mirror of
https://github.com/pavel-odintsov/fastnetmon
synced 2024-05-26 12:06:10 +02:00
We have integrated json to main application. But please be very careful with this code because it's enough unstable
This commit is contained in:
Pavel Odintsov
parent
f940704aa3
commit
669ef4ae4a
|
|
@ -1012,6 +1012,60 @@ uint64_t get_tsc_freq_with_sleep() {
|
|||
return read_tsc_cpu_register() - start;
|
||||
}
|
||||
|
||||
json_object* serialize_attack_description_to_json(attack_details& current_attack) {
|
||||
json_object* jobj = json_object_new_object();
|
||||
|
||||
attack_type_t attack_type = detect_attack_type(current_attack);
|
||||
std::string printable_attack_type = get_printable_attack_name(attack_type);
|
||||
|
||||
json_object_object_add(jobj, "Attack type", json_object_new_string(printable_attack_type.c_str()));
|
||||
json_object_object_add(jobj, "Initial attack power", json_object_new_int(current_attack.attack_power));
|
||||
json_object_object_add(jobj, "Peak attack power", json_object_new_int(current_attack.max_attack_power));
|
||||
json_object_object_add(jobj, "Attack direction", json_object_new_string(get_direction_name(current_attack.attack_direction).c_str()));
|
||||
json_object_object_add(jobj, "Attack protocol", json_object_new_string(get_printable_protocol_name(current_attack.attack_protocol).c_str()));
|
||||
|
||||
json_object_object_add(jobj, "Total incoming traffic", json_object_new_int(current_attack.in_bytes));
|
||||
json_object_object_add(jobj, "Total outgoing traffic", json_object_new_int(current_attack.out_bytes));
|
||||
json_object_object_add(jobj, "Total incoming pps", json_object_new_int(current_attack.in_packets));
|
||||
json_object_object_add(jobj, "Total outgoing pps", json_object_new_int(current_attack.out_packets));
|
||||
json_object_object_add(jobj, "Total incoming flows", json_object_new_int(current_attack.in_flows));
|
||||
json_object_object_add(jobj, "Total outgoing flows", json_object_new_int(current_attack.out_flows));
|
||||
|
||||
json_object_object_add(jobj, "Average incoming traffic", json_object_new_int(current_attack.average_in_bytes));
|
||||
json_object_object_add(jobj, "Average outgoing traffic", json_object_new_int(current_attack.average_out_bytes));
|
||||
json_object_object_add(jobj, "Average incoming pps", json_object_new_int(current_attack.average_in_packets));
|
||||
json_object_object_add(jobj, "Average outgoing pps", json_object_new_int(current_attack.average_out_packets));
|
||||
json_object_object_add(jobj, "Average incoming flows", json_object_new_int(current_attack.average_in_flows));
|
||||
json_object_object_add(jobj, "Average outgoing flows", json_object_new_int(current_attack.average_out_flows));
|
||||
|
||||
json_object_object_add(jobj, "Incoming ip fragmented traffic", json_object_new_int( current_attack.fragmented_in_bytes ));
|
||||
json_object_object_add(jobj, "Outgoing ip fragmented traffic", json_object_new_int( current_attack.fragmented_out_bytes ));
|
||||
json_object_object_add(jobj, "Incoming ip fragmented pps", json_object_new_int( current_attack.fragmented_in_packets ));
|
||||
json_object_object_add(jobj, "Outgoing ip fragmented pps", json_object_new_int( current_attack.fragmented_out_packets ));
|
||||
|
||||
json_object_object_add(jobj, "Incoming tcp traffic", json_object_new_int( current_attack.tcp_in_bytes ));
|
||||
json_object_object_add(jobj, "Outgoing tcp traffic", json_object_new_int( current_attack.tcp_out_bytes ));
|
||||
json_object_object_add(jobj, "Incoming tcp pps", json_object_new_int( current_attack.tcp_in_packets ));
|
||||
json_object_object_add(jobj, "Outgoing tcp pps", json_object_new_int(current_attack.tcp_out_packets ));
|
||||
|
||||
json_object_object_add(jobj, "Incoming syn tcp traffic", json_object_new_int( current_attack.tcp_syn_in_bytes ));
|
||||
json_object_object_add(jobj, "Outgoing syn tcp traffic", json_object_new_int( current_attack.tcp_syn_out_bytes ));
|
||||
json_object_object_add(jobj, "Incoming syn tcp pps", json_object_new_int( current_attack.tcp_syn_in_packets ));
|
||||
json_object_object_add(jobj, "Outgoing syn tcp pps", json_object_new_int( current_attack.tcp_syn_out_packets ));
|
||||
|
||||
json_object_object_add(jobj, "Incoming udp traffic", json_object_new_int( current_attack.udp_in_bytes ));
|
||||
json_object_object_add(jobj, "Outgoing udp traffic", json_object_new_int( current_attack.udp_out_bytes ));
|
||||
json_object_object_add(jobj, "Incoming udp pps", json_object_new_int( current_attack.udp_in_packets ));
|
||||
