mirror of
https://github.com/pavel-odintsov/fastnetmon.git
synced 2024-09-21 10:27:13 +00:00
Reformatted code with clang-format
This commit is contained in:
parent
0babd49edc
commit
242703a166
@ -1,6 +1,6 @@
|
||||
netmap_plugin/netmap_includes/net/netmap.h
|
||||
netmap_plugin/netmap_includes/net/netmap_user.h
|
||||
libpatricia/patricia.c
|
||||
libpatricia/patricia.h
|
||||
concurrentqueue.h
|
||||
simple_packet_capnp/simple_packet.capnp.c++
|
||||
simple_packet_capnp/simple_packet.capnp.h
|
||||
build
|
||||
|
@ -3,18 +3,19 @@
|
||||
#include <unordered_map>
|
||||
|
||||
// I keep these declaration here because of following error:
|
||||
// error: there are no arguments to ‘increment_outgoing_counters’ that depend on a template parameter, so a declaration of ‘increment_outgoing_counters’ must be available [-fpermissive]
|
||||
// error: there are no arguments to ‘increment_outgoing_counters’ that depend on a template parameter, so a declaration
|
||||
// of ‘increment_outgoing_counters’ must be available [-fpermissive]
|
||||
// increment_outgoing_counters(counter_ptr, current_packet, sampled_number_of_packets, sampled_number_of_bytes);
|
||||
void increment_incoming_counters(map_element_t* current_element,
|
||||
simple_packet_t& current_packet,
|
||||
uint64_t sampled_number_of_packets,
|
||||
uint64_t sampled_number_of_bytes);
|
||||
simple_packet_t& current_packet,
|
||||
uint64_t sampled_number_of_packets,
|
||||
uint64_t sampled_number_of_bytes);
|
||||
|
||||
void build_speed_counters_from_packet_counters(map_element_t& new_speed_element, map_element_t* vector_itr, double speed_calc_period);
|
||||
void increment_outgoing_counters(map_element_t* current_element,
|
||||
simple_packet_t& current_packet,
|
||||
uint64_t sampled_number_of_packets,
|
||||
uint64_t sampled_number_of_bytes);
|
||||
simple_packet_t& current_packet,
|
||||
uint64_t sampled_number_of_packets,
|
||||
uint64_t sampled_number_of_bytes);
|
||||
void build_average_speed_counters_from_speed_counters(map_element_t* current_average_speed_element,
|
||||
map_element_t& new_speed_element,
|
||||
double exp_value,
|
||||
@ -151,4 +152,3 @@ template <typename T> class abstract_subnet_counters_t {
|
||||
TrafficComparatorClass<std::pair<T, subnet_counter_t>>(sort_direction, sorter_type));
|
||||
}
|
||||
};
|
||||
|
||||
|
@ -19,20 +19,16 @@ extern bool exabgp_announce_whole_subnet;
|
||||
extern log4cpp::Category& logger;
|
||||
|
||||
// Low level ExaBGP ban management
|
||||
void exabgp_prefix_ban_manage(std::string action,
|
||||
std::string prefix_as_string_with_mask,
|
||||
std::string exabgp_next_hop,
|
||||
std::string exabgp_community) {
|
||||
void exabgp_prefix_ban_manage(std::string action, std::string prefix_as_string_with_mask, std::string exabgp_next_hop, std::string exabgp_community) {
|
||||
|
||||
/* Buffer for BGP message */
|
||||
char bgp_message[256];
|
||||
|
||||
if (action == "ban") {
|
||||
sprintf(bgp_message, "announce route %s next-hop %s community %s\n",
|
||||
prefix_as_string_with_mask.c_str(), exabgp_next_hop.c_str(), exabgp_community.c_str());
|
||||
sprintf(bgp_message, "announce route %s next-hop %s community %s\n", prefix_as_string_with_mask.c_str(),
|
||||
exabgp_next_hop.c_str(), exabgp_community.c_str());
|
||||
} else {
|
||||
sprintf(bgp_message, "withdraw route %s next-hop %s\n", prefix_as_string_with_mask.c_str(),
|
||||
exabgp_next_hop.c_str());
|
||||
sprintf(bgp_message, "withdraw route %s next-hop %s\n", prefix_as_string_with_mask.c_str(), exabgp_next_hop.c_str());
|
||||
}
|
||||
|
||||
logger << log4cpp::Priority::INFO << "ExaBGP announce message: " << bgp_message;
|
||||
@ -40,8 +36,7 @@ void exabgp_prefix_ban_manage(std::string action,
|
||||
int exabgp_pipe = open(exabgp_command_pipe.c_str(), O_WRONLY);
|
||||
|
||||
if (exabgp_pipe <= 0) {
|
||||
logger << log4cpp::Priority::ERROR << "Can't open ExaBGP pipe " << exabgp_command_pipe
|
||||
<< " Ban is not executed";
|
||||
logger << log4cpp::Priority::ERROR << "Can't open ExaBGP pipe " << exabgp_command_pipe << " Ban is not executed";
|
||||
return;
|
||||
}
|
||||
|
||||
@ -100,5 +95,3 @@ bool exabgp_flow_spec_ban_manage(std::string action, std::string flow_spec_rule_
|
||||
close(exabgp_pipe);
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
#include <string>
|
||||
#include "../fastnetmon_types.h"
|
||||
#include <string>
|
||||
|
||||
void exabgp_ban_manage(std::string action, std::string ip_as_string, attack_details_t current_attack);
|
||||
bool exabgp_flow_spec_ban_manage(std::string action, std::string flow_spec_rule_as_text);
|
||||
|
@ -37,15 +37,15 @@ class GrpcClient {
|
||||
}
|
||||
|
||||
bool AnnounceUnicastPrefixIPv4(std::string announced_address,
|
||||
std::string announced_prefix_nexthop,
|
||||
bool is_withdrawal,
|
||||
unsigned int cidr_mask,
|
||||
uint32_t community_as_32bit_int) {
|
||||
std::string announced_prefix_nexthop,
|
||||
bool is_withdrawal,
|
||||
unsigned int cidr_mask,
|
||||
uint32_t community_as_32bit_int) {
|
||||
grpc::ClientContext context;
|
||||
|
||||
// Set timeout for API
|
||||
std::chrono::system_clock::time_point deadline =
|
||||
std::chrono::system_clock::now() + std::chrono::seconds(gobgp_client_connection_timeout);
|
||||
std::chrono::system_clock::now() + std::chrono::seconds(gobgp_client_connection_timeout);
|
||||
context.set_deadline(deadline);
|
||||
|
||||
auto gobgp_ipv4_unicast_route_family = new gobgpapi::Family;
|
||||
@ -85,7 +85,7 @@ class GrpcClient {
|
||||
current_next_hop->PackFrom(current_next_hop_t);
|
||||
|
||||
// Updating CommunitiesAttribute for current_path
|
||||
google::protobuf::Any *current_communities = current_path->add_pattrs();
|
||||
google::protobuf::Any* current_communities = current_path->add_pattrs();
|
||||
gobgpapi::CommunitiesAttribute current_communities_t;
|
||||
current_communities_t.add_communities(community_as_32bit_int);
|
||||
current_communities->PackFrom(current_communities_t);
|
||||
@ -98,8 +98,7 @@ class GrpcClient {
|
||||
auto status = stub_->AddPath(&context, request, &response);
|
||||
|
||||
if (!status.ok()) {
|
||||
logger << log4cpp::Priority::ERROR
|
||||
<< "AddPath request to BGP daemon failed with code: " << status.error_code()
|
||||
logger << log4cpp::Priority::ERROR << "AddPath request to BGP daemon failed with code: " << status.error_code()
|
||||
<< " message " << status.error_message();
|
||||
|
||||
return false;
|
||||
@ -109,15 +108,15 @@ class GrpcClient {
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AnnounceUnicastPrefixIPv6(const subnet_ipv6_cidr_mask_t& client_ipv6,
|
||||
const subnet_ipv6_cidr_mask_t& ipv6_next_hop,
|
||||
bool is_withdrawal,
|
||||
uint32_t community_as_32bit_int) {
|
||||
bool AnnounceUnicastPrefixIPv6(const subnet_ipv6_cidr_mask_t& client_ipv6,
|
||||
const subnet_ipv6_cidr_mask_t& ipv6_next_hop,
|
||||
bool is_withdrawal,
|
||||
uint32_t community_as_32bit_int) {
|
||||
grpc::ClientContext context;
|
||||
|
||||
// Set timeout for API
|
||||
std::chrono::system_clock::time_point deadline =
|
||||
std::chrono::system_clock::now() + std::chrono::seconds(gobgp_client_connection_timeout);
|
||||
std::chrono::system_clock::now() + std::chrono::seconds(gobgp_client_connection_timeout);
|
||||
context.set_deadline(deadline);
|
||||
|
||||
auto gobgp_ipv6_unicast_route_family = new gobgpapi::Family;
|
||||
@ -153,11 +152,11 @@ class GrpcClient {
|
||||
// Updating NextHopAttribute info for current_path
|
||||
google::protobuf::Any* current_next_hop = current_path->add_pattrs();
|
||||
gobgpapi::NextHopAttribute current_next_hop_t;
|
||||
current_next_hop_t.set_next_hop(print_ipv6_address(ipv6_next_hop.subnet_address));
|
||||
current_next_hop_t.set_next_hop(print_ipv6_address(ipv6_next_hop.subnet_address));
|
||||
current_next_hop->PackFrom(current_next_hop_t);
|
||||
|
||||
// Updating CommunitiesAttribute for current_path
|
||||
google::protobuf::Any *current_communities = current_path->add_pattrs();
|
||||
google::protobuf::Any* current_communities = current_path->add_pattrs();
|
||||
gobgpapi::CommunitiesAttribute current_communities_t;
|
||||
current_communities_t.add_communities(community_as_32bit_int);
|
||||
current_communities->PackFrom(current_communities_t);
|
||||
@ -170,8 +169,7 @@ class GrpcClient {
|
||||
auto status = stub_->AddPath(&context, request, &response);
|
||||
|
||||
if (!status.ok()) {
|
||||
logger << log4cpp::Priority::ERROR
|
||||
<< "AddPath request to BGP daemon failed with code: " << status.error_code()
|
||||
logger << log4cpp::Priority::ERROR << "AddPath request to BGP daemon failed with code: " << status.error_code()
|
||||
<< " message " << status.error_message();
|
||||
|
||||
return false;
|
||||
@ -186,27 +184,27 @@ class GrpcClient {
|
||||
std::unique_ptr<GobgpApi::Stub> stub_;
|
||||
};
|
||||
|
||||
GrpcClient* gobgp_client = NULL;
|
||||
std::string gobgp_nexthop = "0.0.0.0";
|
||||
GrpcClient* gobgp_client = NULL;
|
||||
std::string gobgp_nexthop = "0.0.0.0";
|
||||
bool gobgp_announce_whole_subnet = false;
|
||||
bool gobgp_announce_host = false;
|
||||
bool gobgp_announce_host = false;
|
||||
|
||||
bgp_community_attribute_element_t bgp_community_host;
|
||||
bgp_community_attribute_element_t bgp_community_subnet;
|
||||
|
||||
// IPv6
|
||||
bool gobgp_announce_whole_subnet_ipv6 = false;
|
||||
bool gobgp_announce_host_ipv6 = false;
|
||||
bool gobgp_announce_host_ipv6 = false;
|
||||
|
||||
bgp_community_attribute_element_t bgp_community_host_ipv6;
|
||||
bgp_community_attribute_element_t bgp_community_subnet_ipv6;;
|
||||
bgp_community_attribute_element_t bgp_community_subnet_ipv6;
|
||||
;
|
||||
|
||||
subnet_ipv6_cidr_mask_t ipv6_next_hop;
|
||||
|
||||
void gobgp_action_init() {
|
||||
logger << log4cpp::Priority::INFO << "GoBGP action module loaded";
|
||||
gobgp_client =
|
||||
new GrpcClient(grpc::CreateChannel("localhost:50051", grpc::InsecureChannelCredentials()));
|
||||
gobgp_client = new GrpcClient(grpc::CreateChannel("localhost:50051", grpc::InsecureChannelCredentials()));
|
||||
|
||||
if (configuration_map.count("gobgp_next_hop")) {
|
||||
gobgp_nexthop = configuration_map["gobgp_next_hop"];
|
||||
@ -221,7 +219,8 @@ void gobgp_action_init() {
|
||||
read_ipv6_host_from_string(configuration_map["gobgp_next_hop_ipv6"], ipv6_next_hop.subnet_address);
|
||||
|
||||
if (!parsed_next_hop_result) {
|
||||
logger << log4cpp::Priority::ERROR << "Can't parse specified IPv6 next hop to IPv6 address: " << configuration_map["gobgp_next_hop_ipv6"];
|
||||
logger << log4cpp::Priority::ERROR
|
||||
<< "Can't parse specified IPv6 next hop to IPv6 address: " << configuration_map["gobgp_next_hop_ipv6"];
|
||||
}
|
||||
}
|
||||
|
||||
@ -245,53 +244,61 @@ void gobgp_action_init() {
|
||||
|
||||
|
||||
// Set them to safe defaults
|
||||
bgp_community_host.asn_number = 65001;
|
||||
bgp_community_host.asn_number = 65001;
|
||||
bgp_community_host.community_number = 666;
|
||||
|
||||
if (configuration_map.count("gobgp_community_host")) {
|
||||
if (!read_bgp_community_from_string(configuration_map["gobgp_community_host"], bgp_community_host)) {
|
||||
logger << log4cpp::Priority::ERROR << "Cannot parse GoBGP community for host " << configuration_map["gobgp_community_host"];
|
||||
logger << log4cpp::Priority::ERROR << "Cannot parse GoBGP community for host "
|
||||
<< configuration_map["gobgp_community_host"];
|
||||
}
|
||||
}
|
||||
|
||||
logger << log4cpp::Priority::INFO << "GoBGP host IPv4 community: " << bgp_community_host.asn_number << ":" << bgp_community_host.community_number;
|
||||
logger << log4cpp::Priority::INFO << "GoBGP host IPv4 community: " << bgp_community_host.asn_number << ":"
|
||||
<< bgp_community_host.community_number;
|
||||
|
||||
// Set them to safe defaults
|
||||
bgp_community_subnet.asn_number = 65001;
|
||||
bgp_community_subnet.asn_number = 65001;
|
||||
bgp_community_subnet.community_number = 666;
|
||||
|
||||
if (configuration_map.count("gobgp_community_subnet")) {
|
||||
if (!read_bgp_community_from_string(configuration_map["gobgp_community_subnet"], bgp_community_subnet)) {
|
||||
logger << log4cpp::Priority::ERROR << "Cannot parse GoBGP community for subnet " << configuration_map["gobgp_community_subnet"];
|
||||
logger << log4cpp::Priority::ERROR << "Cannot parse GoBGP community for subnet "
|
||||
<< configuration_map["gobgp_community_subnet"];
|
||||
}
|
||||
}
|
||||
|
||||
logger << log4cpp::Priority::INFO << "GoBGP subnet IPv4 community: " << bgp_community_subnet.asn_number << ":" << bgp_community_subnet.community_number;
|
||||
logger << log4cpp::Priority::INFO << "GoBGP subnet IPv4 community: " << bgp_community_subnet.asn_number << ":"
|
||||
<< bgp_community_subnet.community_number;
|
||||
|
||||
// IPv6 communities
|
||||
bgp_community_host_ipv6.asn_number = 65001;
|
||||
bgp_community_host_ipv6.asn_number = 65001;
|
||||
bgp_community_host_ipv6.community_number = 666;
|
||||
|
||||
if (configuration_map.count("gobgp_community_host_ipv6")) {
|
||||
if (!read_bgp_community_from_string(configuration_map["gobgp_community_host_ipv6"], bgp_community_host_ipv6)) {
|
||||
logger << log4cpp::Priority::ERROR << "Cannot parse GoBGP community for IPv6 host " << configuration_map["gobgp_community_host_ipv6"];
|
||||
logger << log4cpp::Priority::ERROR << "Cannot parse GoBGP community for IPv6 host "
|
||||
<< configuration_map["gobgp_community_host_ipv6"];
|
||||
}
|
||||
}
|
||||
|
||||
logger << log4cpp::Priority::INFO << "GoBGP host IPv6 community: " << bgp_community_host_ipv6.asn_number << ":" << bgp_community_host_ipv6.community_number;
|
||||
logger << log4cpp::Priority::INFO << "GoBGP host IPv6 community: " << bgp_community_host_ipv6.asn_number << ":"
|
||||
<< bgp_community_host_ipv6.community_number;
|
||||
|
||||
// Set them to safe defaults
|
||||
bgp_community_subnet_ipv6.asn_number = 65001;
|
||||
bgp_community_subnet_ipv6.asn_number = 65001;
|
||||
bgp_community_subnet_ipv6.community_number = 666;
|
||||
|
||||
|
||||
if (configuration_map.count("gobgp_community_subnet_ipv6")) {
|
||||
if (!read_bgp_community_from_string(configuration_map["gobgp_community_subnet_ipv6"], bgp_community_subnet_ipv6)) {
|
||||
logger << log4cpp::Priority::ERROR << "Cannot parse GoBGP community for IPv6 subnet " << configuration_map["gobgp_community_subnet_ipv6"];
|
||||
logger << log4cpp::Priority::ERROR << "Cannot parse GoBGP community for IPv6 subnet "
|
||||
<< configuration_map["gobgp_community_subnet_ipv6"];
|
||||
}
|
||||
}
|
||||
|
||||
logger << log4cpp::Priority::INFO << "GoBGP subnet IPv6 community: " << bgp_community_subnet_ipv6.asn_number << ":" << bgp_community_subnet_ipv6.community_number;
|
||||
logger << log4cpp::Priority::INFO << "GoBGP subnet IPv6 community: " << bgp_community_subnet_ipv6.asn_number << ":"
|
||||
<< bgp_community_subnet_ipv6.community_number;
|
||||
}
|
||||
|
||||
void gobgp_action_shutdown() {
|
||||
@ -305,10 +312,10 @@ void gobgp_ban_manage(std::string action, bool ipv6, std::string ip_as_string, s
|
||||
|
||||
if (action == "ban") {
|
||||
is_withdrawal = false;
|
||||
action_name = "announce";
|
||||
action_name = "announce";
|
||||
} else {
|
||||
is_withdrawal = true;
|
||||
action_name = "withdraw";
|
||||
action_name = "withdraw";
|
||||
}
|
||||
|
||||
if (ipv6) {
|
||||
@ -318,7 +325,8 @@ void gobgp_ban_manage(std::string action, bool ipv6, std::string ip_as_string, s
|
||||
|
||||
if (gobgp_announce_host_ipv6) {
|
||||
logger << log4cpp::Priority::INFO << action_name << " " << print_ipv6_cidr_subnet(client_ipv6) << " to GoBGP";
|
||||
uint32_t community_as_32bit_int = uint32_t(bgp_community_host_ipv6.asn_number << 16 | bgp_community_host_ipv6.community_number);
|
||||
uint32_t community_as_32bit_int =
|
||||
uint32_t(bgp_community_host_ipv6.asn_number << 16 | bgp_community_host_ipv6.community_number);
|
||||
|
||||
gobgp_client->AnnounceUnicastPrefixIPv6(client_ipv6, ipv6_next_hop, is_withdrawal, community_as_32bit_int);
|
||||
}
|
||||
@ -329,12 +337,12 @@ void gobgp_ban_manage(std::string action, bool ipv6, std::string ip_as_string, s
|
||||
<< convert_subnet_to_string(current_attack.customer_network) << " to GoBGP";
|
||||
|
||||
// https://github.com/osrg/gobgp/blob/0aff30a74216f499b8abfabc50016b041b319749/internal/pkg/table/policy_test.go#L2870
|
||||
uint32_t community_as_32bit_int = uint32_t(bgp_community_subnet.asn_number << 16 | bgp_community_subnet.community_number);
|
||||
uint32_t community_as_32bit_int =
|
||||
uint32_t(bgp_community_subnet.asn_number << 16 | bgp_community_subnet.community_number);
|
||||
|
||||
gobgp_client->AnnounceUnicastPrefixIPv4(convert_ip_as_uint_to_string(
|
||||
current_attack.customer_network.subnet_address),
|
||||
gobgp_nexthop, is_withdrawal,
|
||||
current_attack.customer_network.cidr_prefix_length, community_as_32bit_int);
|
||||
gobgp_client->AnnounceUnicastPrefixIPv4(convert_ip_as_uint_to_string(current_attack.customer_network.subnet_address),
|
||||
gobgp_nexthop, is_withdrawal,
|
||||
current_attack.customer_network.cidr_prefix_length, community_as_32bit_int);
|
||||
}
|
||||
|
||||
if (gobgp_announce_host) {
|
||||
|
@ -111,7 +111,7 @@ void flush_block(struct block_desc* pbd) {
|
||||
}
|
||||
|
||||
void walk_block(struct block_desc* pbd, const int block_num) {
|
||||
int num_pkts = pbd->h1.num_pkts, i;
|
||||
int num_pkts = pbd->h1.num_pkts, i;
|
||||
unsigned long bytes = 0;
|
||||
struct tpacket3_hdr* ppd;
|
||||
|
||||
@ -124,11 +124,11 @@ void walk_block(struct block_desc* pbd, const int block_num) {
|
||||
|
||||
struct pfring_pkthdr packet_header;
|
||||
memset(&packet_header, 0, sizeof(packet_header));
|
||||
packet_header.len = ppd->tp_snaplen;
|
||||
packet_header.len = ppd->tp_snaplen;
|
||||
packet_header.caplen = ppd->tp_snaplen;
|
||||
|
||||
u_int8_t timestamp = 0;
|
||||
u_int8_t add_hash = 0;
|
||||
u_int8_t add_hash = 0;
|
||||
|
||||
u_char* data_pointer = (u_char*)((uint8_t*)ppd + ppd->tp_mac);
|
||||
|
||||
@ -169,9 +169,8 @@ bool setup_socket(std::string interface_name, bool enable_fanout, int fanout_gro
|
||||
}
|
||||
|
||||
// We whould use V3 bcause it could read/pool in per block basis instead per packet
|
||||
int version = TPACKET_V3;
|
||||
int setsockopt_packet_version =
|
||||
setsockopt(packet_socket, SOL_PACKET, PACKET_VERSION, &version, sizeof(version));
|
||||
int version = TPACKET_V3;
|
||||
int setsockopt_packet_version = setsockopt(packet_socket, SOL_PACKET, PACKET_VERSION, &version, sizeof(version));
|
||||
|
||||
if (setsockopt_packet_version < 0) {
|
||||
logger << log4cpp::Priority::ERROR << "Can't set packet v3 version";
|
||||
@ -180,8 +179,7 @@ bool setup_socket(std::string interface_name, bool enable_fanout, int fanout_gro
|
||||
|
||||
int interface_number = 0;
|
||||
|
||||
bool get_interface_number_result =
|
||||
get_interface_number_by_device_name(packet_socket, interface_name, interface_number);
|
||||
bool get_interface_number_result = get_interface_number_by_device_name(packet_socket, interface_name, interface_number);
|
||||
|
||||
if (!get_interface_number_result) {
|
||||
logger << log4cpp::Priority::ERROR << "Can't get interface number by interface name for " << interface_name;
|
||||
@ -191,11 +189,10 @@ bool setup_socket(std::string interface_name, bool enable_fanout, int fanout_gro
|
||||
// Switch to PROMISC mode
|
||||
struct packet_mreq sock_params;
|
||||
memset(&sock_params, 0, sizeof(sock_params));
|
||||
sock_params.mr_type = PACKET_MR_PROMISC;
|
||||
sock_params.mr_type = PACKET_MR_PROMISC;
|
||||
sock_params.mr_ifindex = interface_number;
|
||||
|
||||
int set_promisc = setsockopt(packet_socket, SOL_PACKET, PACKET_ADD_MEMBERSHIP,
|
||||
(void*)&sock_params, sizeof(sock_params));
|
||||
int set_promisc = setsockopt(packet_socket, SOL_PACKET, PACKET_ADD_MEMBERSHIP, (void*)&sock_params, sizeof(sock_params));
|
||||
|
||||
if (set_promisc == -1) {
|
||||
logger << log4cpp::Priority::ERROR << "Can't enable promisc mode";
|
||||
@ -205,9 +202,9 @@ bool setup_socket(std::string interface_name, bool enable_fanout, int fanout_gro
|
||||
struct sockaddr_ll bind_address;
|
||||
memset(&bind_address, 0, sizeof(bind_address));
|
||||
|
||||
bind_address.sll_family = AF_PACKET;
|
||||
bind_address.sll_family = AF_PACKET;
|
||||
bind_address.sll_protocol = htons(ETH_P_ALL);
|
||||
bind_address.sll_ifindex = interface_number;
|
||||
bind_address.sll_ifindex = interface_number;
|
||||
|
||||
// We will follow http://yusufonlinux.blogspot.ru/2010/11/data-link-access-and-zero-copy.html
|
||||
// And this: https://www.kernel.org/doc/Documentation/networking/packet_mmap.txt
|
||||
@ -217,10 +214,10 @@ bool setup_socket(std::string interface_name, bool enable_fanout, int fanout_gro
|
||||
|
||||
req.tp_block_size = blocksiz;
|
||||
req.tp_frame_size = framesiz;
|
||||
req.tp_block_nr = blocknum;
|
||||
req.tp_frame_nr = (blocksiz * blocknum) / framesiz;
|
||||
req.tp_block_nr = blocknum;
|
||||
req.tp_frame_nr = (blocksiz * blocknum) / framesiz;
|
||||
|
||||
req.tp_retire_blk_tov = 60; // Timeout in msec
|
||||
req.tp_retire_blk_tov = 60; // Timeout in msec
|
||||
req.tp_feature_req_word = TP_FT_REQ_FILL_RXHASH;
|
||||
|
||||
int setsockopt_rx_ring = setsockopt(packet_socket, SOL_PACKET, PACKET_RX_RING, (void*)&req, sizeof(req));
|
||||
@ -232,7 +229,7 @@ bool setup_socket(std::string interface_name, bool enable_fanout, int fanout_gro
|
||||
|
||||
// We use per thread structures
|
||||
uint8_t* mapped_buffer = NULL;
|
||||
struct iovec* rd = NULL;
|
||||
struct iovec* rd = NULL;
|
||||
|
||||
mapped_buffer = (uint8_t*)mmap(NULL, req.tp_block_size * req.tp_block_nr, PROT_READ | PROT_WRITE,
|
||||
MAP_SHARED | MAP_LOCKED, packet_socket, 0);
|
||||
@ -248,7 +245,7 @@ bool setup_socket(std::string interface_name, bool enable_fanout, int fanout_gro
|
||||
// Initilize iov structures
|
||||
for (int i = 0; i < req.tp_block_nr; ++i) {
|
||||
rd[i].iov_base = mapped_buffer + (i * req.tp_block_size);
|
||||
rd[i].iov_len = req.tp_block_size;
|
||||
rd[i].iov_len = req.tp_block_size;
|
||||
}
|
||||
|
||||
int bind_result = bind(packet_socket, (struct sockaddr*)&bind_address, sizeof(bind_address));
|
||||
@ -261,8 +258,7 @@ bool setup_socket(std::string interface_name, bool enable_fanout, int fanout_gro
|
||||
if (enable_fanout) {
|
||||
int fanout_arg = (fanout_group_id | (fanout_type << 16));
|
||||
|
||||
int setsockopt_fanout =
|
||||
setsockopt(packet_socket, SOL_PACKET, PACKET_FANOUT, &fanout_arg, sizeof(fanout_arg));
|
||||
int setsockopt_fanout = setsockopt(packet_socket, SOL_PACKET, PACKET_FANOUT, &fanout_arg, sizeof(fanout_arg));
|
||||
|
||||
if (setsockopt_fanout < 0) {
|
||||
logger << log4cpp::Priority::ERROR << "Can't configure fanout error number: " << errno
|
||||
@ -276,8 +272,8 @@ bool setup_socket(std::string interface_name, bool enable_fanout, int fanout_gro
|
||||
struct pollfd pfd;
|
||||
memset(&pfd, 0, sizeof(pfd));
|
||||
|
||||
pfd.fd = packet_socket;
|
||||
pfd.events = POLLIN | POLLERR;
|
||||
pfd.fd = packet_socket;
|
||||
pfd.events = POLLIN | POLLERR;
|
||||
pfd.revents = 0;
|
||||
|
||||
while (true) {
|
||||
@ -316,8 +312,7 @@ void start_afpacket_collection(process_packet_pointer func_ptr) {
|
||||
logger.info("We have %d cpus for AF_PACKET", num_cpus);
|
||||
|
||||
if (configuration_map.count("af_packet_read_packet_length_from_ip_header") != 0) {
|
||||
afpacket_read_packet_length_from_ip_header =
|
||||
configuration_map["af_packet_read_packet_length_from_ip_header"] == "on";
|
||||
afpacket_read_packet_length_from_ip_header = configuration_map["af_packet_read_packet_length_from_ip_header"] == "on";
|
||||
}
|
||||
|
||||
std::string interfaces_list = "";
|
||||
@ -328,7 +323,7 @@ void start_afpacket_collection(process_packet_pointer func_ptr) {
|
||||
|
||||
if (configuration_map.count("mirror_af_packet_custom_sampling_rate") != 0) {
|
||||
mirror_af_packet_custom_sampling_rate =
|
||||
convert_string_to_integer(configuration_map["mirror_af_packet_custom_sampling_rate"]);
|
||||
convert_string_to_integer(configuration_map["mirror_af_packet_custom_sampling_rate"]);
|
||||
}
|
||||
|
||||
if (configuration_map.count("mirror_af_packet_fanout_mode") != 0) {
|
||||
@ -339,8 +334,7 @@ void start_afpacket_collection(process_packet_pointer func_ptr) {
|
||||
std::vector<std::string> interfaces_for_listen;
|
||||
boost::split(interfaces_for_listen, interfaces_list, boost::is_any_of(","), boost::token_compress_on);
|
||||
|
||||
logger << log4cpp::Priority::INFO << "AF_PACKET will listen on " << interfaces_for_listen.size()
|
||||
<< " interfaces";
|
||||
logger << log4cpp::Priority::INFO << "AF_PACKET will listen on " << interfaces_for_listen.size() << " interfaces";
|
||||
|
||||
if (interfaces_for_listen.size() == 0) {
|
||||
logger << log4cpp::Priority::ERROR << "Please specify intreface for AF_PACKET";
|
||||
@ -364,7 +358,7 @@ void start_afpacket_collection(process_packet_pointer func_ptr) {
|
||||
logger << log4cpp::Priority::INFO << "AF_PACKET will listen on " << capture_interface << " interface";
|
||||
|
||||
boost::thread* af_packet_interface_thread =
|
||||
new boost::thread(start_af_packet_capture_for_interface, capture_interface, fanout_group_id, num_cpus);
|
||||
new boost::thread(start_af_packet_capture_for_interface, capture_interface, fanout_group_id, num_cpus);
|
||||
|
||||
af_packet_main_threads.add_thread(af_packet_interface_thread);
|
||||
}
|
||||
@ -400,7 +394,7 @@ void start_af_packet_capture_for_interface(std::string capture_interface, int fa
|
||||
CPU_SET(cpu_to_bind, ¤t_cpu_set);
|
||||
|
||||
int set_affinity_result =
|
||||
pthread_attr_setaffinity_np(thread_attrs.native_handle(), sizeof(cpu_set_t), ¤t_cpu_set);
|
||||
pthread_attr_setaffinity_np(thread_attrs.native_handle(), sizeof(cpu_set_t), ¤t_cpu_set);
|
||||
|
||||
if (set_affinity_result != 0) {
|
||||
logger << log4cpp::Priority::ERROR << "Can't set CPU affinity for thread";
|
||||
@ -410,15 +404,14 @@ void start_af_packet_capture_for_interface(std::string capture_interface, int fa
|
||||
bool fanout = true;
|
||||
|
||||
packet_receiver_thread_group.add_thread(
|
||||
new boost::thread(thread_attrs, boost::bind(start_af_packet_capture, capture_interface,
|
||||
fanout, fanout_group_id)));
|
||||
new boost::thread(thread_attrs, boost::bind(start_af_packet_capture, capture_interface, fanout, fanout_group_id)));
|
||||
#else
|
||||
bool fanout = true;
|
||||
|
||||
logger.error("Sorry but CPU affinity did not supported for your platform");
|
||||
|
||||
packet_receiver_thread_group.add_thread(
|
||||
new boost::thread(start_af_packet_capture, capture_interface, fanout, fanout_group_id));
|
||||
new boost::thread(start_af_packet_capture, capture_interface, fanout, fanout_group_id));
|
||||
#endif
|
||||
}
|
||||
|
||||
|
17
src/api.hpp
17
src/api.hpp
@ -1,7 +1,7 @@
|
||||
|
||||
Status FastnetmonApiServiceImpl::GetBanlist(::grpc::ServerContext* context,
|
||||
const ::fastmitigation::BanListRequest* request,
|
||||
::grpc::ServerWriter< ::fastmitigation::BanListReply>* writer) {
|
||||
const ::fastmitigation::BanListRequest* request,
|
||||
::grpc::ServerWriter<::fastmitigation::BanListReply>* writer) {
|
||||
logger << log4cpp::Priority::INFO << "API we asked for banlist";
|
||||
|
||||
for (std::map<uint32_t, banlist_item_t>::iterator itr = ban_list.begin(); itr != ban_list.end(); ++itr) {
|
||||
@ -21,7 +21,7 @@ Status FastnetmonApiServiceImpl::GetBanlist(::grpc::ServerContext* context,
|
||||
|
||||
for (auto itr : ban_list_copy) {
|
||||
BanListReply reply;
|
||||
reply.set_ip_address( print_ipv6_cidr_subnet(itr.first) );
|
||||
reply.set_ip_address(print_ipv6_cidr_subnet(itr.first));
|
||||
writer->Write(reply);
|
||||
}
|
||||
|
||||
@ -29,8 +29,8 @@ Status FastnetmonApiServiceImpl::GetBanlist(::grpc::ServerContext* context,
|
||||
}
|
||||
|
||||
Status FastnetmonApiServiceImpl::ExecuteBan(ServerContext* context,
|
||||
const fastmitigation::ExecuteBanRequest* request,
|
||||
fastmitigation::ExecuteBanReply* reply) {
|
||||
const fastmitigation::ExecuteBanRequest* request,
|
||||
fastmitigation::ExecuteBanReply* reply) {
|
||||
logger << log4cpp::Priority::INFO << "API we asked for ban for IP: " << request->ip_address();
|
||||
|
||||
if (!validate_ipv6_or_ipv4_host(request->ip_address())) {
|
||||
@ -88,14 +88,15 @@ Status FastnetmonApiServiceImpl::ExecuteBan(ServerContext* context,
|
||||
}
|
||||
|
||||
logger << log4cpp::Priority::INFO << "API call ban handlers manually";
|
||||
call_ban_handlers(client_ip, ipv6_address, ipv6, current_attack, flow_attack_details, attack_detection_source_t::Automatic, "", empty_simple_packets_buffer);
|
||||
call_ban_handlers(client_ip, ipv6_address, ipv6, current_attack, flow_attack_details,
|
||||
attack_detection_source_t::Automatic, "", empty_simple_packets_buffer);
|
||||
|
||||
return Status::OK;
|
||||
}
|
||||
|
||||
Status FastnetmonApiServiceImpl::ExecuteUnBan(ServerContext* context,
|
||||
const fastmitigation::ExecuteBanRequest* request,
|
||||
fastmitigation::ExecuteBanReply* reply) {
|
||||
const fastmitigation::ExecuteBanRequest* request,
|
||||
fastmitigation::ExecuteBanReply* reply) {
|
||||
logger << log4cpp::Priority::INFO << "API: We asked for unban for IP: " << request->ip_address();
|
||||
|
||||
if (!validate_ipv6_or_ipv4_host(request->ip_address())) {
|
||||
|
@ -116,6 +116,3 @@ template <typename TemplateKeyType> class blackhole_ban_list_t {
|
||||
std::map<TemplateKeyType, banlist_item_t> ban_list_storage;
|
||||
std::mutex structure_mutex;
|
||||
};
|
||||
|
||||
|
||||
|
||||
|
@ -114,4 +114,3 @@ bool is_bgp_community_valid(std::string community_as_string) {
|
||||
|
||||
return read_bgp_community_from_string(community_as_string, bgp_community_attribute_element);
|
||||
}
|
||||
|
||||
|
@ -8,8 +8,7 @@
|
||||
#include "fastnetmon_types.h"
|
||||
|
||||
// Helper for serialization by comma
|
||||
template <typename T>
|
||||
std::string serialize_vector_by_string(const std::vector<T> vect, std::string delimiter) {
|
||||
template <typename T> std::string serialize_vector_by_string(const std::vector<T> vect, std::string delimiter) {
|
||||
std::ostringstream output_buffer;
|
||||
|
||||
std::copy(vect.begin(), vect.end() - 1, std::ostream_iterator<T>(output_buffer, delimiter.c_str()));
|
||||
@ -19,8 +18,7 @@ std::string serialize_vector_by_string(const std::vector<T> vect, std::string de
|
||||
}
|
||||
|
||||
template <typename T>
|
||||
std::string
|
||||
serialize_vector_by_string_with_prefix(const std::vector<T> vect, std::string delimiter, std::string prefix) {
|
||||
std::string serialize_vector_by_string_with_prefix(const std::vector<T> vect, std::string delimiter, std::string prefix) {
|
||||
std::vector<std::string> elements_with_prefix;
|
||||
|
||||
for (typename std::vector<T>::const_iterator itr = vect.begin(); itr != vect.end(); ++itr) {
|
||||
@ -91,7 +89,7 @@ class bgp_flow_spec_action_t {
|
||||
public:
|
||||
bgp_flow_spec_action_t() {
|
||||
this->action_type = FLOW_SPEC_ACTION_ACCEPT;
|
||||
this->rate_limit = 9600;
|
||||
this->rate_limit = 9600;
|
||||
|
||||
sentence_separator = ";";
|
||||
}
|
||||
@ -134,7 +132,7 @@ class flow_spec_rule_t {
|
||||
public:
|
||||
flow_spec_rule_t() {
|
||||
// We should explidictly initialize it!
