& counter_record_samp
uint32_t record_length = get_int_value_by_32bit_shift(record_start, 1);
// sFlow v5 standard does not constrain size of each sample but
// we need to apply some reasonable limits on this value to avoid possible integer overflows in boundary checks code below
// and I've decided to limit sample size by maximum UDP packet size
// we need to apply some reasonable limits on this value to avoid possible integer overflows in boundary checks
// code below and I've decided to limit sample size by maximum UDP packet size
if (record_length > max_udp_packet_size) {
logger << log4cpp::Priority::ERROR << sflow_parser_log_prefix << "Record length " << record_length
<< " exceeds maximum allowed size: " << max_udp_packet_size;
<< " exceeds maximum allowed size: " << max_udp_packet_size;
return false;
}

1
src/map_element.hpp
View File

@ -116,4 +116,3 @@ class map_element_t {
ar& BOOST_SERIALIZATION_NVP(out_flows);
}
};

26
src/metrics/graphite.cpp
View File

@ -1,8 +1,8 @@
#include "graphite.hpp"
#include "../fastnetmon_types.h"
#include "../fast_library.h"
#include "../fastnetmon_types.h"
#include <vector>
@ -70,8 +70,8 @@ bool push_hosts_traffic_counters_to_graphite() {
direction_as_string = "outgoing";
}
std::string graphite_current_prefix = graphite_prefix + ".hosts." +
ip_as_string_with_dash_delimiters + "." + direction_as_string;
std::string graphite_current_prefix =
graphite_prefix + ".hosts." + ip_as_string_with_dash_delimiters + "." + direction_as_string;
if (print_average_traffic_counts) {
graphite_current_prefix = graphite_current_prefix + ".average";
@ -115,8 +115,8 @@ bool push_hosts_traffic_counters_to_graphite() {
bool graphite_put_result = store_data_to_graphite(graphite_port, graphite_host, graphite_data);
if (!graphite_put_result) {
logger << log4cpp::Priority::ERROR << "Can't store host load data to Graphite server "
<< graphite_host << " port: " << graphite_port;
logger << log4cpp::Priority::ERROR << "Can't store host load data to Graphite server " << graphite_host
<< " port: " << graphite_port;
return false;
}
}
@ -146,19 +146,17 @@ bool push_total_traffic_counters_to_graphite() {
flow_counter_for_this_direction = outgoing_total_flows_speed;
}
graphite_data[graphite_prefix + ".total." + direction_as_string + ".flows"] =
flow_counter_for_this_direction;
graphite_data[graphite_prefix + ".total." + direction_as_string + ".flows"] = flow_counter_for_this_direction;
}
graphite_data[graphite_prefix + ".total." + direction_as_string + ".pps"] = speed_in_pps;
graphite_data[graphite_prefix + ".total." + direction_as_string + ".bps"] =
speed_in_bps * 8;
graphite_data[graphite_prefix + ".total." + direction_as_string + ".bps"] = speed_in_bps * 8;
bool graphite_put_result = store_data_to_graphite(graphite_port, graphite_host, graphite_data);
if (!graphite_put_result) {
logger << log4cpp::Priority::ERROR << "Can't store total load data to Graphite server "
<< graphite_host << " port: " << graphite_port;
logger << log4cpp::Priority::ERROR << "Can't store total load data to Graphite server " << graphite_host
<< " port: " << graphite_port;
;
return false;
}
@ -194,8 +192,8 @@ bool push_network_traffic_counters_to_graphite() {
bool graphite_put_result = store_data_to_graphite(graphite_port, graphite_host, graphite_data);
if (!graphite_put_result) {
logger << log4cpp::Priority::ERROR << "Can't store network load data to Graphite server "
<< graphite_host << " port: " << graphite_port;
logger << log4cpp::Priority::ERROR << "Can't store network load data to Graphite server " << graphite_host
<< " port: " << graphite_port;
return false;
}
@ -203,7 +201,6 @@ bool push_network_traffic_counters_to_graphite() {
}
// This thread pushes speed counters to graphite
void graphite_push_thread() {
// Sleep for a half second for shift against calculatiuon thread
@ -233,4 +230,3 @@ void graphite_push_thread() {
<< " sec " << graphite_thread_execution_time.tv_usec << " microseconds\n";
}
}

1
src/metrics/graphite.hpp
View File

@ -4,4 +4,3 @@ void graphite_push_thread();
bool push_total_traffic_counters_to_graphite();
bool push_network_traffic_counters_to_graphite();
bool push_hosts_traffic_counters_to_graphite();

24
src/metrics/influxdb.cpp
View File

@ -1,8 +1,8 @@
#include "influxdb.hpp"
#include "../fastnetmon_types.h"
#include "../fast_library.h"
#include "../abstract_subnet_counters.hpp"
#include "../fast_library.h"
#include "../fastnetmon_types.h"
#include "../all_logcpp_libraries.h"
@ -77,7 +77,6 @@ bool push_system_counters_to_influxdb(std::string influx_database,
}
// Push total traffic counters to InfluxDB
bool push_total_traffic_counters_to_influxdb(std::string influx_database,
std::string influx_host,
@ -170,7 +169,8 @@ void influxdb_push_thread() {
}
// First of all push total counters to InfluxDB
push_total_traffic_counters_to_influxdb(influxdb_database, current_influxdb_ip_address, std::to_string(influxdb_port), influxdb_auth, influxdb_user,
push_total_traffic_counters_to_influxdb(influxdb_database, current_influxdb_ip_address,
std::to_string(influxdb_port), influxdb_auth, influxdb_user,
influxdb_password, "total_traffic", total_speed_average_counters, false);
// Push per subnet counters to InfluxDB
@ -178,20 +178,20 @@ void influxdb_push_thread() {
influxdb_auth, influxdb_user, influxdb_password);
// Push per host counters to InfluxDB
push_hosts_traffic_counters_to_influxdb(influxdb_database, current_influxdb_ip_address, std::to_string(influxdb_port), influxdb_auth,
influxdb_user, influxdb_password);
push_hosts_traffic_counters_to_influxdb(influxdb_database, current_influxdb_ip_address, std::to_string(influxdb_port),
influxdb_auth, influxdb_user, influxdb_password);
push_system_counters_to_influxdb(influxdb_database, current_influxdb_ip_address, std::to_string(influxdb_port), influxdb_auth,
influxdb_user, influxdb_password);
push_system_counters_to_influxdb(influxdb_database, current_influxdb_ip_address, std::to_string(influxdb_port),
influxdb_auth, influxdb_user, influxdb_password);
// Push per host IPv6 counters to InfluxDB
push_hosts_ipv6_traffic_counters_to_influxdb(influxdb_database, current_influxdb_ip_address, std::to_string(influxdb_port),
influxdb_auth, influxdb_user, influxdb_password);
// Push total IPv6 counters
push_total_traffic_counters_to_influxdb(influxdb_database, current_influxdb_ip_address, std::to_string(influxdb_port),
influxdb_auth, influxdb_user, influxdb_password, "total_traffic_ipv6",
total_speed_average_counters_ipv6, true);
push_total_traffic_counters_to_influxdb(influxdb_database, current_influxdb_ip_address,
std::to_string(influxdb_port), influxdb_auth, influxdb_user, influxdb_password,
"total_traffic_ipv6", total_speed_average_counters_ipv6, true);
}
}
@ -474,5 +474,3 @@ std::string craft_line_for_influxdb_line_protocol(uint64_t unix_timestamp_nanose
return buffer.str();
}

27
src/metrics/influxdb.hpp
View File

@ -12,7 +12,7 @@ bool push_system_counters_to_influxdb(std::string influx_database,
std::string influx_user,
std::string influx_password);
bool push_total_traffic_counters_to_influxdb(std::string influx_database,
bool push_total_traffic_counters_to_influxdb(std::string influx_database,
std::string influx_host,
std::string influx_port,
bool enable_auth,
@ -22,32 +22,32 @@ bool push_system_counters_to_influxdb(std::string influx_database,
total_counter_element_t total_speed_average_counters_param[4],
bool ipv6);
void send_grafana_alert(std::string title, std::string text, std::vector<std::string>& tags) ;
void send_grafana_alert(std::string title, std::string text, std::vector<std::string>& tags);
void influxdb_push_thread();
void influxdb_push_thread();
bool push_hosts_ipv6_traffic_counters_to_influxdb(std::string influx_database,
bool push_hosts_ipv6_traffic_counters_to_influxdb(std::string influx_database,
std::string influx_host,
std::string influx_port,
bool enable_auth,
std::string influx_user,
std::string influx_password);
bool push_hosts_traffic_counters_to_influxdb(std::string influx_database,
bool push_hosts_traffic_counters_to_influxdb(std::string influx_database,
std::string influx_host,
std::string influx_port,
bool enable_auth,
std::string influx_user,
std::string influx_password) ;
std::string influx_password);
bool push_hostgroup_traffic_counters_to_influxdb(std::string influx_database,
bool push_hostgroup_traffic_counters_to_influxdb(std::string influx_database,
std::string influx_host,
std::string influx_port,
bool enable_auth,
std::string influx_user,
std::string influx_password);
bool write_batch_of_data_to_influxdb(std::string influx_database,
bool write_batch_of_data_to_influxdb(std::string influx_database,
std::string influx_host,
std::string influx_port,
bool enable_auth,
@ -58,7 +58,7 @@ bool push_system_counters_to_influxdb(std::string influx_database,
std::vector<std::pair<std::string, std::map<std::string, uint64_t>>>& hosts_vector);
bool push_network_traffic_counters_to_influxdb(std::string influx_database,
bool push_network_traffic_counters_to_influxdb(std::string influx_database,
std::string influx_host,
std::string influx_port,
bool enable_auth,
@ -77,16 +77,15 @@ bool write_line_of_data_to_influxdb(std::string influx_database,
std::map<std::string, std::string>& tags,
std::map<std::string, uint64_t>& plain_total_counters_map);
void fill_per_protocol_countres_for_influxdb(const map_element_t* current_speed_element, std::map<std::string, uint64_t>& plain_total_counters_map);
void fill_per_protocol_countres_for_influxdb(const map_element_t* current_speed_element,
std::map<std::string, uint64_t>& plain_total_counters_map);
void fill_main_counters_for_influxdb(const map_element_t* current_speed_element,
std::map<std::string, uint64_t>& plain_total_counters_map,
bool populate_flow);
std::map<std::string, uint64_t>& plain_total_counters_map,
bool populate_flow);
// Prepare string to insert data into InfluxDB
std::string craft_line_for_influxdb_line_protocol(uint64_t unix_timestamp_nanoseconds,
std::string measurement,
std::map<std::string, std::string>& tags,
std::map<std::string, uint64_t>& plain_total_counters_map);

