Reworked packet storage to work with sampled data (#883)

2020-11-15 20:36:05 +00:00 · 2020-11-15 20:36:05 +00:00 · 47bcbc57da
parent fca943d6ba
commit 47bcbc57da
2 changed files with 29 additions and 30 deletions
--- a/src/fastnetmon_logic.cpp
+++ b/src/fastnetmon_logic.cpp
@ -3104,7 +3104,7 @@ void process_packet(simple_packet_t& current_packet) {
                // this code SHOULD NOT be called without mutex!
                if (current_packet.packet_payload_length > 0 && current_packet.packet_payload_pointer != NULL) {
                    ban_list[current_packet.src_ip].pcap_attack_dump.write_packet(current_packet.packet_payload_pointer,
-                                                                                  current_packet.packet_payload_length);
+                                                                                  current_packet.packet_payload_length, current_packet.packet_payload_length);
                }
            }

@ -3125,7 +3125,7 @@ void process_packet(simple_packet_t& current_packet) {
                // this code SHOULD NOT be called without mutex!
                if (current_packet.packet_payload_length > 0 && current_packet.packet_payload_pointer != NULL) {
                    ban_list[current_packet.dst_ip].pcap_attack_dump.write_packet(current_packet.packet_payload_pointer,
-                                                                                  current_packet.packet_payload_length);
+                                                                                  current_packet.packet_payload_length, current_packet.packet_payload_length);
                }
            }

--- a/src/packet_storage.h
+++ b/src/packet_storage.h
@ -1,25 +1,24 @@
-#ifndef PACKET_STORAGE_H
-#define PACKET_STORAGE_H
+#pragma once

 #include "fastnetmon_pcap_format.h"
 #include <stdlib.h>
 #include <string.h>

+// This is dynamically allocated packet storage
 class packet_storage_t {
    public:
    packet_storage_t() {
        memory_pointer = NULL;
-        memory_pos = NULL;
-        buffer_size = 0;
+        memory_pos     = NULL;
+        buffer_size    = 0;

        // TODO: fix hardcoded mtu size this!!!
-        max_packet_size = 1500;
+        max_captured_packet_size = 1500;
    }

    bool allocate_buffer(unsigned int buffer_size_in_packets) {
        unsigned int memory_size_in_bytes =
-        buffer_size_in_packets * (max_packet_size + sizeof(fastnetmon_pcap_pkthdr)) +
-        sizeof(fastnetmon_pcap_file_header);
+            buffer_size_in_packets * (max_captured_packet_size + sizeof(fastnetmon_pcap_pkthdr)) + sizeof(fastnetmon_pcap_file_header);

        // std::cout << "We will allocate " << memory_size_in_bytes << std::endl;

@ -27,7 +26,7 @@ class packet_storage_t {

        if (memory_pointer != NULL) {
            this->buffer_size = memory_size_in_bytes;
-            memory_pos = memory_pointer;
+            memory_pos        = memory_pointer;

            // Add header to newely allocated memory block
            return this->write_header();
@ -47,31 +46,31 @@ class packet_storage_t {
        }
    }

-    bool write_packet(void* payload_pointer, unsigned int length) {
+    bool write_packet(void* payload_pointer, unsigned int captured_length, unsigned int real_packet_length) {
        // TODO: performance killer! Check it!
        bool we_do_timestamps = true;

        struct timeval current_time;
-        current_time.tv_sec = 0;
+        current_time.tv_sec  = 0;
        current_time.tv_usec = 0;

        if (we_do_timestamps) {
            gettimeofday(&current_time, NULL);
        }

-        struct fastnetmon_pcap_pkthdr pcap_packet_header;
+        fastnetmon_pcap_pkthdr pcap_packet_header;

-        pcap_packet_header.ts_sec = current_time.tv_sec;
+        pcap_packet_header.ts_sec  = current_time.tv_sec;
        pcap_packet_header.ts_usec = current_time.tv_usec;

        // Store full length of packet
-        pcap_packet_header.orig_len = length;
+        pcap_packet_header.orig_len = real_packet_length;
+        pcap_packet_header.incl_len = captured_length;

-        if (length > max_packet_size) {
-            // We whould crop packet because it's too big
-            pcap_packet_header.incl_len = max_packet_size;
-        } else {
-            pcap_packet_header.incl_len = length;
+        // We should not store packets packets with size exceeding maximum size for
+        // this file
+        if (captured_length > max_captured_packet_size) {
+            return false;
        }

        if (!this->write_binary_data(&pcap_packet_header, sizeof(pcap_packet_header))) {
@ -89,11 +88,10 @@ class packet_storage_t {
        }
    }

-
    bool write_header() {
        struct fastnetmon_pcap_file_header pcap_header;

-        fill_pcap_header(&pcap_header, max_packet_size);
+        fill_pcap_header(&pcap_header, max_captured_packet_size);

        return this->write_binary_data(&pcap_header, sizeof(pcap_header));
    }
@ -109,8 +107,8 @@ class packet_storage_t {

        free(this->memory_pointer);
        this->memory_pointer = NULL;
-        this->memory_pos = NULL;
-        this->buffer_size = 0;
+        this->memory_pos     = NULL;
+        this->buffer_size    = 0;

        return true;
    }
@ -119,19 +117,20 @@ class packet_storage_t {
        return memory_pointer;
    }

-    unsigned int get_max_packet_size() {
-        return this->max_packet_size;
+    unsigned int get_max_captured_packet_size() {
+        return this->max_captured_packet_size;
    }

-    void set_max_packet_size(unsigned int new_max_packet_size) {
-        this->max_packet_size = new_max_packet_size;
+    void set_max_captured_packet_size(unsigned int new_max_captured_packet_size) {
+        this->max_captured_packet_size = new_max_captured_packet_size;
    }

    private:
    unsigned char* memory_pointer;
    unsigned char* memory_pos;
    unsigned int buffer_size;
-    unsigned int max_packet_size;
+
+    // We should not store packets with incl_len exceeding this value
+    unsigned int max_captured_packet_size;
 };

-#endif