|
||||
source_subnet_used = false;
|
||||
source_subnet_used = false;
|
||||
destination_subnet_used = false;
|
||||
}
|
||||
|
||||
@ -147,12 +145,12 @@ class flow_spec_rule_t {
|
||||
}
|
||||
|
||||
void set_source_subnet(subnet_cidr_mask_t source_subnet) {
|
||||
this->source_subnet = source_subnet;
|
||||
this->source_subnet = source_subnet;
|
||||
this->source_subnet_used = true;
|
||||
}
|
||||
|
||||
void set_destination_subnet(subnet_cidr_mask_t destination_subnet) {
|
||||
this->destination_subnet = destination_subnet;
|
||||
this->destination_subnet = destination_subnet;
|
||||
this->destination_subnet_used = true;
|
||||
}
|
||||
|
||||
@ -216,10 +214,10 @@ class flow_spec_rule_t {
|
||||
class exabgp_flow_spec_rule_t : public flow_spec_rule_t {
|
||||
public:
|
||||
exabgp_flow_spec_rule_t() {
|
||||
four_spaces = " ";
|
||||
four_spaces = " ";
|
||||
sentence_separator = ";";
|
||||
|
||||
this->enabled_indents = true;
|
||||
this->enabled_indents = true;
|
||||
this->enble_block_headers = true;
|
||||
}
|
||||
|
||||
@ -230,8 +228,7 @@ class exabgp_flow_spec_rule_t : public flow_spec_rule_t {
|
||||
std::string serialize_source_ports() {
|
||||
std::ostringstream output_buffer;
|
||||
|
||||
output_buffer << "source-port [ "
|
||||
<< serialize_vector_by_string_with_prefix<uint16_t>(this->source_ports, " ", "=")
|
||||
output_buffer << "source-port [ " << serialize_vector_by_string_with_prefix<uint16_t>(this->source_ports, " ", "=")
|
||||
<< " ]" << sentence_separator;
|
||||
|
||||
return output_buffer.str();
|
||||
@ -241,8 +238,8 @@ class exabgp_flow_spec_rule_t : public flow_spec_rule_t {
|
||||
std::ostringstream output_buffer;
|
||||
|
||||
output_buffer << "destination-port [ "
|
||||
<< serialize_vector_by_string_with_prefix<uint16_t>(this->destination_ports, " ", "=")
|
||||
<< " ]" << sentence_separator;
|
||||
<< serialize_vector_by_string_with_prefix<uint16_t>(this->destination_ports, " ", "=") << " ]"
|
||||
<< sentence_separator;
|
||||
|
||||
return output_buffer.str();
|
||||
}
|
||||
@ -250,8 +247,7 @@ class exabgp_flow_spec_rule_t : public flow_spec_rule_t {
|
||||
std::string serialize_packet_lengths() {
|
||||
std::ostringstream output_buffer;
|
||||
|
||||
output_buffer << "packet-length [ "
|
||||
<< serialize_vector_by_string_with_prefix<uint16_t>(this->packet_lengths, " ", "=")
|
||||
output_buffer << "packet-length [ " << serialize_vector_by_string_with_prefix<uint16_t>(this->packet_lengths, " ", "=")
|
||||
<< " ]" << sentence_separator;
|
||||
|
||||
return output_buffer.str();
|
||||
@ -261,16 +257,14 @@ class exabgp_flow_spec_rule_t : public flow_spec_rule_t {
|
||||
std::string serialize_protocols() {
|
||||
std::ostringstream output_buffer;
|
||||
|
||||
output_buffer << "protocol [ " << serialize_vector_by_string(this->protocols, " ") << " ]"
|
||||
<< sentence_separator;
|
||||
output_buffer << "protocol [ " << serialize_vector_by_string(this->protocols, " ") << " ]" << sentence_separator;
|
||||
|
||||
return output_buffer.str();
|
||||
}
|
||||
std::string serialize_fragmentation_flags() {
|
||||
std::ostringstream output_buffer;
|
||||
|
||||
output_buffer << "fragment [ " << serialize_vector_by_string(this->fragmentation_flags, " ")
|
||||
<< " ]" << sentence_separator;
|
||||
output_buffer << "fragment [ " << serialize_vector_by_string(this->fragmentation_flags, " ") << " ]" << sentence_separator;
|
||||
|
||||
return output_buffer.str();
|
||||
}
|
||||
@ -278,8 +272,7 @@ class exabgp_flow_spec_rule_t : public flow_spec_rule_t {
|
||||
std::string serialize_tcp_flags() {
|
||||
std::ostringstream output_buffer;
|
||||
|
||||
output_buffer << "tcp-flags [ " << serialize_vector_by_string(this->tcp_flags, " ") << " ]"
|
||||
<< sentence_separator;
|
||||
output_buffer << "tcp-flags [ " << serialize_vector_by_string(this->tcp_flags, " ") << " ]" << sentence_separator;
|
||||
|
||||
return output_buffer.str();
|
||||
}
|
||||
@ -296,14 +289,14 @@ class exabgp_flow_spec_rule_t : public flow_spec_rule_t {
|
||||
// https://plus.google.com/+ThomasMangin/posts/bL6w16BXcJ4
|
||||
// This format is INCOMPATIBLE with ExaBGP v3, please be careful!
|
||||
std::string serialize_single_line_exabgp_v4_configuration() {
|
||||
this->enabled_indents = false;
|
||||
this->enabled_indents = false;
|
||||
this->enble_block_headers = false;
|
||||
sentence_separator = " ";
|
||||
sentence_separator = " ";
|
||||
|
||||
return "flow route " + this->serialize_match() + this->serialize_then();
|
||||
|
||||
sentence_separator = ";";
|
||||
this->enabled_indents = true;
|
||||
sentence_separator = ";";
|
||||
this->enabled_indents = true;
|
||||
this->enble_block_headers = true;
|
||||
}
|
||||
|
||||
@ -422,8 +415,7 @@ class exabgp_flow_spec_rule_t : public flow_spec_rule_t {
|
||||
}
|
||||
|
||||
// If we have TCP in protocols list explicitly, we add flags
|
||||
if (find(this->protocols.begin(), this->protocols.end(), FLOW_SPEC_PROTOCOL_TCP) !=
|
||||
this->protocols.end()) {
|
||||
if (find(this->protocols.begin(), this->protocols.end(), FLOW_SPEC_PROTOCOL_TCP) != this->protocols.end()) {
|
||||
|
||||
if (!this->tcp_flags.empty()) {
|
||||
if (enabled_indents) {
|
||||
|
@ -39,9 +39,9 @@ void start_example_collection(process_packet_pointer func_ptr) {
|
||||
current_packet.src_ip = 0;
|
||||
current_packet.dst_ip = 0;
|
||||
|
||||
current_packet.ts.tv_sec = 0;
|
||||
current_packet.ts.tv_sec = 0;
|
||||
current_packet.ts.tv_usec = 0;
|
||||
current_packet.flags = 0;
|
||||
current_packet.flags = 0;
|
||||
|
||||
// There we store packet length or total length of aggregated stream
|
||||
current_packet.length = 128;
|
||||
@ -56,13 +56,13 @@ void start_example_collection(process_packet_pointer func_ptr) {
|
||||
current_packet.protocol = IPPROTO_ICMP;
|
||||
|
||||
/* TCP */
|
||||
current_packet.protocol = IPPROTO_TCP;
|
||||
current_packet.source_port = 0;
|
||||
current_packet.protocol = IPPROTO_TCP;
|
||||
current_packet.source_port = 0;
|
||||
current_packet.destination_port = 0;
|
||||
|
||||
/* UDP */
|
||||
current_packet.protocol = IPPROTO_UDP;
|
||||
current_packet.source_port = 0;
|
||||
current_packet.protocol = IPPROTO_UDP;
|
||||
current_packet.source_port = 0;
|
||||
current_packet.destination_port = 0;
|
||||
|
||||
example_process_func_ptr(current_packet);
|
||||
|
@ -41,4 +41,3 @@ inline uint64_t fast_hton(uint64_t value) {
|
||||
// host to big endian (network byte order)
|
||||
return htobe64(value);
|
||||
}
|
||||
|
||||
|
@ -107,8 +107,7 @@ subnet_cidr_mask_t convert_subnet_from_string_to_binary_with_cidr_format(std::st
|
||||
|
||||
void copy_networks_from_string_form_to_binary(std::vector<std::string> networks_list_as_string,
|
||||
std::vector<subnet_cidr_mask_t>& our_networks) {
|
||||
for (std::vector<std::string>::iterator ii = networks_list_as_string.begin();
|
||||
ii != networks_list_as_string.end(); ++ii) {
|
||||
for (std::vector<std::string>::iterator ii = networks_list_as_string.begin(); ii != networks_list_as_string.end(); ++ii) {
|
||||
|
||||
subnet_cidr_mask_t current_subnet = convert_subnet_from_string_to_binary(*ii);
|
||||
our_networks.push_back(current_subnet);
|
||||
@ -192,7 +191,7 @@ uint32_t convert_cidr_to_binary_netmask(unsigned int cidr) {
|
||||
}
|
||||
|
||||
uint32_t binary_netmask = 0xFFFFFFFF;
|
||||
binary_netmask = binary_netmask << (32 - cidr);
|
||||
binary_netmask = binary_netmask << (32 - cidr);
|
||||
|
||||
// We need network byte order at output
|
||||
return htonl(binary_netmask);
|
||||
@ -249,12 +248,12 @@ bool folder_exists(std::string path) {
|
||||
// 64-bit hash for 64-bit platforms
|
||||
uint64_t MurmurHash64A(const void* key, int len, uint64_t seed) {
|
||||
const uint64_t m = BIG_CONSTANT(0xc6a4a7935bd1e995);
|
||||
const int r = 47;
|
||||
const int r = 47;
|
||||
|
||||
uint64_t h = seed ^ (len * m);
|
||||
|
||||
const uint64_t* data = (const uint64_t*)key;
|
||||
const uint64_t* end = data + (len / 8);
|
||||
const uint64_t* end = data + (len / 8);
|
||||
|
||||
while (data != end) {
|
||||
uint64_t k = *data++;
|
||||
@ -310,7 +309,7 @@ int timeval_subtract(struct timeval* result, struct timeval* x, struct timeval*
|
||||
}
|
||||
|
||||
/* Compute the time remaining to wait. tv_usec is certainly positive. */
|
||||
result->tv_sec = x->tv_sec - y->tv_sec;
|
||||
result->tv_sec = x->tv_sec - y->tv_sec;
|
||||
result->tv_usec = x->tv_usec - y->tv_usec;
|
||||
|
||||
/* Return 1 if result is negative. */
|
||||
@ -457,14 +456,14 @@ std::string print_simple_packet(simple_packet_t packet) {
|
||||
|
||||
buffer << convert_timeval_to_date(packet.ts) << " ";
|
||||
|
||||
std::string source_ip_as_string = "";
|
||||
std::string source_ip_as_string = "";
|
||||
std::string destination_ip_as_string = "";
|
||||
|
||||
if (packet.ip_protocol_version == 4) {
|
||||
source_ip_as_string = convert_ip_as_uint_to_string(packet.src_ip);
|
||||
source_ip_as_string = convert_ip_as_uint_to_string(packet.src_ip);
|
||||
destination_ip_as_string = convert_ip_as_uint_to_string(packet.dst_ip);
|
||||
} else if (packet.ip_protocol_version == 6) {
|
||||
source_ip_as_string = print_ipv6_address(packet.src_ipv6);
|
||||
source_ip_as_string = print_ipv6_address(packet.src_ipv6);
|
||||
destination_ip_as_string = print_ipv6_address(packet.dst_ipv6);
|
||||
} else {
|
||||
// WTF?
|
||||
@ -494,7 +493,7 @@ std::string print_simple_packet(simple_packet_t packet) {
|
||||
}
|
||||
|
||||
std::string convert_timeval_to_date(struct timeval tv) {
|
||||
time_t nowtime = tv.tv_sec;
|
||||
time_t nowtime = tv.tv_sec;
|
||||
struct tm* nowtm = localtime(&nowtime);
|
||||
|
||||
char tmbuf[64];
|
||||
@ -518,7 +517,7 @@ uint64_t convert_speed_to_mbps(uint64_t speed_in_bps) {
|
||||
|
||||
std::string get_protocol_name_by_number(unsigned int proto_number) {
|
||||
struct protoent* proto_ent = getprotobynumber(proto_number);
|
||||
std::string proto_name = proto_ent->p_name;
|
||||
std::string proto_name = proto_ent->p_name;
|
||||
return proto_name;
|
||||
}
|
||||
|
||||
@ -590,7 +589,7 @@ bool store_data_to_graphite(unsigned short int graphite_port, std::string graphi
|
||||
memset(&serv_addr, 0, sizeof(serv_addr));
|
||||
|
||||
serv_addr.sin_family = AF_INET;
|
||||
serv_addr.sin_port = htons(graphite_port);
|
||||
serv_addr.sin_port = htons(graphite_port);
|
||||
|
||||
int pton_result = inet_pton(AF_INET, graphite_host.c_str(), &serv_addr.sin_addr);
|
||||
|
||||
@ -691,7 +690,7 @@ ip_addresses_list_t get_local_ip_v4_addresses_list() {
|
||||
|
||||
for (interfaces_list_t::iterator iter = interfaces_list.begin(); iter != interfaces_list.end(); ++iter) {
|
||||
std::vector<std::string>::iterator iter_exclude_list =
|
||||
std::find(list_of_ignored_interfaces.begin(), list_of_ignored_interfaces.end(), *iter);
|
||||
std::find(list_of_ignored_interfaces.begin(), list_of_ignored_interfaces.end(), *iter);
|
||||
|
||||
// Skip ignored interface
|
||||
if (iter_exclude_list != list_of_ignored_interfaces.end()) {
|
||||
@ -722,8 +721,8 @@ std::string find_subnet_by_ip_in_string_format(patricia_tree_t* patricia_tree, s
|
||||
|
||||
prefix_t prefix_for_check_adreess;
|
||||
prefix_for_check_adreess.add.sin.s_addr = client_ip;
|
||||
prefix_for_check_adreess.family = AF_INET;
|
||||
prefix_for_check_adreess.bitlen = 32;
|
||||
prefix_for_check_adreess.family = AF_INET;
|
||||
prefix_for_check_adreess.bitlen = 32;
|
||||
|
||||
found_patrica_node = patricia_search_best2(patricia_tree, &prefix_for_check_adreess, 1);
|
||||
|
||||
@ -743,19 +742,21 @@ std::string print_ipv6_address(const in6_addr& ipv6_address) {
|
||||
// For short print
|
||||
const uint8_t* b = ipv6_address.s6_addr;
|
||||
|
||||
sprintf(buffer, "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x", b[0], b[1],
|
||||
b[2], b[3], b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15]);
|
||||
sprintf(buffer, "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x", b[0], b[1], b[2], b[3],
|
||||
b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15]);
|
||||
|
||||
std::string buffer_string(buffer);
|
||||
|
||||
// Compress IPv6 address
|
||||
std::string result =
|
||||
boost::regex_replace(buffer_string, ipv6_address_compression_algorithm, ":", boost::format_first_only);
|
||||
std::string result = boost::regex_replace(buffer_string, ipv6_address_compression_algorithm, ":", boost::format_first_only);
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
direction_t get_packet_direction_ipv6(patricia_tree_t* lookup_tree, struct in6_addr src_ipv6, struct in6_addr dst_ipv6, subnet_ipv6_cidr_mask_t& subnet) {
|
||||
direction_t get_packet_direction_ipv6(patricia_tree_t* lookup_tree,
|
||||
struct in6_addr src_ipv6,
|
||||
struct in6_addr dst_ipv6,
|
||||
subnet_ipv6_cidr_mask_t& subnet) {
|
||||
direction_t packet_direction;
|
||||
|
||||
bool our_ip_is_destination = false;
|
||||
@ -950,18 +951,16 @@ bool manage_interface_promisc_mode(std::string interface_name, bool switch_on) {
|
||||
json_object* serialize_attack_description_to_json(attack_details_t& current_attack) {
|
||||
json_object* jobj = json_object_new_object();
|
||||
|
||||
attack_type_t attack_type = detect_attack_type(current_attack);
|
||||
attack_type_t attack_type = detect_attack_type(current_attack);
|
||||
std::string printable_attack_type = get_printable_attack_name(attack_type);
|
||||
|
||||
json_object_object_add(jobj, "attack_type", json_object_new_string(printable_attack_type.c_str()));
|
||||
json_object_object_add(jobj, "initial_attack_power", json_object_new_int(current_attack.attack_power));
|
||||
json_object_object_add(jobj, "peak_attack_power", json_object_new_int(current_attack.max_attack_power));
|
||||
json_object_object_add(jobj, "attack_direction",
|
||||
json_object_new_string(
|
||||
get_direction_name(current_attack.attack_direction).c_str()));
|
||||
json_object_new_string(get_direction_name(current_attack.attack_direction).c_str()));
|
||||
json_object_object_add(jobj, "attack_protocol",
|
||||
json_object_new_string(
|
||||
get_printable_protocol_name(current_attack.attack_protocol).c_str()));
|
||||
json_object_new_string(get_printable_protocol_name(current_attack.attack_protocol).c_str()));
|
||||
|
||||
json_object_object_add(jobj, "total_incoming_traffic", json_object_new_int(current_attack.in_bytes));
|
||||
json_object_object_add(jobj, "total_outgoing_traffic", json_object_new_int(current_attack.out_bytes));
|
||||
@ -971,21 +970,16 @@ json_object* serialize_attack_description_to_json(attack_details_t& current_atta
|
||||
json_object_object_add(jobj, "total_outgoing_flows", json_object_new_int(current_attack.out_flows));
|
||||
|
||||
json_object_object_add(jobj, "average_incoming_traffic", json_object_new_int(current_attack.average_in_bytes));
|
||||
json_object_object_add(jobj, "average_outgoing_traffic",
|
||||
json_object_new_int(current_attack.average_out_bytes));
|
||||
json_object_object_add(jobj, "average_outgoing_traffic", json_object_new_int(current_attack.average_out_bytes));
|
||||
json_object_object_add(jobj, "average_incoming_pps", json_object_new_int(current_attack.average_in_packets));
|
||||
json_object_object_add(jobj, "average_outgoing_pps", json_object_new_int(current_attack.average_out_packets));
|
||||
json_object_object_add(jobj, "average_incoming_flows", json_object_new_int(current_attack.average_in_flows));
|
||||
json_object_object_add(jobj, "average_outgoing_flows", json_object_new_int(current_attack.average_out_flows));
|
||||
|
||||
json_object_object_add(jobj, "incoming_ip_fragmented_traffic",
|
||||
json_object_new_int(current_attack.fragmented_in_bytes));
|
||||
json_object_object_add(jobj, "outgoing_ip_fragmented_traffic",
|
||||
json_object_new_int(current_attack.fragmented_out_bytes));
|
||||
json_object_object_add(jobj, "incoming_ip_fragmented_pps",
|
||||
json_object_new_int(current_attack.fragmented_in_packets));
|
||||
json_object_object_add(jobj, "outgoing_ip_fragmented_pps",
|
||||
json_object_new_int(current_attack.fragmented_out_packets));
|
||||
json_object_object_add(jobj, "incoming_ip_fragmented_traffic", json_object_new_int(current_attack.fragmented_in_bytes));
|
||||
json_object_object_add(jobj, "outgoing_ip_fragmented_traffic", json_object_new_int(current_attack.fragmented_out_bytes));
|
||||
json_object_object_add(jobj, "incoming_ip_fragmented_pps", json_object_new_int(current_attack.fragmented_in_packets));
|
||||
json_object_object_add(jobj, "outgoing_ip_fragmented_pps", json_object_new_int(current_attack.fragmented_out_packets));
|
||||
|
||||
json_object_object_add(jobj, "incoming_tcp_traffic", json_object_new_int(current_attack.tcp_in_bytes));
|
||||
json_object_object_add(jobj, "outgoing_tcp_traffic", json_object_new_int(current_attack.tcp_out_bytes));
|
||||
@ -993,8 +987,7 @@ json_object* serialize_attack_description_to_json(attack_details_t& current_atta
|
||||
json_object_object_add(jobj, "outgoing_tcp_pps", json_object_new_int(current_attack.tcp_out_packets));
|
||||
|
||||
json_object_object_add(jobj, "incoming_syn_tcp_traffic", json_object_new_int(current_attack.tcp_syn_in_bytes));
|
||||
json_object_object_add(jobj, "outgoing_syn_tcp_traffic",
|
||||
json_object_new_int(current_attack.tcp_syn_out_bytes));
|
||||
json_object_object_add(jobj, "outgoing_syn_tcp_traffic", json_object_new_int(current_attack.tcp_syn_out_bytes));
|
||||
json_object_object_add(jobj, "incoming_syn_tcp_pps", json_object_new_int(current_attack.tcp_syn_in_packets));
|
||||
json_object_object_add(jobj, "outgoing_syn_tcp_pps", json_object_new_int(current_attack.tcp_syn_out_packets));
|
||||
|
||||
@ -1014,58 +1007,55 @@ json_object* serialize_attack_description_to_json(attack_details_t& current_atta
|
||||
std::string serialize_attack_description(attack_details_t& current_attack) {
|
||||
std::stringstream attack_description;
|
||||
|
||||
attack_type_t attack_type = detect_attack_type(current_attack);
|
||||
attack_type_t attack_type = detect_attack_type(current_attack);
|
||||
std::string printable_attack_type = get_printable_attack_name(attack_type);
|
||||
|
||||
attack_description
|
||||
<< "Attack type: " << printable_attack_type << "\n"
|
||||
<< "Initial attack power: " << current_attack.attack_power << " packets per second\n"
|
||||
<< "Peak attack power: " << current_attack.max_attack_power << " packets per second\n"
|
||||
<< "Attack direction: " << get_direction_name(current_attack.attack_direction) << "\n"
|
||||
<< "Attack protocol: " << get_printable_protocol_name(current_attack.attack_protocol) << "\n";
|
||||
attack_description << "Attack type: " << printable_attack_type << "\n"
|
||||
<< "Initial attack power: " << current_attack.attack_power << " packets per second\n"
|
||||
<< "Peak attack power: " << current_attack.max_attack_power << " packets per second\n"
|
||||
<< "Attack direction: " << get_direction_name(current_attack.attack_direction) << "\n"
|
||||
<< "Attack protocol: " << get_printable_protocol_name(current_attack.attack_protocol) << "\n";
|
||||
|
||||
attack_description
|
||||
<< "Total incoming traffic: " << convert_speed_to_mbps(current_attack.in_bytes) << " mbps\n"
|
||||
<< "Total outgoing traffic: " << convert_speed_to_mbps(current_attack.out_bytes) << " mbps\n"
|
||||
<< "Total incoming pps: " << current_attack.in_packets << " packets per second\n"
|
||||
<< "Total outgoing pps: " << current_attack.out_packets << " packets per second\n"
|
||||
<< "Total incoming flows: " << current_attack.in_flows << " flows per second\n"
|
||||
<< "Total outgoing flows: " << current_attack.out_flows << " flows per second\n";
|
||||
attack_description << "Total incoming traffic: " << convert_speed_to_mbps(current_attack.in_bytes) << " mbps\n"
|
||||
<< "Total outgoing traffic: " << convert_speed_to_mbps(current_attack.out_bytes) << " mbps\n"
|
||||
<< "Total incoming pps: " << current_attack.in_packets << " packets per second\n"
|
||||
<< "Total outgoing pps: " << current_attack.out_packets << " packets per second\n"
|
||||
<< "Total incoming flows: " << current_attack.in_flows << " flows per second\n"
|
||||
<< "Total outgoing flows: " << current_attack.out_flows << " flows per second\n";
|
||||
|
||||
|
||||
// Add average counters
|
||||
attack_description
|
||||
<< "Average incoming traffic: " << convert_speed_to_mbps(current_attack.average_in_bytes) << " mbps\n"
|
||||
<< "Average outgoing traffic: " << convert_speed_to_mbps(current_attack.average_out_bytes) << " mbps\n"
|
||||
<< "Average incoming pps: " << current_attack.average_in_packets << " packets per second\n"
|
||||
<< "Average outgoing pps: " << current_attack.average_out_packets << " packets per second\n"
|
||||
<< "Average incoming flows: " << current_attack.average_in_flows << " flows per second\n"
|
||||
<< "Average outgoing flows: " << current_attack.average_out_flows << " flows per second\n";
|
||||
attack_description << "Average incoming traffic: " << convert_speed_to_mbps(current_attack.average_in_bytes) << " mbps\n"
|
||||
<< "Average outgoing traffic: " << convert_speed_to_mbps(current_attack.average_out_bytes) << " mbps\n"
|
||||
<< "Average incoming pps: " << current_attack.average_in_packets << " packets per second\n"
|
||||
<< "Average outgoing pps: " << current_attack.average_out_packets << " packets per second\n"
|
||||
<< "Average incoming flows: " << current_attack.average_in_flows << " flows per second\n"
|
||||
<< "Average outgoing flows: " << current_attack.average_out_flows << " flows per second\n";
|
||||
|
||||
attack_description
|
||||
<< "Incoming ip fragmented traffic: " << convert_speed_to_mbps(current_attack.fragmented_in_bytes) << " mbps\n"
|
||||
<< "Outgoing ip fragmented traffic: " << convert_speed_to_mbps(current_attack.fragmented_out_bytes) << " mbps\n"
|
||||
<< "Incoming ip fragmented pps: " << current_attack.fragmented_in_packets << " packets per second\n"
|
||||
<< "Outgoing ip fragmented pps: " << current_attack.fragmented_out_packets << " packets per second\n"
|
||||
<< "Incoming ip fragmented traffic: " << convert_speed_to_mbps(current_attack.fragmented_in_bytes) << " mbps\n"
|
||||
<< "Outgoing ip fragmented traffic: " << convert_speed_to_mbps(current_attack.fragmented_out_bytes) << " mbps\n"
|
||||
<< "Incoming ip fragmented pps: " << current_attack.fragmented_in_packets << " packets per second\n"
|
||||
<< "Outgoing ip fragmented pps: " << current_attack.fragmented_out_packets << " packets per second\n"
|
||||
|
||||
<< "Incoming tcp traffic: " << convert_speed_to_mbps(current_attack.tcp_in_bytes) << " mbps\n"
|
||||
<< "Outgoing tcp traffic: " << convert_speed_to_mbps(current_attack.tcp_out_bytes) << " mbps\n"
|
||||
<< "Incoming tcp pps: " << current_attack.tcp_in_packets << " packets per second\n"
|
||||
<< "Outgoing tcp pps: " << current_attack.tcp_out_packets << " packets per second\n"
|
||||
<< "Incoming syn tcp traffic: " << convert_speed_to_mbps(current_attack.tcp_syn_in_bytes) << " mbps\n"
|
||||
<< "Outgoing syn tcp traffic: " << convert_speed_to_mbps(current_attack.tcp_syn_out_bytes) << " mbps\n"
|
||||
<< "Incoming syn tcp pps: " << current_attack.tcp_syn_in_packets << " packets per second\n"
|
||||
<< "Outgoing syn tcp pps: " << current_attack.tcp_syn_out_packets << " packets per second\n"
|
||||
<< "Incoming tcp traffic: " << convert_speed_to_mbps(current_attack.tcp_in_bytes) << " mbps\n"
|
||||
<< "Outgoing tcp traffic: " << convert_speed_to_mbps(current_attack.tcp_out_bytes) << " mbps\n"
|
||||
<< "Incoming tcp pps: " << current_attack.tcp_in_packets << " packets per second\n"
|
||||
<< "Outgoing tcp pps: " << current_attack.tcp_out_packets << " packets per second\n"
|
||||
<< "Incoming syn tcp traffic: " << convert_speed_to_mbps(current_attack.tcp_syn_in_bytes) << " mbps\n"
|
||||
<< "Outgoing syn tcp traffic: " << convert_speed_to_mbps(current_attack.tcp_syn_out_bytes) << " mbps\n"
|
||||
<< "Incoming syn tcp pps: " << current_attack.tcp_syn_in_packets << " packets per second\n"
|
||||
<< "Outgoing syn tcp pps: " << current_attack.tcp_syn_out_packets << " packets per second\n"
|
||||
|
||||
<< "Incoming udp traffic: " << convert_speed_to_mbps(current_attack.udp_in_bytes) << " mbps\n"
|
||||
<< "Outgoing udp traffic: " << convert_speed_to_mbps(current_attack.udp_out_bytes) << " mbps\n"
|
||||
<< "Incoming udp pps: " << current_attack.udp_in_packets << " packets per second\n"
|
||||
<< "Outgoing udp pps: " << current_attack.udp_out_packets << " packets per second\n"
|
||||
<< "Incoming udp traffic: " << convert_speed_to_mbps(current_attack.udp_in_bytes) << " mbps\n"
|
||||
<< "Outgoing udp traffic: " << convert_speed_to_mbps(current_attack.udp_out_bytes) << " mbps\n"
|
||||
<< "Incoming udp pps: " << current_attack.udp_in_packets << " packets per second\n"
|
||||
<< "Outgoing udp pps: " << current_attack.udp_out_packets << " packets per second\n"
|
||||
|
||||
<< "Incoming icmp traffic: " << convert_speed_to_mbps(current_attack.icmp_in_bytes) << " mbps\n"
|
||||
<< "Outgoing icmp traffic: " << convert_speed_to_mbps(current_attack.icmp_out_bytes) << " mbps\n"
|
||||
<< "Incoming icmp pps: " << current_attack.icmp_in_packets << " packets per second\n"
|
||||
<< "Outgoing icmp pps: " << current_attack.icmp_out_packets << " packets per second\n";
|
||||
<< "Incoming icmp traffic: " << convert_speed_to_mbps(current_attack.icmp_in_bytes) << " mbps\n"
|
||||
<< "Outgoing icmp traffic: " << convert_speed_to_mbps(current_attack.icmp_out_bytes) << " mbps\n"
|
||||
<< "Incoming icmp pps: " << current_attack.icmp_in_packets << " packets per second\n"
|
||||
<< "Outgoing icmp pps: " << current_attack.icmp_out_packets << " packets per second\n";
|
||||
|
||||
return attack_description.str();
|
||||
}
|
||||
@ -1123,11 +1113,10 @@ std::string serialize_network_load_to_text(map_element_t& network_speed_meter, b
|
||||
prefix = "Average network";
|
||||
}
|
||||
|
||||
buffer
|
||||
<< prefix << " incoming traffic: " << convert_speed_to_mbps(network_speed_meter.in_bytes) << " mbps\n"
|
||||
<< prefix << " outgoing traffic: " << convert_speed_to_mbps(network_speed_meter.out_bytes) << " mbps\n"
|
||||
<< prefix << " incoming pps: " << network_speed_meter.in_packets << " packets per second\n"
|
||||
<< prefix << " outgoing pps: " << network_speed_meter.out_packets << " packets per second\n";
|
||||
buffer << prefix << " incoming traffic: " << convert_speed_to_mbps(network_speed_meter.in_bytes) << " mbps\n"
|
||||
<< prefix << " outgoing traffic: " << convert_speed_to_mbps(network_speed_meter.out_bytes) << " mbps\n"
|
||||
<< prefix << " incoming pps: " << network_speed_meter.in_packets << " packets per second\n"
|
||||
<< prefix << " outgoing pps: " << network_speed_meter.out_packets << " packets per second\n";
|
||||
|
||||
return buffer.str();
|
||||
}
|
||||
@ -1150,13 +1139,11 @@ std::string serialize_statistic_counters_about_attack(attack_details_t& current_
|
||||
double average_packet_size_for_outgoing_traffic = 0;
|
||||
|
||||
if (current_attack.average_in_packets > 0) {
|
||||
average_packet_size_for_incoming_traffic =
|
||||
(double)current_attack.average_in_bytes / (double)current_attack.average_in_packets;
|
||||
average_packet_size_for_incoming_traffic = (double)current_attack.average_in_bytes / (double)current_attack.average_in_packets;
|
||||
}
|
||||
|
||||
if (current_attack.average_out_packets > 0) {
|
||||
average_packet_size_for_outgoing_traffic =
|
||||
(double)current_attack.average_out_bytes / (double)current_attack.average_out_packets;
|
||||
average_packet_size_for_outgoing_traffic = (double)current_attack.average_out_bytes / (double)current_attack.average_out_packets;
|
||||
}
|
||||
|
||||
// We do not need very accurate size
|
||||
@ -1199,7 +1186,7 @@ bool store_data_to_stats_server(unsigned short int graphite_port, std::string gr