24
src/netflow_plugin/netflow.hpp
View File

@ -31,12 +31,12 @@ enum class netflow9_template_type { Unknown, Data, Options };
/* A record in a NetFlow v9 template record */
class peer_nf9_record_t {
public:
uint32_t record_type = 0;
uint32_t record_length = 0;
uint32_t record_type = 0;
uint32_t record_length = 0;
peer_nf9_record_t(uint32_t record_type, uint32_t record_length) {
this->record_type = record_type;
this->record_length = record_length;
this->record_type = record_type;
this->record_length = record_length;
}
// We created custom constructor but I still want to have default with no arguments
@ -260,21 +260,21 @@ class __attribute__((__packed__)) nf9_data_flowset_header_t {
class __attribute__((__packed__)) nf10_header_t {
public:
nf_header_common_t c;
uint32_t time_sec = 0;
uint32_t time_sec = 0;
uint32_t package_sequence = 0;
uint32_t source_id = 0;
uint32_t source_id = 0;
};
class __attribute__((__packed__)) nf10_flowset_header_common_t {
public:
uint16_t flowset_id = 0;
uint16_t length = 0;
uint16_t length = 0;
};
class __attribute__((__packed__)) nf10_template_flowset_header_t {
public:
uint16_t template_id = 0;
uint16_t count = 0;
uint16_t count = 0;
};
class __attribute__((__packed__)) nf10_template_flowset_record_t {
@ -340,13 +340,13 @@ class __attribute__((__packed__)) nf10_data_flowset_header_t {
class __attribute__((__packed__)) ipfix_options_header_common_t {
public:
uint16_t flowset_id = 0;
uint16_t length = 0;
uint16_t length = 0;
};
class __attribute__((__packed__)) ipfix_options_header_t {
public:
uint16_t template_id = 0;
uint16_t field_count = 0;
uint16_t template_id = 0;
uint16_t field_count = 0;
uint16_t scope_field_count = 0;
};
@ -354,7 +354,7 @@ class __attribute__((__packed__)) ipfix_options_header_t {
class __attribute__((__packed__)) nf9_options_header_common_t {
public:
uint16_t flowset_id = 0;
uint16_t length = 0;
uint16_t length = 0;
};

64
src/netflow_plugin/netflow_collector.cpp
View File

@ -10,8 +10,8 @@
#include <fstream>
#include <map>
#include <vector>
#include <mutex>
#include <vector>
#include "../fast_library.h"
#include "../ipfix_rfc.h"
@ -273,10 +273,17 @@ class netflow_meta_info_t {
bool nested_packet_parsed = false;
};
int nf9_rec_to_flow(uint32_t record_type, uint32_t record_length, uint8_t* data, simple_packet_t& packet, std::vector<peer_nf9_record_t> & template_records, netflow_meta_info_t& flow_meta);
int nf9_rec_to_flow(uint32_t record_type,
uint32_t record_length,
uint8_t* data,
simple_packet_t& packet,
std::vector<peer_nf9_record_t>& template_records,
netflow_meta_info_t& flow_meta);
peer_nf9_template*
peer_find_template(global_template_storage_t& table_for_lookup, uint32_t source_id, uint32_t template_id, std::string client_addres_in_string_format) {
peer_nf9_template* peer_find_template(global_template_storage_t& table_for_lookup,
uint32_t source_id,
uint32_t template_id,
std::string client_addres_in_string_format) {
// We use source_id for distinguish multiple netflow agents with same IP
std::string key = client_addres_in_string_format + "_" + std::to_string(source_id);
@ -368,8 +375,8 @@ bool process_netflow_v9_options_template(uint8_t* pkt, size_t len, uint32_t sour
uint32_t record_length = fast_ntoh(tmplr->length);
peer_nf9_record_t current_record;
current_record.record_type = record_type;
current_record.record_length = record_length;
current_record.record_type = record_type;
current_record.record_length = record_length;
template_records_map.push_back(current_record);
@ -604,12 +611,12 @@ bool process_netflow_v10_template(uint8_t* pkt, size_t len, uint32_t source_id,
}
nf10_template_flowset_record_t* tmplr = (nf10_template_flowset_record_t*)(pkt + offset);
uint32_t record_type = ntohs(tmplr->type);
uint32_t record_length = ntohs(tmplr->length);
uint32_t record_type = ntohs(tmplr->type);
uint32_t record_length = ntohs(tmplr->length);
peer_nf9_record_t current_record;
current_record.record_type = record_type;
current_record.record_length = record_length;
current_record.record_type = record_type;
current_record.record_length = record_length;
template_records_map.push_back(current_record);
@ -687,8 +694,8 @@ bool process_netflow_v9_template(uint8_t* pkt, size_t len, uint32_t source_id, c
uint32_t record_length = ntohs(tmplr->length);
peer_nf9_record_t current_record;
current_record.record_type = record_type;
current_record.record_length = record_length;
current_record.record_type = record_type;
current_record.record_length = record_length;
template_records_map.push_back(current_record);
@ -993,9 +1000,8 @@ int nf9_rec_to_flow(uint32_t record_type, uint32_t record_length, uint8_t* data,
full_packet_length = flow_meta.data_link_frame_size;
}
auto result = parse_raw_packet_to_simple_packet_full_ng( (u_char*)(data), full_packet_length,
record_length, flow_meta.nested_packet, read_packet_length_from_ip_header
);
auto result = parse_raw_packet_to_simple_packet_full_ng((u_char*)(data), full_packet_length, record_length,
flow_meta.nested_packet, read_packet_length_from_ip_header);
if (result != network_data_stuctures::parser_code_t::success) {
// Cannot decode data
@ -1188,7 +1194,7 @@ bool nf10_rec_to_flow(uint32_t record_type, uint32_t record_length, uint8_t* dat
}
}
break;
break;
}
return true;
@ -1267,7 +1273,12 @@ bool nf10_options_flowset_to_store(uint8_t* pkt, size_t len, nf10_header_t* nf10
}
// We should rewrite nf9_flowset_to_store accroding to fixes here
void nf10_flowset_to_store(uint8_t* pkt, size_t len, nf10_header_t* nf10_hdr, peer_nf9_template* field_template, uint32_t client_ipv4_address, const std::string& client_addres_in_string_format) {
void nf10_flowset_to_store(uint8_t* pkt,
size_t len,
nf10_header_t* nf10_hdr,
peer_nf9_template* field_template,
uint32_t client_ipv4_address,
const std::string& client_addres_in_string_format) {
uint32_t offset = 0;
if (len < field_template->total_len) {
@ -1392,7 +1403,8 @@ void nf9_options_flowset_to_store(uint8_t* pkt, size_t len, nf9_header_t* nf9_hd
// Cisco ASR1000
if (elem.record_type == FLOW_SAMPLER_RANDOM_INTERVAL) {
// Check supported length
if (elem.record_length == FLOW_SAMPLER_RANDOM_INTERVAL_LENGTH or elem.record_length == FLOW_SAMPLER_RANDOM_INTERVAL_LENGTH_ASR1000) {
if (elem.record_length == FLOW_SAMPLER_RANDOM_INTERVAL_LENGTH or
elem.record_length == FLOW_SAMPLER_RANDOM_INTERVAL_LENGTH_ASR1000) {
bool result = be_copy_function(data_shift, (uint8_t*)&sampling_rate, sizeof(sampling_rate), elem.record_length);
if (!result) {
@ -1658,11 +1670,11 @@ void nf9_flowset_to_store(uint8_t* pkt,
}
bool process_netflow_v10_data(uint8_t* pkt,
size_t len,
nf10_header_t* nf10_hdr,
uint32_t source_id,
const std::string& client_addres_in_string_format,
uint32_t client_ipv4_address) {
size_t len,
nf10_header_t* nf10_hdr,
uint32_t source_id,
const std::string& client_addres_in_string_format,
uint32_t client_ipv4_address) {
nf10_data_flowset_header_t* dath = (nf10_data_flowset_header_t*)pkt;
@ -1885,7 +1897,7 @@ bool process_netflow_packet_v10(uint8_t* packet, uint32_t len, const std::string
ipfix_data_packet_number++;
if (!process_netflow_v10_data(packet + offset, flowset_len, nf10_hdr, source_id,
client_addres_in_string_format, client_ipv4_address)) {
client_addres_in_string_format, client_ipv4_address)) {
return false;
}
@ -1924,7 +1936,7 @@ bool process_netflow_packet_v9(uint8_t* packet, uint32_t len, std::string& clien
uint32_t source_id = ntohl(nf9_hdr->source_id);
// logger<< log4cpp::Priority::INFO<<"Template source id: "<<source_id;
uint32_t offset = sizeof(*nf9_hdr);
uint32_t offset = sizeof(*nf9_hdr);
// logger<< log4cpp::Priority::INFO<< "Total flowsets " << flowset_count_total;
@ -2183,7 +2195,7 @@ void start_netflow_collection(process_packet_pointer func_ptr) {
std::vector<unsigned int> netflow_ports;
for (auto port: ports_for_listen) {
for (auto port : ports_for_listen) {
unsigned int netflow_port = convert_string_to_integer(port);
if (netflow_port == 0) {

38
src/netmap_plugin/netmap_collector.cpp
View File

@ -76,11 +76,11 @@ int receive_packets(struct netmap_ring* ring, int thread_number) {
u_int cur, rx, n;
cur = ring->cur;
n = nm_ring_space(ring);
n = nm_ring_space(ring);
for (rx = 0; rx < n; rx++) {
struct netmap_slot* slot = &ring->slot[cur];
char* p = NETMAP_BUF(ring, slot->buf_idx);
char* p = NETMAP_BUF(ring, slot->buf_idx);
// process data
consume_pkt((u_char*)p, slot->len, thread_number);
@ -117,7 +117,7 @@ void receiver(std::string interface_for_listening) {
base_nmd.nr_tx_rings = base_nmd.nr_rx_rings = 0;
base_nmd.nr_tx_slots = base_nmd.nr_rx_slots = 0;
std::string interface = "";
std::string interface = "";
std::string system_interface_name = "";
// If we haven't netmap: prefix in interface name we will append it
if (interface_for_listening.find("netmap:") == std::string::npos) {
@ -145,10 +145,8 @@ void receiver(std::string interface_for_listening) {
return;
}
logger.info("Mapped %dKB memory at %p", netmap_descriptor->req.nr_memsize >> 10,
netmap_descriptor->mem);
logger.info("We have %d tx and %d rx rings", netmap_descriptor->req.nr_tx_rings,
netmap_descriptor->req.nr_rx_rings);
logger.info("Mapped %dKB memory at %p", netmap_descriptor->req.nr_memsize >> 10, netmap_descriptor->mem);
logger.info("We have %d tx and %d rx rings", netmap_descriptor->req.nr_tx_rings, netmap_descriptor->req.nr_rx_rings);
if (num_cpus > netmap_descriptor->req.nr_rx_rings) {
num_cpus = netmap_descriptor->req.nr_rx_rings;
@ -180,22 +178,20 @@ void receiver(std::string interface_for_listening) {
logger.error("Ooops, main descriptor should be with NR_REG_ALL_NIC flag");
}
nmd.req.nr_flags = NR_REG_ONE_NIC;
nmd.req.nr_flags = NR_REG_ONE_NIC;
nmd.req.nr_ringid = i;
/* Only touch one of the rings (rx is already ok) */
nmd_flags |= NETMAP_NO_TX_POLL;
struct nm_desc* new_nmd =
nm_open(interface.c_str(), NULL, nmd_flags | NM_OPEN_IFNAME | NM_OPEN_NO_MMAP, &nmd);
struct nm_desc* new_nmd = nm_open(interface.c_str(), NULL, nmd_flags | NM_OPEN_IFNAME | NM_OPEN_NO_MMAP, &nmd);
if (new_nmd == NULL) {
logger.error("Can't open netmap descriptor for netmap per hardware queue thread");
return;
}
logger.info("My first ring is %d and last ring id is %d I'm thread %d",
new_nmd->first_rx_ring, new_nmd->last_rx_ring, i);
logger.info("My first ring is %d and last ring id is %d I'm thread %d", new_nmd->first_rx_ring, new_nmd->last_rx_ring, i);
/*
@ -209,8 +205,7 @@ void receiver(std::string interface_for_listening) {
// Well, we have thread attributes from Boost 1.50
#if defined(BOOST_THREAD_PLATFORM_PTHREAD) && BOOST_VERSION / 100 % 1000 >= 50 && \
!defined(__APPLE__) && defined(__GLIBC__)
#if defined(BOOST_THREAD_PLATFORM_PTHREAD) && BOOST_VERSION / 100 % 1000 >= 50 && !defined(__APPLE__) && defined(__GLIBC__)
/* Bind to certain core */
boost::thread::attributes thread_attrs;
@ -225,8 +220,7 @@ void receiver(std::string interface_for_listening) {
logger.info("I will bind this thread to logical CPU: %d", cpu_to_bind);
int set_affinity_result =
pthread_attr_setaffinity_np(thread_attrs.native_handle(), sizeof(cpu_set_t), &current_cpu_set);
int set_affinity_result = pthread_attr_setaffinity_np(thread_attrs.native_handle(), sizeof(cpu_set_t), &current_cpu_set);
if (set_affinity_result != 0) {
logger.error("Can't specify CPU affinity for netmap thread");
@ -234,8 +228,7 @@ void receiver(std::string interface_for_listening) {
}
// Start thread and pass netmap descriptor to it
packet_receiver_thread_group.add_thread(
new boost::thread(thread_attrs, boost::bind(netmap_thread, new_nmd, i)));
packet_receiver_thread_group.add_thread(new boost::thread(thread_attrs, boost::bind(netmap_thread, new_nmd, i)));
#else
logger.error("Sorry but CPU affinity did not supported for your platform");
packet_receiver_thread_group.add_thread(new boost::thread(netmap_thread, new_nmd, i));
@ -250,11 +243,11 @@ void netmap_thread(struct nm_desc* netmap_descriptor, int thread_number) {
struct nm_pkthdr h;
u_char* buf;
struct pollfd fds;
fds.fd = netmap_descriptor->fd; // NETMAP_FD(netmap_descriptor);
fds.fd = netmap_descriptor->fd; // NETMAP_FD(netmap_descriptor);
fds.events = POLLIN;
struct netmap_ring* rxring = NULL;
struct netmap_if* nifp = netmap_descriptor->nifp;
struct netmap_if* nifp = netmap_descriptor->nifp;
// printf("Reading from fd %d thread id: %d", netmap_descriptor->fd, thread_number);
@ -304,13 +297,12 @@ void start_netmap_collection(process_packet_pointer func_ptr) {
}
if (configuration_map.count("netmap_sampling_ratio") != 0) {
netmap_sampling_ratio =
convert_string_to_integer(configuration_map["netmap_sampling_ratio"]);
netmap_sampling_ratio = convert_string_to_integer(configuration_map["netmap_sampling_ratio"]);
}
if (configuration_map.count("netmap_read_packet_length_from_ip_header") != 0) {
netmap_read_packet_length_from_ip_header =
configuration_map["netmap_read_packet_length_from_ip_header"] == "on";
configuration_map["netmap_read_packet_length_from_ip_header"] == "on";
}
std::vector<std::string> interfaces_for_listen;

3
src/netmap_plugin/netmap_includes/net/netmap_legacy.h
View File

@ -202,8 +202,7 @@ struct nmreq {
#undef _IO // ws2def.h
#define _WIN_NM_IOCTL_TYPE 40000
#define _IO(_c, _n) CTL_CODE(_WIN_NM_IOCTL_TYPE, ((_n) + 0x800), METHOD_BUFFERED, FILE_ANY_ACCESS)
#define _IO_direct(_c, _n) \
CTL_CODE(_WIN_NM_IOCTL_TYPE, ((_n) + 0x800), METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
#define _IO_direct(_c, _n) CTL_CODE(_WIN_NM_IOCTL_TYPE, ((_n) + 0x800), METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
#define _IOWR(_c, _n, _s) _IO(_c, _n)

2
src/network_data_structures.hpp
View File

@ -14,7 +14,7 @@
* TODO:
* Add strict type check for ntohl/ntohs and ntonl/htons
*
*/
*/
#include <arpa/inet.h> // ntohs, ntohl

9
src/packet_bucket.h
View File

@ -101,15 +101,15 @@ template <typename TemplateKeyType> class packet_buckets_storage_t {
if (buffers_maximum_capacity == 0) {
// In this case we mark this bucket as already collected to trigger immediate detection without tpacket capture
new_packet_bucket.we_could_receive_new_data = false;
new_packet_bucket.we_could_receive_new_data = false;
new_packet_bucket.we_collected_full_buffer_least_once = true;
new_packet_bucket.collection_finished_time = std::chrono::system_clock::now();
new_packet_bucket.collection_finished_time = std::chrono::system_clock::now();
} else {
new_packet_bucket.we_could_receive_new_data = true;
}
new_packet_bucket.collection_pattern = collection_pattern;
new_packet_bucket.attack_details = attack_details;
new_packet_bucket.collection_pattern = collection_pattern;
new_packet_bucket.attack_details = attack_details;
packet_buckets_map[client_ip] = new_packet_bucket;
@ -213,4 +213,3 @@ template <typename TemplateKeyType> class packet_buckets_storage_t {
std::mutex packet_buckets_map_mutex;
std::map<TemplateKeyType, packet_bucket_t> packet_buckets_map;
};

1
src/packet_storage.h
View File

@ -136,4 +136,3 @@ class packet_storage_t {
// We should not store packets with incl_len exceeding this value
unsigned int max_captured_packet_size;
};

12
src/pcap_plugin/pcap_collector.cpp
View File

@ -120,7 +120,7 @@ void parse_packet(u_char* user, struct pcap_pkthdr* packethdr, const u_char* pac
#if defined(__FreeBSD__) || defined(__APPLE__) || defined(__DragonFly__) || defined(__OpenBSD__)
current_packet.source_port = ntohs(tcphdr->th_sport);
#else
current_packet.source_port = ntohs(tcphdr->source);
current_packet.source_port = ntohs(tcphdr->source);
#endif
#if defined(__FreeBSD__) || defined(__APPLE__) || defined(__DragonFly__) || defined(__OpenBSD__)
@ -135,7 +135,7 @@ void parse_packet(u_char* user, struct pcap_pkthdr* packethdr, const u_char* pac
#if defined(__FreeBSD__) || defined(__APPLE__) || defined(__DragonFly__) || defined(__OpenBSD__)
current_packet.source_port = ntohs(udphdr->uh_sport);
#else
current_packet.source_port = ntohs(udphdr->source);
current_packet.source_port = ntohs(udphdr->source);
#endif
#if defined(__FreeBSD__) || defined(__APPLE__) || defined(__DragonFly__) || defined(__OpenBSD__)
@ -146,15 +146,15 @@ void parse_packet(u_char* user, struct pcap_pkthdr* packethdr, const u_char* pac
break;
case IPPROTO_ICMP:
// there are no port for ICMP
current_packet.source_port = 0;
current_packet.source_port = 0;
current_packet.destination_port = 0;
break;
}
current_packet.protocol = iphdr->ip_p;
current_packet.src_ip = src_ip;
current_packet.dst_ip = dst_ip;
current_packet.length = packet_length;
current_packet.src_ip = src_ip;
current_packet.dst_ip = dst_ip;
current_packet.length = packet_length;
// Do packet processing
pcap_process_func_ptr(current_packet);

