Added fixed storage and renamed types for consistency (#884)
This commit is contained in:
parent
47bcbc57da
commit
ef7dbfd649
|
@ -139,7 +139,7 @@ void gobgp_action_shutdown() {
|
|||
delete gobgp_client;
|
||||
}
|
||||
|
||||
void gobgp_ban_manage(std::string action, std::string ip_as_string, attack_details current_attack) {
|
||||
void gobgp_ban_manage(std::string action, std::string ip_as_string, attack_details_t current_attack) {
|
||||
bool is_withdrawal = false;
|
||||
|
||||
std::string action_name;
|
||||
|
|
|
@ -6,6 +6,6 @@
|
|||
|
||||
void gobgp_action_init();
|
||||
void gobgp_action_shutdown();
|
||||
void gobgp_ban_manage(std::string action, std::string ip_as_string, attack_details current_attack);
|
||||
void gobgp_ban_manage(std::string action, std::string ip_as_string, attack_details_t current_attack);
|
||||
|
||||
#endif
|
||||
|
|
|
@ -937,7 +937,7 @@ bool manage_interface_promisc_mode(std::string interface_name, bool switch_on) {
|
|||
|
||||
#endif
|
||||
|
||||
json_object* serialize_attack_description_to_json(attack_details& current_attack) {
|
||||
json_object* serialize_attack_description_to_json(attack_details_t& current_attack) {
|
||||
json_object* jobj = json_object_new_object();
|
||||
|
||||
attack_type_t attack_type = detect_attack_type(current_attack);
|
||||
|
@ -1001,7 +1001,7 @@ json_object* serialize_attack_description_to_json(attack_details& current_attack
|
|||
return jobj;
|
||||
}
|
||||
|
||||
std::string serialize_attack_description(attack_details& current_attack) {
|
||||
std::string serialize_attack_description(attack_details_t& current_attack) {
|
||||
std::stringstream attack_description;
|
||||
|
||||
attack_type_t attack_type = detect_attack_type(current_attack);
|
||||
|
@ -1060,7 +1060,7 @@ std::string serialize_attack_description(attack_details& current_attack) {
|
|||
return attack_description.str();
|
||||
}
|
||||
|
||||
attack_type_t detect_attack_type(attack_details& current_attack) {
|
||||
attack_type_t detect_attack_type(attack_details_t& current_attack) {
|
||||
double threshold_value = 0.9;
|
||||
|
||||
if (current_attack.attack_direction == INCOMING) {
|
||||
|
@ -1133,7 +1133,7 @@ json_object* serialize_network_load_to_json(map_element_t& network_speed_meter)
|
|||
return jobj;
|
||||
}
|
||||
|
||||
std::string serialize_statistic_counters_about_attack(attack_details& current_attack) {
|
||||
std::string serialize_statistic_counters_about_attack(attack_details_t& current_attack) {
|
||||
std::stringstream attack_description;
|
||||
|
||||
double average_packet_size_for_incoming_traffic = 0;
|
||||
|
|
|
@ -103,13 +103,13 @@ subnet_cidr_mask_t convert_subnet_from_string_to_binary_with_cidr_format(std::st
|
|||
bool manage_interface_promisc_mode(std::string interface_name, bool switch_on);
|
||||
#endif
|
||||
|
||||
std::string serialize_attack_description(attack_details& current_attack);
|
||||
attack_type_t detect_attack_type(attack_details& current_attack);
|
||||
std::string serialize_attack_description(attack_details_t& current_attack);
|
||||
attack_type_t detect_attack_type(attack_details_t& current_attack);
|
||||
std::string get_printable_attack_name(attack_type_t attack);
|
||||
std::string serialize_network_load_to_text(map_element_t& network_speed_meter, bool average);
|
||||
json_object* serialize_attack_description_to_json(attack_details& current_attack);
|
||||
json_object* serialize_attack_description_to_json(attack_details_t& current_attack);
|
||||
json_object* serialize_network_load_to_json(map_element_t& network_speed_meter);
|
||||
std::string serialize_statistic_counters_about_attack(attack_details& current_attack);
|
||||
std::string serialize_statistic_counters_about_attack(attack_details_t& current_attack);
|
||||
|
||||
std::string dns_lookup(std::string domain_name);
|
||||