|
||||
memset(&serv_addr, 0, sizeof(serv_addr));
|
||||
|
||||
serv_addr.sin_family = AF_INET;
|
||||
serv_addr.sin_port = htons(graphite_port);
|
||||
serv_addr.sin_port = htons(graphite_port);
|
||||
|
||||
int pton_result = inet_pton(AF_INET, graphite_host.c_str(), &serv_addr.sin_addr);
|
||||
|
||||
@ -1256,8 +1243,7 @@ bool get_interface_number_by_device_name(int socket_fd, std::string interface_na
|
||||
#else
|
||||
/* Fallback to if_nametoindex(3) otherwise. */
|
||||
interface_number = if_nametoindex(interface_name.c_str());
|
||||
if (interface_number == 0)
|
||||
return false;
|
||||
if (interface_number == 0) return false;
|
||||
#endif /* SIOCGIFINDEX */
|
||||
return true;
|
||||
}
|
||||
@ -1900,4 +1886,3 @@ std::string join_by_comma_and_equal(std::map<std::string, std::string>& data) {
|
||||
|
||||
return buffer.str();
|
||||
}
|
||||
|
||||
|
@ -83,12 +83,10 @@ int convert_string_to_integer(std::string line);
|
||||
bool print_pid_to_file(pid_t pid, std::string pid_path);
|
||||
bool read_pid_from_file(pid_t& pid, std::string pid_path);
|
||||
|
||||
direction_t get_packet_direction(patricia_tree_t* lookup_tree,
|
||||
uint32_t src_ip,
|
||||
uint32_t dst_ip,
|
||||
subnet_cidr_mask_t& subnet);
|
||||
direction_t get_packet_direction(patricia_tree_t* lookup_tree, uint32_t src_ip, uint32_t dst_ip, subnet_cidr_mask_t& subnet);
|
||||
|
||||
direction_t get_packet_direction_ipv6(patricia_tree_t* lookup_tree, struct in6_addr src_ipv6, struct in6_addr dst_ipv6, subnet_ipv6_cidr_mask_t& subnet);
|
||||
direction_t
|
||||
get_packet_direction_ipv6(patricia_tree_t* lookup_tree, struct in6_addr src_ipv6, struct in6_addr dst_ipv6, subnet_ipv6_cidr_mask_t& subnet);
|
||||
|
||||
std::string convert_prefix_to_string_representation(prefix_t* prefix);
|
||||
std::string find_subnet_by_ip_in_string_format(patricia_tree_t* patricia_tree, std::string ip);
|
||||
@ -116,10 +114,10 @@ bool store_data_to_stats_server(unsigned short int graphite_port, std::string gr
|
||||
bool get_interface_number_by_device_name(int socket_fd, std::string interface_name, int& interface_number);
|
||||
|
||||
bool set_boost_process_name(boost::thread* thread, std::string process_name);
|
||||
std::string convert_subnet_to_string(subnet_cidr_mask_t my_subnet);
|
||||
std::string convert_subnet_to_string(subnet_cidr_mask_t my_subnet);
|
||||
|
||||
std::string print_ipv6_cidr_subnet(subnet_ipv6_cidr_mask_t subnet);
|
||||
std::string convert_any_ip_to_string(subnet_ipv6_cidr_mask_t subnet);
|
||||
std::string print_ipv6_cidr_subnet(subnet_ipv6_cidr_mask_t subnet);
|
||||
std::string convert_any_ip_to_string(subnet_ipv6_cidr_mask_t subnet);
|
||||
bool convert_string_to_positive_integer_safe(std::string line, int& value);
|
||||
bool read_ipv6_host_from_string(std::string ipv6_host_as_string, in6_addr& result);
|
||||
bool validate_ipv6_or_ipv4_host(const std::string host);
|
||||
|
@ -39,8 +39,7 @@ order_by_template_type fast_priority_queue<order_by_template_type>::get_min_elem
|
||||
return internal_list.front();
|
||||
}
|
||||
|
||||
template <class order_by_template_type>
|
||||
void fast_priority_queue<order_by_template_type>::print_internal_list() {
|
||||
template <class order_by_template_type> void fast_priority_queue<order_by_template_type>::print_internal_list() {
|
||||
for (unsigned int i = 0; i < internal_list.size(); i++) {
|
||||
std::cout << internal_list[i] << std::endl;
|
||||
}
|
||||
|
@ -11,7 +11,6 @@
|
||||
#include <time.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <sys/socket.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <net/if_arp.h> // struct arphdr
|
||||
#include <netinet/if_ether.h>
|
||||
@ -21,6 +20,7 @@
|
||||
#include <netinet/tcp.h>
|
||||
#include <netinet/udp.h>
|
||||
#include <sys/resource.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/stat.h>
|
||||
|
||||
#include "bgp_protocol.hpp"
|
||||
@ -128,7 +128,7 @@ std::string cli_stats_file_path = "/tmp/fastnetmon.dat";
|
||||
|
||||
std::string cli_stats_ipv6_file_path = "/tmp/fastnetmon_ipv6.dat";
|
||||
|
||||
unsigned int stats_thread_sleep_time = 3600;
|
||||
unsigned int stats_thread_sleep_time = 3600;
|
||||
unsigned int stats_thread_initial_call_delay = 30;
|
||||
|
||||
// Each this seconds we will check about available data in bucket
|
||||
@ -174,9 +174,9 @@ bool gobgp_enabled = false;
|
||||
#endif
|
||||
|
||||
#ifdef MONGO
|
||||
std::string mongodb_host = "localhost";
|
||||
std::string mongodb_host = "localhost";
|
||||
unsigned int mongodb_port = 27017;
|
||||
bool mongodb_enabled = false;
|
||||
bool mongodb_enabled = false;
|
||||
|
||||
std::string mongodb_database_name = "fastnetmon";
|
||||
#endif
|
||||
@ -184,7 +184,7 @@ std::string mongodb_database_name = "fastnetmon";
|
||||
/* Configuration block, we must move it to configuration file */
|
||||
#ifdef REDIS
|
||||
unsigned int redis_port = 6379;
|
||||
std::string redis_host = "127.0.0.1";
|
||||
std::string redis_host = "127.0.0.1";
|
||||
|
||||
// redis key prefix
|
||||
std::string redis_prefix = "";
|
||||
@ -214,8 +214,8 @@ ban_settings_t global_ban_settings;
|
||||
|
||||
void init_global_ban_settings() {
|
||||
// ban Configuration params
|
||||
global_ban_settings.enable_ban_for_pps = false;
|
||||
global_ban_settings.enable_ban_for_bandwidth = false;
|
||||
global_ban_settings.enable_ban_for_pps = false;
|
||||
global_ban_settings.enable_ban_for_bandwidth = false;
|
||||
global_ban_settings.enable_ban_for_flows_per_second = false;
|
||||
|
||||
// We must ban IP if it exceeed this limit in PPS
|
||||
@ -228,13 +228,13 @@ void init_global_ban_settings() {
|
||||
global_ban_settings.ban_threshold_mbps = 1000;
|
||||
|
||||
// Disable per protocol thresholds too
|
||||
global_ban_settings.enable_ban_for_tcp_pps = false;
|
||||
global_ban_settings.enable_ban_for_tcp_pps = false;
|
||||
global_ban_settings.enable_ban_for_tcp_bandwidth = false;
|
||||
|
||||
global_ban_settings.enable_ban_for_udp_pps = false;
|
||||
global_ban_settings.enable_ban_for_udp_pps = false;
|
||||
global_ban_settings.enable_ban_for_udp_bandwidth = false;
|
||||
|
||||
global_ban_settings.enable_ban_for_icmp_pps = false;
|
||||
global_ban_settings.enable_ban_for_icmp_pps = false;
|
||||
global_ban_settings.enable_ban_for_icmp_bandwidth = false;
|
||||
|
||||
// Ban enable/disable flag
|
||||
@ -243,12 +243,12 @@ void init_global_ban_settings() {
|
||||
|
||||
bool enable_connection_tracking = true;
|
||||
|
||||
bool enable_afpacket_collection = false;
|
||||
bool enable_afpacket_collection = false;
|
||||
bool enable_data_collection_from_mirror = true;
|
||||
bool enable_netmap_collection = false;
|
||||
bool enable_sflow_collection = false;
|
||||
bool enable_netflow_collection = false;
|
||||
bool enable_pcap_collection = false;
|
||||
bool enable_netmap_collection = false;
|
||||
bool enable_sflow_collection = false;
|
||||
bool enable_netflow_collection = false;
|
||||
bool enable_pcap_collection = false;
|
||||
|
||||
// Time consumed by reaclculation for all IPs
|
||||
struct timeval speed_calculation_time;
|
||||
@ -332,7 +332,7 @@ total_counter_element_t total_speed_counters_ipv6[4];
|
||||
total_counter_element_t total_speed_average_counters_ipv6[4];
|
||||
|
||||
// Total amount of non parsed packets
|
||||
uint64_t total_unparsed_packets = 0;
|
||||
uint64_t total_unparsed_packets = 0;
|
||||
uint64_t total_unparsed_packets_speed = 0;
|
||||
|
||||
// Total amount of IPv4 packets
|
||||
@ -396,7 +396,7 @@ blackhole_ban_list_t<subnet_ipv6_cidr_mask_t> ban_list_ipv6_ng;
|
||||
|
||||
// In ddos info we store attack power and direction
|
||||
std::map<uint32_t, banlist_item_t> ban_list;
|
||||
std::map<uint32_t, std::vector<simple_packet_t> > ban_list_details;
|
||||
std::map<uint32_t, std::vector<simple_packet_t>> ban_list_details;
|
||||
|
||||
host_group_map_t host_groups;
|
||||
|
||||
@ -409,21 +409,21 @@ std::vector<subnet_cidr_mask_t> our_networks;
|
||||
std::vector<subnet_cidr_mask_t> whitelist_networks;
|
||||
|
||||
// ExaBGP support flag
|
||||
bool exabgp_enabled = false;
|
||||
bool exabgp_enabled = false;
|
||||
std::string exabgp_community = "";
|
||||
|
||||
// We could use separate communities for subnet and host announces
|
||||
std::string exabgp_community_subnet = "";
|
||||
std::string exabgp_community_host = "";
|
||||
std::string exabgp_community_host = "";
|
||||
|
||||
|
||||
std::string exabgp_command_pipe = "/var/run/exabgp.cmd";
|
||||
std::string exabgp_next_hop = "";
|
||||
std::string exabgp_next_hop = "";
|
||||
|
||||
// Graphite monitoring
|
||||
bool graphite_enabled = false;
|
||||
std::string graphite_host = "127.0.0.1";
|
||||
unsigned short int graphite_port = 2003;
|
||||
bool graphite_enabled = false;
|
||||
std::string graphite_host = "127.0.0.1";
|
||||
unsigned short int graphite_port = 2003;
|
||||
unsigned int graphite_push_period = 1;
|
||||
|
||||
// Time consumed by pushing data to Graphite
|
||||
@ -440,13 +440,13 @@ uint64_t influxdb_writes_total = 0;
|
||||
uint64_t influxdb_writes_failed = 0;
|
||||
|
||||
// InfluxDB
|
||||
bool influxdb_enabled = false;
|
||||
std::string influxdb_database = "fastnetmon";
|
||||
std::string influxdb_host = "127.0.0.1";
|
||||
unsigned short int influxdb_port = 8086;
|
||||
bool influxdb_auth = false;
|
||||
std::string influxdb_user = "";
|
||||
std::string influxdb_password = "";
|
||||
bool influxdb_enabled = false;
|
||||
std::string influxdb_database = "fastnetmon";
|
||||
std::string influxdb_host = "127.0.0.1";
|
||||
unsigned short int influxdb_port = 8086;
|
||||
bool influxdb_auth = false;
|
||||
std::string influxdb_user = "";
|
||||
std::string influxdb_password = "";
|
||||
unsigned int influxdb_push_period = 1;
|
||||
|
||||
bool process_incoming_traffic = true;
|
||||
@ -454,8 +454,7 @@ bool process_outgoing_traffic = true;
|
||||
|
||||
logging_configuration_t read_logging_settings(configuration_map_t configuration_map);
|
||||
std::string get_amplification_attack_type(amplification_attack_type_t attack_type);
|
||||
std::string generate_flow_spec_for_amplification_attack(amplification_attack_type_t amplification_attack_type,
|
||||
std::string destination_ip);
|
||||
std::string generate_flow_spec_for_amplification_attack(amplification_attack_type_t amplification_attack_type, std::string destination_ip);
|
||||
ban_settings_t read_ban_settings(configuration_map_t configuration_map, std::string host_group_name = "");
|
||||
bool load_configuration_file();
|
||||
void free_up_all_resources();
|
||||
@ -497,10 +496,9 @@ void RunApiServer() {
|
||||
#endif
|
||||
|
||||
void sigpipe_handler_for_popen(int signo) {
|
||||
logger
|
||||
<< log4cpp::Priority::ERROR << "Sorry but we experienced error with popen. "
|
||||
<< "Please check your scripts. They should receive data on stdin! Optionally you could disable "
|
||||
"passing any details with configuration param: notify_script_pass_details = no";
|
||||
logger << log4cpp::Priority::ERROR << "Sorry but we experienced error with popen. "
|
||||
<< "Please check your scripts. They should receive data on stdin! Optionally you could disable "
|
||||
"passing any details with configuration param: notify_script_pass_details = no";
|
||||
|
||||
// Well, we do not need exit here because we have another options to notifying about atatck
|
||||
// exit(1);
|
||||
@ -562,22 +560,18 @@ void parse_hostgroups(std::string name, std::string value) {
|
||||
std::string host_group_name = splitted_new_host_group[0];
|
||||
|
||||
if (host_groups.count(host_group_name) > 0) {
|
||||
logger << log4cpp::Priority::WARN << "We already have this host group (" << host_group_name
|
||||
<< "). Please check!";
|
||||
logger << log4cpp::Priority::WARN << "We already have this host group (" << host_group_name << "). Please check!";
|
||||
return;
|
||||
}
|
||||
|
||||
// Split networks
|
||||
std::vector<std::string> hostgroup_subnets =
|
||||
split_strings_to_vector_by_comma(splitted_new_host_group[1]);
|
||||
for (std::vector<std::string>::iterator itr = hostgroup_subnets.begin();
|
||||
itr != hostgroup_subnets.end(); ++itr) {
|
||||
std::vector<std::string> hostgroup_subnets = split_strings_to_vector_by_comma(splitted_new_host_group[1]);
|
||||
for (std::vector<std::string>::iterator itr = hostgroup_subnets.begin(); itr != hostgroup_subnets.end(); ++itr) {
|
||||
subnet_cidr_mask_t subnet = convert_subnet_from_string_to_binary_with_cidr_format(*itr);
|
||||
|
||||
host_groups[host_group_name].push_back(subnet);
|
||||
|
||||
logger << log4cpp::Priority::WARN << "We add subnet " << convert_subnet_to_string(subnet)
|
||||
<< " to host group " << host_group_name;
|
||||
logger << log4cpp::Priority::WARN << "We add subnet " << convert_subnet_to_string(subnet) << " to host group " << host_group_name;
|
||||
|
||||
// And add to subnet to host group lookup hash
|
||||
if (subnet_to_host_groups.count(subnet) > 0) {
|
||||
@ -589,8 +583,8 @@ void parse_hostgroups(std::string name, std::string value) {
|
||||
}
|
||||
}
|
||||
|
||||
logger << log4cpp::Priority::INFO << "We have created host group " << host_group_name
|
||||
<< " with " << host_groups[host_group_name].size() << " subnets";
|
||||
logger << log4cpp::Priority::INFO << "We have created host group " << host_group_name << " with "
|
||||
<< host_groups[host_group_name].size() << " subnets";
|
||||
}
|
||||
|
||||
// Load configuration
|
||||
@ -669,13 +663,12 @@ bool load_configuration_file() {
|
||||
}
|
||||
|
||||
if (configuration_map.count("average_calculation_time") != 0) {
|
||||
average_calculation_amount =
|
||||
convert_string_to_integer(configuration_map["average_calculation_time"]);
|
||||
average_calculation_amount = convert_string_to_integer(configuration_map["average_calculation_time"]);
|
||||
}
|
||||
|
||||
if (configuration_map.count("average_calculation_time_for_subnets") != 0) {
|
||||
average_calculation_amount_for_subnets =
|
||||
convert_string_to_integer(configuration_map["average_calculation_time_for_subnets"]);
|
||||
convert_string_to_integer(configuration_map["average_calculation_time_for_subnets"]);
|
||||
}
|
||||
|
||||
if (configuration_map.count("speed_calculation_delay") != 0) {
|
||||
@ -687,7 +680,7 @@ bool load_configuration_file() {
|
||||
}
|
||||
|
||||
if (configuration_map.count("monitor_openvz_vps_ip_addresses") != 0) {
|
||||
monitor_openvz_vps_ip_addresses = configuration_map["monitor_openvz_vps_ip_addresses"] == "on" ? true : false;
|
||||
monitor_openvz_vps_ip_addresses = configuration_map["monitor_openvz_vps_ip_addresses"] == "on" ? true : false;
|
||||
}
|
||||
|
||||
#ifdef FASTNETMON_API
|
||||
@ -738,9 +731,7 @@ bool load_configuration_file() {
|
||||
}
|
||||
|
||||
if (exabgp_enabled && exabgp_announce_host && exabgp_community_host.empty()) {
|
||||
logger
|
||||
<< log4cpp::Priority::ERROR
|
||||
<< "You enabled exabgp for host but not specified community, we disable exabgp support";
|
||||
logger << log4cpp::Priority::ERROR << "You enabled exabgp for host but not specified community, we disable exabgp support";
|
||||
|
||||
exabgp_enabled = false;
|
||||
}
|
||||
@ -763,9 +754,7 @@ bool load_configuration_file() {
|
||||
exabgp_next_hop = configuration_map["exabgp_next_hop"];
|
||||
|
||||
if (exabgp_next_hop.empty()) {
|
||||
logger
|
||||
<< log4cpp::Priority::ERROR
|
||||
<< "You enabled exabgp but not specified exabgp_next_hop, so we disable exabgp support";
|
||||
logger << log4cpp::Priority::ERROR << "You enabled exabgp but not specified exabgp_next_hop, so we disable exabgp support";
|
||||
|
||||
exabgp_enabled = false;
|
||||
}
|
||||
@ -909,8 +898,7 @@ bool load_configuration_file() {
|
||||
// logger << log4cpp::Priority::INFO << "We read global ban settings: " << print_ban_thresholds(global_ban_settings);
|
||||
|
||||
// Read host group ban settings
|
||||
for (host_group_map_t::iterator hostgroup_itr = host_groups.begin();
|
||||
hostgroup_itr != host_groups.end(); ++hostgroup_itr) {
|
||||
for (host_group_map_t::iterator hostgroup_itr = host_groups.begin(); hostgroup_itr != host_groups.end(); ++hostgroup_itr) {
|
||||
std::string host_group_name = hostgroup_itr->first;
|
||||
|
||||
logger << log4cpp::Priority::INFO << "We will read ban settings for " << host_group_name;
|
||||
@ -944,8 +932,7 @@ bool load_configuration_file() {
|
||||
|
||||
if (configuration_map.count("redis_enabled") != 0) {
|
||||
// We use yes and on because it's stupid typo :(
|
||||
if (configuration_map["redis_enabled"] == "on" or
|
||||
configuration_map["redis_enabled"] == "yes") {
|
||||
if (configuration_map["redis_enabled"] == "on" or configuration_map["redis_enabled"] == "yes") {
|
||||
redis_enabled = true;
|
||||
} else {
|
||||
redis_enabled = false;
|
||||
@ -974,8 +961,7 @@ bool load_configuration_file() {
|
||||
#endif
|
||||
|
||||
if (configuration_map.count("ban_details_records_count") != 0) {
|
||||
ban_details_records_count =
|
||||
convert_string_to_integer(configuration_map["ban_details_records_count"]);
|
||||
ban_details_records_count = convert_string_to_integer(configuration_map["ban_details_records_count"]);
|
||||
}
|
||||
|
||||
if (configuration_map.count("check_period") != 0) {
|
||||
@ -1031,13 +1017,13 @@ void subnet_vectors_allocator(prefix_t* prefix, void* data) {
|
||||
// Network byte order
|
||||
uint32_t subnet_as_integer = prefix->add.sin.s_addr;
|
||||
|
||||
u_short bitlen = prefix->bitlen;
|
||||
double base = 2;
|
||||
u_short bitlen = prefix->bitlen;
|
||||
double base = 2;
|
||||
int network_size_in_ips = pow(base, 32 - bitlen);
|
||||
// logger<< log4cpp::Priority::INFO<<"Subnet: "<<prefix->add.sin.s_addr<<" network size:
|
||||
// "<<network_size_in_ips;
|
||||
logger << log4cpp::Priority::INFO << "I will allocate " << network_size_in_ips
|
||||
<< " records for subnet " << subnet_as_integer << " cidr mask: " << bitlen;
|
||||
logger << log4cpp::Priority::INFO << "I will allocate " << network_size_in_ips << " records for subnet "
|
||||
<< subnet_as_integer << " cidr mask: " << bitlen;
|
||||
|
||||
subnet_cidr_mask_t current_subnet(subnet_as_integer, bitlen);
|
||||
|
||||
@ -1046,8 +1032,8 @@ void subnet_vectors_allocator(prefix_t* prefix, void* data) {
|
||||
|
||||
// Initilize our counters with fill constructor
|
||||
try {
|
||||
SubnetVectorMap[current_subnet] = vector_of_counters(network_size_in_ips, zero_map_element);
|
||||
SubnetVectorMapSpeed[current_subnet] = vector_of_counters(network_size_in_ips, zero_map_element);
|
||||
SubnetVectorMap[current_subnet] = vector_of_counters(network_size_in_ips, zero_map_element);
|
||||
SubnetVectorMapSpeed[current_subnet] = vector_of_counters(network_size_in_ips, zero_map_element);
|
||||
SubnetVectorMapSpeedAverage[current_subnet] = vector_of_counters(network_size_in_ips, zero_map_element);
|
||||
} catch (std::bad_alloc& ba) {
|
||||
logger << log4cpp::Priority::ERROR << "Can't allocate memory for counters";
|
||||
@ -1059,11 +1045,10 @@ void subnet_vectors_allocator(prefix_t* prefix, void* data) {
|
||||
|
||||
// On creating it initilizes by zeros
|
||||
conntrack_main_struct_t zero_conntrack_main_struct;
|
||||
std::fill(SubnetVectorMapFlow[current_subnet].begin(),
|
||||
SubnetVectorMapFlow[current_subnet].end(), zero_conntrack_main_struct);
|
||||
std::fill(SubnetVectorMapFlow[current_subnet].begin(), SubnetVectorMapFlow[current_subnet].end(), zero_conntrack_main_struct);
|
||||
|
||||
PerSubnetCountersMap[current_subnet] = zero_map_element;
|
||||
PerSubnetSpeedMap[current_subnet] = zero_map_element;
|
||||
PerSubnetSpeedMap[current_subnet] = zero_map_element;
|
||||
}
|
||||
|
||||
void zeroify_all_counters() {
|
||||
@ -1078,11 +1063,10 @@ void zeroify_all_counters() {
|
||||
|
||||
bool load_our_networks_list() {
|
||||
if (file_exists(fastnetmon_platform_configuration.white_list_path)) {
|
||||
unsigned int network_entries = 0;
|
||||
unsigned int network_entries = 0;
|
||||
std::vector<std::string> network_list_from_config = read_file_to_vector(fastnetmon_platform_configuration.white_list_path);
|
||||
|
||||
for (std::vector<std::string>::iterator ii = network_list_from_config.begin();
|
||||
ii != network_list_from_config.end(); ++ii) {
|
||||
for (std::vector<std::string>::iterator ii = network_list_from_config.begin(); ii != network_list_from_config.end(); ++ii) {
|
||||
std::string text_subnet = *ii;
|
||||
if (text_subnet.empty()) {
|
||||
continue;
|
||||
@ -1140,11 +1124,9 @@ bool load_our_networks_list() {
|
||||
}
|
||||
}
|
||||
|
||||
logger << log4cpp::Priority::INFO << "We loaded " << networks_list_ipv4_as_string.size()
|
||||
<< " IPv4 networks from /proc/vz/veip";
|
||||
logger << log4cpp::Priority::INFO << "We loaded " << networks_list_ipv4_as_string.size() << " IPv4 networks from /proc/vz/veip";
|
||||
|
||||
logger << log4cpp::Priority::INFO << "We loaded " << networks_list_ipv6_as_string.size()
|
||||
<< " IPv6 networks from /proc/vz/veip";
|
||||
logger << log4cpp::Priority::INFO << "We loaded " << networks_list_ipv6_as_string.size() << " IPv6 networks from /proc/vz/veip";
|
||||
}
|
||||
|
||||
if (monitor_local_ip_addresses && file_exists("/sbin/ip")) {
|
||||
@ -1152,8 +1134,7 @@ bool load_our_networks_list() {
|
||||
|
||||
ip_addresses_list_t ip_list = get_local_ip_v4_addresses_list();
|
||||
|
||||
logger << log4cpp::Priority::INFO << "We found " << ip_list.size()
|
||||
<< " local IP addresses and will monitor they";
|
||||
logger << log4cpp::Priority::INFO << "We found " << ip_list.size() << " local IP addresses and will monitor they";
|
||||
|
||||
for (ip_addresses_list_t::iterator iter = ip_list.begin(); iter != ip_list.end(); ++iter) {
|
||||
// TODO: add IPv6 here
|
||||
@ -1162,7 +1143,8 @@ bool load_our_networks_list() {
|
||||
}
|
||||
|
||||
if (file_exists(fastnetmon_platform_configuration.networks_list_path)) {
|
||||
std::vector<std::string> network_list_from_config = read_file_to_vector(fastnetmon_platform_configuration.networks_list_path);
|
||||
std::vector<std::string> network_list_from_config =
|
||||
read_file_to_vector(fastnetmon_platform_configuration.networks_list_path);
|
||||
|
||||
for (std::vector<std::string>::iterator line_itr = network_list_from_config.begin();
|
||||
line_itr != network_list_from_config.end(); ++line_itr) {
|
||||
@ -1179,8 +1161,7 @@ bool load_our_networks_list() {
|
||||
}
|
||||
}
|
||||
|
||||
logger << log4cpp::Priority::INFO << "We loaded " << network_list_from_config.size()
|
||||
<< " networks from networks file";
|
||||
logger << log4cpp::Priority::INFO << "We loaded " << network_list_from_config.size() << " networks from networks file";
|
||||
}
|
||||
|
||||
// Some consistency checks
|
||||
@ -1200,23 +1181,23 @@ bool load_our_networks_list() {
|
||||
|
||||
std::string network_address_in_cidr_form = *ii;
|
||||
|
||||
unsigned int cidr_mask = get_cidr_mask_from_network_as_string(network_address_in_cidr_form);
|
||||
unsigned int cidr_mask = get_cidr_mask_from_network_as_string(network_address_in_cidr_form);
|
||||
std::string network_address = get_net_address_from_network_as_string(network_address_in_cidr_form);
|
||||
|
||||
double base = 2;
|
||||
total_number_of_hosts_in_our_networks += pow(base, 32 - cidr_mask);
|
||||
|
||||
// Make sure it's "subnet address" and not an host address
|
||||
uint32_t subnet_address_as_uint = convert_ip_as_string_to_uint(network_address);
|
||||
uint32_t subnet_address_as_uint = convert_ip_as_string_to_uint(network_address);
|
||||
uint32_t subnet_address_netmask_binary = convert_cidr_to_binary_netmask(cidr_mask);
|
||||
uint32_t generated_subnet_address = subnet_address_as_uint & subnet_address_netmask_binary;
|
||||
uint32_t generated_subnet_address = subnet_address_as_uint & subnet_address_netmask_binary;
|
||||
|
||||
if (subnet_address_as_uint != generated_subnet_address) {
|
||||
std::string new_network_address_as_string =
|
||||
convert_ip_as_uint_to_string(generated_subnet_address) + "/" + convert_int_to_string(cidr_mask);
|
||||
convert_ip_as_uint_to_string(generated_subnet_address) + "/" + convert_int_to_string(cidr_mask);
|
||||
|
||||
logger << log4cpp::Priority::WARN << "We will use " << new_network_address_as_string
|
||||
<< " instead of " << network_address_in_cidr_form << " because it's host address";
|
||||
logger << log4cpp::Priority::WARN << "We will use " << new_network_address_as_string << " instead of "
|
||||
<< network_address_in_cidr_form << " because it's host address";
|
||||
|
||||
network_address_in_cidr_form = new_network_address_as_string;
|
||||
}
|
||||
@ -1231,14 +1212,13 @@ bool load_our_networks_list() {
|
||||
make_and_lookup_ipv6(lookup_tree_ipv6, (char*)ii->c_str());
|
||||
}
|
||||
|
||||
logger << log4cpp::Priority::INFO << "Total number of monitored hosts (total size of all networks): "
|
||||
<< total_number_of_hosts_in_our_networks;
|
||||
logger << log4cpp::Priority::INFO
|
||||
<< "Total number of monitored hosts (total size of all networks): " << total_number_of_hosts_in_our_networks;
|
||||
|
||||
// 3 - speed counter, average speed counter and data counter
|
||||
uint64_t memory_requirements = 3 * sizeof(map_element_t) * total_number_of_hosts_in_our_networks / 1024 / 1024;
|
||||
|
||||
logger << log4cpp::Priority::INFO << "We need " << memory_requirements
|
||||
<< " MB of memory for storing counters for your networks";
|
||||
logger << log4cpp::Priority::INFO << "We need " << memory_requirements << " MB of memory for storing counters for your networks";
|
||||
|
||||
/* Preallocate data structures */
|
||||
patricia_process(lookup_tree_ipv4, (void_fn_t)subnet_vectors_allocator);
|
||||
@ -1255,7 +1235,7 @@ bool load_our_networks_list() {
|
||||
|
||||
#ifdef GEOIP
|
||||
unsigned int get_asn_for_ip(uint32_t ip) {
|
||||
char* asn_raw = GeoIP_org_by_name(geo_ip, convert_ip_as_uint_to_string(remote_ip).c_str());
|
||||
char* asn_raw = GeoIP_org_by_name(geo_ip, convert_ip_as_uint_to_string(remote_ip).c_str());
|
||||
uint32_t asn_number = 0;
|
||||
|
||||
if (asn_raw == NULL) {
|
||||
@ -1365,8 +1345,7 @@ void reconfigure_logging() {
|
||||
layout->setConversionPattern("[%p] %m%n");
|
||||
|
||||
if (logging_configuration.local_syslog_logging) {
|
||||
log4cpp::Appender* local_syslog_appender =
|
||||
new log4cpp::SyslogAppender("fastnetmon", "fastnetmon", LOG_USER);
|
||||
log4cpp::Appender* local_syslog_appender = new log4cpp::SyslogAppender("fastnetmon", "fastnetmon", LOG_USER);
|
||||
local_syslog_appender->setLayout(layout);
|
||||
logger.addAppender(local_syslog_appender);
|
||||
|
||||
@ -1375,8 +1354,8 @@ void reconfigure_logging() {
|
||||
|
||||
if (logging_configuration.remote_syslog_logging) {
|
||||
log4cpp::Appender* remote_syslog_appender =
|
||||
new log4cpp::RemoteSyslogAppender("fastnetmon", "fastnetmon", logging_configuration.remote_syslog_server,
|
||||
LOG_USER, logging_configuration.remote_syslog_port);
|
||||
new log4cpp::RemoteSyslogAppender("fastnetmon", "fastnetmon", logging_configuration.remote_syslog_server,
|
||||
LOG_USER, logging_configuration.remote_syslog_port);
|
||||
|
||||
remote_syslog_appender->setLayout(layout);
|
||||
logger.addAppender(remote_syslog_appender);
|
||||
@ -1420,12 +1399,12 @@ void redirect_fds() {
|
||||
|
||||
// Create copy of zero decriptor for 1 and 2 fd's
|
||||
// We do not need return codes here but we need do it for suppressing complaints from compiler
|
||||
int first_dup_result = dup(0);
|
||||
int first_dup_result = dup(0);
|
||||
int second_dup_result = dup(0);
|
||||
}
|
||||
|
||||
int main(int argc, char** argv) {
|
||||
bool daemonize = false;
|
||||
bool daemonize = false;
|
||||
bool only_configuration_check = false;
|
||||
|
||||
namespace po = boost::program_options;