18
src/pcap_reader.cpp
View File

@ -45,11 +45,11 @@ log4cpp::Category& logger = log4cpp::Category::getRoot();
uint64_t total_unparsed_packets = 0;
uint64_t dns_amplification_packets = 0;
uint64_t ntp_amplification_packets = 0;
uint64_t dns_amplification_packets = 0;
uint64_t ntp_amplification_packets = 0;
uint64_t ssdp_amplification_packets = 0;
uint64_t raw_parsed_packets = 0;
uint64_t raw_parsed_packets = 0;
uint64_t raw_unparsed_packets = 0;
/* It's prototype for moc testing of FastNetMon, it's very useful for netflow or direct packet
@ -81,7 +81,7 @@ char* flow_type = NULL;
void pcap_parse_packet(char* buffer, uint32_t len, uint32_t snap_len) {
struct pfring_pkthdr packet_header;
memset(&packet_header, 0, sizeof(packet_header));
packet_header.len = len;
packet_header.len = len;
packet_header.caplen = snap_len;
fastnetmon_parse_pkt((u_char*)buffer, &packet_header, 4, 1, 0);
@ -111,8 +111,8 @@ void pcap_parse_packet(char* buffer, uint32_t len, uint32_t snap_len) {
SFSample sample;
memset(&sample, 0, sizeof(sample));
sample.rawSample = (uint8_t*)payload_ptr;
sample.rawSampleLen = payload_length;
sample.rawSample = (uint8_t*)payload_ptr;
sample.rawSampleLen = payload_length;
sample.sourceIP.type = SFLADDRESSTYPE_IP_V4;
read_sflow_datagram(&sample);
@ -121,15 +121,15 @@ void pcap_parse_packet(char* buffer, uint32_t len, uint32_t snap_len) {
struct pfring_pkthdr raw_packet_header;
memset(&raw_packet_header, 0, sizeof(raw_packet_header));
raw_packet_header.len = len;
raw_packet_header.len = len;
raw_packet_header.caplen = snap_len;
int parser_return_code = fastnetmon_parse_pkt((u_char*)buffer, &raw_packet_header, 4, 1, 0);
// We are not interested so much in l2 data and we interested only in l3 data here and more
if (parser_return_code < 3) {
printf("Parser failed for with code %d following packet with number %llu\n",
parser_return_code, raw_unparsed_packets + raw_parsed_packets);
printf("Parser failed for with code %d following packet with number %llu\n", parser_return_code,
raw_unparsed_packets + raw_parsed_packets);
raw_unparsed_packets++;
} else {
raw_parsed_packets++;

9
src/plugin_runner.cpp
View File

@ -68,11 +68,11 @@ void init_logging() {
void process_packet(simple_packet& current_packet) {
std::cout << print_simple_packet(current_packet);
#ifdef DO_SUBNET_LOOKUP
unsigned long subnet = 0;
unsigned long subnet = 0;
unsigned int subnet_cidr_mask = 0;
direction packet_direction = get_packet_direction(lookup_tree, current_packet.src_ip,
current_packet.dst_ip, subnet, subnet_cidr_mask);
direction packet_direction =
get_packet_direction(lookup_tree, current_packet.src_ip, current_packet.dst_ip, subnet, subnet_cidr_mask);
std::cout << "direction: " << get_direction_name(packet_direction) << std::endl;
#endif
}
@ -109,8 +109,7 @@ int main(int argc, char* argv[]) {
std::vector<std::string> network_list_from_config = read_file_to_vector("/etc/networks_list");
for (std::vector<std::string>::iterator ii = network_list_from_config.begin();
ii != network_list_from_config.end(); ++ii) {
for (std::vector<std::string>::iterator ii = network_list_from_config.begin(); ii != network_list_from_config.end(); ++ii) {
std::string network_address_in_cidr_form = *ii;
make_and_lookup(lookup_tree, const_cast<char*>(network_address_in_cidr_form.c_str()));

46
src/sflow_plugin/sflow_collector.cpp
View File

@ -113,15 +113,15 @@ void start_sflow_collection(process_packet_pointer func_ptr) {
std::vector<unsigned int> sflow_ports;
for (auto port_string: sflow_ports_for_listen) {
for (auto port_string : sflow_ports_for_listen) {
unsigned int sflow_port = convert_string_to_integer(port_string);
if (sflow_port == 0) {
logger << log4cpp::Priority::ERROR << plugin_log_prefix << "Cannot parse port: " << port_string;
continue;
}
if (sflow_port == 0) {
logger << log4cpp::Priority::ERROR << plugin_log_prefix << "Cannot parse port: " << port_string;
continue;
}
sflow_ports.push_back(sflow_port);
sflow_ports.push_back(sflow_port);
}
if (sflow_ports.size() == 0) {
@ -129,13 +129,11 @@ void start_sflow_collection(process_packet_pointer func_ptr) {
return;
}
logger << log4cpp::Priority::INFO << plugin_log_prefix << "We parsed "
<< sflow_ports.size() << " ports for sflow";
logger << log4cpp::Priority::INFO << plugin_log_prefix << "We parsed " << sflow_ports.size() << " ports for sflow";
boost::thread_group sflow_collector_threads;
logger << log4cpp::Priority::INFO << plugin_log_prefix << "We will listen on "
<< sflow_ports.size() << " ports";
logger << log4cpp::Priority::INFO << plugin_log_prefix << "We will listen on " << sflow_ports.size() << " ports";
std::string sflow_host;
@ -144,13 +142,11 @@ void start_sflow_collection(process_packet_pointer func_ptr) {
}
if (configuration_map.count("sflow_read_packet_length_from_ip_header") != 0) {
sflow_read_packet_length_from_ip_header =
configuration_map["sflow_read_packet_length_from_ip_header"] == "on";
sflow_read_packet_length_from_ip_header = configuration_map["sflow_read_packet_length_from_ip_header"] == "on";
}
for (auto sflow_port: sflow_ports) {
sflow_collector_threads.add_thread(
new boost::thread(start_sflow_collector, sflow_host, sflow_port));
for (auto sflow_port : sflow_ports) {
sflow_collector_threads.add_thread(new boost::thread(start_sflow_collector, sflow_host, sflow_port));
}
sflow_collector_threads.join_all();
@ -306,19 +302,19 @@ bool process_sflow_flow_sample(uint8_t* data_pointer,
uint8_t* header_payload_pointer = payload_ptr + sizeof(sflow_raw_protocol_header_t);
// We could enable this new parser for testing purposes
auto result = parse_raw_packet_to_simple_packet_full_ng(header_payload_pointer,
sflow_raw_protocol_header.frame_length_before_sampling,
sflow_raw_protocol_header.header_size, packet,
sflow_read_packet_length_from_ip_header);
// We could enable this new parser for testing purposes
auto result = parse_raw_packet_to_simple_packet_full_ng(header_payload_pointer,
sflow_raw_protocol_header.frame_length_before_sampling,
sflow_raw_protocol_header.header_size, packet,
sflow_read_packet_length_from_ip_header);
if (result != network_data_stuctures::parser_code_t::success) {
sflow_parse_error_nested_header++;
if (result != network_data_stuctures::parser_code_t::success) {
sflow_parse_error_nested_header++;
logger << log4cpp::Priority::DEBUG << plugin_log_prefix
<< "Cannot parse nested packet using ng parser: " << parser_code_to_string(result);
logger << log4cpp::Priority::DEBUG << plugin_log_prefix
<< "Cannot parse nested packet using ng parser: " << parser_code_to_string(result);
return false;
return false;
}
// Pass pointer to raw header to FastNetMon processing functions

1
src/simple_packet_parser_ng.cpp
View File

@ -129,4 +129,3 @@ parser_code_t parse_raw_packet_to_simple_packet_full_ng(uint8_t* pointer,
return parser_code_t::success;
}

18
src/tests/af_packet.cpp
View File

@ -73,7 +73,7 @@ void speed_printer() {
boost::this_thread::sleep(boost::posix_time::seconds(1));
uint64_t packets_after = received_packets;
uint64_t pps = packets_after - packets_before;
uint64_t pps = packets_after - packets_before;
printf("We process: %llu pps\n", pps);
}
@ -102,11 +102,10 @@ int setup_socket(std::string interface_name, int fanout_group_id) {
// Switch to PROMISC mode
struct packet_mreq sock_params;
memset(&sock_params, 0, sizeof(sock_params));
sock_params.mr_type = PACKET_MR_PROMISC;
sock_params.mr_type = PACKET_MR_PROMISC;
sock_params.mr_ifindex = interface_number;
int set_promisc = setsockopt(packet_socket, SOL_PACKET, PACKET_ADD_MEMBERSHIP,
(void*)&sock_params, sizeof(sock_params));
int set_promisc = setsockopt(packet_socket, SOL_PACKET, PACKET_ADD_MEMBERSHIP, (void*)&sock_params, sizeof(sock_params));
if (set_promisc == -1) {
printf("Can't enable promisc mode\n");
@ -116,9 +115,9 @@ int setup_socket(std::string interface_name, int fanout_group_id) {
struct sockaddr_ll bind_address;
memset(&bind_address, 0, sizeof(bind_address));
bind_address.sll_family = AF_PACKET;
bind_address.sll_family = AF_PACKET;
bind_address.sll_protocol = htons(ETH_P_ALL);
bind_address.sll_ifindex = interface_number;
bind_address.sll_ifindex = interface_number;
// We will follow http://yusufonlinux.blogspot.ru/2010/11/data-link-access-and-zero-copy.html
// And this: https://www.kernel.org/doc/Documentation/networking/packet_mmap.txt
@ -145,8 +144,7 @@ int setup_socket(std::string interface_name, int fanout_group_id) {
int fanout_arg = (fanout_group_id | (fanout_type << 16));
int setsockopt_fanout =
setsockopt(packet_socket, SOL_PACKET, PACKET_FANOUT, &fanout_arg, sizeof(fanout_arg));
int setsockopt_fanout = setsockopt(packet_socket, SOL_PACKET, PACKET_FANOUT, &fanout_arg, sizeof(fanout_arg));
if (setsockopt_fanout < 0) {
printf("Can't configure fanout\n");
@ -214,7 +212,7 @@ int main() {
CPU_SET(cpu_to_bind, &current_cpu_set);
int set_affinity_result =
pthread_attr_setaffinity_np(thread_attrs.native_handle(), sizeof(cpu_set_t), &current_cpu_set);
pthread_attr_setaffinity_np(thread_attrs.native_handle(), sizeof(cpu_set_t), &current_cpu_set);
if (set_affinity_result != 0) {
printf("Can't set CPU affinity for thread\n");
@ -222,7 +220,7 @@ int main() {
}
packet_receiver_thread_group.add_thread(
new boost::thread(thread_attrs, boost::bind(start_af_packet_capture, "eth6", fanout_group_id)));
new boost::thread(thread_attrs, boost::bind(start_af_packet_capture, "eth6", fanout_group_id)));
}
// Wait all processes for finish

