Add subnet lookup code to plugin runner

src/fast_library.cpp

@@ -709,3 +709,83 @@ std::string print_ipv6_address(struct in6_addr& ipv6_address) {
     return result;
 }
 
+/* Get traffic type: check it belongs to our IPs */
+direction get_packet_direction(patricia_tree_t* lookup_tree, uint32_t src_ip, uint32_t dst_ip, unsigned long& subnet, unsigned int& subnet_cidr_mask) {
+    direction packet_direction;
+
+    bool our_ip_is_destination = false;
+    bool our_ip_is_source = false;
+
+    prefix_t prefix_for_check_adreess;
+    prefix_for_check_adreess.family = AF_INET;
+    prefix_for_check_adreess.bitlen = 32;
+
+    patricia_node_t* found_patrica_node = NULL;
+    prefix_for_check_adreess.add.sin.s_addr = dst_ip;
+
+    unsigned long destination_subnet = 0;
+    unsigned int  destination_subnet_cidr_mask = 0;
+    found_patrica_node = patricia_search_best2(lookup_tree, &prefix_for_check_adreess, 1);
+
+    if (found_patrica_node) {
+        our_ip_is_destination = true;
+        destination_subnet = found_patrica_node->prefix->add.sin.s_addr;
+        destination_subnet_cidr_mask = found_patrica_node->prefix->bitlen;
+    }
+
+    found_patrica_node = NULL;
+    prefix_for_check_adreess.add.sin.s_addr = src_ip;
+
+    unsigned long source_subnet = 0;
+    unsigned int source_subnet_cidr_mask = 0;
+    found_patrica_node = patricia_search_best2(lookup_tree, &prefix_for_check_adreess, 1);
+
+    if (found_patrica_node) {
+        our_ip_is_source = true;
+        source_subnet = found_patrica_node->prefix->add.sin.s_addr;
+        source_subnet_cidr_mask = found_patrica_node->prefix->bitlen;
+    }
+
+    subnet = 0;
+    if (our_ip_is_source && our_ip_is_destination) {
+        packet_direction = INTERNAL;
+    } else if (our_ip_is_source) {
+        subnet = source_subnet;
+        subnet_cidr_mask = source_subnet_cidr_mask;
+
+        packet_direction = OUTGOING;
+    } else if (our_ip_is_destination) {
+        subnet = destination_subnet;
+        subnet_cidr_mask = destination_subnet_cidr_mask;
+
+        packet_direction = INCOMING;
+    } else {
+        packet_direction = OTHER;
+    }
+
+    return packet_direction;
+}
+
+std::string get_direction_name(direction direction_value) {
+    std::string direction_name;
+
+    switch (direction_value) {
+    case INCOMING:
+        direction_name = "incoming";
+        break;
+    case OUTGOING:
+        direction_name = "outgoing";
+        break;
+    case INTERNAL:
+        direction_name = "internal";
+        break;
+    case OTHER:
+        direction_name = "other";
+        break;
+    default:
+        direction_name = "unknown";
+        break;
+    }    
+
+    return direction_name;
+}

src/fast_library.h

@@ -85,8 +85,11 @@ uint64_t fast_hton(uint64_t value);
 void print_pid_to_file(pid_t pid, std::string pid_path);
 bool read_pid_from_file(pid_t& pid, std::string pid_path);
 
+direction get_packet_direction(patricia_tree_t* lookup_tree, uint32_t src_ip, uint32_t dst_ip, unsigned long& subnet, unsigned int& subnet_cidr_mask);
+
 std::string convert_prefix_to_string_representation(prefix_t* prefix);
 std::string find_subnet_by_ip_in_string_format(patricia_tree_t* patricia_tree, std::string ip);
 std::string convert_subnet_to_string(subnet_t my_subnet);
+std::string get_direction_name(direction direction_value);
 
 #endif

src/fastnetmon.cpp

@@ -312,7 +312,6 @@ void execute_ip_ban(uint32_t client_ip,
                     map_element current_speed_element,
                     std::string flow_attack_details,
                     subnet_t client_subnet);
-direction get_packet_direction(uint32_t src_ip, uint32_t dst_ip, unsigned long& subnet, unsigned int& subnet_cidr_mask);
 void recalculate_speed();
 std::string print_channel_speed(std::string traffic_type, direction packet_direction);
 void process_packet(simple_packet& current_packet);
@@ -362,30 +361,6 @@ class TrafficComparatorClass {
     }
 };
 
-std::string get_direction_name(direction direction_value) {
-    std::string direction_name;
-
-    switch (direction_value) {
-    case INCOMING:
-        direction_name = "incoming";
-        break;
-    case OUTGOING:
-        direction_name = "outgoing";
-        break;
-    case INTERNAL:
-        direction_name = "internal";
-        break;
-    case OTHER:
-        direction_name = "other";
-        break;
-    default:
-        direction_name = "unknown";
-        break;
-    }
-
-    return direction_name;
-}
-
 void sigpipe_handler_for_popen(int signo) {
     logger << log4cpp::Priority::ERROR << "Sorry but we experienced error with popen. "
            << "Please check your scripts. They should receive data on stdin! Optionally you could disable passing any details with configuration param: notify_script_pass_details = no";
@@ -1211,7 +1186,7 @@ void process_packet(simple_packet& current_packet) {
     unsigned long subnet = 0;
     unsigned int subnet_cidr_mask = 0;
 
-    direction packet_direction = get_packet_direction(current_packet.src_ip, current_packet.dst_ip, subnet, subnet_cidr_mask);
+    direction packet_direction = get_packet_direction(lookup_tree, current_packet.src_ip, current_packet.dst_ip, subnet, subnet_cidr_mask);
 
     // Skip processing of specific traffic direction
     if ((packet_direction == INCOMING && !process_incoming_traffic) or
@@ -2245,63 +2220,6 @@ void interruption_signal_handler(int signal_number) {
     exit(1);
 }
 
-/* Get traffic type: check it belongs to our IPs */
-direction get_packet_direction(uint32_t src_ip, uint32_t dst_ip, unsigned long& subnet, unsigned int& subnet_cidr_mask) {
-    direction packet_direction;
-
-    bool our_ip_is_destination = false;
-    bool our_ip_is_source = false;
-
-    prefix_t prefix_for_check_adreess;
-    prefix_for_check_adreess.family = AF_INET;
-    prefix_for_check_adreess.bitlen = 32;
-
-    patricia_node_t* found_patrica_node = NULL;
-    prefix_for_check_adreess.add.sin.s_addr = dst_ip;
-
-    unsigned long destination_subnet = 0;
-    unsigned int  destination_subnet_cidr_mask = 0;
-    found_patrica_node = patricia_search_best2(lookup_tree, &prefix_for_check_adreess, 1);
-
-    if (found_patrica_node) {
-        our_ip_is_destination = true;
-        destination_subnet = found_patrica_node->prefix->add.sin.s_addr;
-        destination_subnet_cidr_mask = found_patrica_node->prefix->bitlen;
-    }
-
-    found_patrica_node = NULL;
-    prefix_for_check_adreess.add.sin.s_addr = src_ip;
-
-    unsigned long source_subnet = 0;
-    unsigned int source_subnet_cidr_mask = 0;
-    found_patrica_node = patricia_search_best2(lookup_tree, &prefix_for_check_adreess, 1);
-
-    if (found_patrica_node) {
-        our_ip_is_source = true;
-        source_subnet = found_patrica_node->prefix->add.sin.s_addr;
-        source_subnet_cidr_mask = found_patrica_node->prefix->bitlen;
-    }
-
-    subnet = 0;
-    if (our_ip_is_source && our_ip_is_destination) {
-        packet_direction = INTERNAL;
-    } else if (our_ip_is_source) {
-        subnet = source_subnet;
-        subnet_cidr_mask = source_subnet_cidr_mask;
-
-        packet_direction = OUTGOING;
-    } else if (our_ip_is_destination) {
-        subnet = destination_subnet;
-        subnet_cidr_mask = destination_subnet_cidr_mask;
-
-        packet_direction = INCOMING;
-    } else {
-        packet_direction = OTHER;
-    }
-
-    return packet_direction;
-}
-
 unsigned int detect_attack_protocol(map_element& speed_element, direction attack_direction) {
     if (attack_direction == INCOMING) {
         return get_max_used_protocol(speed_element.tcp_in_packets, speed_element.udp_in_packets,

src/plugin_runner.cpp

@@ -10,6 +10,7 @@
 #include <netinet/ip.h>
 #include <arpa/inet.h>
 
+#include "libpatricia/patricia.h"
 #include "fastnetmon_types.h"
 #include "fast_library.h"
 #include "netflow_plugin/netflow_collector.h"
@@ -32,6 +33,8 @@
 #include "log4cpp/PatternLayout.hh"
 #include "log4cpp/Priority.hh"
 
+#include <fstream>
+
 using namespace std;
 
 uint64_t total_unparsed_packets = 0;
@@ -39,6 +42,12 @@ uint64_t total_unparsed_packets = 0;
 std::string log_file_path = "/tmp/fastnetmon_plugin_tester.log";
 log4cpp::Category& logger = log4cpp::Category::getRoot();
 
+// #define DO_SUBNET_LOOKUP
+
+#ifdef DO_SUBNET_LOOKUP
+patricia_tree_t* lookup_tree;
+#endif
+
 // Global map with parsed config file
 std::map<std::string, std::string> configuration_map;
 
@@ -56,6 +65,32 @@ void init_logging() {
 
 void process_packet(simple_packet& current_packet) {
     std::cout << print_simple_packet(current_packet);
+#ifdef DO_SUBNET_LOOKUP
+    unsigned long subnet = 0;
+    unsigned int subnet_cidr_mask = 0;
+
+    direction packet_direction = get_packet_direction(lookup_tree, current_packet.src_ip, current_packet.dst_ip, subnet, subnet_cidr_mask); 
+    std::cout << "direction: " << get_direction_name(packet_direction) << std::endl; 
+#endif
+}
+
+// Copy & paste from fastnetmon.cpp
+std::vector<std::string> read_file_to_vector(std::string file_name) {
+    std::vector<std::string> data;
+    std::string line;
+
+    std::ifstream reading_file;
+
+    reading_file.open(file_name.c_str(), std::ifstream::in);
+    if (reading_file.is_open()) {
+        while (getline(reading_file, line)) {
+            data.push_back(line);
+        }    
+    } else {
+        logger << log4cpp::Priority::ERROR << "Can't open file: " << file_name;
+    }    
+
+    return data;
 }
 
 int main(int argc, char* argv[]) {
@@ -66,6 +101,16 @@ int main(int argc, char* argv[]) {
         return 1;
     }
 
+#ifdef DO_SUBNET_LOOKUP
+    std::vector<std::string> network_list_from_config = read_file_to_vector("/etc/networks_list");
+    
+    for (std::vector<std::string>::iterator ii = network_list_from_config.begin(); ii != network_list_from_config.end(); ++ii) {
+        std::string network_address_in_cidr_form = *ii;
+
+        make_and_lookup(lookup_tree, const_cast<char*>(network_address_in_cidr_form.c_str()));
+    }   
+#endif
+
     // Required by Netmap and PF_RING plugins
     // We use fake interface name here because netmap could make server unreachable :)
     configuration_map["interfaces"] = "ethXXX";