wanderer/fastnetmon-rewritten
1
0
Fork 0
mirror of https://github.com/pavel-odintsov/fastnetmon synced 2024-11-26 13:14:31 +01:00
Code Issues Releases Activity

Added option to process intrenal traffic as external for attack detection purposes.

Browse Source
This commit is contained in:
Pavel Odintsov 2022-03-13 17:18:21 +02:00
parent 1f65bc055a
commit b2da05e6e1
4 changed files with 47 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
.circleci/config.yml
View File

@ -67,10 +67,10 @@ jobs:
path: /opt/fastnetmon_libraries_bundle.tar.gz
- store_artifacts:
path: /tmp/fastnetmon_install.log
- run: src/scripts/build_any_package.pl deb /opt/fastnetmon_libraries_bundle.tar.gz 1.1.7 ubuntu 20.04
- run: src/scripts/build_any_package.pl deb /opt/fastnetmon_libraries_bundle.tar.gz 1.1.8 ubuntu 20.04
- store_artifacts:
path: /tmp/fastnetmon_1.1.7_amd64.deb
- run: s3cmd --disable-multipart --host=storage.googleapis.com --host-bucket="%(bucket).storage.googleapis.com" put /tmp/fastnetmon_1.1.7_amd64.deb s3://fastnetmon_community_packages/ubuntu/20.04/fastnetmon_1.1.7_amd64.deb
path: /tmp/fastnetmon_1.1.8_amd64.deb
- run: s3cmd --disable-multipart --host=storage.googleapis.com --host-bucket="%(bucket).storage.googleapis.com" put /tmp/fastnetmon_1.1.8_amd64.deb s3://fastnetmon_community_packages/ubuntu/20.04/fastnetmon_1.1.8_amd64.deb
- run: cp src/fastnetmon.conf /etc/fastnetmon.conf
- run: ldd /opt/fastnetmon/fastnetmon
- run: ldd /opt/fastnetmon/fastnetmon_client
@ -141,10 +141,10 @@ jobs:
path: /opt/fastnetmon_libraries_bundle.tar.gz
- store_artifacts:
path: /tmp/fastnetmon_install.log
- run: src/scripts/build_any_package.pl deb /opt/fastnetmon_libraries_bundle.tar.gz 1.1.7 ubuntu 18.04
- run: src/scripts/build_any_package.pl deb /opt/fastnetmon_libraries_bundle.tar.gz 1.1.8 ubuntu 18.04
- store_artifacts:
path: /tmp/fastnetmon_1.1.7_amd64.deb
- run: s3cmd --disable-multipart --host=storage.googleapis.com --host-bucket="%(bucket).storage.googleapis.com" put /tmp/fastnetmon_1.1.7_amd64.deb s3://fastnetmon_community_packages/ubuntu/18.04/fastnetmon_1.1.7_amd64.deb
path: /tmp/fastnetmon_1.1.8_amd64.deb
- run: s3cmd --disable-multipart --host=storage.googleapis.com --host-bucket="%(bucket).storage.googleapis.com" put /tmp/fastnetmon_1.1.8_amd64.deb s3://fastnetmon_community_packages/ubuntu/18.04/fastnetmon_1.1.8_amd64.deb
- run: cp src/fastnetmon.conf /etc/fastnetmon.conf
- run: ldd /opt/fastnetmon/fastnetmon
- run: ldd /opt/fastnetmon/fastnetmon_client
@ -215,10 +215,10 @@ jobs:
path: /opt/fastnetmon_libraries_bundle.tar.gz
- store_artifacts:
path: /tmp/fastnetmon_install.log
- run: src/scripts/build_any_package.pl deb /opt/fastnetmon_libraries_bundle.tar.gz 1.1.7 ubuntu 16.04
- run: src/scripts/build_any_package.pl deb /opt/fastnetmon_libraries_bundle.tar.gz 1.1.8 ubuntu 16.04
- store_artifacts:
path: /tmp/fastnetmon_1.1.7_amd64.deb
- run: s3cmd --disable-multipart --host=storage.googleapis.com --host-bucket="%(bucket).storage.googleapis.com" put /tmp/fastnetmon_1.1.7_amd64.deb s3://fastnetmon_community_packages/ubuntu/16.04/fastnetmon_1.1.7_amd64.deb
path: /tmp/fastnetmon_1.1.8_amd64.deb
- run: s3cmd --disable-multipart --host=storage.googleapis.com --host-bucket="%(bucket).storage.googleapis.com" put /tmp/fastnetmon_1.1.8_amd64.deb s3://fastnetmon_community_packages/ubuntu/16.04/fastnetmon_1.1.8_amd64.deb
- run: cp src/fastnetmon.conf /etc/fastnetmon.conf
- run: ldd /opt/fastnetmon/fastnetmon
- run: ldd /opt/fastnetmon/fastnetmon_client
@ -289,10 +289,10 @@ jobs:
path: /opt/fastnetmon_libraries_bundle.tar.gz
- store_artifacts:
path: /tmp/fastnetmon_install.log
- run: src/scripts/build_any_package.pl deb /opt/fastnetmon_libraries_bundle.tar.gz 1.1.7 ubuntu 14.04
- run: src/scripts/build_any_package.pl deb /opt/fastnetmon_libraries_bundle.tar.gz 1.1.8 ubuntu 14.04
- store_artifacts:
path: /tmp/fastnetmon_1.1.7_amd64.deb
- run: s3cmd --disable-multipart --host=storage.googleapis.com --host-bucket="%(bucket).storage.googleapis.com" put /tmp/fastnetmon_1.1.7_amd64.deb s3://fastnetmon_community_packages/ubuntu/14.04/fastnetmon_1.1.7_amd64.deb
path: /tmp/fastnetmon_1.1.8_amd64.deb
- run: s3cmd --disable-multipart --host=storage.googleapis.com --host-bucket="%(bucket).storage.googleapis.com" put /tmp/fastnetmon_1.1.8_amd64.deb s3://fastnetmon_community_packages/ubuntu/14.04/fastnetmon_1.1.8_amd64.deb
- run: cp src/fastnetmon.conf /etc/fastnetmon.conf
- run: ldd /opt/fastnetmon/fastnetmon
- run: ldd /opt/fastnetmon/fastnetmon_client
@ -363,10 +363,10 @@ jobs:
path: /opt/fastnetmon_libraries_bundle.tar.gz
- store_artifacts:
path: /tmp/fastnetmon_install.log
- run: src/scripts/build_any_package.pl deb /opt/fastnetmon_libraries_bundle.tar.gz 1.1.7 debian 8
- run: src/scripts/build_any_package.pl deb /opt/fastnetmon_libraries_bundle.tar.gz 1.1.8 debian 8
- store_artifacts:
path: /tmp/fastnetmon_1.1.7_amd64.deb
- run: s3cmd --disable-multipart --host=storage.googleapis.com --host-bucket="%(bucket).storage.googleapis.com" put /tmp/fastnetmon_1.1.7_amd64.deb s3://fastnetmon_community_packages/debian/8/fastnetmon_1.1.7_amd64.deb
path: /tmp/fastnetmon_1.1.8_amd64.deb
- run: s3cmd --disable-multipart --host=storage.googleapis.com --host-bucket="%(bucket).storage.googleapis.com" put /tmp/fastnetmon_1.1.8_amd64.deb s3://fastnetmon_community_packages/debian/8/fastnetmon_1.1.8_amd64.deb
- run: cp src/fastnetmon.conf /etc/fastnetmon.conf
- run: ldd /opt/fastnetmon/fastnetmon
- run: ldd /opt/fastnetmon/fastnetmon_client
@ -437,10 +437,10 @@ jobs:
path: /opt/fastnetmon_libraries_bundle.tar.gz
- store_artifacts:
path: /tmp/fastnetmon_install.log
- run: src/scripts/build_any_package.pl deb /opt/fastnetmon_libraries_bundle.tar.gz 1.1.7 debian 9
- run: src/scripts/build_any_package.pl deb /opt/fastnetmon_libraries_bundle.tar.gz 1.1.8 debian 9
- store_artifacts:
path: /tmp/fastnetmon_1.1.7_amd64.deb
- run: s3cmd --disable-multipart --host=storage.googleapis.com --host-bucket="%(bucket).storage.googleapis.com" put /tmp/fastnetmon_1.1.7_amd64.deb s3://fastnetmon_community_packages/debian/9/fastnetmon_1.1.7_amd64.deb
path: /tmp/fastnetmon_1.1.8_amd64.deb
- run: s3cmd --disable-multipart --host=storage.googleapis.com --host-bucket="%(bucket).storage.googleapis.com" put /tmp/fastnetmon_1.1.8_amd64.deb s3://fastnetmon_community_packages/debian/9/fastnetmon_1.1.8_amd64.deb
- run: cp src/fastnetmon.conf /etc/fastnetmon.conf
- run: ldd /opt/fastnetmon/fastnetmon
- run: ldd /opt/fastnetmon/fastnetmon_client
@ -511,10 +511,10 @@ jobs:
path: /opt/fastnetmon_libraries_bundle.tar.gz
- store_artifacts:
path: /tmp/fastnetmon_install.log
- run: src/scripts/build_any_package.pl deb /opt/fastnetmon_libraries_bundle.tar.gz 1.1.7 debian 10
- run: src/scripts/build_any_package.pl deb /opt/fastnetmon_libraries_bundle.tar.gz 1.1.8 debian 10
- store_artifacts:
path: /tmp/fastnetmon_1.1.7_amd64.deb
- run: s3cmd --disable-multipart --host=storage.googleapis.com --host-bucket="%(bucket).storage.googleapis.com" put /tmp/fastnetmon_1.1.7_amd64.deb s3://fastnetmon_community_packages/debian/10/fastnetmon_1.1.7_amd64.deb
path: /tmp/fastnetmon_1.1.8_amd64.deb
- run: s3cmd --disable-multipart --host=storage.googleapis.com --host-bucket="%(bucket).storage.googleapis.com" put /tmp/fastnetmon_1.1.8_amd64.deb s3://fastnetmon_community_packages/debian/10/fastnetmon_1.1.8_amd64.deb
- run: cp src/fastnetmon.conf /etc/fastnetmon.conf
- run: ldd /opt/fastnetmon/fastnetmon
- run: ldd /opt/fastnetmon/fastnetmon_client
@ -565,10 +565,10 @@ jobs:
path: /opt/fastnetmon_libraries_bundle.tar.gz
- store_artifacts:
path: /tmp/fastnetmon_install.log
- run: src/scripts/build_any_package.pl rpm /opt/fastnetmon_libraries_bundle.tar.gz 1.1.7 centos 6
- run: src/scripts/build_any_package.pl rpm /opt/fastnetmon_libraries_bundle.tar.gz 1.1.8 centos 6
- store_artifacts:
path: /tmp/result_data/fastnetmon-1.1.7-1.el6.x86_64.rpm
- run: s3cmd --disable-multipart --host=storage.googleapis.com --host-bucket="%(bucket).storage.googleapis.com" put /tmp/result_data/fastnetmon-1.1.7-1.el6.x86_64.rpm s3://fastnetmon_community_packages/centos/6/fastnetmon-1.1.7-1.el6.x86_64.rpm
path: /tmp/result_data/fastnetmon-1.1.8-1.el6.x86_64.rpm
- run: s3cmd --disable-multipart --host=storage.googleapis.com --host-bucket="%(bucket).storage.googleapis.com" put /tmp/result_data/fastnetmon-1.1.8-1.el6.x86_64.rpm s3://fastnetmon_community_packages/centos/6/fastnetmon-1.1.8-1.el6.x86_64.rpm
- run: ldd /opt/fastnetmon/fastnetmon
- run: ldd /opt/fastnetmon/fastnetmon_client
- run: cp src/fastnetmon.conf /etc/fastnetmon.conf
@ -637,10 +637,10 @@ jobs:
path: /opt/fastnetmon_libraries_bundle.tar.gz
- store_artifacts:
path: /tmp/fastnetmon_install.log
- run: src/scripts/build_any_package.pl rpm /opt/fastnetmon_libraries_bundle.tar.gz 1.1.7 centos 7
- run: src/scripts/build_any_package.pl rpm /opt/fastnetmon_libraries_bundle.tar.gz 1.1.8 centos 7
- store_artifacts:
path: /tmp/result_data/fastnetmon-1.1.7-1.el7.x86_64.rpm
- run: s3cmd --disable-multipart --host=storage.googleapis.com --host-bucket="%(bucket).storage.googleapis.com" put /tmp/result_data/fastnetmon-1.1.7-1.el7.x86_64.rpm s3://fastnetmon_community_packages/centos/7/fastnetmon-1.1.7-1.el7.x86_64.rpm
path: /tmp/result_data/fastnetmon-1.1.8-1.el7.x86_64.rpm
- run: s3cmd --disable-multipart --host=storage.googleapis.com --host-bucket="%(bucket).storage.googleapis.com" put /tmp/result_data/fastnetmon-1.1.8-1.el7.x86_64.rpm s3://fastnetmon_community_packages/centos/7/fastnetmon-1.1.8-1.el7.x86_64.rpm
- run: cp src/fastnetmon.conf /etc/fastnetmon.conf
- run: ldd /opt/fastnetmon/fastnetmon
- run: ldd /opt/fastnetmon/fastnetmon_client
@ -710,10 +710,10 @@ jobs:
path: /opt/fastnetmon_libraries_bundle.tar.gz
- store_artifacts:
path: /tmp/fastnetmon_install.log
- run: src/scripts/build_any_package.pl rpm /opt/fastnetmon_libraries_bundle.tar.gz 1.1.7 centos 8
- run: src/scripts/build_any_package.pl rpm /opt/fastnetmon_libraries_bundle.tar.gz 1.1.8 centos 8
- store_artifacts:
path: /tmp/result_data/fastnetmon-1.1.7-1.el8.x86_64.rpm
- run: s3cmd --disable-multipart --host=storage.googleapis.com --host-bucket="%(bucket).storage.googleapis.com" put /tmp/result_data/fastnetmon-1.1.7-1.el8.x86_64.rpm s3://fastnetmon_community_packages/centos/8/fastnetmon-1.1.7-1.el8.x86_64.rpm
path: /tmp/result_data/fastnetmon-1.1.8-1.el8.x86_64.rpm
- run: s3cmd --disable-multipart --host=storage.googleapis.com --host-bucket="%(bucket).storage.googleapis.com" put /tmp/result_data/fastnetmon-1.1.8-1.el8.x86_64.rpm s3://fastnetmon_community_packages/centos/8/fastnetmon-1.1.8-1.el8.x86_64.rpm
- run: cp src/fastnetmon.conf /etc/fastnetmon.conf
- run: ldd /opt/fastnetmon/fastnetmon
- run: ldd /opt/fastnetmon/fastnetmon_client

2
src/CMakeLists.txt
View File

@ -113,7 +113,7 @@ add_executable(fastnetmon fastnetmon.cpp)
# Get last commit hash
execute_process(COMMAND git rev-list HEAD COMMAND head -n 1 OUTPUT_VARIABLE GIT_LAST_COMMIT_HASH OUTPUT_STRIP_TRAILING_WHITESPACE)
set(FASTNETMON_APPLICATION_VERSION "1.1.7 master git-${GIT_LAST_COMMIT_HASH}")
set(FASTNETMON_APPLICATION_VERSION "1.1.8 master git-${GIT_LAST_COMMIT_HASH}")
configure_file(fast_platform.h.template "${PROJECT_SOURCE_DIR}/fast_platform.h")
# Use new Memory Model Aware Atomic Operations

3
src/fastnetmon.conf
View File

@ -139,6 +139,9 @@ average_calculation_time = 5
# We use average values for traffic speed for subnet and we calculate average over this time slice
average_calculation_time_for_subnets = 5
# In this case FastNetMon will account traffic between hosts in your own networks_list as it comes from the outside
process_internal_traffic_as_external = off
# Delay between traffic recalculation attempts
speed_calculation_delay = 1

16
src/fastnetmon.cpp
View File

@ -145,6 +145,8 @@ std::string cli_stats_file_path = "/tmp/fastnetmon.dat";
unsigned int stats_thread_sleep_time = 3600;
unsigned int stats_thread_initial_call_delay = 30;
bool process_internal_traffic_as_external = false;
unsigned int recalculate_speed_timeout = 1;
// Send or not any details about attack for ban script call over stdin
@ -1093,6 +1095,14 @@ bool load_configuration_file() {
}
}
if (configuration_map.count("process_internal_traffic_as_external")) {
if (configuration_map["process_internal_traffic_as_external"] == "on") {
process_internal_traffic_as_external = true;
} else {
process_internal_traffic_as_external = false;
}
}
if (configuration_map.count("ban_time") != 0) {
global_ban_time = convert_string_to_integer(configuration_map["ban_time"]);
@ -1881,8 +1891,8 @@ void process_packet(simple_packet_t& current_packet) {
__sync_fetch_and_add(&total_counters[packet_direction].bytes, sampled_number_of_bytes);
#endif
// Incerementi main and per protocol packet counters
if (packet_direction == OUTGOING) {
// Incerement main and per protocol packet counters
if (packet_direction == OUTGOING or (process_internal_traffic_as_external && packet_direction == INTERNAL)) {
int64_t shift_in_vector = (int64_t)ntohl(current_packet.src_ip) - (int64_t)subnet_in_host_byte_order;
if (shift_in_vector < 0 or shift_in_vector >= itr->second.size()) {
@ -2023,7 +2033,7 @@ void process_packet(simple_packet_t& current_packet) {
} else {
}
} else if (packet_direction == INCOMING) {
} else if (packet_direction == INCOMING or (process_internal_traffic_as_external && packet_direction == INTERNAL)) {
int64_t shift_in_vector = (int64_t)ntohl(current_packet.dst_ip) - (int64_t)subnet_in_host_byte_order;
if (shift_in_vector < 0 or shift_in_vector >= itr->second.size()) {