45
src/tests/af_packet_ring.cpp
View File

@ -57,7 +57,7 @@ int get_interface_number_by_device_name(int socket_fd, std::string interface_nam
unsigned int af_packet_threads = 1;
uint64_t received_packets = 0;
uint64_t received_bytes = 0;
uint64_t received_bytes = 0;
void speed_printer() {
while (true) {
@ -66,7 +66,7 @@ void speed_printer() {
boost::this_thread::sleep(boost::posix_time::seconds(1));
uint64_t packets_after = received_packets;
uint64_t pps = packets_after - packets_before;
uint64_t pps = packets_after - packets_before;
printf("We process: %llu pps\n", pps);
}
@ -77,7 +77,7 @@ void flush_block(struct block_desc* pbd) {
}
void walk_block(struct block_desc* pbd, const int block_num) {
int num_pkts = pbd->h1.num_pkts, i;
int num_pkts = pbd->h1.num_pkts, i;
unsigned long bytes = 0;
struct tpacket3_hdr* ppd;
@ -92,11 +92,11 @@ void walk_block(struct block_desc* pbd, const int block_num) {
#ifdef PRINT_PACKETS
struct pfring_pkthdr packet_header;
memset(&packet_header, 0, sizeof(packet_header));
packet_header.len = ppd->tp_snaplen;
packet_header.len = ppd->tp_snaplen;
packet_header.caplen = ppd->tp_snaplen;
u_int8_t timestamp = 0;
u_int8_t add_hash = 0;
u_int8_t add_hash = 0;
u_char* data_pointer = (u_char*)((uint8_t*)ppd + ppd->tp_mac);
@ -128,9 +128,8 @@ int setup_socket(std::string interface_name, int fanout_group_id) {
}
// We whould use V3 bcause it could read/pool in per block basis instead per packet
int version = TPACKET_V3;
int setsockopt_packet_version =
setsockopt(packet_socket, SOL_PACKET, PACKET_VERSION, &version, sizeof(version));
int version = TPACKET_V3;
int setsockopt_packet_version = setsockopt(packet_socket, SOL_PACKET, PACKET_VERSION, &version, sizeof(version));
if (setsockopt_packet_version < 0) {
printf("Can't set packet v3 version\n");
@ -147,11 +146,10 @@ int setup_socket(std::string interface_name, int fanout_group_id) {
// Switch to PROMISC mode
struct packet_mreq sock_params;
memset(&sock_params, 0, sizeof(sock_params));
sock_params.mr_type = PACKET_MR_PROMISC;
sock_params.mr_type = PACKET_MR_PROMISC;
sock_params.mr_ifindex = interface_number;
int set_promisc = setsockopt(packet_socket, SOL_PACKET, PACKET_ADD_MEMBERSHIP,
(void*)&sock_params, sizeof(sock_params));
int set_promisc = setsockopt(packet_socket, SOL_PACKET, PACKET_ADD_MEMBERSHIP, (void*)&sock_params, sizeof(sock_params));
if (set_promisc == -1) {
printf("Can't enable promisc mode\n");
@ -161,9 +159,9 @@ int setup_socket(std::string interface_name, int fanout_group_id) {
struct sockaddr_ll bind_address;
memset(&bind_address, 0, sizeof(bind_address));
bind_address.sll_family = AF_PACKET;
bind_address.sll_family = AF_PACKET;
bind_address.sll_protocol = htons(ETH_P_ALL);
bind_address.sll_ifindex = interface_number;
bind_address.sll_ifindex = interface_number;
// We will follow http://yusufonlinux.blogspot.ru/2010/11/data-link-access-and-zero-copy.html
// And this: https://www.kernel.org/doc/Documentation/networking/packet_mmap.txt
@ -173,10 +171,10 @@ int setup_socket(std::string interface_name, int fanout_group_id) {
req.tp_block_size = blocksiz;
req.tp_frame_size = framesiz;
req.tp_block_nr = blocknum;
req.tp_frame_nr = (blocksiz * blocknum) / framesiz;
req.tp_block_nr = blocknum;
req.tp_frame_nr = (blocksiz * blocknum) / framesiz;
req.tp_retire_blk_tov = 60; // Timeout in msec
req.tp_retire_blk_tov = 60; // Timeout in msec
req.tp_feature_req_word = TP_FT_REQ_FILL_RXHASH;
int setsockopt_rx_ring = setsockopt(packet_socket, SOL_PACKET, PACKET_RX_RING, (void*)&req, sizeof(req));
@ -188,7 +186,7 @@ int setup_socket(std::string interface_name, int fanout_group_id) {
// We use per thread structures
uint8_t* mapped_buffer = NULL;
struct iovec* rd = NULL;
struct iovec* rd = NULL;
mapped_buffer = (uint8_t*)mmap(NULL, req.tp_block_size * req.tp_block_nr, PROT_READ | PROT_WRITE,
MAP_SHARED | MAP_LOCKED, packet_socket, 0);
@ -204,7 +202,7 @@ int setup_socket(std::string interface_name, int fanout_group_id) {
// Initilize iov structures
for (int i = 0; i < req.tp_block_nr; ++i) {
rd[i].iov_base = mapped_buffer + (i * req.tp_block_size);
rd[i].iov_len = req.tp_block_size;
rd[i].iov_len = req.tp_block_size;
}
int bind_result = bind(packet_socket, (struct sockaddr*)&bind_address, sizeof(bind_address));
@ -221,8 +219,7 @@ int setup_socket(std::string interface_name, int fanout_group_id) {
int fanout_arg = (fanout_group_id | (fanout_type << 16));
int setsockopt_fanout =
setsockopt(packet_socket, SOL_PACKET, PACKET_FANOUT, &fanout_arg, sizeof(fanout_arg));
int setsockopt_fanout = setsockopt(packet_socket, SOL_PACKET, PACKET_FANOUT, &fanout_arg, sizeof(fanout_arg));
if (setsockopt_fanout < 0) {
printf("Can't configure fanout\n");
@ -235,8 +232,8 @@ int setup_socket(std::string interface_name, int fanout_group_id) {
struct pollfd pfd;
memset(&pfd, 0, sizeof(pfd));
pfd.fd = packet_socket;
pfd.events = POLLIN | POLLERR;
pfd.fd = packet_socket;
pfd.events = POLLIN | POLLERR;
pfd.revents = 0;
while (true) {
@ -290,7 +287,7 @@ int main() {
CPU_SET(cpu_to_bind, &current_cpu_set);
int set_affinity_result =
pthread_attr_setaffinity_np(thread_attrs.native_handle(), sizeof(cpu_set_t), &current_cpu_set);
pthread_attr_setaffinity_np(thread_attrs.native_handle(), sizeof(cpu_set_t), &current_cpu_set);
if (set_affinity_result != 0) {
printf("Can't set CPU affinity for thread\n");
@ -298,7 +295,7 @@ int main() {
}
packet_receiver_thread_group.add_thread(
new boost::thread(thread_attrs, boost::bind(start_af_packet_capture, "eth6", fanout_group_id)));
new boost::thread(thread_attrs, boost::bind(start_af_packet_capture, "eth6", fanout_group_id)));
}
// Wait all processes for finish

17
src/tests/conntrack_prototype.cpp
View File

@ -16,12 +16,12 @@
#define BIG_CONSTANT(x) (x##LLU)
uint64_t MurmurHash64A(const void* key, int len, uint64_t seed) {
const uint64_t m = BIG_CONSTANT(0xc6a4a7935bd1e995);
const int r = 47;
const int r = 47;
uint64_t h = seed ^ (len * m);
const uint64_t* data = (const uint64_t*)key;
const uint64_t* end = data + (len / 8);
const uint64_t* end = data + (len / 8);
while (data != end) {
uint64_t k = *data++;
@ -77,14 +77,13 @@ class conntrack_hash_struct_for_simple_packet_t {
};
// Extract only important for us fields from main simple_packet structure
bool convert_simple_packet_toconntrack_hash_struct(simple_packet_t& packet,
conntrack_hash_struct_for_simple_packet_t& conntrack_struct) {
bool convert_simple_packet_toconntrack_hash_struct(simple_packet_t& packet, conntrack_hash_struct_for_simple_packet_t& conntrack_struct) {
conntrack_struct.src_ip = packet.src_ip;
conntrack_struct.dst_ip = packet.dst_ip;
conntrack_struct.protocol = packet.protocol;
conntrack_struct.source_port = packet.source_port;
conntrack_struct.source_port = packet.source_port;
conntrack_struct.destination_port = packet.destination_port;
}
@ -93,7 +92,7 @@ typedef std::vector<conntrack_hash_struct_for_simple_packet_t> vector_of_connetr
class connection_tracking_fast_storage_t {
public:
connection_tracking_fast_storage_t(unsigned int structure_size) {
murmur_seed = 13;
murmur_seed = 13;
max_vector_size = 0;
number_of_buckets = structure_size;
@ -102,8 +101,7 @@ class connection_tracking_fast_storage_t {
}
uint64_t get_bucket_number(conntrack_hash_struct_for_simple_packet_t& element) {
uint64_t conntrack_hash =
MurmurHash64A(&element, sizeof(conntrack_hash_struct_for_simple_packet_t), murmur_seed);
uint64_t conntrack_hash = MurmurHash64A(&element, sizeof(conntrack_hash_struct_for_simple_packet_t), murmur_seed);
return conntrack_hash % number_of_buckets;
}
@ -126,8 +124,7 @@ class connection_tracking_fast_storage_t {
return false;
}
vector_of_connetrack_structs_t::iterator itr =
std::find(vector_pointer->begin(), vector_pointer->end(), *element);
vector_of_connetrack_structs_t::iterator itr = std::find(vector_pointer->begin(), vector_pointer->end(), *element);
if (itr == vector_pointer->end()) {
return false;