|
||||
@ -1466,7 +1445,8 @@ int main(int argc, char** argv) {
|
||||
|
||||
if (vm.count("configuration_file")) {
|
||||
fastnetmon_platform_configuration.global_config_path = vm["configuration_file"].as<std::string>();
|
||||
std::cout << "We will use custom path to configuration file: " << fastnetmon_platform_configuration.global_config_path << std::endl;
|
||||
std::cout << "We will use custom path to configuration file: " << fastnetmon_platform_configuration.global_config_path
|
||||
<< std::endl;
|
||||
}
|
||||
|
||||
if (vm.count("log_file")) {
|
||||
@ -1521,7 +1501,8 @@ int main(int argc, char** argv) {
|
||||
bool load_config_result = load_configuration_file();
|
||||
|
||||
if (!load_config_result) {
|
||||
std::cerr << "Can't open config file " << fastnetmon_platform_configuration.global_config_path << " please create it!" << std::endl;
|
||||
std::cerr << "Can't open config file " << fastnetmon_platform_configuration.global_config_path
|
||||
<< " please create it!" << std::endl;
|
||||
exit(1);
|
||||
}
|
||||
|
||||
@ -1540,8 +1521,7 @@ int main(int argc, char** argv) {
|
||||
int kill_result = kill(pid_from_file, 0);
|
||||
|
||||
if (kill_result == 0) {
|
||||
logger << log4cpp::Priority::ERROR
|
||||
<< "FastNetMon is already running with pid: " << pid_from_file;
|
||||
logger << log4cpp::Priority::ERROR << "FastNetMon is already running with pid: " << pid_from_file;
|
||||
exit(1);
|
||||
} else {
|
||||
// Yes, we have pid with pid but it's zero
|
||||
@ -1560,25 +1540,26 @@ int main(int argc, char** argv) {
|
||||
bool print_pid_to_file_result = print_pid_to_file(getpid(), fastnetmon_platform_configuration.pid_path);
|
||||
|
||||
if (!print_pid_to_file_result) {
|
||||
logger << log4cpp::Priority::ERROR << "Could not create pid file, please check permissions: " << fastnetmon_platform_configuration.pid_path;
|
||||
logger << log4cpp::Priority::ERROR
|
||||
<< "Could not create pid file, please check permissions: " << fastnetmon_platform_configuration.pid_path;
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
lookup_tree_ipv4 = New_Patricia(32);
|
||||
lookup_tree_ipv4 = New_Patricia(32);
|
||||
whitelist_tree_ipv4 = New_Patricia(32);
|
||||
|
||||
lookup_tree_ipv6 = New_Patricia(128);
|
||||
lookup_tree_ipv6 = New_Patricia(128);
|
||||
whitelist_tree_ipv6 = New_Patricia(128);
|
||||
|
||||
// nullify total counters
|
||||
for (int index = 0; index < 4; index++) {
|
||||
total_counters[index].bytes = 0;
|
||||
total_counters[index].bytes = 0;
|
||||
total_counters[index].packets = 0;
|
||||
|
||||
total_speed_counters[index].bytes = 0;
|
||||
total_speed_counters[index].bytes = 0;
|
||||
total_speed_counters[index].packets = 0;
|
||||
|
||||
total_speed_average_counters[index].bytes = 0;
|
||||
total_speed_average_counters[index].bytes = 0;
|
||||
total_speed_average_counters[index].packets = 0;
|
||||
}
|
||||
|
||||
@ -1587,7 +1568,8 @@ int main(int argc, char** argv) {
|
||||
int mkdir_result = mkdir(fastnetmon_platform_configuration.attack_details_folder.c_str(), S_IRWXU);
|
||||
|
||||
if (mkdir_result != 0) {
|
||||
logger << log4cpp::Priority::ERROR << "Can't create folder for attack details: " << fastnetmon_platform_configuration.attack_details_folder;
|
||||
logger << log4cpp::Priority::ERROR
|
||||
<< "Can't create folder for attack details: " << fastnetmon_platform_configuration.attack_details_folder;
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
@ -1762,4 +1744,3 @@ void interruption_signal_handler(int signal_number) {
|
||||
// TODO: we should REMOVE this exit command and wait for correct toolkit shutdown
|
||||
exit(1);
|
||||
}
|
||||
|
||||
|
@ -61,7 +61,7 @@ class FastnetmonClient {
|
||||
|
||||
// Set timeout for API
|
||||
std::chrono::system_clock::time_point deadline =
|
||||
std::chrono::system_clock::now() + std::chrono::seconds(client_connection_timeout);
|
||||
std::chrono::system_clock::now() + std::chrono::seconds(client_connection_timeout);
|
||||
|
||||
context.set_deadline(deadline);
|
||||
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,5 +1,5 @@
|
||||
#include "fastnetmon_types.h"
|
||||
#include "bgp_protocol.hpp"
|
||||
#include "fastnetmon_types.h"
|
||||
|
||||
#ifdef REDIS
|
||||
#include <hiredis/hiredis.h>
|
||||
@ -13,18 +13,15 @@
|
||||
|
||||
typedef std::map<std::string, uint32_t> active_flow_spec_announces_t;
|
||||
|
||||
void build_speed_counters_from_packet_counters(map_element_t& new_speed_element,
|
||||
map_element_t* vector_itr,
|
||||
double speed_calc_period) ;
|
||||
void build_speed_counters_from_packet_counters(map_element_t& new_speed_element, map_element_t* vector_itr, double speed_calc_period);
|
||||
|
||||
void build_average_speed_counters_from_speed_counters(map_element_t* current_average_speed_element,
|
||||
map_element_t& new_speed_element,
|
||||
double exp_value,
|
||||
double exp_power);
|
||||
map_element_t& new_speed_element,
|
||||
double exp_value,
|
||||
double exp_power);
|
||||
|
||||
std::string get_amplification_attack_type(amplification_attack_type_t attack_type);
|
||||
std::string generate_flow_spec_for_amplification_attack(amplification_attack_type_t amplification_attack_type,
|
||||
std::string destination_ip);
|
||||
std::string generate_flow_spec_for_amplification_attack(amplification_attack_type_t amplification_attack_type, std::string destination_ip);
|
||||
|
||||
bool we_should_ban_this_entity(map_element_t* average_speed_element,
|
||||
ban_settings_t& current_ban_settings,
|
||||
@ -41,12 +38,9 @@ std::string print_ban_thresholds(ban_settings_t current_ban_settings);
|
||||
std::string print_subnet_ipv4_load();
|
||||
std::string print_subnet_ipv6_load();
|
||||
std::string print_flow_tracking_for_ip(conntrack_main_struct_t& conntrack_element, std::string client_ip);
|
||||
std::string print_flow_tracking_for_specified_protocol(contrack_map_type& protocol_map,
|
||||
std::string client_ip,
|
||||
direction_t flow_direction);
|
||||
std::string print_flow_tracking_for_specified_protocol(contrack_map_type& protocol_map, std::string client_ip, direction_t flow_direction);
|
||||
|
||||
void convert_integer_to_conntrack_hash_struct(packed_session* packed_connection_data,
|
||||
packed_conntrack_hash_t* unpacked_data);
|
||||
void convert_integer_to_conntrack_hash_struct(packed_session* packed_connection_data, packed_conntrack_hash_t* unpacked_data);
|
||||
|
||||
void cleanup_ban_list();
|
||||
|
||||
@ -59,11 +53,11 @@ void call_unban_handlers(uint32_t client_ip,
|
||||
|
||||
std::string print_ddos_attack_details();
|
||||
|
||||
std::string get_attack_description(uint32_t client_ip, attack_details_t& current_attack) ;
|
||||
std::string get_attack_description(uint32_t client_ip, attack_details_t& current_attack);
|
||||
|
||||
std::string get_attack_description_in_json(uint32_t client_ip, attack_details_t& current_attack) ;
|
||||
std::string get_attack_description_in_json(uint32_t client_ip, attack_details_t& current_attack);
|
||||
|
||||
std::string generate_simple_packets_dump(std::vector<simple_packet_t>& ban_list_details) ;
|
||||
std::string generate_simple_packets_dump(std::vector<simple_packet_t>& ban_list_details);
|
||||
|
||||
void send_attack_details(uint32_t client_ip, attack_details_t current_attack_details);
|
||||
|
||||
@ -73,10 +67,7 @@ uint64_t convert_conntrack_hash_struct_to_integer(packed_conntrack_hash_t* struc
|
||||
bool process_flow_tracking_table(conntrack_main_struct_t& conntrack_element, std::string client_ip);
|
||||
bool exec_with_stdin_params(std::string cmd, std::string params);
|
||||
ban_settings_t get_ban_settings_for_this_subnet(subnet_cidr_mask_t subnet, std::string& host_group_name);
|
||||
void exabgp_prefix_ban_manage(std::string action,
|
||||
std::string prefix_as_string_with_mask,
|
||||
std::string exabgp_next_hop,
|
||||
std::string exabgp_community);
|
||||
void exabgp_prefix_ban_manage(std::string action, std::string prefix_as_string_with_mask, std::string exabgp_next_hop, std::string exabgp_community);
|
||||
bool exabgp_flow_spec_ban_manage(std::string action, std::string flow_spec_rule_as_text);
|
||||
|
||||
#ifdef REDIS
|
||||
@ -107,7 +98,7 @@ std::string draw_table_ipv4(direction_t data_direction, bool do_redis_update, so
|
||||
std::string draw_table_ipv6(direction_t data_direction, bool do_redis_update, sort_type_t sort_item);
|
||||
void print_screen_contents_into_file(std::string screen_data_stats_param, std::string file_path);
|
||||
void zeroify_all_flow_counters();
|
||||
void process_packet(simple_packet_t& current_packet) ;
|
||||
void process_packet(simple_packet_t& current_packet);
|
||||
|
||||
void increment_outgoing_counters(map_element_t* current_element,
|
||||
simple_packet_t& current_packet,
|
||||
@ -164,13 +155,10 @@ using grpc::Status;
|
||||
class FastnetmonApiServiceImpl final : public Fastnetmon::Service {
|
||||
Status GetBanlist(::grpc::ServerContext* context,
|
||||
const ::fastmitigation::BanListRequest* request,
|
||||
::grpc::ServerWriter< ::fastmitigation::BanListReply>* writer) override;
|
||||
::grpc::ServerWriter<::fastmitigation::BanListReply>* writer) override;
|
||||
|
||||
Status ExecuteBan(ServerContext* context,
|
||||
const fastmitigation::ExecuteBanRequest* request,
|
||||
fastmitigation::ExecuteBanReply* reply) override;
|
||||
Status ExecuteBan(ServerContext* context, const fastmitigation::ExecuteBanRequest* request, fastmitigation::ExecuteBanReply* reply) override;
|
||||
Status ExecuteUnBan(ServerContext* context,
|
||||
const fastmitigation::ExecuteBanRequest* request,
|
||||
fastmitigation::ExecuteBanReply* reply) override;
|
||||
};
|
||||
|
||||
|
@ -195,4 +195,3 @@ template <> struct hash<subnet_cidr_mask_t> {
|
||||
};
|
||||
|
||||
} // namespace std
|
||||
|
||||
|
@ -234,22 +234,17 @@ u_int32_t pfring_hash_pkt(struct pfring_pkthdr* hdr) {
|
||||
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_ip_dst.v6.__u6_addr.__u6_addr32[1] +
|
||||
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_ip_dst.v6.__u6_addr.__u6_addr32[2] +
|
||||
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_ip_dst.v6.__u6_addr.__u6_addr32[3] +
|
||||
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_l4_src_port +
|
||||
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_l4_dst_port;
|
||||
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_l4_src_port + hdr->extended_hdr.parsed_pkt.tunnel.tunneled_l4_dst_port;
|
||||
}
|
||||
}
|
||||
#else
|
||||
u_int32_t pfring_hash_pkt(struct pfring_pkthdr* hdr) {
|
||||
if (hdr->extended_hdr.parsed_pkt.tunnel.tunnel_id == NO_TUNNEL_ID) {
|
||||
return hdr->extended_hdr.parsed_pkt.vlan_id + hdr->extended_hdr.parsed_pkt.l3_proto +
|
||||
hdr->extended_hdr.parsed_pkt.ip_src.v6.s6_addr32[0] +
|
||||
hdr->extended_hdr.parsed_pkt.ip_src.v6.s6_addr32[1] +
|
||||
hdr->extended_hdr.parsed_pkt.ip_src.v6.s6_addr32[2] +
|
||||
hdr->extended_hdr.parsed_pkt.ip_src.v6.s6_addr32[3] +
|
||||
hdr->extended_hdr.parsed_pkt.ip_dst.v6.s6_addr32[0] +
|
||||
hdr->extended_hdr.parsed_pkt.ip_dst.v6.s6_addr32[1] +
|
||||
hdr->extended_hdr.parsed_pkt.ip_dst.v6.s6_addr32[2] +
|
||||
hdr->extended_hdr.parsed_pkt.ip_dst.v6.s6_addr32[3] +
|
||||
hdr->extended_hdr.parsed_pkt.ip_src.v6.s6_addr32[0] + hdr->extended_hdr.parsed_pkt.ip_src.v6.s6_addr32[1] +
|
||||
hdr->extended_hdr.parsed_pkt.ip_src.v6.s6_addr32[2] + hdr->extended_hdr.parsed_pkt.ip_src.v6.s6_addr32[3] +
|
||||
hdr->extended_hdr.parsed_pkt.ip_dst.v6.s6_addr32[0] + hdr->extended_hdr.parsed_pkt.ip_dst.v6.s6_addr32[1] +
|
||||
hdr->extended_hdr.parsed_pkt.ip_dst.v6.s6_addr32[2] + hdr->extended_hdr.parsed_pkt.ip_dst.v6.s6_addr32[3] +
|
||||
hdr->extended_hdr.parsed_pkt.l4_src_port + hdr->extended_hdr.parsed_pkt.l4_dst_port;
|
||||
} else {
|
||||
return hdr->extended_hdr.parsed_pkt.vlan_id + hdr->extended_hdr.parsed_pkt.tunnel.tunneled_proto +
|
||||
@ -260,13 +255,12 @@ u_int32_t pfring_hash_pkt(struct pfring_pkthdr* hdr) {
|
||||
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_ip_dst.v6.s6_addr32[1] +
|
||||
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_ip_dst.v6.s6_addr32[2] +
|
||||
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_ip_dst.v6.s6_addr32[3] +
|
||||
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_l4_src_port +
|
||||
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_l4_dst_port;
|
||||
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_l4_src_port + hdr->extended_hdr.parsed_pkt.tunnel.tunneled_l4_dst_port;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
static int __pfring_parse_tunneled_pkt(u_char* pkt, struct pfring_pkthdr* hdr, u_int16_t ip_version, u_int16_t tunnel_offset) {
|
||||
u_int32_t ip_len = 0;
|
||||
u_int32_t ip_len = 0;
|
||||
u_int16_t fragment_offset = 0;
|
||||
|
||||
if (ip_version == 4 /* IPv4 */) {
|
||||
@ -276,12 +270,12 @@ static int __pfring_parse_tunneled_pkt(u_char* pkt, struct pfring_pkthdr* hdr, u
|
||||
|
||||
tunneled_ip = (struct iphdr*)(&pkt[tunnel_offset]);
|
||||
|
||||
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_proto = tunneled_ip->protocol;
|
||||
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_proto = tunneled_ip->protocol;
|
||||
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_ip_src.v4 = ntohl(tunneled_ip->saddr);
|
||||
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_ip_dst.v4 = ntohl(tunneled_ip->daddr);
|
||||
|
||||
fragment_offset = tunneled_ip->frag_off & htons(IP_OFFSET); /* fragment, but not the first */
|
||||
ip_len = tunneled_ip->ihl * 4;
|
||||
ip_len = tunneled_ip->ihl * 4;
|
||||
tunnel_offset += ip_len;
|
||||
|
||||
} else if (ip_version == 6 /* IPv6 */) {
|
||||
@ -294,10 +288,8 @@ static int __pfring_parse_tunneled_pkt(u_char* pkt, struct pfring_pkthdr* hdr, u
|
||||
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_proto = tunneled_ipv6->nexthdr;
|
||||
|
||||
/* Values of IPv6 addresses are stored as network byte order */
|
||||
memcpy(&hdr->extended_hdr.parsed_pkt.tunnel.tunneled_ip_src.v6, &tunneled_ipv6->saddr,
|
||||
sizeof(tunneled_ipv6->saddr));
|
||||
memcpy(&hdr->extended_hdr.parsed_pkt.tunnel.tunneled_ip_dst.v6, &tunneled_ipv6->daddr,
|
||||
sizeof(tunneled_ipv6->daddr));
|
||||
memcpy(&hdr->extended_hdr.parsed_pkt.tunnel.tunneled_ip_src.v6, &tunneled_ipv6->saddr, sizeof(tunneled_ipv6->saddr));
|
||||
memcpy(&hdr->extended_hdr.parsed_pkt.tunnel.tunneled_ip_dst.v6, &tunneled_ipv6->daddr, sizeof(tunneled_ipv6->daddr));
|
||||
|
||||
ip_len = sizeof(struct kcompact_ipv6_hdr);
|
||||
|
||||
@ -308,8 +300,7 @@ static int __pfring_parse_tunneled_pkt(u_char* pkt, struct pfring_pkthdr* hdr, u
|
||||
hdr->extended_hdr.parsed_pkt.tunnel.tunneled_proto == NEXTHDR_FRAGMENT) {
|
||||
struct kcompact_ipv6_opt_hdr* ipv6_opt;
|
||||
|
||||
if (hdr->caplen < tunnel_offset + ip_len + sizeof(struct kcompact_ipv6_opt_hdr))
|
||||
return 1;
|
||||
if (hdr->caplen < tunnel_offset + ip_len + sizeof(struct kcompact_ipv6_opt_hdr)) return 1;
|
||||
|
||||
ipv6_opt = (struct kcompact_ipv6_opt_hdr*)(&pkt[tunnel_offset + ip_len]);
|
||||
ip_len += sizeof(struct kcompact_ipv6_opt_hdr);
|
||||
@ -361,8 +352,8 @@ int fastnetmon_parse_pkt(unsigned char* pkt,
|
||||
u_int8_t level /* L2..L4, 5 (tunnel) */,
|
||||
u_int8_t add_timestamp /* 0,1 */,
|
||||
u_int8_t add_hash /* 0,1 */) {
|
||||
struct ethhdr* eh = (struct ethhdr*)pkt;
|
||||
u_int32_t displ = 0, ip_len;
|
||||
struct ethhdr* eh = (struct ethhdr*)pkt;
|
||||
u_int32_t displ = 0, ip_len;
|
||||
u_int16_t analyzed = 0, fragment_offset = 0;
|
||||
|
||||
hdr->extended_hdr.parsed_pkt.tunnel.tunnel_id = NO_TUNNEL_ID;
|
||||
@ -377,10 +368,10 @@ int fastnetmon_parse_pkt(unsigned char* pkt,
|
||||
memcpy(&hdr->extended_hdr.parsed_pkt.dmac, eh->h_dest, sizeof(eh->h_dest));
|
||||
memcpy(&hdr->extended_hdr.parsed_pkt.smac, eh->h_source, sizeof(eh->h_source));
|
||||
|
||||
hdr->extended_hdr.parsed_pkt.eth_type = ntohs(eh->h_proto);
|
||||
hdr->extended_hdr.parsed_pkt.offset.eth_offset = 0;
|
||||
hdr->extended_hdr.parsed_pkt.eth_type = ntohs(eh->h_proto);
|
||||
hdr->extended_hdr.parsed_pkt.offset.eth_offset = 0;
|
||||
hdr->extended_hdr.parsed_pkt.offset.vlan_offset = 0;
|
||||
hdr->extended_hdr.parsed_pkt.vlan_id = 0; /* Any VLAN */
|
||||
hdr->extended_hdr.parsed_pkt.vlan_id = 0; /* Any VLAN */
|
||||
|
||||
if (hdr->extended_hdr.parsed_pkt.eth_type == 0x8100 /* 802.1q (VLAN) */) {
|
||||
struct eth_vlan_hdr* vh;
|
||||
@ -388,14 +379,13 @@ int fastnetmon_parse_pkt(unsigned char* pkt,
|
||||
while (hdr->extended_hdr.parsed_pkt.eth_type == 0x8100 /* 802.1q (VLAN) */) {
|
||||
hdr->extended_hdr.parsed_pkt.offset.vlan_offset += sizeof(struct eth_vlan_hdr);
|
||||
vh = (struct eth_vlan_hdr*)&pkt[hdr->extended_hdr.parsed_pkt.offset.vlan_offset];
|
||||
hdr->extended_hdr.parsed_pkt.vlan_id = ntohs(vh->h_vlan_id) & 0x0fff;
|
||||
hdr->extended_hdr.parsed_pkt.vlan_id = ntohs(vh->h_vlan_id) & 0x0fff;
|
||||
hdr->extended_hdr.parsed_pkt.eth_type = ntohs(vh->h_proto);
|
||||
displ += sizeof(struct eth_vlan_hdr);
|
||||
}
|
||||
}
|
||||
|
||||
hdr->extended_hdr.parsed_pkt.offset.l3_offset =
|
||||
hdr->extended_hdr.parsed_pkt.offset.eth_offset + displ + sizeof(struct ethhdr);
|
||||
hdr->extended_hdr.parsed_pkt.offset.l3_offset = hdr->extended_hdr.parsed_pkt.offset.eth_offset + displ + sizeof(struct ethhdr);
|
||||
|
||||
L3:
|
||||
|
||||
@ -410,17 +400,16 @@ L3:
|
||||
|
||||
hdr->extended_hdr.parsed_pkt.ip_version = 4;
|
||||
|
||||
if (hdr->caplen < hdr->extended_hdr.parsed_pkt.offset.l3_offset + sizeof(struct iphdr))
|
||||
goto TIMESTAMP;
|
||||
if (hdr->caplen < hdr->extended_hdr.parsed_pkt.offset.l3_offset + sizeof(struct iphdr)) goto TIMESTAMP;
|
||||
|
||||
ip = (struct iphdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.l3_offset]);
|
||||
|
||||
hdr->extended_hdr.parsed_pkt.ipv4_src = ntohl(ip->saddr);
|
||||
hdr->extended_hdr.parsed_pkt.ipv4_dst = ntohl(ip->daddr);
|
||||
hdr->extended_hdr.parsed_pkt.l3_proto = ip->protocol;
|
||||
hdr->extended_hdr.parsed_pkt.ipv4_tos = ip->tos;
|
||||
fragment_offset = ip->frag_off & htons(IP_OFFSET); /* fragment, but not the first */
|
||||
ip_len = ip->ihl * 4;
|
||||
hdr->extended_hdr.parsed_pkt.ipv4_src = ntohl(ip->saddr);
|
||||
hdr->extended_hdr.parsed_pkt.ipv4_dst = ntohl(ip->daddr);
|
||||
hdr->extended_hdr.parsed_pkt.l3_proto = ip->protocol;
|
||||
hdr->extended_hdr.parsed_pkt.ipv4_tos = ip->tos;
|
||||
fragment_offset = ip->frag_off & htons(IP_OFFSET); /* fragment, but not the first */
|
||||
ip_len = ip->ihl * 4;
|
||||
hdr->extended_hdr.parsed_pkt.ip_total_size = ntohs(ip->tot_len);
|
||||
// Parse fragmentation info:
|
||||
// Very good examples about IPv4 flags: http://lwn.net/Articles/136319/
|
||||
@ -429,7 +418,7 @@ L3:
|
||||
hdr->extended_hdr.parsed_pkt.ip_ttl = ip->ttl;
|
||||
|
||||
int fast_frag_off = ntohs(ip->frag_off);
|
||||
int fast_offset = (fast_frag_off & IP_OFFSET);
|
||||
int fast_offset = (fast_frag_off & IP_OFFSET);
|
||||
|
||||
if (fast_frag_off & IP_MF) {
|
||||
// printf("Packet with MF flag\n");
|
||||
@ -449,7 +438,7 @@ L3:
|
||||
if (hdr->caplen < hdr->extended_hdr.parsed_pkt.offset.l3_offset + sizeof(struct kcompact_ipv6_hdr))
|
||||
goto TIMESTAMP;
|
||||
|
||||
ipv6 = (struct kcompact_ipv6_hdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.l3_offset]);
|
||||
ipv6 = (struct kcompact_ipv6_hdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.l3_offset]);
|
||||
ip_len = sizeof(struct kcompact_ipv6_hdr);
|
||||
|
||||
/* Values of IPv6 addresses are stored as network byte order */
|
||||
@ -460,29 +449,23 @@ L3:
|
||||
hdr->extended_hdr.parsed_pkt.ipv6_tos = ipv6->priority; /* IPv6 class of service */
|
||||
|
||||
/* Note: NEXTHDR_AUTH, NEXTHDR_ESP, NEXTHDR_IPV6, NEXTHDR_MOBILITY are not handled */
|
||||
while (hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_HOP ||
|
||||
hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_DEST ||
|
||||
hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_ROUTING ||
|
||||
hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_FRAGMENT) {
|
||||
while (hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_HOP || hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_DEST ||
|
||||
hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_ROUTING || hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_FRAGMENT) {
|
||||
struct kcompact_ipv6_opt_hdr* ipv6_opt;
|
||||
|
||||
if (hdr->caplen < hdr->extended_hdr.parsed_pkt.offset.l3_offset + ip_len +
|
||||
sizeof(struct kcompact_ipv6_opt_hdr))
|
||||
if (hdr->caplen < hdr->extended_hdr.parsed_pkt.offset.l3_offset + ip_len + sizeof(struct kcompact_ipv6_opt_hdr))
|
||||
goto TIMESTAMP;
|
||||
|
||||
ipv6_opt =
|
||||
(struct kcompact_ipv6_opt_hdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.l3_offset + ip_len]);
|
||||
ipv6_opt = (struct kcompact_ipv6_opt_hdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.l3_offset + ip_len]);
|
||||
ip_len += sizeof(struct kcompact_ipv6_opt_hdr);
|
||||
if (hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_HOP ||
|
||||
hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_DEST ||
|
||||
if (hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_HOP || hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_DEST ||
|
||||
hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_ROUTING)
|
||||
ip_len += ipv6_opt->hdrlen * 8;
|
||||
|
||||
hdr->extended_hdr.parsed_pkt.l3_proto = ipv6_opt->nexthdr;
|
||||
}
|
||||
|
||||
if (hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_NONE)
|
||||
hdr->extended_hdr.parsed_pkt.l3_proto = 0;
|
||||
if (hdr->extended_hdr.parsed_pkt.l3_proto == NEXTHDR_NONE) hdr->extended_hdr.parsed_pkt.l3_proto = 0;
|
||||
} else {
|
||||
hdr->extended_hdr.parsed_pkt.l3_proto = 0;
|
||||
goto TIMESTAMP;
|
||||
@ -499,34 +482,30 @@ L4:
|
||||
if (hdr->extended_hdr.parsed_pkt.l3_proto == IPPROTO_TCP) {
|
||||
struct tcphdr* tcp;
|
||||
|
||||
if (hdr->caplen < hdr->extended_hdr.parsed_pkt.offset.l4_offset + sizeof(struct tcphdr))
|
||||
goto TIMESTAMP;
|
||||
if (hdr->caplen < hdr->extended_hdr.parsed_pkt.offset.l4_offset + sizeof(struct tcphdr)) goto TIMESTAMP;
|
||||
|
||||
tcp = (struct tcphdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.l4_offset]);
|
||||
|
||||
hdr->extended_hdr.parsed_pkt.l4_src_port = ntohs(tcp->source);
|
||||
hdr->extended_hdr.parsed_pkt.l4_dst_port = ntohs(tcp->dest);
|
||||
hdr->extended_hdr.parsed_pkt.offset.payload_offset =
|
||||
hdr->extended_hdr.parsed_pkt.offset.l4_offset + (tcp->doff * 4);
|
||||
hdr->extended_hdr.parsed_pkt.tcp.seq_num = ntohl(tcp->seq);
|
||||
hdr->extended_hdr.parsed_pkt.tcp.ack_num = ntohl(tcp->ack_seq);
|
||||
hdr->extended_hdr.parsed_pkt.tcp.flags =
|
||||
(tcp->fin * TH_FIN_MULTIPLIER) + (tcp->syn * TH_SYN_MULTIPLIER) + (tcp->rst * TH_RST_MULTIPLIER) +
|
||||
(tcp->psh * TH_PUSH_MULTIPLIER) + (tcp->ack * TH_ACK_MULTIPLIER) + (tcp->urg * TH_URG_MULTIPLIER);
|
||||
hdr->extended_hdr.parsed_pkt.l4_src_port = ntohs(tcp->source);
|
||||
hdr->extended_hdr.parsed_pkt.l4_dst_port = ntohs(tcp->dest);
|
||||
hdr->extended_hdr.parsed_pkt.offset.payload_offset = hdr->extended_hdr.parsed_pkt.offset.l4_offset + (tcp->doff * 4);
|
||||
hdr->extended_hdr.parsed_pkt.tcp.seq_num = ntohl(tcp->seq);
|
||||
hdr->extended_hdr.parsed_pkt.tcp.ack_num = ntohl(tcp->ack_seq);
|
||||
hdr->extended_hdr.parsed_pkt.tcp.flags = (tcp->fin * TH_FIN_MULTIPLIER) + (tcp->syn * TH_SYN_MULTIPLIER) +
|
||||
(tcp->rst * TH_RST_MULTIPLIER) + (tcp->psh * TH_PUSH_MULTIPLIER) +
|
||||
(tcp->ack * TH_ACK_MULTIPLIER) + (tcp->urg * TH_URG_MULTIPLIER);
|
||||
|
||||
analyzed = 4;
|
||||
} else if (hdr->extended_hdr.parsed_pkt.l3_proto == IPPROTO_UDP) {
|
||||
struct udphdr* udp;
|
||||
|
||||
if (hdr->caplen < hdr->extended_hdr.parsed_pkt.offset.l4_offset + sizeof(struct udphdr))
|
||||
goto TIMESTAMP;
|
||||
if (hdr->caplen < hdr->extended_hdr.parsed_pkt.offset.l4_offset + sizeof(struct udphdr)) goto TIMESTAMP;
|
||||
|
||||
udp = (struct udphdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.l4_offset]);
|
||||
|
||||
hdr->extended_hdr.parsed_pkt.l4_src_port = ntohs(udp->source),
|
||||
hdr->extended_hdr.parsed_pkt.l4_dst_port = ntohs(udp->dest);
|
||||
hdr->extended_hdr.parsed_pkt.offset.payload_offset =
|
||||
hdr->extended_hdr.parsed_pkt.offset.l4_offset + sizeof(struct udphdr);
|
||||
hdr->extended_hdr.parsed_pkt.offset.payload_offset = hdr->extended_hdr.parsed_pkt.offset.l4_offset + sizeof(struct udphdr);
|
||||
|
||||
analyzed = 4;
|
||||
|
||||
@ -543,7 +522,7 @@ L4:
|
||||
if (hdr->caplen < (hdr->extended_hdr.parsed_pkt.offset.payload_offset + sizeof(struct gtp_v1_hdr)))
|
||||
goto TIMESTAMP;
|
||||
|
||||
gtp = (struct gtp_v1_hdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.payload_offset]);
|
||||
gtp = (struct gtp_v1_hdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.payload_offset]);
|
||||
gtp_len = sizeof(struct gtp_v1_hdr);
|
||||
|
||||
if (((gtp->flags & GTP_FLAGS_VERSION) >> GTP_FLAGS_VERSION_SHIFT) == GTP_VERSION_1) {
|
||||
@ -556,12 +535,10 @@ L4:
|
||||
if (gtp->flags & (GTP_FLAGS_EXTENSION | GTP_FLAGS_SEQ_NUM | GTP_FLAGS_NPDU_NUM)) {
|
||||
struct gtp_v1_opt_hdr* gtpopt;
|
||||
|
||||
if (hdr->caplen < (hdr->extended_hdr.parsed_pkt.offset.payload_offset +
|
||||
gtp_len + sizeof(struct gtp_v1_opt_hdr)))
|
||||
if (hdr->caplen < (hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len + sizeof(struct gtp_v1_opt_hdr)))
|
||||
goto TIMESTAMP;
|
||||
|
||||
gtpopt =
|
||||
(struct gtp_v1_opt_hdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len]);
|
||||
gtpopt = (struct gtp_v1_opt_hdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len]);
|
||||
gtp_len += sizeof(struct gtp_v1_opt_hdr);
|
||||
|
||||
if ((gtp->flags & GTP_FLAGS_EXTENSION) && gtpopt->next_ext_hdr) {
|
||||
@ -569,31 +546,25 @@ L4:
|
||||
u_int8_t* next_ext_hdr;
|
||||
|
||||
do {
|
||||
if (hdr->caplen < (hdr->extended_hdr.parsed_pkt.offset.payload_offset +
|
||||
gtp_len + 1 /* 8bit len field */))
|
||||
if (hdr->caplen < (hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len + 1 /* 8bit len field */))
|
||||
goto TIMESTAMP;
|
||||
gtpext =
|
||||
(struct gtp_v1_ext_hdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len]);
|
||||
gtpext = (struct gtp_v1_ext_hdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len]);
|
||||
gtp_len += (gtpext->len * GTP_EXT_HDR_LEN_UNIT_BYTES);
|
||||
if (gtpext->len == 0 ||
|
||||
hdr->caplen < (hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len))
|
||||
if (gtpext->len == 0 || hdr->caplen < (hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len))
|
||||
goto TIMESTAMP;
|
||||
next_ext_hdr =
|
||||
(u_int8_t*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len - 1 /* 8bit next_ext_hdr field*/]);
|
||||
(u_int8_t*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len - 1 /* 8bit next_ext_hdr field*/]);
|
||||
} while (*next_ext_hdr);
|
||||
}
|
||||
}
|
||||
|
||||
if (hdr->caplen < (hdr->extended_hdr.parsed_pkt.offset.payload_offset +
|
||||
gtp_len + sizeof(struct iphdr)))
|
||||
if (hdr->caplen < (hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len + sizeof(struct iphdr)))
|
||||
goto TIMESTAMP;
|
||||
|
||||
tunneled_ip =
|
||||
(struct iphdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len]);
|
||||
tunneled_ip = (struct iphdr*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len]);
|
||||
|
||||
analyzed +=
|
||||
__pfring_parse_tunneled_pkt(pkt, hdr, tunneled_ip->version,
|
||||
hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len);
|
||||
analyzed += __pfring_parse_tunneled_pkt(pkt, hdr, tunneled_ip->version,
|
||||
hdr->extended_hdr.parsed_pkt.offset.payload_offset + gtp_len);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -602,23 +573,20 @@ L4:
|
||||
int gre_offset;
