mirror of
https://github.com/pavel-odintsov/fastnetmon
synced 2024-06-01 22:16:27 +02:00
94 lines
2.9 KiB
C++
94 lines
2.9 KiB
C++
|
#include <stdint.h>
|
||
|
#include <boost/serialization/nvp.hpp>
|
||
|
|
||
|
// main data structure for storing traffic and speed data for all our IPs
|
||
|
class map_element_t {
|
||
|
public:
|
||
|
map_element_t()
|
||
|
: in_bytes(0), out_bytes(0), in_packets(0), out_packets(0), tcp_in_packets(0), tcp_out_packets(0),
|
||
|
tcp_in_bytes(0), tcp_out_bytes(0), tcp_syn_in_packets(0), tcp_syn_out_packets(0),
|
||
|
tcp_syn_in_bytes(0), tcp_syn_out_bytes(0), udp_in_packets(0), udp_out_packets(0),
|
||
|
udp_in_bytes(0), udp_out_bytes(0), in_flows(0), out_flows(0), fragmented_in_packets(0),
|
||
|
fragmented_out_packets(0), fragmented_in_bytes(0), fragmented_out_bytes(0),
|
||
|
icmp_in_packets(0), icmp_out_packets(0), icmp_in_bytes(0), icmp_out_bytes(0) {
|
||
|
}
|
||
|
uint64_t in_bytes;
|
||
|
uint64_t out_bytes;
|
||
|
uint64_t in_packets;
|
||
|
uint64_t out_packets;
|
||
|
|
||
|
// Fragmented traffic is so recently used for attacks
|
||
|
uint64_t fragmented_in_packets;
|
||
|
uint64_t fragmented_out_packets;
|
||
|
uint64_t fragmented_in_bytes;
|
||
|
uint64_t fragmented_out_bytes;
|
||
|
|
||
|
// Additional data for correct attack protocol detection
|
||
|
uint64_t tcp_in_packets;
|
||
|
uint64_t tcp_out_packets;
|
||
|
uint64_t tcp_in_bytes;
|
||
|
uint64_t tcp_out_bytes;
|
||
|
|
||
|
// Additional details about one of most popular atatck type
|
||
|
uint64_t tcp_syn_in_packets;
|
||
|
uint64_t tcp_syn_out_packets;
|
||
|
uint64_t tcp_syn_in_bytes;
|
||
|
uint64_t tcp_syn_out_bytes;
|
||
|
|
||
|
uint64_t udp_in_packets;
|
||
|
uint64_t udp_out_packets;
|
||
|
uint64_t udp_in_bytes;
|
||
|
uint64_t udp_out_bytes;
|
||
|
|
||
|
uint64_t icmp_in_packets;
|
||
|
uint64_t icmp_out_packets;
|
||
|
uint64_t icmp_in_bytes;
|
||
|
uint64_t icmp_out_bytes;
|
||
|
|
||
|
uint64_t in_flows;
|
||
|
uint64_t out_flows;
|
||
|
|
||
|
// Is total counters fields are zero? We are not handling per protocol counters here because we assume they should
|
||
|
// be counted twice
|
||
|
// Once: in total counter (in_bytes) and secondly in per protocol counter (for example: udp_in_bytes)
|
||
|
bool is_zero() const {
|
||
|
return in_bytes == 0 && out_bytes == 0 && in_packets == 0 && out_packets == 0 && in_flows == 0 && out_flows == 0;
|
||
|
}
|
||
|
|
||
|
// Fill all counters by zeros
|
||
|
void zeroify() {
|
||
|
in_bytes = 0;
|
||
|
out_bytes = 0;
|
||
|
in_packets = 0;
|
||
|
out_packets = 0;
|
||
|
|
||
|
fragmented_in_packets = 0;
|
||
|
fragmented_out_packets = 0;
|
||
|
fragmented_in_bytes = 0;
|
||
|
fragmented_out_bytes = 0;
|
||
|
|
||
|
tcp_in_packets = 0;
|
||
|
tcp_out_packets = 0;
|
||
|
tcp_in_bytes = 0;
|
||
|
tcp_out_bytes = 0;
|
||
|
|
||
|
tcp_syn_in_packets = 0;
|
||
|
tcp_syn_out_packets = 0;
|
||
|
tcp_syn_in_bytes = 0;
|
||
|
tcp_syn_out_bytes = 0;
|
||
|
|
||
|
udp_in_packets = 0;
|
||
|
udp_out_packets = 0;
|
||
|
udp_in_bytes = 0;
|
||
|
udp_out_bytes = 0;
|
||
|
|
||
|
icmp_in_packets = 0;
|
||
|
icmp_out_packets = 0;
|
||
|
icmp_in_bytes = 0;
|
||
|
icmp_out_bytes = 0;
|
||
|
|
||
|
in_flows = 0;
|
||
|
out_flows = 0;
|
||
|
}
|
||
|
};
|