4
src/tests/exabgp_pipe.c
View File

@ -15,8 +15,8 @@ int ban_ip() {
}
char bgp_message[256];
char* ip_cidr_form = "10.10.10.123/32";
char* next_hop = "10.0.3.114";
char* ip_cidr_form = "10.10.10.123/32";
char* next_hop = "10.0.3.114";
char* exabgp_community = "65001:666";
// withdraw
char* action = "announce";

15
src/tests/ip_lookup.cpp
View File

@ -81,7 +81,7 @@ uint32_t convert_ip_as_string_to_uint(string ip) {
uint32_t convert_cidr_to_binary_netmask(int cidr) {
uint32_t binary_netmask = 0xFFFFFFFF;
binary_netmask = binary_netmask << (32 - cidr);
binary_netmask = binary_netmask << (32 - cidr);
// htonl from host byte order to network
// ntohl from network byte order to host
@ -113,7 +113,7 @@ void insert_prefix_bitwise_tree(tree_leaf* root, string subnet, int cidr_mask) {
// Iterate over significant subnet bits and ignore other
for (int i = 31; i >= 32 - cidr_mask; i--) {
uint32_t result_bit = netmask_as_int & (1 << i);
bool bit = result_bit == 0 ? false : true;
bool bit = result_bit == 0 ? false : true;
// cout<<"Insert: "<<bit<<" from position "<<i<<endl;
// from the left - zeros, from the rigth - ones
@ -129,7 +129,7 @@ void insert_prefix_bitwise_tree(tree_leaf* root, string subnet, int cidr_mask) {
// No element here, we should create it
tree_leaf* new_leaf = new tree_leaf;
new_leaf->right = new_leaf->left = NULL;
new_leaf->bit = bit;
new_leaf->bit = bit;
temp_root->right = new_leaf;
@ -145,7 +145,7 @@ void insert_prefix_bitwise_tree(tree_leaf* root, string subnet, int cidr_mask) {
// No element here, we should create it
tree_leaf* new_leaf = new tree_leaf;
new_leaf->right = new_leaf->left = NULL;
new_leaf->bit = bit;
new_leaf->bit = bit;
temp_root->left = new_leaf;
@ -175,7 +175,7 @@ bool fast_ip_lookup(tree_leaf* root, uint32_t ip) {
// cout<<"bit"<<i<<endl;
uint32_t result_bit = ip & (1 << i);
bool bit = result_bit == 0 ? false : true;
bool bit = result_bit == 0 ? false : true;
// Current node is terminal node
if ((temp_root->left == NULL && temp_root->right == NULL)) {
@ -259,13 +259,12 @@ int main() {
networks_list_as_string.insert(networks_list_as_string.end(), network_list_from_config.begin(),
network_list_from_config.end());
for (vector<string>::iterator ii = networks_list_as_string.begin();
ii != networks_list_as_string.end(); ++ii) {
for (vector<string>::iterator ii = networks_list_as_string.begin(); ii != networks_list_as_string.end(); ++ii) {
vector<string> subnet_as_string;
split(subnet_as_string, *ii, boost::is_any_of("/"), boost::token_compress_on);
int cidr = atoi(subnet_as_string[1].c_str());
uint32_t subnet_as_int = convert_ip_as_string_to_uint(subnet_as_string[0]);
uint32_t subnet_as_int = convert_ip_as_string_to_uint(subnet_as_string[0]);
uint32_t netmask_as_int = convert_cidr_to_binary_netmask(cidr);
insert_prefix_bitwise_tree(root, subnet_as_string[0], cidr);

27
src/tests/lpm_performance_tests.cpp
View File

@ -20,10 +20,9 @@ using namespace std;
class map_element {
public:
map_element()
: in_bytes(0), out_bytes(0), in_packets(0), out_packets(0), tcp_in_packets(0),
tcp_out_packets(0), tcp_in_bytes(0), tcp_out_bytes(0), udp_in_packets(0), udp_out_packets(0),
udp_in_bytes(0), udp_out_bytes(0), in_flows(0), out_flows(0), icmp_in_packets(0),
icmp_out_packets(0), icmp_in_bytes(0), icmp_out_bytes(0) {
: in_bytes(0), out_bytes(0), in_packets(0), out_packets(0), tcp_in_packets(0), tcp_out_packets(0), tcp_in_bytes(0),
tcp_out_bytes(0), udp_in_packets(0), udp_out_packets(0), udp_in_bytes(0), udp_out_bytes(0), in_flows(0),
out_flows(0), icmp_in_packets(0), icmp_out_packets(0), icmp_in_bytes(0), icmp_out_bytes(0) {
}
unsigned int in_bytes;
unsigned int out_bytes;
@ -65,15 +64,15 @@ vector_of_vector_counters SubnetVectorVector;
void subnet_vectors_allocator(prefix_t* prefix, void* data) {
uint32_t subnet_as_integer = prefix->add.sin.s_addr;
u_short bitlen = prefix->bitlen;
u_short bitlen = prefix->bitlen;
int network_size_in_ips = pow(2, 32 - bitlen);
network_size_in_ips = 1;
network_size_in_ips = 1;
SubnetVectorMap[subnet_as_integer] = new vector_of_counters(network_size_in_ips);
pair_of_subnets_with_key my_pair;
my_pair.first = subnet_as_integer;
my_pair.first = subnet_as_integer;
my_pair.second = new vector_of_counters(network_size_in_ips);
SubnetVectorVector.push_back(my_pair);
@ -112,8 +111,8 @@ int main() {
// std::sort(SubnetVectorVector.begin(), SubnetVectorVector.end(), mysortfunction);
prefix_t prefix_for_check_adreess;
prefix_for_check_adreess.family = AF_INET;
prefix_for_check_adreess.bitlen = 32;
prefix_for_check_adreess.family = AF_INET;
prefix_for_check_adreess.bitlen = 32;
patricia_node_t* found_patrica_node = NULL;
// prefix_for_check_adreess.add.sin.s_addr = 123123123;
@ -142,8 +141,7 @@ int main() {
for (int i = 0; i < i_iter; i++) {
// Random Pseudo IP
// prefix_for_check_adreess.add.sin.s_addr = i*j;
patricia_node_t* found_patrica_node =
patricia_search_best2(lookup_tree, &prefix_for_check_adreess, 1);
patricia_node_t* found_patrica_node = patricia_search_best2(lookup_tree, &prefix_for_check_adreess, 1);
unsigned long destination_subnet = 0;
@ -198,11 +196,10 @@ int main() {
clock_gettime(CLOCK_REALTIME, &finish_time);
unsigned long used_seconds = finish_time.tv_sec - start_time.tv_sec;
unsigned long total_ops = i_iter * j_iter;
float megaops_per_second = (float)total_ops / (float)used_seconds / 1000000;
unsigned long total_ops = i_iter * j_iter;
float megaops_per_second = (float)total_ops / (float)used_seconds / 1000000;
printf("Total time is %d seconds total ops: %d\nMillion of ops per second: %.1f\n",
used_seconds, total_ops, megaops_per_second);
printf("Total time is %d seconds total ops: %d\nMillion of ops per second: %.1f\n", used_seconds, total_ops, megaops_per_second);
Destroy_Patricia(lookup_tree, (void_fn_t)0);
}

2
src/tests/mongodb_client.cpp
View File

@ -13,7 +13,7 @@ int main(int argc, char* argv[]) {
mongoc_init();
client = mongoc_client_new("mongodb://localhost:27017/");
client = mongoc_client_new("mongodb://localhost:27017/");
collection = mongoc_client_get_collection(client, "test", "test");
doc = bson_new();