|
||||
|
||||
gre->flags_and_version = ntohs(gre->flags_and_version);
|
||||
gre->proto = ntohs(gre->proto);
|
||||
gre->proto = ntohs(gre->proto);
|
||||
|
||||
gre_offset = sizeof(struct gre_header);
|
||||
|
||||
if ((gre->flags_and_version & GRE_HEADER_VERSION) == 0) {
|
||||
if (gre->flags_and_version & (GRE_HEADER_CHECKSUM | GRE_HEADER_ROUTING))
|
||||
gre_offset += 4;
|
||||
if (gre->flags_and_version & (GRE_HEADER_CHECKSUM | GRE_HEADER_ROUTING)) gre_offset += 4;
|
||||
if (gre->flags_and_version & GRE_HEADER_KEY) {
|
||||
u_int32_t* tunnel_id =
|
||||
(u_int32_t*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.l4_offset + gre_offset]);
|
||||
u_int32_t* tunnel_id = (u_int32_t*)(&pkt[hdr->extended_hdr.parsed_pkt.offset.l4_offset + gre_offset]);
|
||||
gre_offset += 4;
|
||||
hdr->extended_hdr.parsed_pkt.tunnel.tunnel_id = ntohl(*tunnel_id);
|
||||
}
|
||||
if (gre->flags_and_version & GRE_HEADER_SEQ_NUM) gre_offset += 4;
|
||||
|
||||
hdr->extended_hdr.parsed_pkt.offset.payload_offset =
|
||||
hdr->extended_hdr.parsed_pkt.offset.l4_offset + gre_offset;
|
||||
hdr->extended_hdr.parsed_pkt.offset.payload_offset = hdr->extended_hdr.parsed_pkt.offset.l4_offset + gre_offset;
|
||||
|
||||
analyzed = 4;
|
||||
|
||||
@ -641,8 +609,7 @@ TIMESTAMP:
|
||||
if (add_timestamp && hdr->ts.tv_sec == 0)
|
||||
gettimeofday(&hdr->ts, NULL); /* TODO What about using clock_gettime(CLOCK_REALTIME, ts) ? */
|
||||
|
||||
if (add_hash && hdr->extended_hdr.pkt_hash == 0)
|
||||
hdr->extended_hdr.pkt_hash = pfring_hash_pkt(hdr);
|
||||
if (add_hash && hdr->extended_hdr.pkt_hash == 0) hdr->extended_hdr.pkt_hash = pfring_hash_pkt(hdr);
|
||||
|
||||
return analyzed;
|
||||
}
|
||||
@ -656,30 +623,24 @@ int fastnetmon_print_parsed_pkt(char* buff, u_int buff_len, const u_char* p, con
|
||||
etheraddr2string(h->extended_hdr.parsed_pkt.dmac, buf2));
|
||||
|
||||
if (h->extended_hdr.parsed_pkt.offset.vlan_offset)
|
||||
buff_used +=
|
||||
snprintf(&buff[buff_used], buff_len - buff_used, "[vlan %u] ", h->extended_hdr.parsed_pkt.vlan_id);
|
||||
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[vlan %u] ", h->extended_hdr.parsed_pkt.vlan_id);
|
||||
|
||||
if (h->extended_hdr.parsed_pkt.eth_type == 0x0800 /* IPv4*/ ||
|
||||
h->extended_hdr.parsed_pkt.eth_type == 0x86DD /* IPv6*/) {
|
||||
if (h->extended_hdr.parsed_pkt.eth_type == 0x0800 /* IPv4*/ || h->extended_hdr.parsed_pkt.eth_type == 0x86DD /* IPv6*/) {
|
||||
|
||||
if (h->extended_hdr.parsed_pkt.eth_type == 0x0800 /* IPv4*/) {
|
||||
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[IPv4][%s:%d ",
|
||||
intoa(h->extended_hdr.parsed_pkt.ipv4_src),
|
||||
h->extended_hdr.parsed_pkt.l4_src_port);
|
||||
intoa(h->extended_hdr.parsed_pkt.ipv4_src), h->extended_hdr.parsed_pkt.l4_src_port);
|
||||
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "-> %s:%d] ",
|
||||
intoa(h->extended_hdr.parsed_pkt.ipv4_dst),
|
||||
h->extended_hdr.parsed_pkt.l4_dst_port);
|
||||
intoa(h->extended_hdr.parsed_pkt.ipv4_dst), h->extended_hdr.parsed_pkt.l4_dst_port);
|
||||
} else {
|
||||
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[IPv6][%s:%d ",
|
||||
in6toa(h->extended_hdr.parsed_pkt.ipv6_src),
|
||||
h->extended_hdr.parsed_pkt.l4_src_port);
|
||||
in6toa(h->extended_hdr.parsed_pkt.ipv6_src), h->extended_hdr.parsed_pkt.l4_src_port);
|
||||
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "-> %s:%d] ",
|
||||
in6toa(h->extended_hdr.parsed_pkt.ipv6_dst),
|
||||
h->extended_hdr.parsed_pkt.l4_dst_port);
|
||||
in6toa(h->extended_hdr.parsed_pkt.ipv6_dst), h->extended_hdr.parsed_pkt.l4_dst_port);
|
||||
}
|
||||
|
||||
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[l3_proto=%s]",
|
||||
proto2str(h->extended_hdr.parsed_pkt.l3_proto));
|
||||
buff_used +=
|
||||
snprintf(&buff[buff_used], buff_len - buff_used, "[l3_proto=%s]", proto2str(h->extended_hdr.parsed_pkt.l3_proto));
|
||||
|
||||
if (h->extended_hdr.parsed_pkt.tunnel.tunnel_id != NO_TUNNEL_ID) {
|
||||
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[TEID=0x%08X][tunneled_proto=%s]",
|
||||
@ -703,8 +664,7 @@ int fastnetmon_print_parsed_pkt(char* buff, u_int buff_len, const u_char* p, con
|
||||
}
|
||||
}
|
||||
|
||||
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[ip_fragmented: %d]",
|
||||
h->extended_hdr.parsed_pkt.ip_fragmented);
|
||||
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[ip_fragmented: %d]", h->extended_hdr.parsed_pkt.ip_fragmented);
|
||||
|
||||
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[hash=%u][tos=%d][tcp_seq_num=%u]",
|
||||
h->extended_hdr.pkt_hash, h->extended_hdr.parsed_pkt.ipv4_tos,
|
||||
@ -713,28 +673,24 @@ int fastnetmon_print_parsed_pkt(char* buff, u_int buff_len, const u_char* p, con
|
||||
} else if (h->extended_hdr.parsed_pkt.eth_type == 0x0806 /* ARP */) {
|
||||
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[ARP]");
|
||||
if (buff_len >= h->extended_hdr.parsed_pkt.offset.l3_offset + 30) {
|
||||
buff_used +=
|
||||
snprintf(&buff[buff_used], buff_len - buff_used, "[Sender=%s/%s]",
|
||||
etheraddr2string(&p[h->extended_hdr.parsed_pkt.offset.l3_offset + 8], buf1),
|
||||
intoa(ntohl(*((u_int32_t*)&p[h->extended_hdr.parsed_pkt.offset.l3_offset + 14]))));
|
||||
buff_used +=
|
||||
snprintf(&buff[buff_used], buff_len - buff_used, "[Target=%s/%s]",
|
||||
etheraddr2string(&p[h->extended_hdr.parsed_pkt.offset.l3_offset + 18], buf2),
|
||||
intoa(ntohl(*((u_int32_t*)&p[h->extended_hdr.parsed_pkt.offset.l3_offset + 24]))));
|
||||
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[Sender=%s/%s]",
|
||||
etheraddr2string(&p[h->extended_hdr.parsed_pkt.offset.l3_offset + 8], buf1),
|
||||
intoa(ntohl(*((u_int32_t*)&p[h->extended_hdr.parsed_pkt.offset.l3_offset + 14]))));
|
||||
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[Target=%s/%s]",
|
||||
etheraddr2string(&p[h->extended_hdr.parsed_pkt.offset.l3_offset + 18], buf2),
|
||||
intoa(ntohl(*((u_int32_t*)&p[h->extended_hdr.parsed_pkt.offset.l3_offset + 24]))));
|
||||
}
|
||||
} else {
|
||||
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[eth_type=0x%04X]",
|
||||
h->extended_hdr.parsed_pkt.eth_type);
|
||||
buff_used += snprintf(&buff[buff_used], buff_len - buff_used, "[eth_type=0x%04X]", h->extended_hdr.parsed_pkt.eth_type);
|
||||
}
|
||||
|
||||
buff_used +=
|
||||
snprintf(&buff[buff_used], buff_len - buff_used,
|
||||
" [caplen=%d][len=%d][parsed_header_len=%d]["
|
||||
"eth_offset=%d][l3_offset=%d][l4_offset=%d]["
|
||||
"payload_offset=%d]\n",
|
||||
h->caplen, h->len, h->extended_hdr.parsed_header_len,
|
||||
h->extended_hdr.parsed_pkt.offset.eth_offset, h->extended_hdr.parsed_pkt.offset.l3_offset,
|
||||
h->extended_hdr.parsed_pkt.offset.l4_offset, h->extended_hdr.parsed_pkt.offset.payload_offset);
|
||||
buff_used += snprintf(&buff[buff_used], buff_len - buff_used,
|
||||
" [caplen=%d][len=%d][parsed_header_len=%d]["
|
||||
"eth_offset=%d][l3_offset=%d][l4_offset=%d]["
|
||||
"payload_offset=%d]\n",
|
||||
h->caplen, h->len, h->extended_hdr.parsed_header_len,
|
||||
h->extended_hdr.parsed_pkt.offset.eth_offset, h->extended_hdr.parsed_pkt.offset.l3_offset,
|
||||
h->extended_hdr.parsed_pkt.offset.l4_offset, h->extended_hdr.parsed_pkt.offset.payload_offset);
|
||||
|
||||
return buff_used;
|
||||
}
|
||||
@ -776,12 +732,12 @@ char* _intoa(unsigned int addr, char* buf, u_short bufLen) {
|
||||
u_int byte;
|
||||
int n;
|
||||
|
||||
cp = &buf[bufLen];
|
||||
cp = &buf[bufLen];
|
||||
*--cp = '\0';
|
||||
|
||||
n = 4;
|
||||
do {
|
||||
byte = addr & 0xff;
|
||||
byte = addr & 0xff;
|
||||
*--cp = byte % 10 + '0';
|
||||
byte /= 10;
|
||||
if (byte > 0) {
|
||||
|
@ -11,8 +11,7 @@ int pcap_reader(const char* pcap_file_path, pcap_packet_parser_callback pcap_par
|
||||
}
|
||||
|
||||
struct fastnetmon_pcap_file_header pcap_header;
|
||||
ssize_t file_header_readed_bytes =
|
||||
read(filedesc, &pcap_header, sizeof(struct fastnetmon_pcap_file_header));
|
||||
ssize_t file_header_readed_bytes = read(filedesc, &pcap_header, sizeof(struct fastnetmon_pcap_file_header));
|
||||
|
||||
if (file_header_readed_bytes != sizeof(struct fastnetmon_pcap_file_header)) {
|
||||
printf("Can't read pcap file header");
|
||||
@ -33,8 +32,7 @@ int pcap_reader(const char* pcap_file_path, pcap_packet_parser_callback pcap_par
|
||||
while (1) {
|
||||
// printf("Start packet %d processing\n", read_packets);
|
||||
struct fastnetmon_pcap_pkthdr pcap_packet_header;
|
||||
ssize_t packet_header_readed_bytes =
|
||||
read(filedesc, &pcap_packet_header, sizeof(struct fastnetmon_pcap_pkthdr));
|
||||
ssize_t packet_header_readed_bytes = read(filedesc, &pcap_packet_header, sizeof(struct fastnetmon_pcap_pkthdr));
|
||||
|
||||
if (packet_header_readed_bytes != sizeof(struct fastnetmon_pcap_pkthdr)) {
|
||||
// We haven't any packets
|
||||
@ -56,8 +54,7 @@ int pcap_reader(const char* pcap_file_path, pcap_packet_parser_callback pcap_par
|
||||
}
|
||||
|
||||
// printf("packet payload read\n");
|
||||
pcap_parse_packet_function_ptr(packet_buffer, pcap_packet_header.orig_len,
|
||||
pcap_packet_header.incl_len);
|
||||
pcap_parse_packet_function_ptr(packet_buffer, pcap_packet_header.orig_len, pcap_packet_header.incl_len);
|
||||
|
||||
// printf("Process packet %d\n", read_packets);
|
||||
read_packets++;
|
||||
@ -69,11 +66,11 @@ int pcap_reader(const char* pcap_file_path, pcap_packet_parser_callback pcap_par
|
||||
}
|
||||
|
||||
bool fill_pcap_header(struct fastnetmon_pcap_file_header* pcap_header, bpf_u_int32 snap_length) {
|
||||
pcap_header->magic = 0xa1b2c3d4;
|
||||
pcap_header->magic = 0xa1b2c3d4;
|
||||
pcap_header->version_major = 2;
|
||||
pcap_header->version_minor = 4;
|
||||
pcap_header->thiszone = 0;
|
||||
pcap_header->sigfigs = 0;
|
||||
pcap_header->thiszone = 0;
|
||||
pcap_header->sigfigs = 0;
|
||||
// TODO: fix this!!!
|
||||
pcap_header->snaplen = snap_length;
|
||||
// http://www.tcpdump.org/linktypes.html
|
||||
|
@ -14,4 +14,3 @@
|
||||
|
||||
// Get log4cpp logger from main programm
|
||||
extern log4cpp::Category& logger;
|
||||
|
||||
|
@ -11,12 +11,12 @@ enum source_t { UNKNOWN = 0, MIRROR = 1, SFLOW = 2, NETFLOW = 3, TERAFLOW = 4 };
|
||||
class simple_packet_t {
|
||||
public:
|
||||
simple_packet_t()
|
||||
: sample_ratio(1), src_ip(0), dst_ip(0), source_port(0), destination_port(0), protocol(0),
|
||||
length(0), flags(0), number_of_packets(1), ip_fragmented(false), ip_protocol_version(4),
|
||||
ttl(0), packet_payload_pointer(NULL), packet_payload_length(0), packet_direction(OTHER) {
|
||||
: sample_ratio(1), src_ip(0), dst_ip(0), source_port(0), destination_port(0), protocol(0), length(0), flags(0),
|
||||
number_of_packets(1), ip_fragmented(false), ip_protocol_version(4), ttl(0), packet_payload_pointer(NULL),
|
||||
packet_payload_length(0), packet_direction(OTHER) {
|
||||
|
||||
ts.tv_usec = 0;
|
||||
ts.tv_sec = 0;
|
||||
ts.tv_sec = 0;
|
||||
}
|
||||
// Source plugin for this traffic type
|
||||
source_t source = UNKNOWN;
|
||||
@ -49,7 +49,7 @@ class simple_packet_t {
|
||||
uint8_t flags; /* tcp flags */
|
||||
|
||||
bool ip_fragmented; /* If IP packet fragmented */
|
||||
bool ip_dont_fragment = false; /* If IP has don't fragment flag */
|
||||
bool ip_dont_fragment = false; /* If IP has don't fragment flag */
|
||||
|
||||
struct timeval ts;
|
||||
void* packet_payload_pointer;
|
||||
@ -70,4 +70,3 @@ class simple_packet_t {
|
||||
// IP address of device which send this flow
|
||||
uint32_t agent_ip_address = 0;
|
||||
};
|
||||
|
||||
|
@ -59,16 +59,14 @@ TEST(BgpFlowSpec, packet_length) {
|
||||
|
||||
TEST(BgpFlowSpec, source_subnet) {
|
||||
exabgp_flow_spec_rule_t exabgp_rule;
|
||||
exabgp_rule.set_source_subnet(
|
||||
convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
|
||||
exabgp_rule.set_source_subnet(convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
|
||||
|
||||
EXPECT_EQ(exabgp_rule.serialize_source_subnet(), "source 4.0.0.0/24;");
|
||||
}
|
||||
|
||||
TEST(BgpFlowSpec, destination_subnet) {
|
||||
exabgp_flow_spec_rule_t exabgp_rule;
|
||||
exabgp_rule.set_destination_subnet(
|
||||
convert_subnet_from_string_to_binary_with_cidr_format("77.0.0.0/24"));
|
||||
exabgp_rule.set_destination_subnet(convert_subnet_from_string_to_binary_with_cidr_format("77.0.0.0/24"));
|
||||
|
||||
EXPECT_EQ(exabgp_rule.serialize_destination_subnet(), "destination 77.0.0.0/24;");
|
||||
}
|
||||
@ -201,10 +199,8 @@ TEST(BgpFlowSpec, serialize_match_first) {
|
||||
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_IS_A_FRAGMENT);
|
||||
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_DONT_FRAGMENT);
|
||||
|
||||
exabgp_rule.set_destination_subnet(
|
||||
convert_subnet_from_string_to_binary_with_cidr_format("127.0.0.0/24"));
|
||||
exabgp_rule.set_source_subnet(
|
||||
convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
|
||||
exabgp_rule.set_destination_subnet(convert_subnet_from_string_to_binary_with_cidr_format("127.0.0.0/24"));
|
||||
exabgp_rule.set_source_subnet(convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
|
||||
|
||||
// Disable indentation
|
||||
exabgp_rule.disable_indents();
|
||||
@ -247,10 +243,8 @@ TEST(BgpFlowSpec, serialize_signle_line) {
|
||||
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_IS_A_FRAGMENT);
|
||||
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_DONT_FRAGMENT);
|
||||
|
||||
exabgp_rule.set_destination_subnet(
|
||||
convert_subnet_from_string_to_binary_with_cidr_format("127.0.0.0/24"));
|
||||
exabgp_rule.set_source_subnet(
|
||||
convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
|
||||
exabgp_rule.set_destination_subnet(convert_subnet_from_string_to_binary_with_cidr_format("127.0.0.0/24"));
|
||||
exabgp_rule.set_source_subnet(convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
|
||||
|
||||
exabgp_rule.set_action(my_action);
|
||||
|
||||
@ -277,10 +271,8 @@ TEST(BgpFlowSpec, serialize_whole_single_line_form) {
|
||||
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_IS_A_FRAGMENT);
|
||||
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_DONT_FRAGMENT);
|
||||
|
||||
exabgp_rule.set_destination_subnet(
|
||||
convert_subnet_from_string_to_binary_with_cidr_format("127.0.0.0/24"));
|
||||
exabgp_rule.set_source_subnet(
|
||||
convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
|
||||
exabgp_rule.set_destination_subnet(convert_subnet_from_string_to_binary_with_cidr_format("127.0.0.0/24"));
|
||||
exabgp_rule.set_source_subnet(convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
|
||||
|
||||
exabgp_rule.set_action(my_action);
|
||||
|
||||
@ -304,10 +296,8 @@ TEST(BgpFlowSpec, serialize_with_real_exabgp) {
|
||||
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_IS_A_FRAGMENT);
|
||||
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_DONT_FRAGMENT);
|
||||
|
||||
exabgp_rule.set_destination_subnet(
|
||||
convert_subnet_from_string_to_binary_with_cidr_format("127.0.0.0/24"));
|
||||
exabgp_rule.set_source_subnet(
|
||||
convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
|
||||
exabgp_rule.set_destination_subnet(convert_subnet_from_string_to_binary_with_cidr_format("127.0.0.0/24"));
|
||||
exabgp_rule.set_source_subnet(convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
|
||||
|
||||
exabgp_rule.set_action(my_action);
|
||||
|
||||
@ -322,8 +312,7 @@ TEST(BgpFlowSpec, serialize_with_real_exabgp) {
|
||||
config_file.close();
|
||||
}
|
||||
|
||||
int system_ret_code =
|
||||
system("/usr/src/exabgp/sbin/exabgp --test /tmp/exabgp_test_config.conf 2>/dev/null");
|
||||
int system_ret_code = system("/usr/src/exabgp/sbin/exabgp --test /tmp/exabgp_test_config.conf 2>/dev/null");
|
||||
|
||||
EXPECT_EQ(system_ret_code, 0);
|
||||
}
|
||||
@ -437,24 +426,22 @@ TEST(patricia, positive_lookup_ipv6_prefix) {
|
||||
TEST(serialize_attack_description, blank_attack) {
|
||||
attack_details current_attack;
|
||||
std::string result = serialize_attack_description(current_attack);
|
||||
EXPECT_EQ(
|
||||
result,
|
||||
"Attack type: unknown\nInitial attack power: 0 packets per second\nPeak attack power: 0 "
|
||||
"packets per second\nAttack direction: other\nAttack protocol: unknown\nTotal incoming "
|
||||
"traffic: 0 mbps\nTotal outgoing traffic: 0 mbps\nTotal incoming pps: 0 packets per "
|
||||
"second\nTotal outgoing pps: 0 packets per second\nTotal incoming flows: 0 flows per "
|
||||
"second\nTotal outgoing flows: 0 flows per second\nAverage incoming traffic: 0 mbps\nAverage "
|
||||
"outgoing traffic: 0 mbps\nAverage incoming pps: 0 packets per second\nAverage outgoing pps: 0 "
|
||||
"packets per second\nAverage incoming flows: 0 flows per second\nAverage outgoing flows: 0 "
|
||||
"flows per second\nIncoming ip fragmented traffic: 0 mbps\nOutgoing ip fragmented traffic: 0 "
|
||||
"mbps\nIncoming ip fragmented pps: 0 packets per second\nOutgoing ip fragmented pps: 0 packets "
|
||||
"per second\nIncoming tcp traffic: 0 mbps\nOutgoing tcp traffic: 0 mbps\nIncoming tcp pps: 0 "
|
||||
"packets per second\nOutgoing tcp pps: 0 packets per second\nIncoming syn tcp traffic: 0 "
|
||||
"mbps\nOutgoing syn tcp traffic: 0 mbps\nIncoming syn tcp pps: 0 packets per second\nOutgoing "
|
||||
"syn tcp pps: 0 packets per second\nIncoming udp traffic: 0 mbps\nOutgoing udp traffic: 0 "
|
||||
"mbps\nIncoming udp pps: 0 packets per second\nOutgoing udp pps: 0 packets per "
|
||||
"second\nIncoming icmp traffic: 0 mbps\nOutgoing icmp traffic: 0 mbps\nIncoming icmp pps: 0 "
|
||||
"packets per second\nOutgoing icmp pps: 0 packets per second\n");
|
||||
EXPECT_EQ(result, "Attack type: unknown\nInitial attack power: 0 packets per second\nPeak attack power: 0 "
|
||||
"packets per second\nAttack direction: other\nAttack protocol: unknown\nTotal incoming "
|
||||
"traffic: 0 mbps\nTotal outgoing traffic: 0 mbps\nTotal incoming pps: 0 packets per "
|
||||
"second\nTotal outgoing pps: 0 packets per second\nTotal incoming flows: 0 flows per "
|
||||
"second\nTotal outgoing flows: 0 flows per second\nAverage incoming traffic: 0 mbps\nAverage "
|
||||
"outgoing traffic: 0 mbps\nAverage incoming pps: 0 packets per second\nAverage outgoing pps: 0 "
|
||||
"packets per second\nAverage incoming flows: 0 flows per second\nAverage outgoing flows: 0 "
|
||||
"flows per second\nIncoming ip fragmented traffic: 0 mbps\nOutgoing ip fragmented traffic: 0 "
|
||||
"mbps\nIncoming ip fragmented pps: 0 packets per second\nOutgoing ip fragmented pps: 0 packets "
|
||||
"per second\nIncoming tcp traffic: 0 mbps\nOutgoing tcp traffic: 0 mbps\nIncoming tcp pps: 0 "
|
||||
"packets per second\nOutgoing tcp pps: 0 packets per second\nIncoming syn tcp traffic: 0 "
|
||||
"mbps\nOutgoing syn tcp traffic: 0 mbps\nIncoming syn tcp pps: 0 packets per second\nOutgoing "
|
||||
"syn tcp pps: 0 packets per second\nIncoming udp traffic: 0 mbps\nOutgoing udp traffic: 0 "
|
||||
"mbps\nIncoming udp pps: 0 packets per second\nOutgoing udp pps: 0 packets per "
|
||||
"second\nIncoming icmp traffic: 0 mbps\nOutgoing icmp traffic: 0 mbps\nIncoming icmp pps: 0 "
|
||||
"packets per second\nOutgoing icmp pps: 0 packets per second\n");
|
||||
}
|
||||
|
||||
TEST(serialize_attack_description_to_json, blank_attack) {
|
||||
|
@ -6,9 +6,9 @@
|
||||
#include <sys/time.h> // struct timeval
|
||||
#include <utility> // std::pair
|
||||
|
||||
#include <unordered_map>
|
||||
#include <map>
|
||||
#include <string>
|
||||
#include <unordered_map>
|
||||
#include <vector>
|
||||
|
||||
#include "packet_storage.h"
|
||||
@ -79,7 +79,7 @@ template <typename T> class TrafficComparatorClass {
|
||||
|
||||
public:
|
||||
TrafficComparatorClass(direction_t sort_direction, sort_type_t sort_field) {
|
||||
this->sort_field = sort_field;
|
||||
this->sort_field = sort_field;
|
||||
this->sort_direction = sort_direction;
|
||||
}
|
||||
|
||||
@ -115,12 +115,10 @@ template <typename T> class TrafficComparatorClass {
|
||||
};
|
||||
|
||||
|
||||
|
||||
class logging_configuration_t {
|
||||
public:
|
||||
logging_configuration_t()
|
||||
: filesystem_logging(true), local_syslog_logging(false), remote_syslog_logging(false),
|
||||
remote_syslog_port(0) {
|
||||
: filesystem_logging(true), local_syslog_logging(false), remote_syslog_logging(false), remote_syslog_port(0) {
|
||||
}
|
||||
bool filesystem_logging;
|
||||
std::string filesystem_logging_path;
|
||||
@ -141,20 +139,20 @@ typedef void (*process_packet_pointer)(simple_packet_t&);
|
||||
|
||||
// Attack types
|
||||
enum attack_type_t {
|
||||
ATTACK_UNKNOWN = 1,
|
||||
ATTACK_SYN_FLOOD = 2,
|
||||
ATTACK_ICMP_FLOOD = 3,
|
||||
ATTACK_UDP_FLOOD = 4,
|
||||
ATTACK_UNKNOWN = 1,
|
||||
ATTACK_SYN_FLOOD = 2,
|
||||
ATTACK_ICMP_FLOOD = 3,
|
||||
ATTACK_UDP_FLOOD = 4,
|
||||
ATTACK_IP_FRAGMENTATION_FLOOD = 5,
|
||||
};
|
||||
|
||||
// Amplification types
|
||||
enum amplification_attack_type_t {
|
||||
AMPLIFICATION_ATTACK_UNKNOWN = 1,
|
||||
AMPLIFICATION_ATTACK_DNS = 2,
|
||||
AMPLIFICATION_ATTACK_NTP = 3,
|
||||
AMPLIFICATION_ATTACK_SSDP = 4,
|
||||
AMPLIFICATION_ATTACK_SNMP = 5,
|
||||
AMPLIFICATION_ATTACK_DNS = 2,
|
||||
AMPLIFICATION_ATTACK_NTP = 3,
|
||||
AMPLIFICATION_ATTACK_SSDP = 4,
|
||||
AMPLIFICATION_ATTACK_SNMP = 5,
|
||||
AMPLIFICATION_ATTACK_CHARGEN = 6,
|
||||
};
|
||||
|
||||
@ -175,9 +173,9 @@ class total_counter_element_t {
|
||||
class attack_details_t : public map_element_t {
|
||||
public:
|
||||
attack_details_t()
|
||||
: attack_protocol(0), attack_power(0), max_attack_power(0), average_in_bytes(0),
|
||||
average_out_bytes(0), average_in_packets(0), average_out_packets(0), average_in_flows(0),
|
||||
average_out_flows(0), ban_time(0), attack_direction(OTHER), unban_enabled(true) {
|
||||
: attack_protocol(0), attack_power(0), max_attack_power(0), average_in_bytes(0), average_out_bytes(0),
|
||||
average_in_packets(0), average_out_packets(0), average_in_flows(0), average_out_flows(0), ban_time(0),
|
||||
attack_direction(OTHER), unban_enabled(true) {
|
||||
|
||||
customer_network.subnet_address = 0;
|
||||
customer_network.cidr_prefix_length = 0;
|
||||
@ -284,12 +282,11 @@ class ban_settings_t {
|
||||
public:
|
||||
ban_settings_t()
|
||||
: enable_ban(false), enable_ban_ipv6(false), enable_ban_for_pps(false), enable_ban_for_bandwidth(false),
|
||||
enable_ban_for_flows_per_second(false), enable_ban_for_tcp_pps(false),
|
||||
enable_ban_for_tcp_bandwidth(false), enable_ban_for_udp_pps(false),
|
||||
enable_ban_for_udp_bandwidth(false), enable_ban_for_icmp_pps(false),
|
||||
enable_ban_for_flows_per_second(false), enable_ban_for_tcp_pps(false), enable_ban_for_tcp_bandwidth(false),
|
||||
enable_ban_for_udp_pps(false), enable_ban_for_udp_bandwidth(false), enable_ban_for_icmp_pps(false),
|
||||
enable_ban_for_icmp_bandwidth(false), ban_threshold_tcp_mbps(0), ban_threshold_tcp_pps(0),
|
||||
ban_threshold_udp_mbps(0), ban_threshold_udp_pps(0), ban_threshold_icmp_mbps(0),
|
||||
ban_threshold_icmp_pps(0), ban_threshold_mbps(0), ban_threshold_flows(0), ban_threshold_pps(0) {
|
||||
ban_threshold_udp_mbps(0), ban_threshold_udp_pps(0), ban_threshold_icmp_mbps(0), ban_threshold_icmp_pps(0),
|
||||
ban_threshold_mbps(0), ban_threshold_flows(0), ban_threshold_pps(0) {
|
||||
}
|
||||
bool enable_ban;
|
||||
bool enable_ban_ipv6;
|
||||
|
@ -42,4 +42,3 @@ class fixed_size_packet_storage_t {
|
||||
// Packet itself. Let's zeroify packet payload
|
||||
uint8_t packet_payload[2048] = {};
|
||||
};
|
||||
|
||||
|
@ -14,12 +14,12 @@ unsigned int ipfix_information_element_t::get_length() {
|
||||
}
|
||||
|
||||
ipfix_information_element_t::ipfix_information_element_t(std::string name, unsigned int length) {
|
||||
this->name = name;
|
||||
this->name = name;
|
||||
this->length = length;
|
||||
}
|
||||
|
||||
ipfix_information_element_t::ipfix_information_element_t() {
|
||||
this->name = std::string("");
|
||||
this->name = std::string("");
|
||||
this->length = 0;
|
||||
}
|
||||
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -24,9 +24,9 @@ extern "C" {
|
||||
/* typedef unsigned int u_int; */
|
||||
typedef void (*void_fn_t)();
|
||||
/* { from defs.h */
|
||||
#define prefix_touchar(prefix) ((u_char *)&(prefix)->add.sin)
|
||||
#define prefix_touchar(prefix) ((u_char*)&(prefix)->add.sin)
|
||||
#define MAXLINE 1024
|
||||
#define BIT_TEST(f, b) ((f) & (b))
|
||||
#define BIT_TEST(f, b) ((f) & (b))
|
||||
/* } */
|
||||
|
||||
#define addroute make_and_lookup
|
||||
@ -35,10 +35,10 @@ typedef void (*void_fn_t)();
|
||||
|
||||
#include <errno.h> /* for EAFNOSUPPORT */
|
||||
#ifndef EAFNOSUPPORT
|
||||
# defined EAFNOSUPPORT WSAEAFNOSUPPORT
|
||||
# include <winsock.h>
|
||||
#defined EAFNOSUPPORT WSAEAFNOSUPPORT
|
||||
#include <winsock.h>
|
||||
#else
|
||||
# include <netinet/in.h> /* for struct in_addr */
|
||||
#include <netinet/in.h> /* for struct in_addr */
|
||||
#endif
|
||||
|
||||
#include <sys/socket.h> /* for AF_INET */
|
||||
@ -46,20 +46,20 @@ typedef void (*void_fn_t)();
|
||||
/* { from mrt.h */
|
||||
|
||||
typedef struct _prefix4_t {
|
||||
u_short family; /* AF_INET | AF_INET6 */
|
||||
u_short bitlen; /* same as mask? */
|
||||
int ref_count; /* reference count */
|
||||
u_short family; /* AF_INET | AF_INET6 */
|
||||
u_short bitlen; /* same as mask? */
|
||||
int ref_count; /* reference count */
|
||||
struct in_addr sin;
|
||||
} prefix4_t;
|
||||
|
||||
typedef struct _prefix_t {
|
||||
u_short family; /* AF_INET | AF_INET6 */
|
||||
u_short bitlen; /* same as mask? */
|
||||
int ref_count; /* reference count */
|
||||
u_short family; /* AF_INET | AF_INET6 */
|
||||
u_short bitlen; /* same as mask? */
|
||||
int ref_count; /* reference count */
|
||||
union {
|
||||
struct in_addr sin;
|
||||
struct in_addr sin;
|
||||
#ifdef HAVE_IPV6
|
||||
struct in6_addr sin6;
|
||||
struct in6_addr sin6;
|
||||
#endif /* IPV6 */
|
||||
} add;
|
||||
} prefix_t;
|
||||
@ -67,94 +67,93 @@ typedef struct _prefix_t {
|
||||
/* } */
|
||||
|
||||
typedef struct _patricia_node_t {
|
||||
u_int bit; /* flag if this node used */
|
||||
prefix_t *prefix; /* who we are in patricia tree */
|
||||
struct _patricia_node_t *l, *r; /* left and right children */
|
||||
struct _patricia_node_t *parent;/* may be used */
|
||||
void *data; /* pointer to data */
|
||||
void *user1; /* pointer to usr data (ex. route flap info) */
|
||||
u_int bit; /* flag if this node used */
|
||||
prefix_t* prefix; /* who we are in patricia tree */
|
||||
struct _patricia_node_t *l, *r; /* left and right children */
|
||||
struct _patricia_node_t* parent; /* may be used */
|
||||
void* data; /* pointer to data */
|
||||
void* user1; /* pointer to usr data (ex. route flap info) */
|
||||
} patricia_node_t;
|
||||
|
||||
typedef struct _patricia_tree_t {
|
||||
patricia_node_t *head;
|
||||
u_int maxbits; /* for IP, 32 bit addresses */
|
||||
int num_active_node; /* for debug purpose */
|
||||
patricia_node_t* head;
|
||||
u_int maxbits; /* for IP, 32 bit addresses */
|
||||
int num_active_node; /* for debug purpose */
|
||||
} patricia_tree_t;
|
||||
|
||||
|
||||
patricia_node_t *patricia_search_exact (patricia_tree_t *patricia, prefix_t *prefix);
|
||||
patricia_node_t *patricia_search_best (patricia_tree_t *patricia, prefix_t *prefix);
|
||||
patricia_node_t * patricia_search_best2 (patricia_tree_t *patricia, prefix_t *prefix,
|
||||
int inclusive);
|
||||
patricia_node_t *patricia_lookup (patricia_tree_t *patricia, prefix_t *prefix);
|
||||
void patricia_remove (patricia_tree_t *patricia, patricia_node_t *node);
|
||||
patricia_tree_t *New_Patricia (int maxbits);
|
||||
void Clear_Patricia (patricia_tree_t *patricia, void_fn_t func);
|
||||
void Destroy_Patricia (patricia_tree_t *patricia, void_fn_t func);
|
||||
patricia_node_t* patricia_search_exact(patricia_tree_t* patricia, prefix_t* prefix);
|
||||
patricia_node_t* patricia_search_best(patricia_tree_t* patricia, prefix_t* prefix);
|
||||
patricia_node_t* patricia_search_best2(patricia_tree_t* patricia, prefix_t* prefix, int inclusive);
|
||||
patricia_node_t* patricia_lookup(patricia_tree_t* patricia, prefix_t* prefix);
|
||||
void patricia_remove(patricia_tree_t* patricia, patricia_node_t* node);
|
||||
patricia_tree_t* New_Patricia(int maxbits);
|
||||
void Clear_Patricia(patricia_tree_t* patricia, void_fn_t func);
|
||||
void Destroy_Patricia(patricia_tree_t* patricia, void_fn_t func);
|
||||
|
||||
void patricia_process (patricia_tree_t *patricia, void_fn_t func);
|
||||
void patricia_process(patricia_tree_t* patricia, void_fn_t func);
|
||||
|
||||
char *prefix_toa (prefix_t * prefix);
|
||||
char* prefix_toa(prefix_t* prefix);
|
||||
|
||||
/* { from demo.c */
|
||||
|
||||
prefix_t *
|
||||
ascii2prefix (int family, char *string);
|
||||
prefix_t* ascii2prefix(int family, char* string);
|
||||
|
||||
patricia_node_t *
|
||||
make_and_lookup (patricia_tree_t *tree, char *string);
|
||||
patricia_node_t* make_and_lookup(patricia_tree_t* tree, char* string);
|
||||
|
||||
patricia_node_t *
|
||||
make_and_lookup_ipv6 (patricia_tree_t *tree, char *string);
|
||||
patricia_node_t* make_and_lookup_ipv6(patricia_tree_t* tree, char* string);
|
||||
|
||||
/* } */
|
||||
|
||||
#define PATRICIA_MAXBITS (sizeof(struct in6_addr) * 8)
|
||||
#define PATRICIA_NBIT(x) (0x80 >> ((x) & 0x7f))
|
||||
#define PATRICIA_NBYTE(x) ((x) >> 3)
|
||||
#define PATRICIA_MAXBITS (sizeof(struct in6_addr) * 8)
|
||||
#define PATRICIA_NBIT(x) (0x80 >> ((x)&0x7f))
|
||||
#define PATRICIA_NBYTE(x) ((x) >> 3)
|
||||
|
||||
#define PATRICIA_DATA_GET(node, type) (type *)((node)->data)
|
||||
#define PATRICIA_DATA_SET(node, value) ((node)->data = (void *)(value))
|
||||
#define PATRICIA_DATA_GET(node, type) (type*)((node)->data)
|
||||
#define PATRICIA_DATA_SET(node, value) ((node)->data = (void*)(value))
|
||||
|
||||
#define PATRICIA_WALK(Xhead, Xnode) \
|
||||
do { \
|
||||
patricia_node_t *Xstack[PATRICIA_MAXBITS+1]; \
|
||||
patricia_node_t **Xsp = Xstack; \
|
||||
patricia_node_t *Xrn = (Xhead); \
|
||||
while ((Xnode = Xrn)) { \
|
||||
#define PATRICIA_WALK(Xhead, Xnode) \
|
||||
do { \
|
||||
patricia_node_t* Xstack[PATRICIA_MAXBITS + 1]; \
|
||||
patricia_node_t** Xsp = Xstack; \
|
||||
patricia_node_t* Xrn = (Xhead); \
|
||||
while ((Xnode = Xrn)) { \
|
||||
if (Xnode->prefix)
|
||||
|
||||
#define PATRICIA_WALK_ALL(Xhead, Xnode) \
|
||||
do { \
|
||||
patricia_node_t *Xstack[PATRICIA_MAXBITS+1]; \
|
||||
patricia_node_t **Xsp = Xstack; \
|
||||
patricia_node_t *Xrn = (Xhead); \
|
||||
while ((Xnode = Xrn)) { \
|
||||
if (1)
|
||||
#define PATRICIA_WALK_ALL(Xhead, Xnode) \
|
||||
do { \
|
||||
patricia_node_t* Xstack[PATRICIA_MAXBITS + 1]; \
|
||||
patricia_node_t** Xsp = Xstack; \
|
||||
patricia_node_t* Xrn = (Xhead); \
|
||||
while ((Xnode = Xrn)) { \
|
||||
if (1)
|
||||
|
||||
#define PATRICIA_WALK_BREAK { \
|
||||
if (Xsp != Xstack) { \
|
||||
Xrn = *(--Xsp); \
|
||||
} else { \
|
||||
Xrn = (patricia_node_t *) 0; \
|
||||
} \
|
||||
continue; }
|
||||
#define PATRICIA_WALK_BREAK \
|
||||
{ \
|
||||
if (Xsp != Xstack) { \
|
||||
Xrn = *(--Xsp); \
|
||||
} else { \
|
||||
Xrn = (patricia_node_t*)0; \
|
||||
} \
|
||||
continue; \
|
||||
}
|
||||
|
||||
#define PATRICIA_WALK_END \
|
||||
if (Xrn->l) { \
|
||||
if (Xrn->r) { \
|
||||
*Xsp++ = Xrn->r; \
|
||||
} \
|
||||
Xrn = Xrn->l; \
|
||||
} else if (Xrn->r) { \
|
||||
Xrn = Xrn->r; \
|
||||
} else if (Xsp != Xstack) { \
|
||||
Xrn = *(--Xsp); \
|
||||
} else { \
|
||||
Xrn = (patricia_node_t *) 0; \
|
||||
} \
|
||||
} \
|
||||
} while (0)
|
||||
#define PATRICIA_WALK_END \
|
||||
if (Xrn->l) { \
|
||||
if (Xrn->r) { \
|
||||
*Xsp++ = Xrn->r; \
|
||||
} \
|
||||
Xrn = Xrn->l; \
|
||||
} else if (Xrn->r) { \
|
||||
Xrn = Xrn->r; \
|
||||
} else if (Xsp != Xstack) { \
|
||||
Xrn = *(--Xsp); \
|
||||
} else { \
|
||||
Xrn = (patricia_node_t*)0; \
|
||||
} \
|
||||
} \
|
||||
} \
|
||||
while (0)
|
||||
|
||||
#endif /* PATRICIA_H */
|
||||
|
||||
|
@ -127,11 +127,11 @@ bool get_records(vector_tuple_t& vector_tuple,
|
||||
int32_t element_length = get_int_value_by_32bit_shift(flow_record_start, 1);
|
||||
|
||||
// sFlow v5 standard does not constrain size of each sample but
|
||||
// we need to apply some reasonable limits on this value to avoid possible integer overflows in boundary checks code below
|
||||
// and I've decided to limit sample size by maximum UDP packet size
|
||||
// we need to apply some reasonable limits on this value to avoid possible integer overflows in boundary checks
|
||||
// code below and I've decided to limit sample size by maximum UDP packet size
|
||||
if (element_length > max_udp_packet_size) {
|
||||
logger << log4cpp::Priority::ERROR << sflow_parser_log_prefix << "Element length " << element_length
|
||||
<< " exceeds maximum allowed size: " << max_udp_packet_size;
|
||||
<< " exceeds maximum allowed size: " << max_udp_packet_size;
|
||||
|
||||
return false;
|
||||
}
|
||||
@ -190,11 +190,11 @@ bool get_all_samples(vector_sample_tuple_t& vector_sample,
|
||||
int32_t sample_length = get_int_value_by_32bit_shift(sample_start, 1);
|
||||
|
||||
// sFlow v5 standard does not constrain size of each sample but
|
||||
// we need to apply some reasonable limits on this value to avoid possible integer overflows in boundary checks code below
|
||||
// and I've decided to limit sample size by maximum UDP packet size
|
||||
// we need to apply some reasonable limits on this value to avoid possible integer overflows in boundary checks
|
||||
// code below and I've decided to limit sample size by maximum UDP packet size
|
||||
if (sample_length > max_udp_packet_size) {
|
||||
logger << log4cpp::Priority::ERROR << sflow_parser_log_prefix << "Sample length " << sample_length
|
||||
<< " exceeds maximum allowed size: " << max_udp_packet_size;
|
||||
<< " exceeds maximum allowed size: " << max_udp_packet_size;
|
||||
|
||||
return false;
|
||||
}
|
||||
@ -260,11 +260,11 @@ bool get_all_counter_records(counter_record_sample_vector_t& counter_record_samp
|
||||
uint32_t record_length = get_int_value_by_32bit_shift(record_start, 1);
|
||||
|
||||
// sFlow v5 standard does not constrain size of each sample but
|
||||
// we need to apply some reasonable limits on this value to avoid possible integer overflows in boundary checks code below
|
||||
// and I've decided to limit sample size by maximum UDP packet size
|
||||
// we need to apply some reasonable limits on this value to avoid possible integer overflows in boundary checks
|
||||
// code below and I've decided to limit sample size by maximum UDP packet size
|
||||
if (record_length > max_udp_packet_size) {
|
||||
logger << log4cpp::Priority::ERROR << sflow_parser_log_prefix << "Record length " << record_length
|
||||
<< " exceeds maximum allowed size: " << max_udp_packet_size;
|
||||
<< " exceeds maximum allowed size: " << max_udp_packet_size;
|
||||
|
||||
return false;
|
||||
}
|
||||
|
@ -116,4 +116,3 @@ class map_element_t {
|
||||
ar& BOOST_SERIALIZATION_NVP(out_flows);
|
||||
}
|
||||
};
|
||||
|
||||
|
@ -1,8 +1,8 @@
|
||||
#include "graphite.hpp"
|
||||
|
||||
|
||||
#include "../fastnetmon_types.h"
|
||||
#include "../fast_library.h"
|
||||
#include "../fastnetmon_types.h"
|
||||
|
||||
#include <vector>
|
||||
|
||||
@ -70,8 +70,8 @@ bool push_hosts_traffic_counters_to_graphite() {
|
||||
direction_as_string = "outgoing";
|
||||
}
|
||||
|
||||
std::string graphite_current_prefix = graphite_prefix + ".hosts." +
|
||||
ip_as_string_with_dash_delimiters + "." + direction_as_string;
|
||||
std::string graphite_current_prefix =
|
||||
graphite_prefix + ".hosts." + ip_as_string_with_dash_delimiters + "." + direction_as_string;
|
||||
|
||||
if (print_average_traffic_counts) {
|
||||
graphite_current_prefix = graphite_current_prefix + ".average";
|
||||
@ -115,8 +115,8 @@ bool push_hosts_traffic_counters_to_graphite() {
|
||||
bool graphite_put_result = store_data_to_graphite(graphite_port, graphite_host, graphite_data);
|
||||
|
||||
if (!graphite_put_result) {
|
||||
logger << log4cpp::Priority::ERROR << "Can't store host load data to Graphite server "
|
||||
<< graphite_host << " port: " << graphite_port;
|
||||
logger << log4cpp::Priority::ERROR << "Can't store host load data to Graphite server " << graphite_host
|
||||
<< " port: " << graphite_port;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
@ -146,19 +146,17 @@ bool push_total_traffic_counters_to_graphite() {
|
||||
flow_counter_for_this_direction = outgoing_total_flows_speed;
|
||||
}
|
||||
|
||||
graphite_data[graphite_prefix + ".total." + direction_as_string + ".flows"] =
|
||||
flow_counter_for_this_direction;
|
||||
graphite_data[graphite_prefix + ".total." + direction_as_string + ".flows"] = flow_counter_for_this_direction;
|
||||
}
|
||||
|
||||
graphite_data[graphite_prefix + ".total." + direction_as_string + ".pps"] = speed_in_pps;
|
||||
graphite_data[graphite_prefix + ".total." + direction_as_string + ".bps"] =
|
||||
speed_in_bps * 8;
|
||||
graphite_data[graphite_prefix + ".total." + direction_as_string + ".bps"] = speed_in_bps * 8;
|
||||
|
||||
bool graphite_put_result = store_data_to_graphite(graphite_port, graphite_host, graphite_data);
|
||||
|
||||
if (!graphite_put_result) {
|
||||
logger << log4cpp::Priority::ERROR << "Can't store total load data to Graphite server "
|
||||
<< graphite_host << " port: " << graphite_port;
|
||||
logger << log4cpp::Priority::ERROR << "Can't store total load data to Graphite server " << graphite_host
|
||||
<< " port: " << graphite_port;
|
||||
;
|
||||
return false;
|
||||
}
|
||||
@ -194,8 +192,8 @@ bool push_network_traffic_counters_to_graphite() {
|
||||
bool graphite_put_result = store_data_to_graphite(graphite_port, graphite_host, graphite_data);
|
||||
|
||||
if (!graphite_put_result) {
|
||||
logger << log4cpp::Priority::ERROR << "Can't store network load data to Graphite server "
|
||||
<< graphite_host << " port: " << graphite_port;
|
||||
logger << log4cpp::Priority::ERROR << "Can't store network load data to Graphite server " << graphite_host
|
||||
<< " port: " << graphite_port;
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -203,7 +201,6 @@ bool push_network_traffic_counters_to_graphite() {
|
||||
}
|
||||
|
||||
|
||||
|
||||
// This thread pushes speed counters to graphite
|
||||
void graphite_push_thread() {
|
||||
// Sleep for a half second for shift against calculatiuon thread
|
||||
@ -233,4 +230,3 @@ void graphite_push_thread() {
|
||||
<< " sec " << graphite_thread_execution_time.tv_usec << " microseconds\n";
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -4,4 +4,3 @@ void graphite_push_thread();
|
||||
bool push_total_traffic_counters_to_graphite();
|
||||
bool push_network_traffic_counters_to_graphite();
|
||||
bool push_hosts_traffic_counters_to_graphite();
|
||||
|
||||
|
@ -1,8 +1,8 @@
|
||||
#include "influxdb.hpp"
|
||||
|
||||
#include "../fastnetmon_types.h"
|
||||
#include "../fast_library.h"
|
||||
#include "../abstract_subnet_counters.hpp"
|
||||
#include "../fast_library.h"
|
||||
#include "../fastnetmon_types.h"
|
||||
|
||||
#include "../all_logcpp_libraries.h"
|
||||
|
||||
@ -77,7 +77,6 @@ bool push_system_counters_to_influxdb(std::string influx_database,
|
||||
}
|
||||
|
||||
|
||||
|
||||
// Push total traffic counters to InfluxDB
|
||||
bool push_total_traffic_counters_to_influxdb(std::string influx_database,
|
||||
std::string influx_host,
|
||||
@ -170,7 +169,8 @@ void influxdb_push_thread() {
|
||||
}
|
||||
|
||||
// First of all push total counters to InfluxDB
|
||||
push_total_traffic_counters_to_influxdb(influxdb_database, current_influxdb_ip_address, std::to_string(influxdb_port), influxdb_auth, influxdb_user,
|
||||
push_total_traffic_counters_to_influxdb(influxdb_database, current_influxdb_ip_address,
|
||||
std::to_string(influxdb_port), influxdb_auth, influxdb_user,
|
||||
influxdb_password, "total_traffic", total_speed_average_counters, false);
|
||||
|
||||
// Push per subnet counters to InfluxDB
|
||||
@ -178,20 +178,20 @@ void influxdb_push_thread() {
|
||||
influxdb_auth, influxdb_user, influxdb_password);
|
||||
|
||||
// Push per host counters to InfluxDB
|
||||
push_hosts_traffic_counters_to_influxdb(influxdb_database, current_influxdb_ip_address, std::to_string(influxdb_port), influxdb_auth,
|
||||
influxdb_user, influxdb_password);
|
||||
push_hosts_traffic_counters_to_influxdb(influxdb_database, current_influxdb_ip_address, std::to_string(influxdb_port),
|
||||
influxdb_auth, influxdb_user, influxdb_password);
|
||||
|
||||
push_system_counters_to_influxdb(influxdb_database, current_influxdb_ip_address, std::to_string(influxdb_port), influxdb_auth,
|
||||
influxdb_user, influxdb_password);
|
||||
push_system_counters_to_influxdb(influxdb_database, current_influxdb_ip_address, std::to_string(influxdb_port),
|
||||
influxdb_auth, influxdb_user, influxdb_password);
|
||||
|
||||
// Push per host IPv6 counters to InfluxDB
|
||||
push_hosts_ipv6_traffic_counters_to_influxdb(influxdb_database, current_influxdb_ip_address, std::to_string(influxdb_port),
|
||||
influxdb_auth, influxdb_user, influxdb_password);
|
||||
|
||||
// Push total IPv6 counters
|
||||
push_total_traffic_counters_to_influxdb(influxdb_database, current_influxdb_ip_address, std::to_string(influxdb_port),
|
||||
influxdb_auth, influxdb_user, influxdb_password, "total_traffic_ipv6",
|
||||
total_speed_average_counters_ipv6, true);
|
||||
push_total_traffic_counters_to_influxdb(influxdb_database, current_influxdb_ip_address,
|
||||
std::to_string(influxdb_port), influxdb_auth, influxdb_user, influxdb_password,
|
||||
"total_traffic_ipv6", total_speed_average_counters_ipv6, true);
|
||||
}
|
||||
}
|
||||
|
||||
@ -474,5 +474,3 @@ std::string craft_line_for_influxdb_line_protocol(uint64_t unix_timestamp_nanose
|
||||
|
||||
return buffer.str();
|
||||
}
|
||||
|
||||
|
||||
|
@ -12,7 +12,7 @@ bool push_system_counters_to_influxdb(std::string influx_database,
|
||||
std::string influx_user,
|
||||
std::string influx_password);
|
||||
|
||||
bool push_total_traffic_counters_to_influxdb(std::string influx_database,
|
||||
bool push_total_traffic_counters_to_influxdb(std::string influx_database,
|
||||
std::string influx_host,
|
||||
std::string influx_port,
|
||||
bool enable_auth,
|
||||
@ -22,32 +22,32 @@ bool push_system_counters_to_influxdb(std::string influx_database,
|
||||
total_counter_element_t total_speed_average_counters_param[4],
|
||||
bool ipv6);
|
||||
|
||||
void send_grafana_alert(std::string title, std::string text, std::vector<std::string>& tags) ;
|
||||
void send_grafana_alert(std::string title, std::string text, std::vector<std::string>& tags);
|
||||
|
||||
void influxdb_push_thread();
|
||||
void influxdb_push_thread();
|
||||
|
||||
bool push_hosts_ipv6_traffic_counters_to_influxdb(std::string influx_database,
|
||||
bool push_hosts_ipv6_traffic_counters_to_influxdb(std::string influx_database,
|
||||
std::string influx_host,
|
||||
std::string influx_port,
|
||||
bool enable_auth,
|
||||
std::string influx_user,
|
||||
std::string influx_password);
|
||||
|
||||
bool push_hosts_traffic_counters_to_influxdb(std::string influx_database,
|
||||
bool push_hosts_traffic_counters_to_influxdb(std::string influx_database,
|
||||
std::string influx_host,
|
||||
std::string influx_port,
|
||||
bool enable_auth,
|
||||
std::string influx_user,
|
||||
std::string influx_password) ;
|
||||
std::string influx_password);
|
||||
|
||||
bool push_hostgroup_traffic_counters_to_influxdb(std::string influx_database,
|
||||
bool push_hostgroup_traffic_counters_to_influxdb(std::string influx_database,
|
||||
std::string influx_host,
|
||||
std::string influx_port,
|
||||
bool enable_auth,
|
||||
std::string influx_user,
|
||||
std::string influx_password);
|
||||
|
||||
bool write_batch_of_data_to_influxdb(std::string influx_database,
|
||||
bool write_batch_of_data_to_influxdb(std::string influx_database,
|
||||
std::string influx_host,
|
||||
std::string influx_port,
|
||||
bool enable_auth,
|
||||
@ -58,7 +58,7 @@ bool push_system_counters_to_influxdb(std::string influx_database,
|
||||
std::vector<std::pair<std::string, std::map<std::string, uint64_t>>>& hosts_vector);
|
||||
|
||||
|
||||
bool push_network_traffic_counters_to_influxdb(std::string influx_database,
|
||||
bool push_network_traffic_counters_to_influxdb(std::string influx_database,
|
||||
std::string influx_host,
|
||||
std::string influx_port,
|
||||
bool enable_auth,
|
||||
@ -77,16 +77,15 @@ bool write_line_of_data_to_influxdb(std::string influx_database,
|
||||
std::map<std::string, std::string>& tags,
|
||||
std::map<std::string, uint64_t>& plain_total_counters_map);
|
||||
|
||||
void fill_per_protocol_countres_for_influxdb(const map_element_t* current_speed_element, std::map<std::string, uint64_t>& plain_total_counters_map);
|
||||
void fill_per_protocol_countres_for_influxdb(const map_element_t* current_speed_element,
|
||||
std::map<std::string, uint64_t>& plain_total_counters_map);
|
||||
|
||||
void fill_main_counters_for_influxdb(const map_element_t* current_speed_element,
|
||||
std::map<std::string, uint64_t>& plain_total_counters_map,
|
||||
bool populate_flow);
|
||||
std::map<std::string, uint64_t>& plain_total_counters_map,
|
||||
bool populate_flow);
|
||||
|
||||
// Prepare string to insert data into InfluxDB
|
||||
std::string craft_line_for_influxdb_line_protocol(uint64_t unix_timestamp_nanoseconds,
|
||||
std::string measurement,
|
||||
std::map<std::string, std::string>& tags,
|
||||
std::map<std::string, uint64_t>& plain_total_counters_map);
|
||||
|
||||
|
||||
|
@ -31,12 +31,12 @@ enum class netflow9_template_type { Unknown, Data, Options };
|
||||
/* A record in a NetFlow v9 template record */
|
||||
class peer_nf9_record_t {
|
||||
public:
|
||||
uint32_t record_type = 0;
|
||||
uint32_t record_length = 0;
|
||||
uint32_t record_type = 0;
|
||||
uint32_t record_length = 0;
|
||||
|
||||
peer_nf9_record_t(uint32_t record_type, uint32_t record_length) {
|
||||
this->record_type = record_type;
|
||||
this->record_length = record_length;
|
||||
this->record_type = record_type;
|
||||
this->record_length = record_length;
|
||||
}
|
||||
|
||||
// We created custom constructor but I still want to have default with no arguments
|
||||
@ -260,21 +260,21 @@ class __attribute__((__packed__)) nf9_data_flowset_header_t {
|
||||
class __attribute__((__packed__)) nf10_header_t {
|
||||
public:
|
||||
nf_header_common_t c;
|
||||
uint32_t time_sec = 0;
|
||||
uint32_t time_sec = 0;
|
||||
uint32_t package_sequence = 0;
|
||||
uint32_t source_id = 0;
|
||||
uint32_t source_id = 0;
|
||||
};
|
||||
|
||||
class __attribute__((__packed__)) nf10_flowset_header_common_t {
|
||||
public:
|
||||
uint16_t flowset_id = 0;
|
||||
uint16_t length = 0;
|
||||
uint16_t length = 0;
|
||||
};
|
||||
|
||||
class __attribute__((__packed__)) nf10_template_flowset_header_t {
|
||||
public:
|
||||
uint16_t template_id = 0;
|
||||
uint16_t count = 0;
|
||||
uint16_t count = 0;
|
||||
};
|
||||
|
||||
class __attribute__((__packed__)) nf10_template_flowset_record_t {
|
||||
@ -340,13 +340,13 @@ class __attribute__((__packed__)) nf10_data_flowset_header_t {
|
||||
class __attribute__((__packed__)) ipfix_options_header_common_t {
|
||||
public:
|
||||
uint16_t flowset_id = 0;
|
||||
uint16_t length = 0;
|
||||
uint16_t length = 0;
|
||||
};
|
||||
|
||||
class __attribute__((__packed__)) ipfix_options_header_t {
|
||||
public:
|
||||
uint16_t template_id = 0;
|
||||
uint16_t field_count = 0;
|
||||
uint16_t template_id = 0;
|
||||
uint16_t field_count = 0;
|
||||
uint16_t scope_field_count = 0;
|
||||
};
|
||||
|
||||
@ -354,7 +354,7 @@ class __attribute__((__packed__)) ipfix_options_header_t {
|
||||
class __attribute__((__packed__)) nf9_options_header_common_t {
|
||||
public:
|
||||
uint16_t flowset_id = 0;
|
||||
uint16_t length = 0;
|
||||
uint16_t length = 0;
|
||||
};
|
||||
|
||||
|
||||
|
@ -10,8 +10,8 @@
|
||||
|
||||
#include <fstream>
|
||||
#include <map>
|
||||
#include <vector>
|
||||
#include <mutex>
|
||||
#include <vector>
|
||||
|
||||
#include "../fast_library.h"
|
||||
#include "../ipfix_rfc.h"
|
||||
@ -273,10 +273,17 @@ class netflow_meta_info_t {
|
||||
bool nested_packet_parsed = false;
|
||||
};
|
||||
|
||||
int nf9_rec_to_flow(uint32_t record_type, uint32_t record_length, uint8_t* data, simple_packet_t& packet, std::vector<peer_nf9_record_t> & template_records, netflow_meta_info_t& flow_meta);
|
||||
int nf9_rec_to_flow(uint32_t record_type,
|
||||
uint32_t record_length,
|
||||
uint8_t* data,
|
||||
simple_packet_t& packet,
|
||||
std::vector<peer_nf9_record_t>& template_records,
|
||||
netflow_meta_info_t& flow_meta);
|
||||
|
||||
peer_nf9_template*
|
||||
peer_find_template(global_template_storage_t& table_for_lookup, uint32_t source_id, uint32_t template_id, std::string client_addres_in_string_format) {
|
||||
peer_nf9_template* peer_find_template(global_template_storage_t& table_for_lookup,
|
||||
uint32_t source_id,
|
||||
uint32_t template_id,
|
||||
std::string client_addres_in_string_format) {
|
||||
|
||||
// We use source_id for distinguish multiple netflow agents with same IP
|
||||
std::string key = client_addres_in_string_format + "_" + std::to_string(source_id);
|
||||
@ -368,8 +375,8 @@ bool process_netflow_v9_options_template(uint8_t* pkt, size_t len, uint32_t sour
|
||||
uint32_t record_length = fast_ntoh(tmplr->length);
|
||||
|
||||
peer_nf9_record_t current_record;
|
||||
current_record.record_type = record_type;
|
||||
current_record.record_length = record_length;
|
||||
current_record.record_type = record_type;
|
||||
current_record.record_length = record_length;
|
||||
|
||||
template_records_map.push_back(current_record);
|
||||
|
||||
@ -604,12 +611,12 @@ bool process_netflow_v10_template(uint8_t* pkt, size_t len, uint32_t source_id,
|
||||
}
|
||||
|
||||
nf10_template_flowset_record_t* tmplr = (nf10_template_flowset_record_t*)(pkt + offset);
|
||||
uint32_t record_type = ntohs(tmplr->type);
|
||||
uint32_t record_length = ntohs(tmplr->length);
|
||||
uint32_t record_type = ntohs(tmplr->type);
|
||||
uint32_t record_length = ntohs(tmplr->length);
|
||||
|
||||
peer_nf9_record_t current_record;
|
||||
current_record.record_type = record_type;
|
||||
current_record.record_length = record_length;
|
||||
current_record.record_type = record_type;
|
||||
current_record.record_length = record_length;
|
||||
|
||||
template_records_map.push_back(current_record);
|
||||
|
||||
@ -687,8 +694,8 @@ bool process_netflow_v9_template(uint8_t* pkt, size_t len, uint32_t source_id, c
|
||||
uint32_t record_length = ntohs(tmplr->length);
|
||||
|
||||
peer_nf9_record_t current_record;
|
||||
current_record.record_type = record_type;
|
||||
current_record.record_length = record_length;
|
||||
current_record.record_type = record_type;
|
||||
current_record.record_length = record_length;
|
||||
|
||||
template_records_map.push_back(current_record);
|
||||
|
||||
@ -993,9 +1000,8 @@ int nf9_rec_to_flow(uint32_t record_type, uint32_t record_length, uint8_t* data,
|
||||
full_packet_length = flow_meta.data_link_frame_size;
|
||||
}
|
||||
|
||||
auto result = parse_raw_packet_to_simple_packet_full_ng( (u_char*)(data), full_packet_length,
|
||||
record_length, flow_meta.nested_packet, read_packet_length_from_ip_header
|
||||
);
|
||||
auto result = parse_raw_packet_to_simple_packet_full_ng((u_char*)(data), full_packet_length, record_length,
|
||||
flow_meta.nested_packet, read_packet_length_from_ip_header);
|
||||
|
||||
if (result != network_data_stuctures::parser_code_t::success) {
|
||||
// Cannot decode data
|
||||
@ -1188,7 +1194,7 @@ bool nf10_rec_to_flow(uint32_t record_type, uint32_t record_length, uint8_t* dat
|
||||
}
|
||||
}
|
||||
|
||||
break;
|
||||
break;
|
||||
}
|
||||
|
||||
return true;
|
||||
@ -1267,7 +1273,12 @@ bool nf10_options_flowset_to_store(uint8_t* pkt, size_t len, nf10_header_t* nf10
|
||||
}
|
||||
|
||||
// We should rewrite nf9_flowset_to_store accroding to fixes here
|
||||
void nf10_flowset_to_store(uint8_t* pkt, size_t len, nf10_header_t* nf10_hdr, peer_nf9_template* field_template, uint32_t client_ipv4_address, const std::string& client_addres_in_string_format) {
|
||||
void nf10_flowset_to_store(uint8_t* pkt,
|
||||
size_t len,
|
||||
nf10_header_t* nf10_hdr,
|
||||
peer_nf9_template* field_template,
|
||||
uint32_t client_ipv4_address,
|
||||
const std::string& client_addres_in_string_format) {
|
||||
uint32_t offset = 0;
|
||||
|
||||
if (len < field_template->total_len) {
|
||||
@ -1392,7 +1403,8 @@ void nf9_options_flowset_to_store(uint8_t* pkt, size_t len, nf9_header_t* nf9_hd
|
||||
// Cisco ASR1000
|
||||
if (elem.record_type == FLOW_SAMPLER_RANDOM_INTERVAL) {
|
||||
// Check supported length
|
||||
if (elem.record_length == FLOW_SAMPLER_RANDOM_INTERVAL_LENGTH or elem.record_length == FLOW_SAMPLER_RANDOM_INTERVAL_LENGTH_ASR1000) {
|
||||
if (elem.record_length == FLOW_SAMPLER_RANDOM_INTERVAL_LENGTH or
|
||||
elem.record_length == FLOW_SAMPLER_RANDOM_INTERVAL_LENGTH_ASR1000) {
|
||||
bool result = be_copy_function(data_shift, (uint8_t*)&sampling_rate, sizeof(sampling_rate), elem.record_length);
|
||||
|
||||
if (!result) {
|
||||
@ -1658,11 +1670,11 @@ void nf9_flowset_to_store(uint8_t* pkt,
|
||||
}
|
||||
|
||||
bool process_netflow_v10_data(uint8_t* pkt,
|
||||
size_t len,
|
||||
nf10_header_t* nf10_hdr,
|
||||
uint32_t source_id,
|
||||
const std::string& client_addres_in_string_format,
|
||||
uint32_t client_ipv4_address) {
|
||||
size_t len,
|
||||
nf10_header_t* nf10_hdr,
|
||||
uint32_t source_id,
|
||||
const std::string& client_addres_in_string_format,
|
||||
uint32_t client_ipv4_address) {
|
||||
|
||||
nf10_data_flowset_header_t* dath = (nf10_data_flowset_header_t*)pkt;
|
||||
|
||||
@ -1885,7 +1897,7 @@ bool process_netflow_packet_v10(uint8_t* packet, uint32_t len, const std::string
|
||||
ipfix_data_packet_number++;
|
||||
|
||||
if (!process_netflow_v10_data(packet + offset, flowset_len, nf10_hdr, source_id,
|
||||
client_addres_in_string_format, client_ipv4_address)) {
|
||||
client_addres_in_string_format, client_ipv4_address)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -1924,7 +1936,7 @@ bool process_netflow_packet_v9(uint8_t* packet, uint32_t len, std::string& clien
|
||||
uint32_t source_id = ntohl(nf9_hdr->source_id);
|
||||
// logger<< log4cpp::Priority::INFO<<"Template source id: "<<source_id;
|
||||
|
||||
uint32_t offset = sizeof(*nf9_hdr);
|
||||
uint32_t offset = sizeof(*nf9_hdr);
|
||||
|
||||
// logger<< log4cpp::Priority::INFO<< "Total flowsets " << flowset_count_total;
|
||||
|
||||
@ -2183,7 +2195,7 @@ void start_netflow_collection(process_packet_pointer func_ptr) {
|
||||
|
||||
std::vector<unsigned int> netflow_ports;
|
||||
|
||||
for (auto port: ports_for_listen) {
|
||||
for (auto port : ports_for_listen) {
|
||||
unsigned int netflow_port = convert_string_to_integer(port);
|
||||
|
||||
if (netflow_port == 0) {
|
||||
|
@ -76,11 +76,11 @@ int receive_packets(struct netmap_ring* ring, int thread_number) {
|
||||
u_int cur, rx, n;
|
||||
|
||||
cur = ring->cur;
|
||||
n = nm_ring_space(ring);
|
||||
n = nm_ring_space(ring);
|
||||
|
||||
for (rx = 0; rx < n; rx++) {
|
||||
struct netmap_slot* slot = &ring->slot[cur];
|
||||
char* p = NETMAP_BUF(ring, slot->buf_idx);
|
||||
char* p = NETMAP_BUF(ring, slot->buf_idx);
|
||||
|
||||
// process data
|
||||