bool store_data_to_stats_server(unsigned short int graphite_port, std::string graphite_host, std::string buffer_as_string);
|
||||
|
|
|
@ -393,7 +393,7 @@ map_for_counters GeoIpCounter;
|
|||
#endif
|
||||
|
||||
// In ddos info we store attack power and direction
|
||||
std::map<uint32_t, banlist_item> ban_list;
|
||||
std::map<uint32_t, banlist_item_t> ban_list;
|
||||
std::map<uint32_t, std::vector<simple_packet_t> > ban_list_details;
|
||||
|
||||
host_group_map_t host_groups;
|
||||
|
@ -434,7 +434,6 @@ bool process_outgoing_traffic = true;
|
|||
void init_current_instance_of_ndpi();
|
||||
#endif
|
||||
|
||||
std::string get_attack_description_in_json(uint32_t client_ip, attack_details& current_attack);
|
||||
logging_configuration_t read_logging_settings(configuration_map_t configuration_map);
|
||||
std::string get_amplification_attack_type(amplification_attack_type_t attack_type);
|
||||
std::string generate_flow_spec_for_amplification_attack(amplification_attack_type_t amplification_attack_type,
|
||||
|
@ -456,7 +455,7 @@ class FastnetmonApiServiceImpl final : public Fastnetmon::Service {
|
|||
::grpc::ServerWriter< ::fastmitigation::BanListReply>* writer) override {
|
||||
logger << log4cpp::Priority::INFO << "API we asked for banlist";
|
||||
|
||||
for (std::map<uint32_t, banlist_item>::iterator itr = ban_list.begin(); itr != ban_list.end(); ++itr) {
|
||||
for (std::map<uint32_t, banlist_item_t>::iterator itr = ban_list.begin(); itr != ban_list.end(); ++itr) {
|
||||
std::string client_ip_as_string = convert_ip_as_uint_to_string(itr->first);
|
||||
|
||||
BanListReply reply;
|
||||
|
@ -479,7 +478,7 @@ class FastnetmonApiServiceImpl final : public Fastnetmon::Service {
|
|||
|
||||
uint32_t client_ip = convert_ip_as_string_to_uint(request->ip_address());
|
||||
|
||||
struct attack_details current_attack;
|
||||
attack_details_t current_attack;
|
||||
ban_list_mutex.lock();
|
||||
ban_list[client_ip] = current_attack;
|
||||
ban_list_mutex.unlock();
|
||||
|
@ -513,7 +512,7 @@ class FastnetmonApiServiceImpl final : public Fastnetmon::Service {
|
|||
return Status::CANCELLED;
|
||||
}
|
||||
|
||||
banlist_item ban_details = ban_list[banned_ip];
|
||||
banlist_item_t ban_details = ban_list[banned_ip];
|
||||
|
||||
logger << log4cpp::Priority::INFO << "API: call unban handlers";
|
||||
call_unban_handlers(banned_ip, ban_details);
|
||||
|
|
|
@ -146,7 +146,7 @@ extern bool gobgp_enabled;
|
|||
extern map_of_vector_counters_t SubnetVectorMapSpeedAverage;
|
||||
extern int global_ban_time;
|
||||
extern bool notify_script_enabled;
|
||||
extern std::map<uint32_t, banlist_item> ban_list;
|
||||
extern std::map<uint32_t, banlist_item_t> ban_list;
|
||||
extern int unban_iteration_sleep_time;
|
||||
extern bool unban_enabled;
|
||||
extern bool unban_only_if_attack_finished;
|
||||
|
@ -528,7 +528,7 @@ std::string print_ban_thresholds(ban_settings_t current_ban_settings) {
|
|||
return output_buffer.str();
|
||||
}
|
||||
|
||||
void print_attack_details_to_file(std::string details, std::string client_ip_as_string, attack_details current_attack) {
|
||||
void print_attack_details_to_file(std::string details, std::string client_ip_as_string, attack_details_t current_attack) {
|
||||
std::ofstream my_attack_details_file;
|
||||
|
||||
std::string ban_timestamp_as_string = print_time_t_in_fastnetmon_format(current_attack.ban_timestamp);
|
||||
|
@ -905,7 +905,7 @@ void cleanup_ban_list() {
|
|||
|
||||
std::vector<uint32_t> ban_list_items_for_erase;
|
||||
|
||||
for (std::map<uint32_t, banlist_item>::iterator itr = ban_list.begin(); itr != ban_list.end(); ++itr) {
|
||||
for (std::map<uint32_t, banlist_item_t>::iterator itr = ban_list.begin(); itr != ban_list.end(); ++itr) {
|
||||
uint32_t client_ip = itr->first;
|
||||
|
||||
// This IP should be banned permanentely and we skip any processing
|
||||
|
@ -982,7 +982,7 @@ void cleanup_ban_list() {
|
|||
}
|
||||
}
|
||||
|
||||
void call_unban_handlers(uint32_t client_ip, attack_details& current_attack) {
|
||||
void call_unban_handlers(uint32_t client_ip, attack_details_t& current_attack) {
|
||||
std::string client_ip_as_string = convert_ip_as_uint_to_string(client_ip);
|
||||
|
||||
logger << log4cpp::Priority::INFO << "We will unban banned IP: " << client_ip_as_string
|
||||
|
@ -1029,7 +1029,7 @@ void call_unban_handlers(uint32_t client_ip, attack_details& current_attack) {
|
|||
std::string print_ddos_attack_details() {
|
||||
std::stringstream output_buffer;
|
||||
|
||||
for (std::map<uint32_t, banlist_item>::iterator ii = ban_list.begin(); ii != ban_list.end(); ++ii) {
|
||||
for (std::map<uint32_t, banlist_item_t>::iterator ii = ban_list.begin(); ii != ban_list.end(); ++ii) {
|
||||
uint32_t client_ip = (*ii).first;
|
||||
|
||||
std::string client_ip_as_string = convert_ip_as_uint_to_string(client_ip);
|
||||
|
@ -1046,7 +1046,7 @@ std::string print_ddos_attack_details() {
|
|||
return output_buffer.str();
|
||||
}
|
||||
|
||||
std::string get_attack_description(uint32_t client_ip, attack_details& current_attack) {
|
||||
std::string get_attack_description(uint32_t client_ip, attack_details_t& current_attack) {
|
||||
std::stringstream attack_description;
|
||||
|
||||
attack_description << "IP: " << convert_ip_as_uint_to_string(client_ip) << "\n";
|
||||
|
@ -1069,7 +1069,7 @@ std::string get_attack_description(uint32_t client_ip, attack_details& current_a
|
|||
return attack_description.str();
|
||||
}
|
||||
|
||||
std::string get_attack_description_in_json(uint32_t client_ip, attack_details& current_attack) {
|
||||
std::string get_attack_description_in_json(uint32_t client_ip, attack_details_t& current_attack) {
|
||||
json_object* jobj = json_object_new_object();
|
||||
|
||||
json_object_object_add(jobj, "ip",
|
||||
|
@ -1118,7 +1118,7 @@ std::string generate_simple_packets_dump(std::vector<simple_packet_t>& ban_list_
|
|||
return attack_details.str();
|
||||
}
|
||||
|
||||
void send_attack_details(uint32_t client_ip, attack_details current_attack_details) {
|
||||
void send_attack_details(uint32_t client_ip, attack_details_t current_attack_details) {
|
||||
std::string pps_as_string = convert_int_to_string(current_attack_details.attack_power);
|
||||
std::string attack_direction = get_direction_name(current_attack_details.attack_direction);
|
||||
std::string client_ip_as_string = convert_ip_as_uint_to_string(client_ip);
|
||||
|
@ -1396,7 +1396,7 @@ void produce_dpi_dump_for_pcap_dump(std::string pcap_file_path, std::stringstrea
|
|||
|
||||
#endif
|
||||
|
||||
void call_attack_details_handlers(uint32_t client_ip, attack_details& current_attack, std::string attack_fingerprint) {
|
||||
void call_attack_details_handlers(uint32_t client_ip, attack_details_t& current_attack, std::string attack_fingerprint) {
|
||||
std::string client_ip_as_string = convert_ip_as_uint_to_string(client_ip);
|
||||
std::string attack_direction = get_direction_name(current_attack.attack_direction);
|
||||
std::string pps_as_string = convert_int_to_string(current_attack.attack_power);
|
||||
|
@ -1564,7 +1564,7 @@ ban_settings_t get_ban_settings_for_this_subnet(subnet_cidr_mask_t subnet, std::
|
|||
}
|
||||
|
||||
|
||||
void exabgp_ban_manage(std::string action, std::string ip_as_string, attack_details current_attack) {
|
||||
void exabgp_ban_manage(std::string action, std::string ip_as_string, attack_details_t current_attack) {
|
||||
// We will announce whole subent here
|
||||
if (exabgp_announce_whole_subnet) {
|
||||
std::string subnet_as_string_with_mask = convert_subnet_to_string(current_attack.customer_network);
|
||||
|
@ -1702,7 +1702,7 @@ redisContext* redis_init_connection() {
|
|||
|
||||
|
||||