23
src/tests/netmap.cpp
View File

@ -21,11 +21,11 @@ int receive_packets(struct netmap_ring* ring) {
u_int cur, rx, n;
cur = ring->cur;
n = nm_ring_space(ring);
n = nm_ring_space(ring);
for (rx = 0; rx < n; rx++) {
struct netmap_slot* slot = &ring->slot[cur];
char* p = NETMAP_BUF(ring, slot->buf_idx);
char* p = NETMAP_BUF(ring, slot->buf_idx);
// process data
consume_pkt((u_char*)p, slot->len);
@ -43,7 +43,7 @@ void consume_pkt(u_char* buffer, int len) {
// memcpy(packet_data, buffer, len);
struct pfring_pkthdr l2tp_header;
memset(&l2tp_header, 0, sizeof(l2tp_header));
l2tp_header.len = len;
l2tp_header.len = len;
l2tp_header.caplen = len;
fastnetmon_parse_pkt((u_char*)buffer, &l2tp_header, 4, 1, 0);
@ -70,7 +70,7 @@ void receiver(void) {
base_nmd.nr_tx_slots = base_nmd.nr_rx_slots = 0;
std::string interface = "netmap:eth4";
netmap_descriptor = nm_open(interface.c_str(), &base_nmd, 0, NULL);
netmap_descriptor = nm_open(interface.c_str(), &base_nmd, 0, NULL);
if (netmap_descriptor == NULL) {
printf("Can't open netmap device %s\n", interface.c_str());
@ -79,8 +79,7 @@ void receiver(void) {
}
printf("Mapped %dKB memory at %p\n", netmap_descriptor->req.nr_memsize >> 10, netmap_descriptor->mem);
printf("We have %d tx and %d rx rings\n", netmap_descriptor->req.nr_tx_rings,
netmap_descriptor->req.nr_rx_rings);
printf("We have %d tx and %d rx rings\n", netmap_descriptor->req.nr_tx_rings, netmap_descriptor->req.nr_rx_rings);
/*
protocol stack and may cause a reset of the card,
@ -104,22 +103,20 @@ void receiver(void) {
printf("SHIT SHIT SHIT HAPPINED\n");
}
nmd.req.nr_flags = NR_REG_ONE_NIC;
nmd.req.nr_flags = NR_REG_ONE_NIC;
nmd.req.nr_ringid = i;
/* Only touch one of the rings (rx is already ok) */
nmd_flags |= NETMAP_NO_TX_POLL;
struct nm_desc* new_nmd =
nm_open(interface.c_str(), NULL, nmd_flags | NM_OPEN_IFNAME | NM_OPEN_NO_MMAP, &nmd);
struct nm_desc* new_nmd = nm_open(interface.c_str(), NULL, nmd_flags | NM_OPEN_IFNAME | NM_OPEN_NO_MMAP, &nmd);
if (new_nmd == NULL) {
printf("Can't open netmap descripto for netmap\n");
exit(1);
}
printf("My first ring is %d and last ring id is %d I'm thread %d\n", new_nmd->first_rx_ring,
new_nmd->last_rx_ring, i);
printf("My first ring is %d and last ring id is %d I'm thread %d\n", new_nmd->first_rx_ring, new_nmd->last_rx_ring, i);
printf("Start new thread %d\n", i);
// Start thread and pass netmap descriptor to it
@ -137,11 +134,11 @@ void netmap_thread(struct nm_desc* netmap_descriptor, int thread_number) {
struct nm_pkthdr h;
u_char* buf;
struct pollfd fds;
fds.fd = netmap_descriptor->fd; // NETMAP_FD(netmap_descriptor);
fds.fd = netmap_descriptor->fd; // NETMAP_FD(netmap_descriptor);
fds.events = POLLIN;
struct netmap_ring* rxring = NULL;
struct netmap_if* nifp = netmap_descriptor->nifp;
struct netmap_if* nifp = netmap_descriptor->nifp;
printf("Reading from fd %d thread id: %d\n", netmap_descriptor->fd, thread_number);

28
src/tests/parser_performance_tests.cpp
View File

@ -47,7 +47,7 @@ void* speed_printer(void* ptr) {
sleep(1);
uint64_t packets_after = received_packets;
uint64_t pps = packets_after - packets_before;
uint64_t pps = packets_after - packets_before;
printf("We process: %llu pps\n", pps);
}
@ -74,19 +74,17 @@ int main() {
pthread_detach(thread);
unsigned char payload1[] = { 0x90, 0xE2, 0xBA, 0x83, 0x3F, 0x25, 0x90, 0xE2, 0xBA, 0x2C,
0xCB, 0x02, 0x08, 0x00, 0x45, 0x00, 0x00, 0x2E, 0x00, 0x00,
0x00, 0x00, 0x40, 0x06, 0x69, 0xDC, 0x0A, 0x84, 0xF1, 0x83,
0x0A, 0x0A, 0x0A, 0xDD, 0x04, 0x01, 0x00, 0x50, 0x00, 0x00,
0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x50, 0x02, 0x00, 0x0A,
0x9A, 0x92, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
unsigned char payload1[] = { 0x90, 0xE2, 0xBA, 0x83, 0x3F, 0x25, 0x90, 0xE2, 0xBA, 0x2C, 0xCB, 0x02,
0x08, 0x00, 0x45, 0x00, 0x00, 0x2E, 0x00, 0x00, 0x00, 0x00, 0x40, 0x06,
0x69, 0xDC, 0x0A, 0x84, 0xF1, 0x83, 0x0A, 0x0A, 0x0A, 0xDD, 0x04, 0x01,
0x00, 0x50, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x50, 0x02,
0x00, 0x0A, 0x9A, 0x92, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
unsigned char payload2[] = { 0x90, 0xE2, 0xBA, 0x83, 0x3F, 0x25, 0x90, 0xE2, 0xBA, 0x2C,
0xCB, 0x02, 0x08, 0x00, 0x45, 0x00, 0x00, 0x2E, 0x00, 0x00,
0x00, 0x00, 0x40, 0x06, 0x69, 0xDB, 0x0A, 0x84, 0xF1, 0x84,
0x0A, 0x0A, 0x0A, 0xDD, 0x04, 0x01, 0x00, 0x50, 0x00, 0x00,
0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x50, 0x02, 0x00, 0x0A,
0x9A, 0x91, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
unsigned char payload2[] = { 0x90, 0xE2, 0xBA, 0x83, 0x3F, 0x25, 0x90, 0xE2, 0xBA, 0x2C, 0xCB, 0x02,
0x08, 0x00, 0x45, 0x00, 0x00, 0x2E, 0x00, 0x00, 0x00, 0x00, 0x40, 0x06,
0x69, 0xDB, 0x0A, 0x84, 0xF1, 0x84, 0x0A, 0x0A, 0x0A, 0xDD, 0x04, 0x01,
0x00, 0x50, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x50, 0x02,
0x00, 0x0A, 0x9A, 0x91, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
unsigned char byte_value = 0;
@ -128,11 +126,11 @@ void call_fastnetmon_parser(void* ptr, int length) {
struct pfring_pkthdr packet_header;
memset(&packet_header, 0, sizeof(struct pfring_pkthdr));
packet_header.len = length;
packet_header.len = length;
packet_header.caplen = length;
u_int8_t timestamp = 0;
u_int8_t add_hash = 0;
u_int8_t add_hash = 0;
fastnetmon_parse_pkt((u_char*)ptr, &packet_header, 4, 0, 0);

14
src/tests/patricia_performance_tests.c
View File

@ -31,8 +31,8 @@ int main() {
make_and_lookup(lookup_tree, "193.42.142.0/24");
prefix_t prefix_for_check_adreess;
prefix_for_check_adreess.family = AF_INET;
prefix_for_check_adreess.bitlen = 32;
prefix_for_check_adreess.family = AF_INET;
prefix_for_check_adreess.bitlen = 32;
patricia_node_t* found_patrica_node = NULL;
// prefix_for_check_adreess.add.sin.s_addr = 123123123;
@ -60,8 +60,7 @@ int main() {
for (i = 0; i < i_iter; i++) {
// Random Pseudo IP
prefix_for_check_adreess.add.sin.s_addr = i * j;
patricia_node_t* found_patrica_node =
patricia_search_best2(lookup_tree, &prefix_for_check_adreess, 1);
patricia_node_t* found_patrica_node = patricia_search_best2(lookup_tree, &prefix_for_check_adreess, 1);
unsigned long destination_subnet = 0;
@ -75,11 +74,10 @@ int main() {
clock_gettime(CLOCK_REALTIME, &finish_time);
unsigned long used_seconds = finish_time.tv_sec - start_time.tv_sec;
unsigned long total_ops = i_iter * j_iter;
float megaops_per_second = (float)total_ops / (float)used_seconds / 1000000;
unsigned long total_ops = i_iter * j_iter;
float megaops_per_second = (float)total_ops / (float)used_seconds / 1000000;
printf("Total time is %d seconds total ops: %d\nMillion of ops per second: %.1f\n",
used_seconds, total_ops, megaops_per_second);
printf("Total time is %d seconds total ops: %d\nMillion of ops per second: %.1f\n", used_seconds, total_ops, megaops_per_second);
Destroy_Patricia(lookup_tree, (void_fn_t)0);
}

14
src/tests/pcap_writer.cpp
View File

@ -19,12 +19,11 @@ int main() {
return -1;
}
unsigned char payload1[] = { 0x90, 0xE2, 0xBA, 0x83, 0x3F, 0x25, 0x90, 0xE2, 0xBA, 0x2C,
0xCB, 0x02, 0x08, 0x00, 0x45, 0x00, 0x00, 0x2E, 0x00, 0x00,
0x00, 0x00, 0x40, 0x06, 0x69, 0xDC, 0x0A, 0x84, 0xF1, 0x83,
0x0A, 0x0A, 0x0A, 0xDD, 0x04, 0x01, 0x00, 0x50, 0x00, 0x00,
0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x50, 0x02, 0x00, 0x0A,
0x9A, 0x92, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
unsigned char payload1[] = { 0x90, 0xE2, 0xBA, 0x83, 0x3F, 0x25, 0x90, 0xE2, 0xBA, 0x2C, 0xCB, 0x02,
0x08, 0x00, 0x45, 0x00, 0x00, 0x2E, 0x00, 0x00, 0x00, 0x00, 0x40, 0x06,
0x69, 0xDC, 0x0A, 0x84, 0xF1, 0x83, 0x0A, 0x0A, 0x0A, 0xDD, 0x04, 0x01,
0x00, 0x50, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x50, 0x02,
0x00, 0x0A, 0x9A, 0x92, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
if (!packet_storage.write_packet(payload1, sizeof(payload1))) {
printf("Can't write packet to the storage\n");
@ -44,8 +43,7 @@ int main() {
std::cout << "Used size: " << packet_storage.get_used_memory() << std::endl;
ssize_t wrote_bytes =
write(filedesc, (void*)packet_storage.get_buffer_pointer(), packet_storage.get_used_memory());
ssize_t wrote_bytes = write(filedesc, (void*)packet_storage.get_buffer_pointer(), packet_storage.get_used_memory());
if (wrote_bytes != packet_storage.get_used_memory()) {
printf("Can't write data to the file\n");

20
src/tests/snabb/capturecallback.cpp
View File

@ -44,9 +44,9 @@ void set_tsc_freq_fallback() {
class token_bucket_t {
public:
token_bucket_t() {
this->tokens = 0;
this->rate = 0;
this->burst = 0;
this->tokens = 0;
this->rate = 0;
this->burst = 0;
this->last_timestamp = 0;
}
@ -66,7 +66,7 @@ class token_bucket_t {
this->rate = rate;
this->tokens = burst;
this->burst = burst;
this->burst = burst;
// Start counter!
this->last_timestamp = (double)rte_rdtsc() / system_tsc_resolution_hz;
@ -74,17 +74,15 @@ class token_bucket_t {
int64_t consume(int64_t consumed_tokens) {
double current_time = (double)rte_rdtsc() / system_tsc_resolution_hz;
double interval = (current_time - this->last_timestamp);
double interval = (current_time - this->last_timestamp);
if (interval < 0) {
printf("Your TSC is buggy, we have last %llu and current time: %llu\n",
this->last_timestamp, current_time);
printf("Your TSC is buggy, we have last %llu and current time: %llu\n", this->last_timestamp, current_time);
}
this->last_timestamp = current_time;
this->tokens =
std::max((double)0, std::min(double(this->tokens + this->rate * interval), double(this->burst))) - 1;
this->tokens = std::max((double)0, std::min(double(this->tokens + this->rate * interval), double(this->burst))) - 1;
return this->tokens;
}
@ -143,7 +141,7 @@ int firehose_callback_v1(const char* pciaddr, char** packets, struct firehose_rd
__builtin_prefetch(packets[next_index]);
firehose_packet(pciaddr, packets[index], rxring[index].length);
rxring[index].status = 0; /* reset descriptor for reuse */
index = next_index;
index = next_index;
}
return index;
}
@ -158,7 +156,7 @@ void* speed_printer(void* ptr) {
sleep(1);
uint64_t packets_after = received_packets;
uint64_t pps = packets_after - packets_before;
uint64_t pps = packets_after - packets_before;
printf("We process: %llu pps tokens %lld rate %lld burst %lld \n", (long long)pps,
global_token_bucket_counter.get_tokens(), global_token_bucket_counter.get_rate(),

4
src/tests/spsc_prototype.cpp
View File

@ -43,7 +43,7 @@
using namespace std;
typedef simple_packet* simple_packet_shared_ptr_t;
typedef boost::lockfree::spsc_queue<simple_packet_shared_ptr_t, boost::lockfree::capacity<1048576> > my_spsc_queue_t;
typedef boost::lockfree::spsc_queue<simple_packet_shared_ptr_t, boost::lockfree::capacity<1048576>> my_spsc_queue_t;
uint64_t total_unparsed_packets = 0;
@ -112,7 +112,7 @@ void speed_printer() {
boost::this_thread::sleep(boost::posix_time::seconds(1));
uint64_t packets_after = received_packets;
uint64_t pps = packets_after - packets_before;
uint64_t pps = packets_after - packets_before;
printf("We process: %llu pps\n", pps);
}

2
src/tests/store_data_to_graphite.cpp
View File

@ -24,7 +24,7 @@ int main() {
memset(&serv_addr, 0, sizeof(serv_addr));
serv_addr.sin_family = AF_INET;
serv_addr.sin_port = htons(2003);
serv_addr.sin_port = htons(2003);
if (inet_pton(AF_INET, "127.0.0.1", &serv_addr.sin_addr) <= 0) {
printf("\n inet_pton error occured\n");

12
src/tests/test_cidr.cpp
View File

@ -9,7 +9,7 @@
uint32_t convert_cidr_to_binary_netmask(unsigned int cidr) {
uint32_t binary_netmask = 0xFFFFFFFF;
binary_netmask = binary_netmask << (32 - cidr);
binary_netmask = binary_netmask << (32 - cidr);
// htonl from host byte order to network
// ntohl from network byte order to host
@ -26,17 +26,15 @@ uint32_t convert_ip_as_string_to_uint(std::string ip) {
}
int main() {
uint32_t network_zero = convert_ip_as_string_to_uint("10.10.10.0");
uint32_t network_200 = convert_ip_as_string_to_uint("10.10.10.200");
uint32_t network_zero = convert_ip_as_string_to_uint("10.10.10.0");
uint32_t network_200 = convert_ip_as_string_to_uint("10.10.10.200");
uint32_t binary_netmask = convert_cidr_to_binary_netmask(24);
uint32_t generated_subnet_address = network_200 & binary_netmask;
std::cout << "network byte order" << std::endl;
std::cout << "10.10.10.200/24\tnetwork byte order:" << network_200
<< " host byte order:" << ntohl(network_200) << std::endl;
std::cout << "10.10.10.0/24\tnetwork byte order:" << network_zero
<< " host byte order:" << ntohl(network_zero) << std::endl;
std::cout << "10.10.10.200/24\tnetwork byte order:" << network_200 << " host byte order:" << ntohl(network_200) << std::endl;
std::cout << "10.10.10.0/24\tnetwork byte order:" << network_zero << " host byte order:" << ntohl(network_zero) << std::endl;
std::cout << "generated \tnetwork byte order:" << generated_subnet_address
<< " host byte order:" << ntohl(generated_subnet_address) << std::endl;

5
src/tests/tins_parser.cpp
View File

@ -5,10 +5,9 @@
using namespace Tins;
bool callback(const PDU& pdu) {
const IP& ip = pdu.rfind_pdu<IP>(); // Find the IP layer
const IP& ip = pdu.rfind_pdu<IP>(); // Find the IP layer
const TCP& tcp = pdu.rfind_pdu<TCP>(); // Find the TCP layer
std::cout << ip.src_addr() << ':' << tcp.sport() << " -> " << ip.dst_addr() << ':'
<< tcp.dport() << std::endl;
std::cout << ip.src_addr() << ':' << tcp.sport() << " -> " << ip.dst_addr() << ':' << tcp.dport() << std::endl;
return true;
}

4
src/tests/traffic_structures_performance_tests.cpp
View File

@ -63,7 +63,7 @@ std::vector<map_element> DataCounterVector;
using namespace std;
int number_of_ips = 10 * 1000 * 1000;
int number_of_ips = 10 * 1000 * 1000;
int number_of_retries = 1;
// #define enable_mutexex_in_test
@ -205,7 +205,7 @@ int timeval_subtract(struct timeval* result, struct timeval* x, struct timeval*
}
/* Compute the time remaining to wait. tv_usec is certainly positive. */
result->tv_sec = x->tv_sec - y->tv_sec;
result->tv_sec = x->tv_sec - y->tv_sec;
result->tv_usec = x->tv_usec - y->tv_usec;
/* Return 1 if result is negative. */

4
src/tests/tsc_timers.cpp
View File

@ -31,7 +31,7 @@ uint64_t get_tsc_freq_from_clock(void) {
#define NS_PER_SEC 1E9
struct timespec sleeptime;
sleeptime.tv_sec = 1;
sleeptime.tv_sec = 1;
sleeptime.tv_nsec = 5E8; /* 1/2 second */
struct timespec t_start, t_end;
@ -44,7 +44,7 @@ uint64_t get_tsc_freq_from_clock(void) {
nanosleep(&sleeptime, NULL);
clock_gettime(CLOCK_MONOTONIC_RAW, &t_end);
end = read_tsc_cpu_register();
ns = ((t_end.tv_sec - t_start.tv_sec) * NS_PER_SEC);
ns = ((t_end.tv_sec - t_start.tv_sec) * NS_PER_SEC);
ns += (t_end.tv_nsec - t_start.tv_nsec);
double secs = (double)ns / NS_PER_SEC;

15
src/unified_parser.cpp
View File

@ -7,26 +7,25 @@ bool parse_raw_packet_to_simple_packet(u_char* buffer, int len, simple_packet_t&
struct pfring_pkthdr packet_header;
memset(&packet_header, 0, sizeof(packet_header));
packet_header.len = len;
packet_header.len = len;
packet_header.caplen = len;
// We do not calculate timestamps because timestamping is very CPU intensive operation:
// https://github.com/ntop/PF_RING/issues/9
u_int8_t timestamp = 0;
u_int8_t add_hash = 0;
u_int8_t add_hash = 0;
fastnetmon_parse_pkt((u_char*)buffer, &packet_header, 4, timestamp, add_hash);
// char print_buffer[512];
// fastnetmon_print_parsed_pkt(print_buffer, 512, (u_char*)buffer, &packet_header);
// logger.info("%s", print_buffer);
if (packet_header.extended_hdr.parsed_pkt.ip_version != 4 &&
packet_header.extended_hdr.parsed_pkt.ip_version != 6) {
if (packet_header.extended_hdr.parsed_pkt.ip_version != 4 && packet_header.extended_hdr.parsed_pkt.ip_version != 6) {
return false;
}
// We need this for deep packet inspection
packet.packet_payload_length = len;
packet.packet_payload_length = len;
packet.packet_payload_pointer = (void*)buffer;
packet.ip_protocol_version = packet_header.extended_hdr.parsed_pkt.ip_version;
@ -43,7 +42,7 @@ bool parse_raw_packet_to_simple_packet(u_char* buffer, int len, simple_packet_t&
memcpy(packet.dst_ipv6.s6_addr, packet_header.extended_hdr.parsed_pkt.ip_dst.v6.s6_addr, 16);
}
packet.source_port = packet_header.extended_hdr.parsed_pkt.l4_src_port;
packet.source_port = packet_header.extended_hdr.parsed_pkt.l4_src_port;
packet.destination_port = packet_header.extended_hdr.parsed_pkt.l4_dst_port;
if (read_packet_length_from_ip_header) {
@ -53,10 +52,10 @@ bool parse_raw_packet_to_simple_packet(u_char* buffer, int len, simple_packet_t&
}
packet.protocol = packet_header.extended_hdr.parsed_pkt.l3_proto;
packet.ts = packet_header.ts;
packet.ts = packet_header.ts;
packet.ip_fragmented = packet_header.extended_hdr.parsed_pkt.ip_fragmented;
packet.ttl = packet_header.extended_hdr.parsed_pkt.ip_ttl;
packet.ttl = packet_header.extended_hdr.parsed_pkt.ip_ttl;
// Copy flags from PF_RING header to our pseudo header
if (packet.protocol == IPPROTO_TCP) {