wanderer/ fastnetmon-ng
1
1
Fork 0
Code Issues 2 Pull Requests Projects 1 Releases Activity
fastnetmon-ng/src/map_element.hpp
2020-11-14 23:19:13 +00:00

120 lines
4.0 KiB
C++
Raw Blame History

#include <stdint.h>
#include <boost/serialization/nvp.hpp>
// main data structure for storing traffic and speed data for all our IPs
class map_element_t {
public:
// We use inaccurate time source for it becasue we do not care about precise time in this case
time_t last_update_time = 0;
uint64_t in_bytes = 0;
uint64_t out_bytes = 0;
uint64_t in_packets = 0;
uint64_t out_packets = 0;
// Fragmented traffic is so recently used for attacks
uint64_t fragmented_in_packets = 0;
uint64_t fragmented_out_packets = 0;
uint64_t fragmented_in_bytes = 0;
uint64_t fragmented_out_bytes = 0;
// Additional data for correct attack protocol detection
uint64_t tcp_in_packets = 0;
uint64_t tcp_out_packets = 0;
uint64_t tcp_in_bytes = 0;
uint64_t tcp_out_bytes = 0;
// Additional details about one of most popular atatck type
uint64_t tcp_syn_in_packets = 0;
uint64_t tcp_syn_out_packets = 0;
uint64_t tcp_syn_in_bytes = 0;
uint64_t tcp_syn_out_bytes = 0;
uint64_t udp_in_packets = 0;
uint64_t udp_out_packets = 0;
uint64_t udp_in_bytes = 0;
uint64_t udp_out_bytes = 0;
uint64_t icmp_in_packets = 0;
uint64_t icmp_out_packets = 0;
uint64_t icmp_in_bytes = 0;
uint64_t icmp_out_bytes = 0;
uint64_t in_flows = 0;
uint64_t out_flows = 0;
// Is total counters fields are zero? We are not handling per protocol counters here because we assume they should
// be counted twice
// Once: in total counter (in_bytes) and secondly in per protocol counter (for example: udp_in_bytes)
bool is_zero() const {
return in_bytes == 0 && out_bytes == 0 && in_packets == 0 && out_packets == 0 && in_flows == 0 && out_flows == 0;
}
// Fill all counters by zeros
void zeroify() {
in_bytes = 0;
out_bytes = 0;
in_packets = 0;
out_packets = 0;
fragmented_in_packets = 0;
fragmented_out_packets = 0;
fragmented_in_bytes = 0;
fragmented_out_bytes = 0;
tcp_in_packets = 0;
tcp_out_packets = 0;
tcp_in_bytes = 0;
tcp_out_bytes = 0;
tcp_syn_in_packets = 0;
tcp_syn_out_packets = 0;
tcp_syn_in_bytes = 0;
tcp_syn_out_bytes = 0;
udp_in_packets = 0;
udp_out_packets = 0;
udp_in_bytes = 0;
udp_out_bytes = 0;
icmp_in_packets = 0;
icmp_out_packets = 0;
icmp_in_bytes = 0;
icmp_out_bytes = 0;
in_flows = 0;
out_flows = 0;
}
template <class Archive> void serialize(Archive& ar, const unsigned int version) {
ar& BOOST_SERIALIZATION_NVP(in_bytes);
ar& BOOST_SERIALIZATION_NVP(out_bytes);
ar& BOOST_SERIALIZATION_NVP(in_packets);
ar& BOOST_SERIALIZATION_NVP(out_packets);
ar& BOOST_SERIALIZATION_NVP(fragmented_in_packets);
ar& BOOST_SERIALIZATION_NVP(fragmented_out_packets);
ar& BOOST_SERIALIZATION_NVP(fragmented_in_bytes);
ar& BOOST_SERIALIZATION_NVP(fragmented_out_bytes);
ar& BOOST_SERIALIZATION_NVP(tcp_in_packets);
ar& BOOST_SERIALIZATION_NVP(tcp_out_packets);
ar& BOOST_SERIALIZATION_NVP(tcp_in_bytes);
ar& BOOST_SERIALIZATION_NVP(tcp_out_bytes);
ar& BOOST_SERIALIZATION_NVP(tcp_syn_in_packets);
ar& BOOST_SERIALIZATION_NVP(tcp_syn_out_packets);
ar& BOOST_SERIALIZATION_NVP(tcp_syn_in_bytes);
ar& BOOST_SERIALIZATION_NVP(tcp_syn_out_bytes);
ar& BOOST_SERIALIZATION_NVP(udp_in_packets);
ar& BOOST_SERIALIZATION_NVP(udp_out_packets);
ar& BOOST_SERIALIZATION_NVP(udp_in_bytes);
ar& BOOST_SERIALIZATION_NVP(udp_out_bytes);
ar& BOOST_SERIALIZATION_NVP(icmp_in_packets);
ar& BOOST_SERIALIZATION_NVP(icmp_out_packets);
ar& BOOST_SERIALIZATION_NVP(icmp_in_bytes);
ar& BOOST_SERIALIZATION_NVP(icmp_out_bytes);
ar& BOOST_SERIALIZATION_NVP(in_flows);
ar& BOOST_SERIALIZATION_NVP(out_flows);
}
};
Reference in New Issue View Git Blame Copy Permalink