void execute_ip_ban(uint32_t client_ip, map_element_t average_speed_element, std::string flow_attack_details, subnet_cidr_mask_t customer_subnet) {
|
||||
struct attack_details current_attack;
|
||||
attack_details_t current_attack;
|
||||
uint64_t pps = 0;
|
||||
|
||||
uint64_t in_pps = average_speed_element.in_packets;
|
||||
|
@ -1860,7 +1860,7 @@ void execute_ip_ban(uint32_t client_ip, map_element_t average_speed_element, std
|
|||
call_ban_handlers(client_ip, ban_list[client_ip], flow_attack_details);
|
||||
}
|
||||
|
||||
void call_ban_handlers(uint32_t client_ip, attack_details& current_attack, std::string flow_attack_details) {
|
||||
void call_ban_handlers(uint32_t client_ip, attack_details_t& current_attack, std::string flow_attack_details) {
|
||||
std::string client_ip_as_string = convert_ip_as_uint_to_string(client_ip);
|
||||
std::string pps_as_string = convert_int_to_string(current_attack.attack_power);
|
||||
std::string data_direction_as_string = get_direction_name(current_attack.attack_direction);
|
||||
|
|
|
@ -31,7 +31,7 @@ bool exceed_flow_speed(uint64_t in_counter, uint64_t out_counter, unsigned int t
|
|||
bool exceed_pps_speed(uint64_t in_counter, uint64_t out_counter, unsigned int threshold);
|
||||
ban_settings_t read_ban_settings(configuration_map_t configuration_map, std::string host_group_name);
|
||||
logging_configuration_t read_logging_settings(configuration_map_t configuration_map);
|
||||
void print_attack_details_to_file(std::string details, std::string client_ip_as_string, attack_details current_attack);
|
||||
void print_attack_details_to_file(std::string details, std::string client_ip_as_string, attack_details_t current_attack);
|
||||
std::string print_ban_thresholds(ban_settings_t current_ban_settings);
|
||||
std::string print_subnet_ipv4_load();
|
||||
std::string print_subnet_ipv6_load();
|
||||
|
@ -44,16 +44,16 @@ void convert_integer_to_conntrack_hash_struct(packed_session* packed_connection_
|
|||
packed_conntrack_hash_t* unpacked_data);
|
||||
|
||||
void cleanup_ban_list();
|
||||
void call_unban_handlers(uint32_t client_ip, attack_details& current_attack);
|
||||
void call_unban_handlers(uint32_t client_ip, attack_details_t& current_attack);
|
||||
std::string print_ddos_attack_details();
|
||||
|
||||
std::string get_attack_description(uint32_t client_ip, attack_details& current_attack) ;
|
||||
std::string get_attack_description(uint32_t client_ip, attack_details_t& current_attack) ;
|
||||
|
||||
std::string get_attack_description_in_json(uint32_t client_ip, attack_details& current_attack) ;
|
||||
std::string get_attack_description_in_json(uint32_t client_ip, attack_details_t& current_attack) ;
|
||||
|
||||
std::string generate_simple_packets_dump(std::vector<simple_packet_t>& ban_list_details) ;
|
||||
|
||||
void send_attack_details(uint32_t client_ip, attack_details current_attack_details);
|
||||
void send_attack_details(uint32_t client_ip, attack_details_t current_attack_details);
|
||||
|
||||
#ifdef ENABLE_DPI
|
||||
// Parse raw binary stand-alone packet with nDPI
|
||||
|
@ -70,12 +70,12 @@ void init_current_instance_of_ndpi();
|
|||
void zeroify_ndpi_flow(struct ndpi_flow_struct* flow);
|
||||
void launch_bgp_flow_spec_rule(amplification_attack_type_t attack_type, std::string client_ip_as_string);
|
||||
void produce_dpi_dump_for_pcap_dump(std::string pcap_file_path, std::stringstream& ss, std::string client_ip_as_string);
|
||||
void call_attack_details_handlers(uint32_t client_ip, attack_details& current_attack, std::string attack_fingerprint);
|
||||
void call_attack_details_handlers(uint32_t client_ip, attack_details_t& current_attack, std::string attack_fingerprint);
|
||||
uint64_t convert_conntrack_hash_struct_to_integer(packed_conntrack_hash_t* struct_value);
|
||||
bool process_flow_tracking_table(conntrack_main_struct_t& conntrack_element, std::string client_ip);
|
||||
bool exec_with_stdin_params(std::string cmd, std::string params);
|
||||
ban_settings_t get_ban_settings_for_this_subnet(subnet_cidr_mask_t subnet, std::string& host_group_name);
|
||||
void exabgp_ban_manage(std::string action, std::string ip_as_string, attack_details current_attack);
|
||||
void exabgp_ban_manage(std::string action, std::string ip_as_string, attack_details_t current_attack);
|
||||
void exabgp_prefix_ban_manage(std::string action,
|
||||
std::string prefix_as_string_with_mask,
|
||||
std::string exabgp_next_hop,
|
||||
|
@ -88,7 +88,7 @@ redisContext* redis_init_connection();
|
|||
#endif
|
||||
|
||||
void execute_ip_ban(uint32_t client_ip, map_element_t average_speed_element, std::string flow_attack_details, subnet_cidr_mask_t customer_subnet);
|
||||
void call_ban_handlers(uint32_t client_ip, attack_details& current_attack, std::string flow_attack_details);
|
||||
void call_ban_handlers(uint32_t client_ip, attack_details_t& current_attack, std::string flow_attack_details);
|
||||
|
||||
#ifdef MONGO
|
||||
void store_data_in_mongo(std::string key_name, std::string attack_details_json);
|
||||
|
|
|
@ -127,9 +127,9 @@ class total_counter_element_t {
|
|||
};
|
||||
|
||||
// structure with attack details
|
||||
class attack_details : public map_element_t {
|
||||
class attack_details_t : public map_element_t {
|
||||
public:
|
||||
attack_details()
|
||||
attack_details_t()
|
||||
: attack_protocol(0), attack_power(0), max_attack_power(0), average_in_bytes(0),
|
||||
average_out_bytes(0), average_in_packets(0), average_out_packets(0), average_in_flows(0),
|
||||
average_out_flows(0), ban_time(0), attack_direction(OTHER), unban_enabled(true) {
|
||||
|
@ -163,7 +163,7 @@ class attack_details : public map_element_t {
|
|||
};
|
||||
|
||||
|
||||
typedef attack_details banlist_item;
|
||||
typedef attack_details_t banlist_item_t;
|
||||
|
||||
// struct for save per direction and per protocol details for flow
|
||||
class conntrack_key_struct_t {
|
||||
|
|
|
@ -0,0 +1,45 @@
|
|||
#pragma once
|
||||
#include "fastnetmon_pcap_format.h"
|
||||
|
||||
// We are using this class for storing packet meta information with their payload into fixed size memory region
|
||||
class fixed_size_packet_storage_t {
|
||||
public:
|
||||
fixed_size_packet_storage_t() = default;
|
||||
fixed_size_packet_storage_t(void* payload_pointer, unsigned int captured_length, unsigned int real_packet_length) {
|
||||
// TODO: performance killer! Check it!
|
||||
bool we_do_timestamps = true;
|
||||
|
||||
struct timeval current_time;
|
||||
current_time.tv_sec = 0;
|
||||
current_time.tv_usec = 0;
|
||||
|
||||
if (we_do_timestamps) {
|
||||
gettimeofday(¤t_time, NULL);
|
||||
}
|
||||
|
||||
|
||||
packet_metadata.ts_sec = current_time.tv_sec;
|
||||
packet_metadata.ts_usec = current_time.tv_usec;
|
||||
|
||||
// Store full length of packet
|
||||
packet_metadata.orig_len = real_packet_length;
|
||||
packet_metadata.incl_len = captured_length;
|
||||
|
||||
// Copy only first 2048 bytes of data
|
||||
unsigned packet_length_for_storing = captured_length;
|
||||
|
||||
if (captured_length > 2048) {
|
||||
packet_length_for_storing = 2048;
|
||||
}
|
||||
|
||||
// Copy data into internal storage
|
||||
memcpy(packet_payload, payload_pointer, packet_length_for_storing);
|
||||
}
|
||||
|
||||
// Some useful information about this packet
|
||||
fastnetmon_pcap_pkthdr packet_metadata;
|
||||
|
||||
// Packet itself. Let's zeroify packet payload
|
||||
uint8_t packet_payload[2048] = {};
|
||||
};
|
||||
|
|
@ -4,6 +4,9 @@
|
|||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "fastnetmon_types.h"
|
||||
#include "fixed_size_packet_storage.hpp"
|
||||
|
||||
// This is dynamically allocated packet storage
|
||||
class packet_storage_t {
|
||||
public:
|
||||
|
|
Loading…
Reference in New Issue