json_object_object_add(jobj, "Outgoing udp pps", json_object_new_int( current_attack.udp_out_packets ));
|
||||
|
||||
json_object_object_add(jobj, "Incoming icmp traffic", json_object_new_int( current_attack.icmp_in_bytes ));
|
||||
json_object_object_add(jobj, "Outgoing icmp traffic", json_object_new_int( current_attack.icmp_out_bytes ));
|
||||
json_object_object_add(jobj, "Incoming icmp pps", json_object_new_int( current_attack.icmp_in_packets ));
|
||||
json_object_object_add(jobj, "Outgoing icmp pps", json_object_new_int( current_attack.icmp_out_packets ));
|
||||
|
||||
return jobj;
|
||||
}
|
||||
|
||||
std::string serialize_attack_description(attack_details& current_attack) {
|
||||
std::stringstream attack_description;
|
||||
|
||||
|
|
@ -1119,4 +1173,59 @@ std::string get_printable_attack_name(attack_type_t attack) {
|
|||
}
|
||||
}
|
||||
|
||||
std::string serialize_network_load_to_text(map_element& network_speed_meter, bool average) {
|
||||
std::stringstream buffer;
|
||||
|
||||
std::string prefix = "Network";
|
||||
|
||||
if (average) {
|
||||
prefix = "Average network";
|
||||
}
|
||||
|
||||
buffer
|
||||
<< prefix << " incoming traffic: "<< convert_speed_to_mbps(network_speed_meter.in_bytes) << " mbps\n"
|
||||
<< prefix << " outgoing traffic: "<< convert_speed_to_mbps(network_speed_meter.out_bytes) << " mbps\n"
|
||||
<< prefix << " incoming pps: "<< network_speed_meter.in_packets << " packets per second\n"
|
||||
<< prefix << " outgoing pps: "<< network_speed_meter.out_packets << " packets per second\n";
|
||||
|
||||
return buffer.str();
|
||||
}
|
||||
|
||||
json_object* serialize_network_load_to_json(map_element& network_speed_meter) {
|
||||
json_object* jobj = json_object_new_object();
|
||||
|
||||
json_object_object_add(jobj, "incoming traffic", json_object_new_int(network_speed_meter.in_bytes));
|
||||
json_object_object_add(jobj, "outgoing traffic", json_object_new_int(network_speed_meter.out_bytes));
|
||||
json_object_object_add(jobj, "incoming pps", json_object_new_int(network_speed_meter.in_packets));
|
||||
json_object_object_add(jobj, "outgoing pps", json_object_new_int(network_speed_meter.out_packets));
|
||||
|
||||
return jobj;
|
||||
}
|
||||
|
||||
std::string serialize_statistic_counters_about_attack(attack_details& current_attack) {
|
||||
std::stringstream attack_description;
|
||||
|
||||
double average_packet_size_for_incoming_traffic = 0;
|
||||
double average_packet_size_for_outgoing_traffic = 0;
|
||||
|
||||
if (current_attack.average_in_packets > 0) {
|
||||
average_packet_size_for_incoming_traffic =
|
||||
(double)current_attack.average_in_bytes / (double)current_attack.average_in_packets;
|
||||
}
|
||||
|
||||
if (current_attack.average_out_packets > 0) {
|
||||
average_packet_size_for_outgoing_traffic =
|
||||
(double)current_attack.average_out_bytes / (double)current_attack.average_out_packets;
|
||||
}
|
||||
|
||||
// We do not need very accurate size
|
||||
attack_description.precision(1);
|
||||
attack_description << "Average packet size for incoming traffic: " << std::fixed
|
||||
<< average_packet_size_for_incoming_traffic << " bytes \n"
|
||||
<< "Average packet size for outgoing traffic: " << std::fixed
|
||||
<< average_packet_size_for_outgoing_traffic << " bytes \n";
|
||||
|
||||
return attack_description.str();
|
||||
}
|
||||
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -17,6 +17,8 @@
|
|||
#include <boost/thread/mutex.hpp>
|
||||
#include <boost/regex.hpp>
|
||||
|
||||
#include <json-c/json.h>
|
||||
|
||||
// Boost libs
|
||||
#include <boost/algorithm/string.hpp>
|
||||
|
||||
|
|
@ -116,5 +118,9 @@ bool call_lua_function(std::string function_name, lua_State* lua_state_param, st
|
|||
std::string serialize_attack_description(attack_details& current_attack);
|
||||
attack_type_t detect_attack_type(attack_details& current_attack);
|
||||
std::string get_printable_attack_name(attack_type_t attack);
|
||||
std::string serialize_network_load_to_text(map_element& network_speed_meter, bool average);
|
||||
json_object* serialize_attack_description_to_json(attack_details& current_attack);
|
||||
json_object* serialize_network_load_to_json(map_element& network_speed_meter);
|
||||
std::string serialize_statistic_counters_about_attack(attack_details& current_attack);
|
||||
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -352,6 +352,7 @@ void init_current_instance_of_ndpi();
|
|||
void block_all_traffic_with_82599_hardware_filtering(std::string client_ip_as_string);
|
||||
#endif
|
||||
|
||||
std::string get_attack_description_in_json(uint32_t client_ip, attack_details& current_attack);
|
||||
logging_configuration_t read_logging_settings(configuration_map_t configuration_map);
|
||||
std::string get_amplification_attack_type(amplification_attack_type_t attack_type);
|
||||
std::string generate_flow_spec_for_amplification_attack(amplification_attack_type_t amplification_attack_type, std::string destination_ip);
|
||||
|
|
@ -2808,6 +2809,10 @@ void call_ban_handlers(uint32_t client_ip, attack_details& current_attack, std::
|
|||
bool store_attack_details_to_file = true;
|
||||
|
||||
std::string basic_attack_information = get_attack_description(client_ip, current_attack);
|
||||
|
||||
// TODO
|
||||
//std::string basic_attack_information_in_json = get_attack_description_in_json(client_ip, current_attack);
|
||||
|
||||
std::string full_attack_description = basic_attack_information + flow_attack_details;
|
||||
|
||||
if (store_attack_details_to_file) {
|
||||
|
|
@ -3066,24 +3071,6 @@ std::string print_ddos_attack_details() {
|
|||
return output_buffer.str();
|
||||
}
|
||||
|
||||
std::string serialize_network_load_to_text(map_element& network_speed_meter, bool average) {
|
||||
std::stringstream buffer;
|
||||
|
||||
std::string prefix = "Network";
|
||||
|
||||
if (average) {
|
||||
prefix = "Average network";
|
||||
}
|
||||
|
||||
buffer
|
||||
<< prefix << " incoming traffic: "<< convert_speed_to_mbps(network_speed_meter.in_bytes) << " mbps\n"
|
||||
<< prefix << " outgoing traffic: "<< convert_speed_to_mbps(network_speed_meter.out_bytes) << " mbps\n"
|
||||
<< prefix << " incoming pps: "<< network_speed_meter.in_packets << " packets per second\n"
|
||||
<< prefix << " outgoing pps: "<< network_speed_meter.out_packets << " packets per second\n";
|
||||
|
||||
return buffer.str();
|
||||
}
|
||||
|
||||
std::string get_attack_description(uint32_t client_ip, attack_details& current_attack) {
|
||||
std::stringstream attack_description;
|
||||
|
||||
|
|
@ -3102,27 +3089,31 @@ std::string get_attack_description(uint32_t client_ip, attack_details& current_a
|
|||
attack_description << serialize_network_load_to_text(average_network_speed_meter, true);
|
||||
}
|
||||
|
||||
double average_packet_size_for_incoming_traffic = 0;
|
||||
double average_packet_size_for_outgoing_traffic = 0;
|
||||
attack_description << serialize_statistic_counters_about_attack(current_attack);
|
||||
}
|
||||
|
||||
if (current_attack.average_in_packets > 0) {
|
||||
average_packet_size_for_incoming_traffic =
|
||||
(double)current_attack.average_in_bytes / (double)current_attack.average_in_packets;
|
||||
std::string get_attack_description_in_json(uint32_t client_ip, attack_details& current_attack) {
|
||||
json_object* jobj = json_object_new_object();
|
||||
|
||||
json_object_object_add(jobj, "IP", json_object_new_string(convert_ip_as_uint_to_string(client_ip).c_str()));
|
||||
json_object_object_add(jobj, "Attack details", serialize_attack_description_to_json(current_attack) );
|
||||
|
||||
if (enable_subnet_counters) {
|
||||
map_element network_speed_meter = PerSubnetSpeedMap[ current_attack.customer_network ];
|
||||
map_element average_network_speed_meter = PerSubnetAverageSpeedMap[ current_attack.customer_network ];
|
||||
|
||||
json_object_object_add(jobj, "Network load", serialize_network_load_to_json(network_speed_meter));
|
||||
json_object_object_add(jobj, "Network average load", serialize_network_load_to_json(average_network_speed_meter));
|
||||
}
|
||||
|
||||
if (current_attack.average_out_packets > 0) {
|
||||
average_packet_size_for_outgoing_traffic =
|
||||
(double)current_attack.average_out_bytes / (double)current_attack.average_out_packets;
|
||||
}
|
||||
// So we haven't statistic_counters here but from my point of view they are useless
|
||||
|
||||
// We do not need very accurate size
|
||||
attack_description.precision(1);
|
||||
attack_description << "Average packet size for incoming traffic: " << std::fixed
|
||||
<< average_packet_size_for_incoming_traffic << " bytes \n"
|
||||
<< "Average packet size for outgoing traffic: " << std::fixed
|
||||
<< average_packet_size_for_outgoing_traffic << " bytes \n";
|
||||
std::string json_as_text = json_object_to_json_string(jobj);
|
||||
|
||||
return attack_description.str();
|
||||
// Free memory
|
||||
json_object_put(jobj);
|
||||
|
||||
return json_as_text;
|
||||
}
|
||||
|
||||
std::string generate_simple_packets_dump(std::vector<simple_packet>& ban_list_details) {
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue