From 47bcbc57da3de64bb49f232e2d72706266ec046b Mon Sep 17 00:00:00 2001 From: Pavel Odintsov Date: Sun, 15 Nov 2020 20:36:05 +0000 Subject: [PATCH] Reworked packet storage to work with sampled data (#883) --- src/fastnetmon_logic.cpp | 4 +-- src/packet_storage.h | 55 ++++++++++++++++++++-------------------- 2 files changed, 29 insertions(+), 30 deletions(-) diff --git a/src/fastnetmon_logic.cpp b/src/fastnetmon_logic.cpp index d47b6dc5..4b9cc6ce 100644 --- a/src/fastnetmon_logic.cpp +++ b/src/fastnetmon_logic.cpp @@ -3104,7 +3104,7 @@ void process_packet(simple_packet_t& current_packet) { // this code SHOULD NOT be called without mutex! if (current_packet.packet_payload_length > 0 && current_packet.packet_payload_pointer != NULL) { ban_list[current_packet.src_ip].pcap_attack_dump.write_packet(current_packet.packet_payload_pointer, - current_packet.packet_payload_length); + current_packet.packet_payload_length, current_packet.packet_payload_length); } } @@ -3125,7 +3125,7 @@ void process_packet(simple_packet_t& current_packet) { // this code SHOULD NOT be called without mutex! if (current_packet.packet_payload_length > 0 && current_packet.packet_payload_pointer != NULL) { ban_list[current_packet.dst_ip].pcap_attack_dump.write_packet(current_packet.packet_payload_pointer, - current_packet.packet_payload_length); + current_packet.packet_payload_length, current_packet.packet_payload_length); } } diff --git a/src/packet_storage.h b/src/packet_storage.h index f71e9da1..2efce371 100644 --- a/src/packet_storage.h +++ b/src/packet_storage.h @@ -1,25 +1,24 @@ -#ifndef PACKET_STORAGE_H -#define PACKET_STORAGE_H +#pragma once #include "fastnetmon_pcap_format.h" #include #include +// This is dynamically allocated packet storage class packet_storage_t { public: packet_storage_t() { memory_pointer = NULL; - memory_pos = NULL; - buffer_size = 0; + memory_pos = NULL; + buffer_size = 0; // TODO: fix hardcoded mtu size this!!! - max_packet_size = 1500; + max_captured_packet_size = 1500; } bool allocate_buffer(unsigned int buffer_size_in_packets) { unsigned int memory_size_in_bytes = - buffer_size_in_packets * (max_packet_size + sizeof(fastnetmon_pcap_pkthdr)) + - sizeof(fastnetmon_pcap_file_header); + buffer_size_in_packets * (max_captured_packet_size + sizeof(fastnetmon_pcap_pkthdr)) + sizeof(fastnetmon_pcap_file_header); // std::cout << "We will allocate " << memory_size_in_bytes << std::endl; @@ -27,7 +26,7 @@ class packet_storage_t { if (memory_pointer != NULL) { this->buffer_size = memory_size_in_bytes; - memory_pos = memory_pointer; + memory_pos = memory_pointer; // Add header to newely allocated memory block return this->write_header(); @@ -47,31 +46,31 @@ class packet_storage_t { } } - bool write_packet(void* payload_pointer, unsigned int length) { + bool write_packet(void* payload_pointer, unsigned int captured_length, unsigned int real_packet_length) { // TODO: performance killer! Check it! bool we_do_timestamps = true; struct timeval current_time; - current_time.tv_sec = 0; + current_time.tv_sec = 0; current_time.tv_usec = 0; if (we_do_timestamps) { gettimeofday(¤t_time, NULL); } - struct fastnetmon_pcap_pkthdr pcap_packet_header; + fastnetmon_pcap_pkthdr pcap_packet_header; - pcap_packet_header.ts_sec = current_time.tv_sec; + pcap_packet_header.ts_sec = current_time.tv_sec; pcap_packet_header.ts_usec = current_time.tv_usec; // Store full length of packet - pcap_packet_header.orig_len = length; + pcap_packet_header.orig_len = real_packet_length; + pcap_packet_header.incl_len = captured_length; - if (length > max_packet_size) { - // We whould crop packet because it's too big - pcap_packet_header.incl_len = max_packet_size; - } else { - pcap_packet_header.incl_len = length; + // We should not store packets packets with size exceeding maximum size for + // this file + if (captured_length > max_captured_packet_size) { + return false; } if (!this->write_binary_data(&pcap_packet_header, sizeof(pcap_packet_header))) { @@ -89,11 +88,10 @@ class packet_storage_t { } } - bool write_header() { struct fastnetmon_pcap_file_header pcap_header; - fill_pcap_header(&pcap_header, max_packet_size); + fill_pcap_header(&pcap_header, max_captured_packet_size); return this->write_binary_data(&pcap_header, sizeof(pcap_header)); } @@ -109,8 +107,8 @@ class packet_storage_t { free(this->memory_pointer); this->memory_pointer = NULL; - this->memory_pos = NULL; - this->buffer_size = 0; + this->memory_pos = NULL; + this->buffer_size = 0; return true; } @@ -119,19 +117,20 @@ class packet_storage_t { return memory_pointer; } - unsigned int get_max_packet_size() { - return this->max_packet_size; + unsigned int get_max_captured_packet_size() { + return this->max_captured_packet_size; } - void set_max_packet_size(unsigned int new_max_packet_size) { - this->max_packet_size = new_max_packet_size; + void set_max_captured_packet_size(unsigned int new_max_captured_packet_size) { + this->max_captured_packet_size = new_max_captured_packet_size; } private: unsigned char* memory_pointer; unsigned char* memory_pos; unsigned int buffer_size; - unsigned int max_packet_size; + + // We should not store packets with incl_len exceeding this value + unsigned int max_captured_packet_size; }; -#endif