Added fixed storage and renamed types for consistency (#884)

src/actions/gobgp_action.cpp

@@ -139,7 +139,7 @@ void gobgp_action_shutdown() {
     delete gobgp_client;
 }
 
-void gobgp_ban_manage(std::string action, std::string ip_as_string, attack_details current_attack) {
+void gobgp_ban_manage(std::string action, std::string ip_as_string, attack_details_t current_attack) {
     bool is_withdrawal = false;
 
     std::string action_name;

src/actions/gobgp_action.h

@@ -6,6 +6,6 @@
 
 void gobgp_action_init();
 void gobgp_action_shutdown();
-void gobgp_ban_manage(std::string action, std::string ip_as_string, attack_details current_attack);
+void gobgp_ban_manage(std::string action, std::string ip_as_string, attack_details_t current_attack);
 
 #endif

src/fast_library.cpp

@@ -937,7 +937,7 @@ bool manage_interface_promisc_mode(std::string interface_name, bool switch_on) {
 
 #endif
 
-json_object* serialize_attack_description_to_json(attack_details& current_attack) {
+json_object* serialize_attack_description_to_json(attack_details_t& current_attack) {
     json_object* jobj = json_object_new_object();
 
     attack_type_t attack_type = detect_attack_type(current_attack);
@@ -1001,7 +1001,7 @@ json_object* serialize_attack_description_to_json(attack_details& current_attack
     return jobj;
 }
 
-std::string serialize_attack_description(attack_details& current_attack) {
+std::string serialize_attack_description(attack_details_t& current_attack) {
     std::stringstream attack_description;
 
     attack_type_t attack_type = detect_attack_type(current_attack);
@@ -1060,7 +1060,7 @@ std::string serialize_attack_description(attack_details& current_attack) {
     return attack_description.str();
 }
 
-attack_type_t detect_attack_type(attack_details& current_attack) {
+attack_type_t detect_attack_type(attack_details_t& current_attack) {
     double threshold_value = 0.9;
 
     if (current_attack.attack_direction == INCOMING) {
@@ -1133,7 +1133,7 @@ json_object* serialize_network_load_to_json(map_element_t& network_speed_meter)
     return jobj;
 }
 
-std::string serialize_statistic_counters_about_attack(attack_details& current_attack) {
+std::string serialize_statistic_counters_about_attack(attack_details_t& current_attack) {
     std::stringstream attack_description;
 
     double average_packet_size_for_incoming_traffic = 0;

src/fast_library.h

@@ -103,13 +103,13 @@ subnet_cidr_mask_t convert_subnet_from_string_to_binary_with_cidr_format(std::st
 bool manage_interface_promisc_mode(std::string interface_name, bool switch_on);
 #endif
 
-std::string serialize_attack_description(attack_details& current_attack);
-attack_type_t detect_attack_type(attack_details& current_attack);
+std::string serialize_attack_description(attack_details_t& current_attack);
+attack_type_t detect_attack_type(attack_details_t& current_attack);
 std::string get_printable_attack_name(attack_type_t attack);
 std::string serialize_network_load_to_text(map_element_t& network_speed_meter, bool average);
-json_object* serialize_attack_description_to_json(attack_details& current_attack);
+json_object* serialize_attack_description_to_json(attack_details_t& current_attack);
 json_object* serialize_network_load_to_json(map_element_t& network_speed_meter);
-std::string serialize_statistic_counters_about_attack(attack_details& current_attack);
+std::string serialize_statistic_counters_about_attack(attack_details_t& current_attack);
 
 std::string dns_lookup(std::string domain_name);
 bool store_data_to_stats_server(unsigned short int graphite_port, std::string graphite_host, std::string buffer_as_string);

src/fastnetmon.cpp

@@ -393,7 +393,7 @@ map_for_counters GeoIpCounter;
 #endif
 
 // In ddos info we store attack power and direction
-std::map<uint32_t, banlist_item> ban_list;
+std::map<uint32_t, banlist_item_t> ban_list;
 std::map<uint32_t, std::vector<simple_packet_t> > ban_list_details;
 
 host_group_map_t host_groups;
@@ -434,7 +434,6 @@ bool process_outgoing_traffic = true;
 void init_current_instance_of_ndpi();
 #endif
 
-std::string get_attack_description_in_json(uint32_t client_ip, attack_details& current_attack);
 logging_configuration_t read_logging_settings(configuration_map_t configuration_map);
 std::string get_amplification_attack_type(amplification_attack_type_t attack_type);
 std::string generate_flow_spec_for_amplification_attack(amplification_attack_type_t amplification_attack_type,
@@ -456,7 +455,7 @@ class FastnetmonApiServiceImpl final : public Fastnetmon::Service {
                       ::grpc::ServerWriter< ::fastmitigation::BanListReply>* writer) override {
         logger << log4cpp::Priority::INFO << "API we asked for banlist";
 
-        for (std::map<uint32_t, banlist_item>::iterator itr = ban_list.begin(); itr != ban_list.end(); ++itr) {
+        for (std::map<uint32_t, banlist_item_t>::iterator itr = ban_list.begin(); itr != ban_list.end(); ++itr) {
             std::string client_ip_as_string = convert_ip_as_uint_to_string(itr->first);
 
             BanListReply reply;
@@ -479,7 +478,7 @@ class FastnetmonApiServiceImpl final : public Fastnetmon::Service {
 
         uint32_t client_ip = convert_ip_as_string_to_uint(request->ip_address());
 
-        struct attack_details current_attack;
+        attack_details_t current_attack;
         ban_list_mutex.lock();
         ban_list[client_ip] = current_attack;
         ban_list_mutex.unlock();
@@ -513,7 +512,7 @@ class FastnetmonApiServiceImpl final : public Fastnetmon::Service {
             return Status::CANCELLED;
         }
 
-        banlist_item ban_details = ban_list[banned_ip];
+        banlist_item_t ban_details = ban_list[banned_ip];
 
         logger << log4cpp::Priority::INFO << "API: call unban handlers";
         call_unban_handlers(banned_ip, ban_details);

src/fastnetmon_logic.cpp

@@ -146,7 +146,7 @@ extern bool gobgp_enabled;
 extern map_of_vector_counters_t SubnetVectorMapSpeedAverage;
 extern int global_ban_time;
 extern bool notify_script_enabled;
-extern std::map<uint32_t, banlist_item> ban_list;
+extern std::map<uint32_t, banlist_item_t> ban_list;
 extern int unban_iteration_sleep_time;
 extern bool unban_enabled;
 extern bool unban_only_if_attack_finished;
@@ -528,7 +528,7 @@ std::string print_ban_thresholds(ban_settings_t current_ban_settings) {
     return output_buffer.str();
 }
 
-void print_attack_details_to_file(std::string details, std::string client_ip_as_string, attack_details current_attack) {
+void print_attack_details_to_file(std::string details, std::string client_ip_as_string, attack_details_t current_attack) {
     std::ofstream my_attack_details_file;
 
     std::string ban_timestamp_as_string = print_time_t_in_fastnetmon_format(current_attack.ban_timestamp);
@@ -905,7 +905,7 @@ void cleanup_ban_list() {
 
         std::vector<uint32_t> ban_list_items_for_erase;
 
-        for (std::map<uint32_t, banlist_item>::iterator itr = ban_list.begin(); itr != ban_list.end(); ++itr) {
+        for (std::map<uint32_t, banlist_item_t>::iterator itr = ban_list.begin(); itr != ban_list.end(); ++itr) {
             uint32_t client_ip = itr->first;
 
             // This IP should be banned permanentely and we skip any processing
@@ -982,7 +982,7 @@ void cleanup_ban_list() {
     }
 }
 
-void call_unban_handlers(uint32_t client_ip, attack_details& current_attack) {
+void call_unban_handlers(uint32_t client_ip, attack_details_t& current_attack) {
     std::string client_ip_as_string = convert_ip_as_uint_to_string(client_ip);
 
     logger << log4cpp::Priority::INFO << "We will unban banned IP: " << client_ip_as_string
@@ -1029,7 +1029,7 @@ void call_unban_handlers(uint32_t client_ip, attack_details& current_attack) {
 std::string print_ddos_attack_details() {
     std::stringstream output_buffer;
 
-    for (std::map<uint32_t, banlist_item>::iterator ii = ban_list.begin(); ii != ban_list.end(); ++ii) {
+    for (std::map<uint32_t, banlist_item_t>::iterator ii = ban_list.begin(); ii != ban_list.end(); ++ii) {
         uint32_t client_ip = (*ii).first;
 
         std::string client_ip_as_string = convert_ip_as_uint_to_string(client_ip);
@@ -1046,7 +1046,7 @@ std::string print_ddos_attack_details() {
     return output_buffer.str();
 }
 
-std::string get_attack_description(uint32_t client_ip, attack_details& current_attack) {
+std::string get_attack_description(uint32_t client_ip, attack_details_t& current_attack) {
     std::stringstream attack_description;
 
     attack_description << "IP: " << convert_ip_as_uint_to_string(client_ip) << "\n";
@@ -1069,7 +1069,7 @@ std::string get_attack_description(uint32_t client_ip, attack_details& current_a
     return attack_description.str();
 }
 
-std::string get_attack_description_in_json(uint32_t client_ip, attack_details& current_attack) {
+std::string get_attack_description_in_json(uint32_t client_ip, attack_details_t& current_attack) {
     json_object* jobj = json_object_new_object();
 
     json_object_object_add(jobj, "ip",
@@ -1118,7 +1118,7 @@ std::string generate_simple_packets_dump(std::vector<simple_packet_t>& ban_list_
     return attack_details.str();
 }
 
-void send_attack_details(uint32_t client_ip, attack_details current_attack_details) {
+void send_attack_details(uint32_t client_ip, attack_details_t current_attack_details) {
     std::string pps_as_string = convert_int_to_string(current_attack_details.attack_power);
     std::string attack_direction = get_direction_name(current_attack_details.attack_direction);
     std::string client_ip_as_string = convert_ip_as_uint_to_string(client_ip);
@@ -1396,7 +1396,7 @@ void produce_dpi_dump_for_pcap_dump(std::string pcap_file_path, std::stringstrea
 
 #endif
 
-void call_attack_details_handlers(uint32_t client_ip, attack_details& current_attack, std::string attack_fingerprint) {
+void call_attack_details_handlers(uint32_t client_ip, attack_details_t& current_attack, std::string attack_fingerprint) {
     std::string client_ip_as_string = convert_ip_as_uint_to_string(client_ip);
     std::string attack_direction = get_direction_name(current_attack.attack_direction);
     std::string pps_as_string = convert_int_to_string(current_attack.attack_power);
@@ -1564,7 +1564,7 @@ ban_settings_t get_ban_settings_for_this_subnet(subnet_cidr_mask_t subnet, std::
 }
 
 
-void exabgp_ban_manage(std::string action, std::string ip_as_string, attack_details current_attack) {
+void exabgp_ban_manage(std::string action, std::string ip_as_string, attack_details_t current_attack) {
     // We will announce whole subent here
     if (exabgp_announce_whole_subnet) {
         std::string subnet_as_string_with_mask = convert_subnet_to_string(current_attack.customer_network);
@@ -1702,7 +1702,7 @@ redisContext* redis_init_connection() {
 
 
 void execute_ip_ban(uint32_t client_ip, map_element_t average_speed_element, std::string flow_attack_details, subnet_cidr_mask_t customer_subnet) {
-    struct attack_details current_attack;
+    attack_details_t current_attack;
     uint64_t pps = 0;
 
     uint64_t in_pps = average_speed_element.in_packets;
@@ -1860,7 +1860,7 @@ void execute_ip_ban(uint32_t client_ip, map_element_t average_speed_element, std
     call_ban_handlers(client_ip, ban_list[client_ip], flow_attack_details);
 }
 
-void call_ban_handlers(uint32_t client_ip, attack_details& current_attack, std::string flow_attack_details) {
+void call_ban_handlers(uint32_t client_ip, attack_details_t& current_attack, std::string flow_attack_details) {
     std::string client_ip_as_string = convert_ip_as_uint_to_string(client_ip);
     std::string pps_as_string = convert_int_to_string(current_attack.attack_power);
     std::string data_direction_as_string = get_direction_name(current_attack.attack_direction);

src/fastnetmon_logic.hpp

@@ -31,7 +31,7 @@ bool exceed_flow_speed(uint64_t in_counter, uint64_t out_counter, unsigned int t
 bool exceed_pps_speed(uint64_t in_counter, uint64_t out_counter, unsigned int threshold);
 ban_settings_t read_ban_settings(configuration_map_t configuration_map, std::string host_group_name);
 logging_configuration_t read_logging_settings(configuration_map_t configuration_map);
-void print_attack_details_to_file(std::string details, std::string client_ip_as_string, attack_details current_attack);
+void print_attack_details_to_file(std::string details, std::string client_ip_as_string, attack_details_t current_attack);
 std::string print_ban_thresholds(ban_settings_t current_ban_settings);
 std::string print_subnet_ipv4_load();
 std::string print_subnet_ipv6_load();
@@ -44,16 +44,16 @@ void convert_integer_to_conntrack_hash_struct(packed_session* packed_connection_
                                               packed_conntrack_hash_t* unpacked_data);
 
 void cleanup_ban_list();
-void call_unban_handlers(uint32_t client_ip, attack_details& current_attack);
+void call_unban_handlers(uint32_t client_ip, attack_details_t& current_attack);
 std::string print_ddos_attack_details();
 
-std::string get_attack_description(uint32_t client_ip, attack_details& current_attack) ;
+std::string get_attack_description(uint32_t client_ip, attack_details_t& current_attack) ;
 
-std::string get_attack_description_in_json(uint32_t client_ip, attack_details& current_attack) ;
+std::string get_attack_description_in_json(uint32_t client_ip, attack_details_t& current_attack) ;
 
 std::string generate_simple_packets_dump(std::vector<simple_packet_t>& ban_list_details) ;
 
-void send_attack_details(uint32_t client_ip, attack_details current_attack_details);
+void send_attack_details(uint32_t client_ip, attack_details_t current_attack_details);
 
 #ifdef ENABLE_DPI
 // Parse raw binary stand-alone packet with nDPI
@@ -70,12 +70,12 @@ void init_current_instance_of_ndpi();
 void zeroify_ndpi_flow(struct ndpi_flow_struct* flow);
 void launch_bgp_flow_spec_rule(amplification_attack_type_t attack_type, std::string client_ip_as_string);
 void produce_dpi_dump_for_pcap_dump(std::string pcap_file_path, std::stringstream& ss, std::string client_ip_as_string);
-void call_attack_details_handlers(uint32_t client_ip, attack_details& current_attack, std::string attack_fingerprint);
+void call_attack_details_handlers(uint32_t client_ip, attack_details_t& current_attack, std::string attack_fingerprint);
 uint64_t convert_conntrack_hash_struct_to_integer(packed_conntrack_hash_t* struct_value);
 bool process_flow_tracking_table(conntrack_main_struct_t& conntrack_element, std::string client_ip);
 bool exec_with_stdin_params(std::string cmd, std::string params);
 ban_settings_t get_ban_settings_for_this_subnet(subnet_cidr_mask_t subnet, std::string& host_group_name);
-void exabgp_ban_manage(std::string action, std::string ip_as_string, attack_details current_attack);
+void exabgp_ban_manage(std::string action, std::string ip_as_string, attack_details_t current_attack);
 void exabgp_prefix_ban_manage(std::string action,
                               std::string prefix_as_string_with_mask,
                               std::string exabgp_next_hop,
@@ -88,7 +88,7 @@ redisContext* redis_init_connection();
 #endif
 
 void execute_ip_ban(uint32_t client_ip, map_element_t average_speed_element, std::string flow_attack_details, subnet_cidr_mask_t customer_subnet);
-void call_ban_handlers(uint32_t client_ip, attack_details& current_attack, std::string flow_attack_details);
+void call_ban_handlers(uint32_t client_ip, attack_details_t& current_attack, std::string flow_attack_details);
 
 #ifdef MONGO
 void store_data_in_mongo(std::string key_name, std::string attack_details_json);

src/fastnetmon_types.h

@@ -127,9 +127,9 @@ class total_counter_element_t {
 };
 
 // structure with attack details
-class attack_details : public map_element_t {
+class attack_details_t : public map_element_t {
     public:
-    attack_details()
+    attack_details_t()
     : attack_protocol(0), attack_power(0), max_attack_power(0), average_in_bytes(0),
       average_out_bytes(0), average_in_packets(0), average_out_packets(0), average_in_flows(0),
       average_out_flows(0), ban_time(0), attack_direction(OTHER), unban_enabled(true) {
@@ -163,7 +163,7 @@ class attack_details : public map_element_t {
 };
 
 
-typedef attack_details banlist_item;
+typedef attack_details_t banlist_item_t;
 
 // struct for save per direction and per protocol details for flow
 class conntrack_key_struct_t {

src/fixed_size_packet_storage.hpp

@@ -0,0 +1,45 @@
+#pragma once
+#include "fastnetmon_pcap_format.h"
+
+// We are using this class for storing packet meta information with their payload into fixed size memory region
+class fixed_size_packet_storage_t {
+    public:
+    fixed_size_packet_storage_t() = default;
+    fixed_size_packet_storage_t(void* payload_pointer, unsigned int captured_length, unsigned int real_packet_length) {
+        // TODO: performance killer! Check it!
+        bool we_do_timestamps = true;
+
+        struct timeval current_time;
+        current_time.tv_sec  = 0;
+        current_time.tv_usec = 0;
+
+        if (we_do_timestamps) {
+            gettimeofday(&current_time, NULL);
+        }
+
+
+        packet_metadata.ts_sec  = current_time.tv_sec;
+        packet_metadata.ts_usec = current_time.tv_usec;
+
+        // Store full length of packet
+        packet_metadata.orig_len = real_packet_length;
+        packet_metadata.incl_len = captured_length;
+
+        // Copy only first 2048 bytes of data
+        unsigned packet_length_for_storing = captured_length;
+
+        if (captured_length > 2048) {
+            packet_length_for_storing = 2048;
+        }
+
+        // Copy data into internal storage
+        memcpy(packet_payload, payload_pointer, packet_length_for_storing);
+    }
+
+    // Some useful information about this packet
+    fastnetmon_pcap_pkthdr packet_metadata;
+
+    // Packet itself. Let's zeroify packet payload
+    uint8_t packet_payload[2048] = {};
+};
+

src/packet_storage.h

@@ -4,6 +4,9 @@
 #include <stdlib.h>
 #include <string.h>
 
+#include "fastnetmon_types.h"
+#include "fixed_size_packet_storage.hpp"
+
 // This is dynamically allocated packet storage
 class packet_storage_t {
     public: