Added logic to completely suppress traffic log collection. Remediation for crashes
This commit is contained in:
Pavel Odintsov
parent
e2369d2283
commit
93bea219f3
|
|
@ -322,7 +322,7 @@ std::string sort_parameter = "packets";
|
|||
unsigned int max_ips_in_list = 7;
|
||||
|
||||
// Number of lines for sending ben attack details to email
|
||||
unsigned int ban_details_records_count = 500;
|
||||
unsigned int ban_details_records_count = 50;
|
||||
|
||||
// We haven't option for configure it with configuration file
|
||||
unsigned int number_of_packets_for_pcap_attack_dump = 500;
|
||||
|
|
|
|||
|
|
@ -1211,12 +1211,6 @@ std::string generate_simple_packets_dump(std::vector<simple_packet_t>& ban_list_
|
|||
|
||||
std::map<unsigned int, unsigned int>::iterator max_proto =
|
||||
std::max_element(protocol_counter.begin(), protocol_counter.end(), protocol_counter.value_comp());
|
||||
/*
|
||||
attack_details
|
||||
<< "\n"
|
||||
<< "We got more packets (" << max_proto->second << " from " << ban_details_records_count
|
||||
<< ") for protocol: " << get_protocol_name_by_number(max_proto->first) << "\n";
|
||||
*/
|
||||
|
||||
return attack_details.str();
|
||||
}
|
||||
|
|
@ -1226,6 +1220,11 @@ void send_attack_details(uint32_t client_ip, attack_details_t current_attack_det
|
|||
std::string attack_direction = get_direction_name(current_attack_details.attack_direction);
|
||||
std::string client_ip_as_string = convert_ip_as_uint_to_string(client_ip);
|
||||
|
||||
// In this case we do not collect any traffic samples
|
||||
if (ban_details_records_count == 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Very strange code but it work in 95% cases
|
||||
if (ban_list_details.count(client_ip) > 0 && ban_list_details[client_ip].size() >= ban_details_records_count) {
|
||||
std::stringstream attack_details;
|
||||
|
|
@ -3430,7 +3429,8 @@ void process_packet(simple_packet_t& current_packet) {
|
|||
// Exceute ban related processing
|
||||
if (current_packet.packet_direction == OUTGOING) {
|
||||
// Collect data when ban client
|
||||
if (!ban_list_details.empty() && ban_list_details.count(current_packet.src_ip) > 0 &&
|
||||
if (ban_details_records_count != 0 &&
|
||||
!ban_list_details.empty() && ban_list_details.count(current_packet.src_ip) > 0 &&
|
||||
ban_list_details[current_packet.src_ip].size() < ban_details_records_count) {
|
||||
|
||||
ban_list_details_mutex.lock();
|
||||
|
|
@ -3451,7 +3451,8 @@ void process_packet(simple_packet_t& current_packet) {
|
|||
|
||||
if (current_packet.packet_direction == INCOMING) {
|
||||
// Collect attack details
|
||||
if (!ban_list_details.empty() && ban_list_details.count(current_packet.dst_ip) > 0 &&
|
||||
if (ban_details_records_count != 0 &&
|
||||
!ban_list_details.empty() && ban_list_details.count(current_packet.dst_ip) > 0 &&
|
||||
ban_list_details[current_packet.dst_ip].size() < ban_details_records_count) {
|
||||
|
||||
ban_list_details_mutex.lock();
|
||||
|
|
|
|||
Loading…
Reference in New Issue