Implement mock object for testing netflow; Since this commit we can feed netflow data from pcap dump and do not bother customers

2024-11-23 00:52:00 +01:00 · 2015-03-19 23:06:55 +03:00 · 2015-03-19 23:06:55 +03:00 · 6664b3e69c
commit 6664b3e69c
parent 0b82f645bc
1 changed files with 114 additions and 4 deletions
--- a/tests/pcap_reader.cpp
+++ b/tests/pcap_reader.cpp
@ -1,11 +1,39 @@
 #include <stdio.h>
+#include <stdlib.h>
 #include <iostream>
 #include <pcap.h>
 #include <unistd.h>
 #include <fcntl.h>
 #include <stdint.h>
+#include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <string>
+#include <sstream>
+
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include "../netflow_plugin/netflow_collector.h"
+#include "../fastnetmon_packet_parser.h"
+#include "../fastnetmon_types.h"
+
+#include "log4cpp/Category.hh"
+#include "log4cpp/Appender.hh"
+#include "log4cpp/FileAppender.hh"
+#include "log4cpp/OstreamAppender.hh"
+#include "log4cpp/Layout.hh"
+#include "log4cpp/BasicLayout.hh"
+#include "log4cpp/PatternLayout.hh"
+#include "log4cpp/Priority.hh"
+
+// Fake config
+std::map<std::string, std::string> configuration_map;
+
+std::string log_file_path = "/tmp/fastnetmon_pcap_reader.log";
+log4cpp::Category& logger = log4cpp::Category::getRoot();
+

 /* It's prototype for moc testing of FastNetMon, it's very useful for netflow or direct packet parsers debug */

@ -23,6 +51,25 @@ struct fastnetmon_pcap_pkthdr {
    uint32_t orig_len;       /* actual length of packet */
 };

+void pcap_parse_packet(char* buffer, uint32_t len);
+
+void init_logging() {
+    log4cpp::PatternLayout* layout = new log4cpp::PatternLayout(); 
+    layout->setConversionPattern ("%d [%p] %m%n"); 
+
+    log4cpp::Appender *appender = new log4cpp::FileAppender("default", log_file_path);
+    appender->setLayout(layout);
+
+    logger.setPriority(log4cpp::Priority::INFO);
+    logger.addAppender(appender);
+    logger.info("Logger initialized!");
+}
+
+// Copy & Paste
+int convert_string_to_integer(std::string line) {
+    return atoi(line.c_str());
+}
+
 int pcap_reader(const char* pcap_file_path) {
    int filedesc = open(pcap_file_path, O_RDONLY);

@ -47,7 +94,7 @@ int pcap_reader(const char* pcap_file_path) {
    }

    // Buffer for packets
-    char packet_bufer[pcap_header.snaplen];
+    char packet_buffer[pcap_header.snaplen];

    unsigned int read_packets = 0; 
    while (1) {
@ -65,7 +112,7 @@ int pcap_reader(const char* pcap_file_path) {
            return -4;
        }

-        ssize_t packet_payload_readed_bytes = read(filedesc, packet_bufer, pcap_packet_header.incl_len);
+        ssize_t packet_payload_readed_bytes = read(filedesc, packet_buffer, pcap_packet_header.incl_len);
 
        if (pcap_packet_header.incl_len != packet_payload_readed_bytes) {
            printf("I read packet header but can't read packet payload\n");
@ -73,7 +120,8 @@ int pcap_reader(const char* pcap_file_path) {
        }

        // printf("packet payload read\n");
-        
+        pcap_parse_packet(packet_buffer, pcap_packet_header.incl_len);
+
        read_packets++;
    }

@ -82,7 +130,69 @@ int pcap_reader(const char* pcap_file_path) {
    return 0;
 }

+
+
+// Ugly copy & paste
+std::string convert_ip_as_uint_to_string(uint32_t ip_as_integer) {
+    struct in_addr ip_addr;
+    ip_addr.s_addr = ip_as_integer;
+    return (std::string)inet_ntoa(ip_addr);
+}
+
+// Reduce function version
+std::string print_simple_packet(simple_packet packet) {
+    std::stringstream buffer;
+
+    /// buffer<<convert_timeval_to_date(packet.ts)<<" ";
+
+    buffer
+        <<convert_ip_as_uint_to_string(packet.src_ip)<<":"<<packet.source_port
+        <<" > "
+        <<convert_ip_as_uint_to_string(packet.dst_ip)<<":"<<packet.destination_port;
+        //<<" protocol: "<<get_printable_protocol_name(packet.protocol);
+   
+    // Print flags only for TCP 
+    //if (packet.protocol == IPPROTO_TCP) { 
+    //    buffer<<" flags: "<<print_tcp_flags(packet.flags);
+    //}
+
+    buffer<<" packets: "<<packet.number_of_packets<<" ";
+    buffer<<"size: "   <<packet.length<<" bytes"<<" ";
+    buffer<<"sample ratio: "<<packet.sample_ratio<<" ";
+    buffer<<"\n";
+    
+    return buffer.str();
+}
+
+void my_fastnetmon_packet_handler(simple_packet& current_packet) {
+    printf("handler colled\n");
+    std::cout<<print_simple_packet(current_packet)<<std::endl;
+}
+
+extern process_packet_pointer netflow_process_func_ptr;
+
+void pcap_parse_packet(char* buffer, uint32_t len) {
+    struct pfring_pkthdr packet_header;
+    memset(&packet_header, 0, sizeof(packet_header));
+    packet_header.len = len;
+    packet_header.caplen = len;
+
+    netflow_process_func_ptr = my_fastnetmon_packet_handler;
+
+    fastnetmon_parse_pkt((u_char*)buffer, &packet_header, 4, 1, 0); 
+    
+    //char print_buffer[512];
+    //fastnetmon_print_parsed_pkt(print_buffer, 512, (u_char*)buffer, &packet_header);
+    //logger.info("%s", print_buffer);
+
+    char* payload_ptr = packet_header.extended_hdr.parsed_pkt.offset.payload_offset + buffer;
+        
+    process_netflow_packet(len, (u_int8_t*)payload_ptr); 
+}
+
 int main() {
-    pcap_reader("/root/ipfix_example_ipt_netflow_syn_flood.pcap");
+    //init_logging();
+    pcap_reader("/root/flow_dump_ipfix_issue_with_fixed_to_2055.pcap");
+    // pcap_reader("/root/ipfix_example_ipt_netflow_syn_flood.pcap");
    //pcap_reader("/Users/pavel-odintsov/Dropbox/ipfix_example_ipt_netflow_syn_flood.pcap");
 }