consume_pkt((u_char*)p, slot->len, thread_number);
|
||||
@ -117,7 +117,7 @@ void receiver(std::string interface_for_listening) {
|
||||
base_nmd.nr_tx_rings = base_nmd.nr_rx_rings = 0;
|
||||
base_nmd.nr_tx_slots = base_nmd.nr_rx_slots = 0;
|
||||
|
||||
std::string interface = "";
|
||||
std::string interface = "";
|
||||
std::string system_interface_name = "";
|
||||
// If we haven't netmap: prefix in interface name we will append it
|
||||
if (interface_for_listening.find("netmap:") == std::string::npos) {
|
||||
@ -145,10 +145,8 @@ void receiver(std::string interface_for_listening) {
|
||||
return;
|
||||
}
|
||||
|
||||
logger.info("Mapped %dKB memory at %p", netmap_descriptor->req.nr_memsize >> 10,
|
||||
netmap_descriptor->mem);
|
||||
logger.info("We have %d tx and %d rx rings", netmap_descriptor->req.nr_tx_rings,
|
||||
netmap_descriptor->req.nr_rx_rings);
|
||||
logger.info("Mapped %dKB memory at %p", netmap_descriptor->req.nr_memsize >> 10, netmap_descriptor->mem);
|
||||
logger.info("We have %d tx and %d rx rings", netmap_descriptor->req.nr_tx_rings, netmap_descriptor->req.nr_rx_rings);
|
||||
|
||||
if (num_cpus > netmap_descriptor->req.nr_rx_rings) {
|
||||
num_cpus = netmap_descriptor->req.nr_rx_rings;
|
||||
@ -180,22 +178,20 @@ void receiver(std::string interface_for_listening) {
|
||||
logger.error("Ooops, main descriptor should be with NR_REG_ALL_NIC flag");
|
||||
}
|
||||
|
||||
nmd.req.nr_flags = NR_REG_ONE_NIC;
|
||||
nmd.req.nr_flags = NR_REG_ONE_NIC;
|
||||
nmd.req.nr_ringid = i;
|
||||
|
||||
/* Only touch one of the rings (rx is already ok) */
|
||||
nmd_flags |= NETMAP_NO_TX_POLL;
|
||||
|
||||
struct nm_desc* new_nmd =
|
||||
nm_open(interface.c_str(), NULL, nmd_flags | NM_OPEN_IFNAME | NM_OPEN_NO_MMAP, &nmd);
|
||||
struct nm_desc* new_nmd = nm_open(interface.c_str(), NULL, nmd_flags | NM_OPEN_IFNAME | NM_OPEN_NO_MMAP, &nmd);
|
||||
|
||||
if (new_nmd == NULL) {
|
||||
logger.error("Can't open netmap descriptor for netmap per hardware queue thread");
|
||||
return;
|
||||
}
|
||||
|
||||
logger.info("My first ring is %d and last ring id is %d I'm thread %d",
|
||||
new_nmd->first_rx_ring, new_nmd->last_rx_ring, i);
|
||||
logger.info("My first ring is %d and last ring id is %d I'm thread %d", new_nmd->first_rx_ring, new_nmd->last_rx_ring, i);
|
||||
|
||||
|
||||
/*
|
||||
@ -209,8 +205,7 @@ void receiver(std::string interface_for_listening) {
|
||||
|
||||
// Well, we have thread attributes from Boost 1.50
|
||||
|
||||
#if defined(BOOST_THREAD_PLATFORM_PTHREAD) && BOOST_VERSION / 100 % 1000 >= 50 && \
|
||||
!defined(__APPLE__) && defined(__GLIBC__)
|
||||
#if defined(BOOST_THREAD_PLATFORM_PTHREAD) && BOOST_VERSION / 100 % 1000 >= 50 && !defined(__APPLE__) && defined(__GLIBC__)
|
||||
/* Bind to certain core */
|
||||
boost::thread::attributes thread_attrs;
|
||||
|
||||
@ -225,8 +220,7 @@ void receiver(std::string interface_for_listening) {
|
||||
|
||||
logger.info("I will bind this thread to logical CPU: %d", cpu_to_bind);
|
||||
|
||||
int set_affinity_result =
|
||||
pthread_attr_setaffinity_np(thread_attrs.native_handle(), sizeof(cpu_set_t), ¤t_cpu_set);
|
||||
int set_affinity_result = pthread_attr_setaffinity_np(thread_attrs.native_handle(), sizeof(cpu_set_t), ¤t_cpu_set);
|
||||
|
||||
if (set_affinity_result != 0) {
|
||||
logger.error("Can't specify CPU affinity for netmap thread");
|
||||
@ -234,8 +228,7 @@ void receiver(std::string interface_for_listening) {
|
||||
}
|
||||
|
||||
// Start thread and pass netmap descriptor to it
|
||||
packet_receiver_thread_group.add_thread(
|
||||
new boost::thread(thread_attrs, boost::bind(netmap_thread, new_nmd, i)));
|
||||
packet_receiver_thread_group.add_thread(new boost::thread(thread_attrs, boost::bind(netmap_thread, new_nmd, i)));
|
||||
#else
|
||||
logger.error("Sorry but CPU affinity did not supported for your platform");
|
||||
packet_receiver_thread_group.add_thread(new boost::thread(netmap_thread, new_nmd, i));
|
||||
@ -250,11 +243,11 @@ void netmap_thread(struct nm_desc* netmap_descriptor, int thread_number) {
|
||||
struct nm_pkthdr h;
|
||||
u_char* buf;
|
||||
struct pollfd fds;
|
||||
fds.fd = netmap_descriptor->fd; // NETMAP_FD(netmap_descriptor);
|
||||
fds.fd = netmap_descriptor->fd; // NETMAP_FD(netmap_descriptor);
|
||||
fds.events = POLLIN;
|
||||
|
||||
struct netmap_ring* rxring = NULL;
|
||||
struct netmap_if* nifp = netmap_descriptor->nifp;
|
||||
struct netmap_if* nifp = netmap_descriptor->nifp;
|
||||
|
||||
// printf("Reading from fd %d thread id: %d", netmap_descriptor->fd, thread_number);
|
||||
|
||||
@ -304,13 +297,12 @@ void start_netmap_collection(process_packet_pointer func_ptr) {
|
||||
}
|
||||
|
||||
if (configuration_map.count("netmap_sampling_ratio") != 0) {
|
||||
netmap_sampling_ratio =
|
||||
convert_string_to_integer(configuration_map["netmap_sampling_ratio"]);
|
||||
netmap_sampling_ratio = convert_string_to_integer(configuration_map["netmap_sampling_ratio"]);
|
||||
}
|
||||
|
||||
if (configuration_map.count("netmap_read_packet_length_from_ip_header") != 0) {
|
||||
netmap_read_packet_length_from_ip_header =
|
||||
configuration_map["netmap_read_packet_length_from_ip_header"] == "on";
|
||||
configuration_map["netmap_read_packet_length_from_ip_header"] == "on";
|
||||
}
|
||||
|
||||
std::vector<std::string> interfaces_for_listen;
|
||||
|
@ -202,8 +202,7 @@ struct nmreq {
|
||||
#undef _IO // ws2def.h
|
||||
#define _WIN_NM_IOCTL_TYPE 40000
|
||||
#define _IO(_c, _n) CTL_CODE(_WIN_NM_IOCTL_TYPE, ((_n) + 0x800), METHOD_BUFFERED, FILE_ANY_ACCESS)
|
||||
#define _IO_direct(_c, _n) \
|
||||
CTL_CODE(_WIN_NM_IOCTL_TYPE, ((_n) + 0x800), METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
|
||||
#define _IO_direct(_c, _n) CTL_CODE(_WIN_NM_IOCTL_TYPE, ((_n) + 0x800), METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
|
||||
|
||||
#define _IOWR(_c, _n, _s) _IO(_c, _n)
|
||||
|
||||
|
@ -14,7 +14,7 @@
|
||||
* TODO:
|
||||
* Add strict type check for ntohl/ntohs and ntonl/htons
|
||||
*
|
||||
*/
|
||||
*/
|
||||
|
||||
#include <arpa/inet.h> // ntohs, ntohl
|
||||
|
||||
|
@ -101,15 +101,15 @@ template <typename TemplateKeyType> class packet_buckets_storage_t {
|
||||
|
||||
if (buffers_maximum_capacity == 0) {
|
||||
// In this case we mark this bucket as already collected to trigger immediate detection without tpacket capture
|
||||
new_packet_bucket.we_could_receive_new_data = false;
|
||||
new_packet_bucket.we_could_receive_new_data = false;
|
||||
new_packet_bucket.we_collected_full_buffer_least_once = true;
|
||||
new_packet_bucket.collection_finished_time = std::chrono::system_clock::now();
|
||||
new_packet_bucket.collection_finished_time = std::chrono::system_clock::now();
|
||||
} else {
|
||||
new_packet_bucket.we_could_receive_new_data = true;
|
||||
}
|
||||
|
||||
new_packet_bucket.collection_pattern = collection_pattern;
|
||||
new_packet_bucket.attack_details = attack_details;
|
||||
new_packet_bucket.collection_pattern = collection_pattern;
|
||||
new_packet_bucket.attack_details = attack_details;
|
||||
|
||||
packet_buckets_map[client_ip] = new_packet_bucket;
|
||||
|
||||
@ -213,4 +213,3 @@ template <typename TemplateKeyType> class packet_buckets_storage_t {
|
||||
std::mutex packet_buckets_map_mutex;
|
||||
std::map<TemplateKeyType, packet_bucket_t> packet_buckets_map;
|
||||
};
|
||||
|
||||
|
@ -136,4 +136,3 @@ class packet_storage_t {
|
||||
// We should not store packets with incl_len exceeding this value
|
||||
unsigned int max_captured_packet_size;
|
||||
};
|
||||
|
||||
|
@ -120,7 +120,7 @@ void parse_packet(u_char* user, struct pcap_pkthdr* packethdr, const u_char* pac
|
||||
#if defined(__FreeBSD__) || defined(__APPLE__) || defined(__DragonFly__) || defined(__OpenBSD__)
|
||||
current_packet.source_port = ntohs(tcphdr->th_sport);
|
||||
#else
|
||||
current_packet.source_port = ntohs(tcphdr->source);
|
||||
current_packet.source_port = ntohs(tcphdr->source);
|
||||
#endif
|
||||
|
||||
#if defined(__FreeBSD__) || defined(__APPLE__) || defined(__DragonFly__) || defined(__OpenBSD__)
|
||||
@ -135,7 +135,7 @@ void parse_packet(u_char* user, struct pcap_pkthdr* packethdr, const u_char* pac
|
||||
#if defined(__FreeBSD__) || defined(__APPLE__) || defined(__DragonFly__) || defined(__OpenBSD__)
|
||||
current_packet.source_port = ntohs(udphdr->uh_sport);
|
||||
#else
|
||||
current_packet.source_port = ntohs(udphdr->source);
|
||||
current_packet.source_port = ntohs(udphdr->source);
|
||||
#endif
|
||||
|
||||
#if defined(__FreeBSD__) || defined(__APPLE__) || defined(__DragonFly__) || defined(__OpenBSD__)
|
||||
@ -146,15 +146,15 @@ void parse_packet(u_char* user, struct pcap_pkthdr* packethdr, const u_char* pac
|
||||
break;
|
||||
case IPPROTO_ICMP:
|
||||
// there are no port for ICMP
|
||||
current_packet.source_port = 0;
|
||||
current_packet.source_port = 0;
|
||||
current_packet.destination_port = 0;
|
||||
break;
|
||||
}
|
||||
|
||||
current_packet.protocol = iphdr->ip_p;
|
||||
current_packet.src_ip = src_ip;
|
||||
current_packet.dst_ip = dst_ip;
|
||||
current_packet.length = packet_length;
|
||||
current_packet.src_ip = src_ip;
|
||||
current_packet.dst_ip = dst_ip;
|
||||
current_packet.length = packet_length;
|
||||
|
||||
// Do packet processing
|
||||
pcap_process_func_ptr(current_packet);
|
||||
|
@ -45,11 +45,11 @@ log4cpp::Category& logger = log4cpp::Category::getRoot();
|
||||
|
||||
uint64_t total_unparsed_packets = 0;
|
||||
|
||||
uint64_t dns_amplification_packets = 0;
|
||||
uint64_t ntp_amplification_packets = 0;
|
||||
uint64_t dns_amplification_packets = 0;
|
||||
uint64_t ntp_amplification_packets = 0;
|
||||
uint64_t ssdp_amplification_packets = 0;
|
||||
|
||||
uint64_t raw_parsed_packets = 0;
|
||||
uint64_t raw_parsed_packets = 0;
|
||||
uint64_t raw_unparsed_packets = 0;
|
||||
|
||||
/* It's prototype for moc testing of FastNetMon, it's very useful for netflow or direct packet
|
||||
@ -81,7 +81,7 @@ char* flow_type = NULL;
|
||||
void pcap_parse_packet(char* buffer, uint32_t len, uint32_t snap_len) {
|
||||
struct pfring_pkthdr packet_header;
|
||||
memset(&packet_header, 0, sizeof(packet_header));
|
||||
packet_header.len = len;
|
||||
packet_header.len = len;
|
||||
packet_header.caplen = snap_len;
|
||||
|
||||
fastnetmon_parse_pkt((u_char*)buffer, &packet_header, 4, 1, 0);
|
||||
@ -111,8 +111,8 @@ void pcap_parse_packet(char* buffer, uint32_t len, uint32_t snap_len) {
|
||||
SFSample sample;
|
||||
memset(&sample, 0, sizeof(sample));
|
||||
|
||||
sample.rawSample = (uint8_t*)payload_ptr;
|
||||
sample.rawSampleLen = payload_length;
|
||||
sample.rawSample = (uint8_t*)payload_ptr;
|
||||
sample.rawSampleLen = payload_length;
|
||||
sample.sourceIP.type = SFLADDRESSTYPE_IP_V4;
|
||||
|
||||
read_sflow_datagram(&sample);
|
||||
@ -121,15 +121,15 @@ void pcap_parse_packet(char* buffer, uint32_t len, uint32_t snap_len) {
|
||||
struct pfring_pkthdr raw_packet_header;
|
||||
memset(&raw_packet_header, 0, sizeof(raw_packet_header));
|
||||
|
||||
raw_packet_header.len = len;
|
||||
raw_packet_header.len = len;
|
||||
raw_packet_header.caplen = snap_len;
|
||||
|
||||
int parser_return_code = fastnetmon_parse_pkt((u_char*)buffer, &raw_packet_header, 4, 1, 0);
|
||||
|
||||
// We are not interested so much in l2 data and we interested only in l3 data here and more
|
||||
if (parser_return_code < 3) {
|
||||
printf("Parser failed for with code %d following packet with number %llu\n",
|
||||
parser_return_code, raw_unparsed_packets + raw_parsed_packets);
|
||||
printf("Parser failed for with code %d following packet with number %llu\n", parser_return_code,
|
||||
raw_unparsed_packets + raw_parsed_packets);
|
||||
raw_unparsed_packets++;
|
||||
} else {
|
||||
raw_parsed_packets++;
|
||||
|
@ -68,11 +68,11 @@ void init_logging() {
|
||||
void process_packet(simple_packet& current_packet) {
|
||||
std::cout << print_simple_packet(current_packet);
|
||||
#ifdef DO_SUBNET_LOOKUP
|
||||
unsigned long subnet = 0;
|
||||
unsigned long subnet = 0;
|
||||
unsigned int subnet_cidr_mask = 0;
|
||||
|
||||
direction packet_direction = get_packet_direction(lookup_tree, current_packet.src_ip,
|
||||
current_packet.dst_ip, subnet, subnet_cidr_mask);
|
||||
direction packet_direction =
|
||||
get_packet_direction(lookup_tree, current_packet.src_ip, current_packet.dst_ip, subnet, subnet_cidr_mask);
|
||||
std::cout << "direction: " << get_direction_name(packet_direction) << std::endl;
|
||||
#endif
|
||||
}
|
||||
@ -109,8 +109,7 @@ int main(int argc, char* argv[]) {
|
||||
|
||||
std::vector<std::string> network_list_from_config = read_file_to_vector("/etc/networks_list");
|
||||
|
||||
for (std::vector<std::string>::iterator ii = network_list_from_config.begin();
|
||||
ii != network_list_from_config.end(); ++ii) {
|
||||
for (std::vector<std::string>::iterator ii = network_list_from_config.begin(); ii != network_list_from_config.end(); ++ii) {
|
||||
std::string network_address_in_cidr_form = *ii;
|
||||
|
||||
make_and_lookup(lookup_tree, const_cast<char*>(network_address_in_cidr_form.c_str()));
|
||||
|
@ -113,15 +113,15 @@ void start_sflow_collection(process_packet_pointer func_ptr) {
|
||||
|
||||
std::vector<unsigned int> sflow_ports;
|
||||
|
||||
for (auto port_string: sflow_ports_for_listen) {
|
||||
for (auto port_string : sflow_ports_for_listen) {
|
||||
unsigned int sflow_port = convert_string_to_integer(port_string);
|
||||
|
||||
if (sflow_port == 0) {
|
||||
logger << log4cpp::Priority::ERROR << plugin_log_prefix << "Cannot parse port: " << port_string;
|
||||
continue;
|
||||
}
|
||||
if (sflow_port == 0) {
|
||||
logger << log4cpp::Priority::ERROR << plugin_log_prefix << "Cannot parse port: " << port_string;
|
||||
continue;
|
||||
}
|
||||
|
||||
sflow_ports.push_back(sflow_port);
|
||||
sflow_ports.push_back(sflow_port);
|
||||
}
|
||||
|
||||
if (sflow_ports.size() == 0) {
|
||||
@ -129,13 +129,11 @@ void start_sflow_collection(process_packet_pointer func_ptr) {
|
||||
return;
|
||||
}
|
||||
|
||||
logger << log4cpp::Priority::INFO << plugin_log_prefix << "We parsed "
|
||||
<< sflow_ports.size() << " ports for sflow";
|
||||
logger << log4cpp::Priority::INFO << plugin_log_prefix << "We parsed " << sflow_ports.size() << " ports for sflow";
|
||||
|
||||
boost::thread_group sflow_collector_threads;
|
||||
|
||||
logger << log4cpp::Priority::INFO << plugin_log_prefix << "We will listen on "
|
||||
<< sflow_ports.size() << " ports";
|
||||
logger << log4cpp::Priority::INFO << plugin_log_prefix << "We will listen on " << sflow_ports.size() << " ports";
|
||||
|
||||
std::string sflow_host;
|
||||
|
||||
@ -144,13 +142,11 @@ void start_sflow_collection(process_packet_pointer func_ptr) {
|
||||
}
|
||||
|
||||
if (configuration_map.count("sflow_read_packet_length_from_ip_header") != 0) {
|
||||
sflow_read_packet_length_from_ip_header =
|
||||
configuration_map["sflow_read_packet_length_from_ip_header"] == "on";
|
||||
sflow_read_packet_length_from_ip_header = configuration_map["sflow_read_packet_length_from_ip_header"] == "on";
|
||||
}
|
||||
|
||||
for (auto sflow_port: sflow_ports) {
|
||||
sflow_collector_threads.add_thread(
|
||||
new boost::thread(start_sflow_collector, sflow_host, sflow_port));
|
||||
for (auto sflow_port : sflow_ports) {
|
||||
sflow_collector_threads.add_thread(new boost::thread(start_sflow_collector, sflow_host, sflow_port));
|
||||
}
|
||||
|
||||
sflow_collector_threads.join_all();
|
||||
@ -306,19 +302,19 @@ bool process_sflow_flow_sample(uint8_t* data_pointer,
|
||||
|
||||
uint8_t* header_payload_pointer = payload_ptr + sizeof(sflow_raw_protocol_header_t);
|
||||
|
||||
// We could enable this new parser for testing purposes
|
||||
auto result = parse_raw_packet_to_simple_packet_full_ng(header_payload_pointer,
|
||||
sflow_raw_protocol_header.frame_length_before_sampling,
|
||||
sflow_raw_protocol_header.header_size, packet,
|
||||
sflow_read_packet_length_from_ip_header);
|
||||
// We could enable this new parser for testing purposes
|
||||
auto result = parse_raw_packet_to_simple_packet_full_ng(header_payload_pointer,
|
||||
sflow_raw_protocol_header.frame_length_before_sampling,
|
||||
sflow_raw_protocol_header.header_size, packet,
|
||||
sflow_read_packet_length_from_ip_header);
|
||||
|
||||
if (result != network_data_stuctures::parser_code_t::success) {
|
||||
sflow_parse_error_nested_header++;
|
||||
if (result != network_data_stuctures::parser_code_t::success) {
|
||||
sflow_parse_error_nested_header++;
|
||||
|
||||
logger << log4cpp::Priority::DEBUG << plugin_log_prefix
|
||||
<< "Cannot parse nested packet using ng parser: " << parser_code_to_string(result);
|
||||
logger << log4cpp::Priority::DEBUG << plugin_log_prefix
|
||||
<< "Cannot parse nested packet using ng parser: " << parser_code_to_string(result);
|
||||
|
||||
return false;
|
||||
return false;
|
||||
}
|
||||
|
||||
// Pass pointer to raw header to FastNetMon processing functions
|
||||
|
@ -129,4 +129,3 @@ parser_code_t parse_raw_packet_to_simple_packet_full_ng(uint8_t* pointer,
|
||||
|
||||
return parser_code_t::success;
|
||||
}
|
||||
|
||||
|
@ -73,7 +73,7 @@ void speed_printer() {
|
||||
boost::this_thread::sleep(boost::posix_time::seconds(1));
|
||||
|
||||
uint64_t packets_after = received_packets;
|
||||
uint64_t pps = packets_after - packets_before;
|
||||
uint64_t pps = packets_after - packets_before;
|
||||
|
||||
printf("We process: %llu pps\n", pps);
|
||||
}
|
||||
@ -102,11 +102,10 @@ int setup_socket(std::string interface_name, int fanout_group_id) {
|
||||
// Switch to PROMISC mode
|
||||
struct packet_mreq sock_params;
|
||||
memset(&sock_params, 0, sizeof(sock_params));
|
||||
sock_params.mr_type = PACKET_MR_PROMISC;
|
||||
sock_params.mr_type = PACKET_MR_PROMISC;
|
||||
sock_params.mr_ifindex = interface_number;
|
||||
|
||||
int set_promisc = setsockopt(packet_socket, SOL_PACKET, PACKET_ADD_MEMBERSHIP,
|
||||
(void*)&sock_params, sizeof(sock_params));
|
||||
int set_promisc = setsockopt(packet_socket, SOL_PACKET, PACKET_ADD_MEMBERSHIP, (void*)&sock_params, sizeof(sock_params));
|
||||
|
||||
if (set_promisc == -1) {
|
||||
printf("Can't enable promisc mode\n");
|
||||
@ -116,9 +115,9 @@ int setup_socket(std::string interface_name, int fanout_group_id) {
|
||||
struct sockaddr_ll bind_address;
|
||||
memset(&bind_address, 0, sizeof(bind_address));
|
||||
|
||||
bind_address.sll_family = AF_PACKET;
|
||||
bind_address.sll_family = AF_PACKET;
|
||||
bind_address.sll_protocol = htons(ETH_P_ALL);
|
||||
bind_address.sll_ifindex = interface_number;
|
||||
bind_address.sll_ifindex = interface_number;
|
||||
|
||||
// We will follow http://yusufonlinux.blogspot.ru/2010/11/data-link-access-and-zero-copy.html
|
||||
// And this: https://www.kernel.org/doc/Documentation/networking/packet_mmap.txt
|
||||
@ -145,8 +144,7 @@ int setup_socket(std::string interface_name, int fanout_group_id) {
|
||||
|
||||
int fanout_arg = (fanout_group_id | (fanout_type << 16));
|
||||
|
||||
int setsockopt_fanout =
|
||||
setsockopt(packet_socket, SOL_PACKET, PACKET_FANOUT, &fanout_arg, sizeof(fanout_arg));
|
||||
int setsockopt_fanout = setsockopt(packet_socket, SOL_PACKET, PACKET_FANOUT, &fanout_arg, sizeof(fanout_arg));
|
||||
|
||||
if (setsockopt_fanout < 0) {
|
||||
printf("Can't configure fanout\n");
|
||||
@ -214,7 +212,7 @@ int main() {
|
||||
CPU_SET(cpu_to_bind, ¤t_cpu_set);
|
||||
|
||||
int set_affinity_result =
|
||||
pthread_attr_setaffinity_np(thread_attrs.native_handle(), sizeof(cpu_set_t), ¤t_cpu_set);
|
||||
pthread_attr_setaffinity_np(thread_attrs.native_handle(), sizeof(cpu_set_t), ¤t_cpu_set);
|
||||
|
||||
if (set_affinity_result != 0) {
|
||||
printf("Can't set CPU affinity for thread\n");
|
||||
@ -222,7 +220,7 @@ int main() {
|
||||
}
|
||||
|
||||
packet_receiver_thread_group.add_thread(
|
||||
new boost::thread(thread_attrs, boost::bind(start_af_packet_capture, "eth6", fanout_group_id)));
|
||||
new boost::thread(thread_attrs, boost::bind(start_af_packet_capture, "eth6", fanout_group_id)));
|
||||
}
|
||||
|
||||
// Wait all processes for finish
|
||||
|
@ -57,7 +57,7 @@ int get_interface_number_by_device_name(int socket_fd, std::string interface_nam
|
||||
unsigned int af_packet_threads = 1;
|
||||
|
||||
uint64_t received_packets = 0;
|
||||
uint64_t received_bytes = 0;
|
||||
uint64_t received_bytes = 0;
|
||||
|
||||
void speed_printer() {
|
||||
while (true) {
|
||||
@ -66,7 +66,7 @@ void speed_printer() {
|
||||
boost::this_thread::sleep(boost::posix_time::seconds(1));
|
||||
|
||||
uint64_t packets_after = received_packets;
|
||||
uint64_t pps = packets_after - packets_before;
|
||||
uint64_t pps = packets_after - packets_before;
|
||||
|
||||
printf("We process: %llu pps\n", pps);
|
||||
}
|
||||
@ -77,7 +77,7 @@ void flush_block(struct block_desc* pbd) {
|
||||
}
|
||||
|
||||
void walk_block(struct block_desc* pbd, const int block_num) {
|
||||
int num_pkts = pbd->h1.num_pkts, i;
|
||||
int num_pkts = pbd->h1.num_pkts, i;
|
||||
unsigned long bytes = 0;
|
||||
struct tpacket3_hdr* ppd;
|
||||
|
||||
@ -92,11 +92,11 @@ void walk_block(struct block_desc* pbd, const int block_num) {
|
||||
#ifdef PRINT_PACKETS
|
||||
struct pfring_pkthdr packet_header;
|
||||
memset(&packet_header, 0, sizeof(packet_header));
|
||||
packet_header.len = ppd->tp_snaplen;
|
||||
packet_header.len = ppd->tp_snaplen;
|
||||
packet_header.caplen = ppd->tp_snaplen;
|
||||
|
||||
u_int8_t timestamp = 0;
|
||||
u_int8_t add_hash = 0;
|
||||
u_int8_t add_hash = 0;
|
||||
|
||||
u_char* data_pointer = (u_char*)((uint8_t*)ppd + ppd->tp_mac);
|
||||
|
||||
@ -128,9 +128,8 @@ int setup_socket(std::string interface_name, int fanout_group_id) {
|
||||
}
|
||||
|
||||
// We whould use V3 bcause it could read/pool in per block basis instead per packet
|
||||
int version = TPACKET_V3;
|
||||
int setsockopt_packet_version =
|
||||
setsockopt(packet_socket, SOL_PACKET, PACKET_VERSION, &version, sizeof(version));
|
||||
int version = TPACKET_V3;
|
||||
int setsockopt_packet_version = setsockopt(packet_socket, SOL_PACKET, PACKET_VERSION, &version, sizeof(version));
|
||||
|
||||
if (setsockopt_packet_version < 0) {
|
||||
printf("Can't set packet v3 version\n");
|
||||
@ -147,11 +146,10 @@ int setup_socket(std::string interface_name, int fanout_group_id) {
|
||||
// Switch to PROMISC mode
|
||||
struct packet_mreq sock_params;
|
||||
memset(&sock_params, 0, sizeof(sock_params));
|
||||
sock_params.mr_type = PACKET_MR_PROMISC;
|
||||
sock_params.mr_type = PACKET_MR_PROMISC;
|
||||
sock_params.mr_ifindex = interface_number;
|
||||
|
||||
int set_promisc = setsockopt(packet_socket, SOL_PACKET, PACKET_ADD_MEMBERSHIP,
|
||||
(void*)&sock_params, sizeof(sock_params));
|
||||
int set_promisc = setsockopt(packet_socket, SOL_PACKET, PACKET_ADD_MEMBERSHIP, (void*)&sock_params, sizeof(sock_params));
|
||||
|
||||
if (set_promisc == -1) {
|
||||
printf("Can't enable promisc mode\n");
|
||||
@ -161,9 +159,9 @@ int setup_socket(std::string interface_name, int fanout_group_id) {
|
||||
struct sockaddr_ll bind_address;
|
||||
memset(&bind_address, 0, sizeof(bind_address));
|
||||
|
||||
bind_address.sll_family = AF_PACKET;
|
||||
bind_address.sll_family = AF_PACKET;
|
||||
bind_address.sll_protocol = htons(ETH_P_ALL);
|
||||
bind_address.sll_ifindex = interface_number;
|
||||
bind_address.sll_ifindex = interface_number;
|
||||
|
||||
// We will follow http://yusufonlinux.blogspot.ru/2010/11/data-link-access-and-zero-copy.html
|
||||
// And this: https://www.kernel.org/doc/Documentation/networking/packet_mmap.txt
|
||||
@ -173,10 +171,10 @@ int setup_socket(std::string interface_name, int fanout_group_id) {
|
||||
|
||||
req.tp_block_size = blocksiz;
|
||||
req.tp_frame_size = framesiz;
|
||||
req.tp_block_nr = blocknum;
|
||||
req.tp_frame_nr = (blocksiz * blocknum) / framesiz;
|
||||
req.tp_block_nr = blocknum;
|
||||
req.tp_frame_nr = (blocksiz * blocknum) / framesiz;
|
||||
|
||||
req.tp_retire_blk_tov = 60; // Timeout in msec
|
||||
req.tp_retire_blk_tov = 60; // Timeout in msec
|
||||
req.tp_feature_req_word = TP_FT_REQ_FILL_RXHASH;
|
||||
|
||||
int setsockopt_rx_ring = setsockopt(packet_socket, SOL_PACKET, PACKET_RX_RING, (void*)&req, sizeof(req));
|
||||
@ -188,7 +186,7 @@ int setup_socket(std::string interface_name, int fanout_group_id) {
|
||||
|
||||
// We use per thread structures
|
||||
uint8_t* mapped_buffer = NULL;
|
||||
struct iovec* rd = NULL;
|
||||
struct iovec* rd = NULL;
|
||||
|
||||
mapped_buffer = (uint8_t*)mmap(NULL, req.tp_block_size * req.tp_block_nr, PROT_READ | PROT_WRITE,
|
||||
MAP_SHARED | MAP_LOCKED, packet_socket, 0);
|
||||
@ -204,7 +202,7 @@ int setup_socket(std::string interface_name, int fanout_group_id) {
|
||||
// Initilize iov structures
|
||||
for (int i = 0; i < req.tp_block_nr; ++i) {
|
||||
rd[i].iov_base = mapped_buffer + (i * req.tp_block_size);
|
||||
rd[i].iov_len = req.tp_block_size;
|
||||
rd[i].iov_len = req.tp_block_size;
|
||||
}
|
||||
|
||||
int bind_result = bind(packet_socket, (struct sockaddr*)&bind_address, sizeof(bind_address));
|
||||
@ -221,8 +219,7 @@ int setup_socket(std::string interface_name, int fanout_group_id) {
|
||||
|
||||
int fanout_arg = (fanout_group_id | (fanout_type << 16));
|
||||
|
||||
int setsockopt_fanout =
|
||||
setsockopt(packet_socket, SOL_PACKET, PACKET_FANOUT, &fanout_arg, sizeof(fanout_arg));
|
||||
int setsockopt_fanout = setsockopt(packet_socket, SOL_PACKET, PACKET_FANOUT, &fanout_arg, sizeof(fanout_arg));
|
||||
|
||||
if (setsockopt_fanout < 0) {
|
||||
printf("Can't configure fanout\n");
|
||||
@ -235,8 +232,8 @@ int setup_socket(std::string interface_name, int fanout_group_id) {
|
||||
struct pollfd pfd;
|
||||
memset(&pfd, 0, sizeof(pfd));
|
||||
|
||||
pfd.fd = packet_socket;
|
||||
pfd.events = POLLIN | POLLERR;
|
||||
pfd.fd = packet_socket;
|
||||
pfd.events = POLLIN | POLLERR;
|
||||
pfd.revents = 0;
|
||||
|
||||
while (true) {
|
||||
@ -290,7 +287,7 @@ int main() {
|
||||
CPU_SET(cpu_to_bind, ¤t_cpu_set);
|
||||
|
||||
int set_affinity_result =
|
||||
pthread_attr_setaffinity_np(thread_attrs.native_handle(), sizeof(cpu_set_t), ¤t_cpu_set);
|
||||
pthread_attr_setaffinity_np(thread_attrs.native_handle(), sizeof(cpu_set_t), ¤t_cpu_set);
|
||||
|
||||
if (set_affinity_result != 0) {
|
||||
printf("Can't set CPU affinity for thread\n");
|
||||
@ -298,7 +295,7 @@ int main() {
|
||||
}
|
||||
|
||||
packet_receiver_thread_group.add_thread(
|
||||
new boost::thread(thread_attrs, boost::bind(start_af_packet_capture, "eth6", fanout_group_id)));
|
||||
new boost::thread(thread_attrs, boost::bind(start_af_packet_capture, "eth6", fanout_group_id)));
|
||||
}
|
||||
|
||||
// Wait all processes for finish
|
||||
|
@ -16,12 +16,12 @@
|
||||
#define BIG_CONSTANT(x) (x##LLU)
|
||||
uint64_t MurmurHash64A(const void* key, int len, uint64_t seed) {
|
||||
const uint64_t m = BIG_CONSTANT(0xc6a4a7935bd1e995);
|
||||
const int r = 47;
|
||||
const int r = 47;
|
||||
|
||||
uint64_t h = seed ^ (len * m);
|
||||
|
||||
const uint64_t* data = (const uint64_t*)key;
|
||||
const uint64_t* end = data + (len / 8);
|
||||
const uint64_t* end = data + (len / 8);
|
||||
|
||||
while (data != end) {
|
||||
uint64_t k = *data++;
|
||||
@ -77,14 +77,13 @@ class conntrack_hash_struct_for_simple_packet_t {
|
||||
};
|
||||
|
||||
// Extract only important for us fields from main simple_packet structure
|
||||
bool convert_simple_packet_toconntrack_hash_struct(simple_packet_t& packet,
|
||||
conntrack_hash_struct_for_simple_packet_t& conntrack_struct) {
|
||||
bool convert_simple_packet_toconntrack_hash_struct(simple_packet_t& packet, conntrack_hash_struct_for_simple_packet_t& conntrack_struct) {
|
||||
conntrack_struct.src_ip = packet.src_ip;
|
||||
conntrack_struct.dst_ip = packet.dst_ip;
|
||||
|
||||
conntrack_struct.protocol = packet.protocol;
|
||||
|
||||
conntrack_struct.source_port = packet.source_port;
|
||||
conntrack_struct.source_port = packet.source_port;
|
||||
conntrack_struct.destination_port = packet.destination_port;
|
||||
}
|
||||
|
||||
@ -93,7 +92,7 @@ typedef std::vector<conntrack_hash_struct_for_simple_packet_t> vector_of_connetr
|
||||
class connection_tracking_fast_storage_t {
|
||||
public:
|
||||
connection_tracking_fast_storage_t(unsigned int structure_size) {
|
||||
murmur_seed = 13;
|
||||
murmur_seed = 13;
|
||||
max_vector_size = 0;
|
||||
|
||||
number_of_buckets = structure_size;
|
||||
@ -102,8 +101,7 @@ class connection_tracking_fast_storage_t {
|
||||
}
|
||||
|
||||
uint64_t get_bucket_number(conntrack_hash_struct_for_simple_packet_t& element) {
|
||||
uint64_t conntrack_hash =
|
||||
MurmurHash64A(&element, sizeof(conntrack_hash_struct_for_simple_packet_t), murmur_seed);
|
||||
uint64_t conntrack_hash = MurmurHash64A(&element, sizeof(conntrack_hash_struct_for_simple_packet_t), murmur_seed);
|
||||
|
||||
return conntrack_hash % number_of_buckets;
|
||||
}
|
||||
@ -126,8 +124,7 @@ class connection_tracking_fast_storage_t {
|
||||
return false;
|
||||
}
|
||||
|
||||
vector_of_connetrack_structs_t::iterator itr =
|
||||
std::find(vector_pointer->begin(), vector_pointer->end(), *element);
|
||||
vector_of_connetrack_structs_t::iterator itr = std::find(vector_pointer->begin(), vector_pointer->end(), *element);
|
||||
|
||||
if (itr == vector_pointer->end()) {
|
||||
return false;
|
||||
|
@ -15,8 +15,8 @@ int ban_ip() {
|
||||
}
|
||||
|
||||
char bgp_message[256];
|
||||
char* ip_cidr_form = "10.10.10.123/32";
|
||||
char* next_hop = "10.0.3.114";
|
||||
char* ip_cidr_form = "10.10.10.123/32";
|
||||
char* next_hop = "10.0.3.114";
|
||||
char* exabgp_community = "65001:666";
|
||||
// withdraw
|
||||
char* action = "announce";
|
||||
|
@ -81,7 +81,7 @@ uint32_t convert_ip_as_string_to_uint(string ip) {
|
||||
|
||||
uint32_t convert_cidr_to_binary_netmask(int cidr) {
|
||||
uint32_t binary_netmask = 0xFFFFFFFF;
|
||||
binary_netmask = binary_netmask << (32 - cidr);
|
||||
binary_netmask = binary_netmask << (32 - cidr);
|
||||
// htonl from host byte order to network
|
||||
// ntohl from network byte order to host
|
||||
|
||||
@ -113,7 +113,7 @@ void insert_prefix_bitwise_tree(tree_leaf* root, string subnet, int cidr_mask) {
|
||||
// Iterate over significant subnet bits and ignore other
|
||||
for (int i = 31; i >= 32 - cidr_mask; i--) {
|
||||
uint32_t result_bit = netmask_as_int & (1 << i);
|
||||
bool bit = result_bit == 0 ? false : true;
|
||||
bool bit = result_bit == 0 ? false : true;
|
||||
// cout<<"Insert: "<<bit<<" from position "<<i<<endl;
|
||||
|
||||
// from the left - zeros, from the rigth - ones
|
||||
@ -129,7 +129,7 @@ void insert_prefix_bitwise_tree(tree_leaf* root, string subnet, int cidr_mask) {
|
||||
// No element here, we should create it
|
||||
tree_leaf* new_leaf = new tree_leaf;
|
||||
new_leaf->right = new_leaf->left = NULL;
|
||||
new_leaf->bit = bit;
|
||||
new_leaf->bit = bit;
|
||||
|
||||
temp_root->right = new_leaf;
|
||||
|
||||
@ -145,7 +145,7 @@ void insert_prefix_bitwise_tree(tree_leaf* root, string subnet, int cidr_mask) {
|
||||
// No element here, we should create it
|
||||
tree_leaf* new_leaf = new tree_leaf;
|
||||
new_leaf->right = new_leaf->left = NULL;
|
||||
new_leaf->bit = bit;
|
||||
new_leaf->bit = bit;
|
||||
|
||||
temp_root->left = new_leaf;
|
||||
|
||||
@ -175,7 +175,7 @@ bool fast_ip_lookup(tree_leaf* root, uint32_t ip) {
|
||||
// cout<<"bit"<<i<<endl;
|
||||
|
||||
uint32_t result_bit = ip & (1 << i);
|
||||
bool bit = result_bit == 0 ? false : true;
|
||||
bool bit = result_bit == 0 ? false : true;
|
||||
|
||||
// Current node is terminal node
|
||||
if ((temp_root->left == NULL && temp_root->right == NULL)) {
|
||||
@ -259,13 +259,12 @@ int main() {
|
||||
networks_list_as_string.insert(networks_list_as_string.end(), network_list_from_config.begin(),
|
||||
network_list_from_config.end());
|
||||
|
||||
for (vector<string>::iterator ii = networks_list_as_string.begin();
|
||||
ii != networks_list_as_string.end(); ++ii) {
|
||||
for (vector<string>::iterator ii = networks_list_as_string.begin(); ii != networks_list_as_string.end(); ++ii) {
|
||||
vector<string> subnet_as_string;
|
||||
split(subnet_as_string, *ii, boost::is_any_of("/"), boost::token_compress_on);
|
||||
int cidr = atoi(subnet_as_string[1].c_str());
|
||||
|
||||
uint32_t subnet_as_int = convert_ip_as_string_to_uint(subnet_as_string[0]);
|
||||
uint32_t subnet_as_int = convert_ip_as_string_to_uint(subnet_as_string[0]);
|
||||
uint32_t netmask_as_int = convert_cidr_to_binary_netmask(cidr);
|
||||
|
||||
insert_prefix_bitwise_tree(root, subnet_as_string[0], cidr);
|
||||
|
@ -20,10 +20,9 @@ using namespace std;
|
||||
class map_element {
|
||||
public:
|
||||
map_element()
|
||||
: in_bytes(0), out_bytes(0), in_packets(0), out_packets(0), tcp_in_packets(0),
|
||||
tcp_out_packets(0), tcp_in_bytes(0), tcp_out_bytes(0), udp_in_packets(0), udp_out_packets(0),
|
||||
udp_in_bytes(0), udp_out_bytes(0), in_flows(0), out_flows(0), icmp_in_packets(0),
|
||||
icmp_out_packets(0), icmp_in_bytes(0), icmp_out_bytes(0) {
|
||||
: in_bytes(0), out_bytes(0), in_packets(0), out_packets(0), tcp_in_packets(0), tcp_out_packets(0), tcp_in_bytes(0),
|
||||
tcp_out_bytes(0), udp_in_packets(0), udp_out_packets(0), udp_in_bytes(0), udp_out_bytes(0), in_flows(0),
|
||||
out_flows(0), icmp_in_packets(0), icmp_out_packets(0), icmp_in_bytes(0), icmp_out_bytes(0) {
|
||||
}
|
||||
unsigned int in_bytes;
|
||||
unsigned int out_bytes;
|
||||
@ -65,15 +64,15 @@ vector_of_vector_counters SubnetVectorVector;
|
||||
|
||||
void subnet_vectors_allocator(prefix_t* prefix, void* data) {
|
||||
uint32_t subnet_as_integer = prefix->add.sin.s_addr;
|
||||
u_short bitlen = prefix->bitlen;
|
||||
u_short bitlen = prefix->bitlen;
|
||||
|
||||
int network_size_in_ips = pow(2, 32 - bitlen);
|
||||
network_size_in_ips = 1;
|
||||
network_size_in_ips = 1;
|
||||
|
||||
SubnetVectorMap[subnet_as_integer] = new vector_of_counters(network_size_in_ips);
|
||||
|
||||
pair_of_subnets_with_key my_pair;
|
||||
my_pair.first = subnet_as_integer;
|
||||
my_pair.first = subnet_as_integer;
|
||||
my_pair.second = new vector_of_counters(network_size_in_ips);
|
||||
|
||||
SubnetVectorVector.push_back(my_pair);
|
||||
@ -112,8 +111,8 @@ int main() {
|
||||
// std::sort(SubnetVectorVector.begin(), SubnetVectorVector.end(), mysortfunction);
|
||||
|
||||
prefix_t prefix_for_check_adreess;
|
||||
prefix_for_check_adreess.family = AF_INET;
|
||||
prefix_for_check_adreess.bitlen = 32;
|
||||
prefix_for_check_adreess.family = AF_INET;
|
||||
prefix_for_check_adreess.bitlen = 32;
|
||||
patricia_node_t* found_patrica_node = NULL;
|
||||
// prefix_for_check_adreess.add.sin.s_addr = 123123123;
|
||||
|
||||
@ -142,8 +141,7 @@ int main() {
|
||||
for (int i = 0; i < i_iter; i++) {
|
||||
// Random Pseudo IP
|
||||
// prefix_for_check_adreess.add.sin.s_addr = i*j;
|
||||
patricia_node_t* found_patrica_node =
|
||||
patricia_search_best2(lookup_tree, &prefix_for_check_adreess, 1);
|
||||
patricia_node_t* found_patrica_node = patricia_search_best2(lookup_tree, &prefix_for_check_adreess, 1);
|
||||
|
||||
unsigned long destination_subnet = 0;
|
||||
|
||||
@ -198,11 +196,10 @@ int main() {
|
||||
clock_gettime(CLOCK_REALTIME, &finish_time);
|
||||
|
||||
unsigned long used_seconds = finish_time.tv_sec - start_time.tv_sec;
|
||||
unsigned long total_ops = i_iter * j_iter;
|
||||
float megaops_per_second = (float)total_ops / (float)used_seconds / 1000000;
|
||||
unsigned long total_ops = i_iter * j_iter;
|
||||
float megaops_per_second = (float)total_ops / (float)used_seconds / 1000000;
|
||||
|
||||
printf("Total time is %d seconds total ops: %d\nMillion of ops per second: %.1f\n",
|
||||
used_seconds, total_ops, megaops_per_second);
|
||||
printf("Total time is %d seconds total ops: %d\nMillion of ops per second: %.1f\n", used_seconds, total_ops, megaops_per_second);
|
||||
|
||||
Destroy_Patricia(lookup_tree, (void_fn_t)0);
|
||||
}
|
||||
|
@ -13,7 +13,7 @@ int main(int argc, char* argv[]) {
|
||||
|
||||
mongoc_init();
|
||||
|
||||
client = mongoc_client_new("mongodb://localhost:27017/");
|
||||
client = mongoc_client_new("mongodb://localhost:27017/");
|
||||
collection = mongoc_client_get_collection(client, "test", "test");
|
||||
|
||||
doc = bson_new();
|
||||
|
@ -21,11 +21,11 @@ int receive_packets(struct netmap_ring* ring) {
|
||||
u_int cur, rx, n;
|
||||
|
||||
cur = ring->cur;
|
||||
n = nm_ring_space(ring);
|
||||
n = nm_ring_space(ring);
|
||||
|
||||
for (rx = 0; rx < n; rx++) {
|
||||
struct netmap_slot* slot = &ring->slot[cur];
|
||||
char* p = NETMAP_BUF(ring, slot->buf_idx);
|
||||
char* p = NETMAP_BUF(ring, slot->buf_idx);
|
||||
|
||||
// process data
|
||||
consume_pkt((u_char*)p, slot->len);
|
||||
@ -43,7 +43,7 @@ void consume_pkt(u_char* buffer, int len) {
|
||||
// memcpy(packet_data, buffer, len);
|
||||
struct pfring_pkthdr l2tp_header;
|
||||
memset(&l2tp_header, 0, sizeof(l2tp_header));
|
||||
l2tp_header.len = len;
|
||||
l2tp_header.len = len;
|
||||
l2tp_header.caplen = len;
|
||||
|
||||
fastnetmon_parse_pkt((u_char*)buffer, &l2tp_header, 4, 1, 0);
|
||||
@ -70,7 +70,7 @@ void receiver(void) {
|
||||
base_nmd.nr_tx_slots = base_nmd.nr_rx_slots = 0;
|
||||
|
||||
std::string interface = "netmap:eth4";
|
||||
netmap_descriptor = nm_open(interface.c_str(), &base_nmd, 0, NULL);
|
||||
netmap_descriptor = nm_open(interface.c_str(), &base_nmd, 0, NULL);
|
||||
|
||||
if (netmap_descriptor == NULL) {
|
||||
printf("Can't open netmap device %s\n", interface.c_str());
|
||||
@ -79,8 +79,7 @@ void receiver(void) {
|
||||
}
|
||||
|
||||
printf("Mapped %dKB memory at %p\n", netmap_descriptor->req.nr_memsize >> 10, netmap_descriptor->mem);
|
||||
printf("We have %d tx and %d rx rings\n", netmap_descriptor->req.nr_tx_rings,
|
||||
netmap_descriptor->req.nr_rx_rings);
|
||||
printf("We have %d tx and %d rx rings\n", netmap_descriptor->req.nr_tx_rings, netmap_descriptor->req.nr_rx_rings);
|
||||
|
||||
/*
|
||||
protocol stack and may cause a reset of the card,
|
||||
@ -104,22 +103,20 @@ void receiver(void) {
|
||||
printf("SHIT SHIT SHIT HAPPINED\n");
|
||||
}
|
||||
|
||||
nmd.req.nr_flags = NR_REG_ONE_NIC;
|
||||
nmd.req.nr_flags = NR_REG_ONE_NIC;
|
||||
nmd.req.nr_ringid = i;
|
||||
|
||||
/* Only touch one of the rings (rx is already ok) */
|
||||
nmd_flags |= NETMAP_NO_TX_POLL;
|
||||
|
||||
struct nm_desc* new_nmd =
|
||||
nm_open(interface.c_str(), NULL, nmd_flags | NM_OPEN_IFNAME | NM_OPEN_NO_MMAP, &nmd);
|
||||
struct nm_desc* new_nmd = nm_open(interface.c_str(), NULL, nmd_flags | NM_OPEN_IFNAME | NM_OPEN_NO_MMAP, &nmd);
|
||||
|
||||
if (new_nmd == NULL) {
|
||||
printf("Can't open netmap descripto for netmap\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
printf("My first ring is %d and last ring id is %d I'm thread %d\n", new_nmd->first_rx_ring,
|
||||
new_nmd->last_rx_ring, i);
|
||||
printf("My first ring is %d and last ring id is %d I'm thread %d\n", new_nmd->first_rx_ring, new_nmd->last_rx_ring, i);
|
||||
|
||||
printf("Start new thread %d\n", i);
|
||||
// Start thread and pass netmap descriptor to it
|
||||
@ -137,11 +134,11 @@ void netmap_thread(struct nm_desc* netmap_descriptor, int thread_number) {
|
||||
struct nm_pkthdr h;
|
||||
u_char* buf;
|
||||
struct pollfd fds;
|
||||
fds.fd = netmap_descriptor->fd; // NETMAP_FD(netmap_descriptor);
|
||||
fds.fd = netmap_descriptor->fd; // NETMAP_FD(netmap_descriptor);
|
||||
fds.events = POLLIN;
|
||||
|
||||
struct netmap_ring* rxring = NULL;
|
||||
struct netmap_if* nifp = netmap_descriptor->nifp;
|
||||
struct netmap_if* nifp = netmap_descriptor->nifp;
|
||||
|
||||
printf("Reading from fd %d thread id: %d\n", netmap_descriptor->fd, thread_number);
|
||||
|
||||
|
@ -47,7 +47,7 @@ void* speed_printer(void* ptr) {
|
||||
sleep(1);
|
||||
|
||||
uint64_t packets_after = received_packets;
|
||||
uint64_t pps = packets_after - packets_before;
|
||||
uint64_t pps = packets_after - packets_before;
|
||||
|
||||
printf("We process: %llu pps\n", pps);
|
||||
}
|
||||
@ -74,19 +74,17 @@ int main() {
|
||||
|
||||
pthread_detach(thread);
|
||||
|
||||
unsigned char payload1[] = { 0x90, 0xE2, 0xBA, 0x83, 0x3F, 0x25, 0x90, 0xE2, 0xBA, 0x2C,
|
||||
0xCB, 0x02, 0x08, 0x00, 0x45, 0x00, 0x00, 0x2E, 0x00, 0x00,
|
||||
0x00, 0x00, 0x40, 0x06, 0x69, 0xDC, 0x0A, 0x84, 0xF1, 0x83,
|
||||
0x0A, 0x0A, 0x0A, 0xDD, 0x04, 0x01, 0x00, 0x50, 0x00, 0x00,
|
||||
0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x50, 0x02, 0x00, 0x0A,
|
||||
0x9A, 0x92, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
||||
unsigned char payload1[] = { 0x90, 0xE2, 0xBA, 0x83, 0x3F, 0x25, 0x90, 0xE2, 0xBA, 0x2C, 0xCB, 0x02,
|
||||
0x08, 0x00, 0x45, 0x00, 0x00, 0x2E, 0x00, 0x00, 0x00, 0x00, 0x40, 0x06,
|
||||
0x69, 0xDC, 0x0A, 0x84, 0xF1, 0x83, 0x0A, 0x0A, 0x0A, 0xDD, 0x04, 0x01,
|
||||
0x00, 0x50, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x50, 0x02,
|
||||
0x00, 0x0A, 0x9A, 0x92, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
||||
|
||||
unsigned char payload2[] = { 0x90, 0xE2, 0xBA, 0x83, 0x3F, 0x25, 0x90, 0xE2, 0xBA, 0x2C,
|
||||
0xCB, 0x02, 0x08, 0x00, 0x45, 0x00, 0x00, 0x2E, 0x00, 0x00,
|
||||
0x00, 0x00, 0x40, 0x06, 0x69, 0xDB, 0x0A, 0x84, 0xF1, 0x84,
|
||||
0x0A, 0x0A, 0x0A, 0xDD, 0x04, 0x01, 0x00, 0x50, 0x00, 0x00,
|
||||
0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x50, 0x02, 0x00, 0x0A,
|
||||
0x9A, 0x91, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
||||
unsigned char payload2[] = { 0x90, 0xE2, 0xBA, 0x83, 0x3F, 0x25, 0x90, 0xE2, 0xBA, 0x2C, 0xCB, 0x02,
|
||||
0x08, 0x00, 0x45, 0x00, 0x00, 0x2E, 0x00, 0x00, 0x00, 0x00, 0x40, 0x06,
|
||||
0x69, 0xDB, 0x0A, 0x84, 0xF1, 0x84, 0x0A, 0x0A, 0x0A, 0xDD, 0x04, 0x01,
|
||||
0x00, 0x50, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x50, 0x02,
|
||||
0x00, 0x0A, 0x9A, 0x91, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
||||
|
||||
unsigned char byte_value = 0;
|
||||
|
||||
@ -128,11 +126,11 @@ void call_fastnetmon_parser(void* ptr, int length) {
|
||||
struct pfring_pkthdr packet_header;
|
||||
memset(&packet_header, 0, sizeof(struct pfring_pkthdr));
|
||||
|
||||
packet_header.len = length;
|
||||
packet_header.len = length;
|
||||
packet_header.caplen = length;
|
||||
|
||||
u_int8_t timestamp = 0;
|
||||
u_int8_t add_hash = 0;
|
||||
u_int8_t add_hash = 0;
|
||||
|
||||
fastnetmon_parse_pkt((u_char*)ptr, &packet_header, 4, 0, 0);
|
||||
|
||||
|
@ -31,8 +31,8 @@ int main() {
|
||||
make_and_lookup(lookup_tree, "193.42.142.0/24");
|
||||
|
||||
prefix_t prefix_for_check_adreess;
|
||||
prefix_for_check_adreess.family = AF_INET;
|
||||
prefix_for_check_adreess.bitlen = 32;
|
||||
prefix_for_check_adreess.family = AF_INET;
|
||||
prefix_for_check_adreess.bitlen = 32;
|
||||
patricia_node_t* found_patrica_node = NULL;
|
||||
// prefix_for_check_adreess.add.sin.s_addr = 123123123;
|
||||
|
||||
@ -60,8 +60,7 @@ int main() {
|
||||
for (i = 0; i < i_iter; i++) {
|
||||
// Random Pseudo IP
|
||||
prefix_for_check_adreess.add.sin.s_addr = i * j;
|
||||
patricia_node_t* found_patrica_node =
|
||||
patricia_search_best2(lookup_tree, &prefix_for_check_adreess, 1);
|
||||
patricia_node_t* found_patrica_node = patricia_search_best2(lookup_tree, &prefix_for_check_adreess, 1);
|
||||
|
||||
unsigned long destination_subnet = 0;
|
||||
|
||||
@ -75,11 +74,10 @@ int main() {
|
||||
clock_gettime(CLOCK_REALTIME, &finish_time);
|
||||
|
||||
unsigned long used_seconds = finish_time.tv_sec - start_time.tv_sec;
|
||||
unsigned long total_ops = i_iter * j_iter;
|
||||
float megaops_per_second = (float)total_ops / (float)used_seconds / 1000000;
|
||||
unsigned long total_ops = i_iter * j_iter;
|
||||
float megaops_per_second = (float)total_ops / (float)used_seconds / 1000000;
|
||||
|
||||
printf("Total time is %d seconds total ops: %d\nMillion of ops per second: %.1f\n",
|
||||
used_seconds, total_ops, megaops_per_second);
|
||||
printf("Total time is %d seconds total ops: %d\nMillion of ops per second: %.1f\n", used_seconds, total_ops, megaops_per_second);
|
||||
|
||||
Destroy_Patricia(lookup_tree, (void_fn_t)0);
|
||||
}
|
||||
|
@ -19,12 +19,11 @@ int main() {
|
||||
return -1;
|
||||
}
|
||||
|
||||
unsigned char payload1[] = { 0x90, 0xE2, 0xBA, 0x83, 0x3F, 0x25, 0x90, 0xE2, 0xBA, 0x2C,
|
||||
0xCB, 0x02, 0x08, 0x00, 0x45, 0x00, 0x00, 0x2E, 0x00, 0x00,
|
||||
0x00, 0x00, 0x40, 0x06, 0x69, 0xDC, 0x0A, 0x84, 0xF1, 0x83,
|
||||
0x0A, 0x0A, 0x0A, 0xDD, 0x04, 0x01, 0x00, 0x50, 0x00, 0x00,
|
||||
0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x50, 0x02, 0x00, 0x0A,
|
||||
0x9A, 0x92, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
||||
unsigned char payload1[] = { 0x90, 0xE2, 0xBA, 0x83, 0x3F, 0x25, 0x90, 0xE2, 0xBA, 0x2C, 0xCB, 0x02,
|
||||
0x08, 0x00, 0x45, 0x00, 0x00, 0x2E, 0x00, 0x00, 0x00, 0x00, 0x40, 0x06,
|
||||
0x69, 0xDC, 0x0A, 0x84, 0xF1, 0x83, 0x0A, 0x0A, 0x0A, 0xDD, 0x04, 0x01,
|
||||
0x00, 0x50, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x50, 0x02,
|
||||
0x00, 0x0A, 0x9A, 0x92, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
||||
|
||||
if (!packet_storage.write_packet(payload1, sizeof(payload1))) {
|
||||
printf("Can't write packet to the storage\n");
|
||||
@ -44,8 +43,7 @@ int main() {
|
||||
|
||||
std::cout << "Used size: " << packet_storage.get_used_memory() << std::endl;
|
||||
|
||||
ssize_t wrote_bytes =
|
||||
write(filedesc, (void*)packet_storage.get_buffer_pointer(), packet_storage.get_used_memory());
|
||||
ssize_t wrote_bytes = write(filedesc, (void*)packet_storage.get_buffer_pointer(), packet_storage.get_used_memory());
|
||||
|
||||
if (wrote_bytes != packet_storage.get_used_memory()) {
|
||||
printf("Can't write data to the file\n");
|
||||
|
@ -44,9 +44,9 @@ void set_tsc_freq_fallback() {
|
||||
class token_bucket_t {
|
||||
public:
|
||||
token_bucket_t() {
|
||||
this->tokens = 0;
|
||||
this->rate = 0;
|
||||
this->burst = 0;
|
||||
this->tokens = 0;
|
||||
this->rate = 0;
|
||||
this->burst = 0;
|
||||
this->last_timestamp = 0;
|
||||
}
|
||||
|
||||
@ -66,7 +66,7 @@ class token_bucket_t {
|
||||
this->rate = rate;
|
||||
|
||||
this->tokens = burst;
|
||||
this->burst = burst;
|
||||
this->burst = burst;
|
||||
|
||||
// Start counter!
|
||||
this->last_timestamp = (double)rte_rdtsc() / system_tsc_resolution_hz;
|
||||
@ -74,17 +74,15 @@ class token_bucket_t {
|
||||
|
||||
int64_t consume(int64_t consumed_tokens) {
|
||||
double current_time = (double)rte_rdtsc() / system_tsc_resolution_hz;
|
||||
double interval = (current_time - this->last_timestamp);
|
||||
double interval = (current_time - this->last_timestamp);
|
||||
|
||||
if (interval < 0) {
|
||||
printf("Your TSC is buggy, we have last %llu and current time: %llu\n",
|
||||
this->last_timestamp, current_time);
|
||||
printf("Your TSC is buggy, we have last %llu and current time: %llu\n", this->last_timestamp, current_time);
|
||||
}
|
||||
|
||||
this->last_timestamp = current_time;
|
||||
|
||||
this->tokens =
|
||||
std::max((double)0, std::min(double(this->tokens + this->rate * interval), double(this->burst))) - 1;
|
||||
this->tokens = std::max((double)0, std::min(double(this->tokens + this->rate * interval), double(this->burst))) - 1;
|
||||
|
||||
return this->tokens;
|
||||
}
|
||||
@ -143,7 +141,7 @@ int firehose_callback_v1(const char* pciaddr, char** packets, struct firehose_rd
|
||||
__builtin_prefetch(packets[next_index]);
|
||||
firehose_packet(pciaddr, packets[index], rxring[index].length);
|
||||
rxring[index].status = 0; /* reset descriptor for reuse */
|
||||
index = next_index;
|
||||
index = next_index;
|
||||
}
|
||||
return index;
|
||||
}
|
||||
@ -158,7 +156,7 @@ void* speed_printer(void* ptr) {
|
||||
sleep(1);
|
||||
|
||||
uint64_t packets_after = received_packets;
|
||||
uint64_t pps = packets_after - packets_before;
|
||||
uint64_t pps = packets_after - packets_before;
|
||||
|
||||
printf("We process: %llu pps tokens %lld rate %lld burst %lld \n", (long long)pps,
|
||||
global_token_bucket_counter.get_tokens(), global_token_bucket_counter.get_rate(),
|
||||
|
@ -43,7 +43,7 @@
|
||||
using namespace std;
|
||||
|
||||
typedef simple_packet* simple_packet_shared_ptr_t;
|
||||
typedef boost::lockfree::spsc_queue<simple_packet_shared_ptr_t, boost::lockfree::capacity<1048576> > my_spsc_queue_t;
|
||||
typedef boost::lockfree::spsc_queue<simple_packet_shared_ptr_t, boost::lockfree::capacity<1048576>> my_spsc_queue_t;
|
||||
|
||||
uint64_t total_unparsed_packets = 0;
|
||||
|
||||
@ -112,7 +112,7 @@ void speed_printer() {
|
||||
boost::this_thread::sleep(boost::posix_time::seconds(1));
|
||||
|
||||
uint64_t packets_after = received_packets;
|
||||
uint64_t pps = packets_after - packets_before;
|
||||
uint64_t pps = packets_after - packets_before;
|
||||
|
||||
printf("We process: %llu pps\n", pps);
|
||||
}
|
||||
|
@ -24,7 +24,7 @@ int main() {
|
||||
memset(&serv_addr, 0, sizeof(serv_addr));
|
||||
|
||||
serv_addr.sin_family = AF_INET;
|
||||
serv_addr.sin_port = htons(2003);
|
||||
serv_addr.sin_port = htons(2003);
|
||||
|
||||
if (inet_pton(AF_INET, "127.0.0.1", &serv_addr.sin_addr) <= 0) {
|
||||
printf("\n inet_pton error occured\n");
|
||||
|
@ -9,7 +9,7 @@
|
||||
|
||||
uint32_t convert_cidr_to_binary_netmask(unsigned int cidr) {
|
||||
uint32_t binary_netmask = 0xFFFFFFFF;
|
||||
binary_netmask = binary_netmask << (32 - cidr);
|
||||
binary_netmask = binary_netmask << (32 - cidr);
|
||||
// htonl from host byte order to network
|
||||
// ntohl from network byte order to host
|
||||
|
||||
@ -26,17 +26,15 @@ uint32_t convert_ip_as_string_to_uint(std::string ip) {
|
||||
}
|
||||
|
||||
int main() {
|
||||
uint32_t network_zero = convert_ip_as_string_to_uint("10.10.10.0");
|
||||
uint32_t network_200 = convert_ip_as_string_to_uint("10.10.10.200");
|
||||
uint32_t network_zero = convert_ip_as_string_to_uint("10.10.10.0");
|
||||
uint32_t network_200 = convert_ip_as_string_to_uint("10.10.10.200");
|
||||
uint32_t binary_netmask = convert_cidr_to_binary_netmask(24);
|
||||
|
||||
uint32_t generated_subnet_address = network_200 & binary_netmask;
|
||||
|
||||
std::cout << "network byte order" << std::endl;
|
||||
std::cout << "10.10.10.200/24\tnetwork byte order:" << network_200
|
||||
<< " host byte order:" << ntohl(network_200) << std::endl;
|
||||
std::cout << "10.10.10.0/24\tnetwork byte order:" << network_zero
|
||||
<< " host byte order:" << ntohl(network_zero) << std::endl;
|
||||
std::cout << "10.10.10.200/24\tnetwork byte order:" << network_200 << " host byte order:" << ntohl(network_200) << std::endl;
|
||||
std::cout << "10.10.10.0/24\tnetwork byte order:" << network_zero << " host byte order:" << ntohl(network_zero) << std::endl;
|
||||
|
||||
std::cout << "generated \tnetwork byte order:" << generated_subnet_address
|
||||
<< " host byte order:" << ntohl(generated_subnet_address) << std::endl;
|
||||
|
@ -5,10 +5,9 @@
|
||||
using namespace Tins;
|
||||
|
||||
bool callback(const PDU& pdu) {
|
||||
const IP& ip = pdu.rfind_pdu<IP>(); // Find the IP layer
|
||||
const IP& ip = pdu.rfind_pdu<IP>(); // Find the IP layer
|
||||
const TCP& tcp = pdu.rfind_pdu<TCP>(); // Find the TCP layer
|
||||
std::cout << ip.src_addr() << ':' << tcp.sport() << " -> " << ip.dst_addr() << ':'
|
||||
<< tcp.dport() << std::endl;
|
||||
std::cout << ip.src_addr() << ':' << tcp.sport() << " -> " << ip.dst_addr() << ':' << tcp.dport() << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -63,7 +63,7 @@ std::vector<map_element> DataCounterVector;
|
||||
|
||||
using namespace std;
|
||||
|
||||
int number_of_ips = 10 * 1000 * 1000;
|
||||
int number_of_ips = 10 * 1000 * 1000;
|
||||
int number_of_retries = 1;
|
||||
|
||||
// #define enable_mutexex_in_test
|
||||
@ -205,7 +205,7 @@ int timeval_subtract(struct timeval* result, struct timeval* x, struct timeval*
|
||||
}
|
||||
|
||||
/* Compute the time remaining to wait. tv_usec is certainly positive. */
|
||||
result->tv_sec = x->tv_sec - y->tv_sec;
|
||||
result->tv_sec = x->tv_sec - y->tv_sec;
|
||||
result->tv_usec = x->tv_usec - y->tv_usec;
|
||||
|
||||
/* Return 1 if result is negative. */
|
||||
|
@ -31,7 +31,7 @@ uint64_t get_tsc_freq_from_clock(void) {
|
||||
#define NS_PER_SEC 1E9
|
||||
struct timespec sleeptime;
|
||||
|
||||
sleeptime.tv_sec = 1;
|
||||
sleeptime.tv_sec = 1;
|
||||
sleeptime.tv_nsec = 5E8; /* 1/2 second */
|
||||
|
||||
struct timespec t_start, t_end;
|
||||
@ -44,7 +44,7 @@ uint64_t get_tsc_freq_from_clock(void) {
|
||||
nanosleep(&sleeptime, NULL);
|
||||
clock_gettime(CLOCK_MONOTONIC_RAW, &t_end);
|
||||
end = read_tsc_cpu_register();
|
||||
ns = ((t_end.tv_sec - t_start.tv_sec) * NS_PER_SEC);
|
||||
ns = ((t_end.tv_sec - t_start.tv_sec) * NS_PER_SEC);
|
||||
ns += (t_end.tv_nsec - t_start.tv_nsec);
|
||||
|
||||
double secs = (double)ns / NS_PER_SEC;
|
||||
|
@ -7,26 +7,25 @@ bool parse_raw_packet_to_simple_packet(u_char* buffer, int len, simple_packet_t&
|
||||
struct pfring_pkthdr packet_header;
|
||||
|
||||
memset(&packet_header, 0, sizeof(packet_header));
|
||||
packet_header.len = len;
|
||||
packet_header.len = len;
|
||||
packet_header.caplen = len;
|
||||
|
||||
// We do not calculate timestamps because timestamping is very CPU intensive operation:
|
||||
// https://github.com/ntop/PF_RING/issues/9
|
||||
u_int8_t timestamp = 0;
|
||||
u_int8_t add_hash = 0;
|
||||
u_int8_t add_hash = 0;
|
||||
fastnetmon_parse_pkt((u_char*)buffer, &packet_header, 4, timestamp, add_hash);
|
||||
|
||||
// char print_buffer[512];
|
||||
// fastnetmon_print_parsed_pkt(print_buffer, 512, (u_char*)buffer, &packet_header);
|
||||
// logger.info("%s", print_buffer);
|
||||
|
||||
if (packet_header.extended_hdr.parsed_pkt.ip_version != 4 &&
|
||||
packet_header.extended_hdr.parsed_pkt.ip_version != 6) {
|
||||
if (packet_header.extended_hdr.parsed_pkt.ip_version != 4 && packet_header.extended_hdr.parsed_pkt.ip_version != 6) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// We need this for deep packet inspection
|
||||
packet.packet_payload_length = len;
|
||||
packet.packet_payload_length = len;
|
||||
packet.packet_payload_pointer = (void*)buffer;
|
||||
|
||||
packet.ip_protocol_version = packet_header.extended_hdr.parsed_pkt.ip_version;
|
||||
@ -43,7 +42,7 @@ bool parse_raw_packet_to_simple_packet(u_char* buffer, int len, simple_packet_t&
|
||||
memcpy(packet.dst_ipv6.s6_addr, packet_header.extended_hdr.parsed_pkt.ip_dst.v6.s6_addr, 16);
|
||||
}
|
||||
|
||||
packet.source_port = packet_header.extended_hdr.parsed_pkt.l4_src_port;
|
||||
packet.source_port = packet_header.extended_hdr.parsed_pkt.l4_src_port;
|
||||
packet.destination_port = packet_header.extended_hdr.parsed_pkt.l4_dst_port;
|
||||
|
||||
if (read_packet_length_from_ip_header) {
|
||||
@ -53,10 +52,10 @@ bool parse_raw_packet_to_simple_packet(u_char* buffer, int len, simple_packet_t&
|
||||
}
|
||||
|
||||
packet.protocol = packet_header.extended_hdr.parsed_pkt.l3_proto;
|
||||
packet.ts = packet_header.ts;
|
||||
packet.ts = packet_header.ts;
|
||||
|
||||
packet.ip_fragmented = packet_header.extended_hdr.parsed_pkt.ip_fragmented;
|
||||
packet.ttl = packet_header.extended_hdr.parsed_pkt.ip_ttl;
|
||||
packet.ttl = packet_header.extended_hdr.parsed_pkt.ip_ttl;
|
||||
|
||||
// Copy flags from PF_RING header to our pseudo header
|
||||
if (packet.protocol == IPPROTO_TCP) {
|
||||
|
Loading…
Reference in New Issue
Block a user