wanderer/ fastnetmon-rewritten
1
0
Fork 0
mirror of https://github.com/pavel-odintsov/fastnetmon synced 2024-06-03 15:56:38 +02:00
Code Issues Releases Activity

Move type definitions to separate file: Closes: #196

This commit is contained in:
Pavel Odintsov 2015-05-07 13:41:00 +03:00
parent 9cd12a0325
commit db31a02d50
2 changed files with 146 additions and 144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

144
src/fastnetmon.cpp
View File

@ -31,9 +31,6 @@
#include "pcap_plugin/pcap_collector.h"
#include "netmap_plugin/netmap_collector.h"
// Our structires
// #include "fast_priority_queue.h"
#ifdef PF_RING
#include "pfring_plugin/pfring_collector.h"
#endif
@ -175,24 +172,6 @@ std::string attack_details_folder = "/var/log/fastnetmon_attacks";
/* Configuration block ends */
/* Our data structs */
// Enum with available sort by field
enum sort_type { PACKETS, BYTES, FLOWS };
enum direction {
INCOMING = 0,
OUTGOING,
INTERNAL,
OTHER
};
typedef struct {
uint64_t bytes;
uint64_t packets;
uint64_t flows;
} total_counter_element;
// We count total number of incoming/outgoing/internal and other traffic type packets/bytes
// And initilize by 0 all fields
total_counter_element total_counters[4];
@ -204,134 +183,11 @@ uint64_t total_unparsed_packets = 0;
uint64_t incoming_total_flows_speed = 0;
uint64_t outgoing_total_flows_speed = 0;
// main data structure for storing traffic and speed data for all our IPs
class map_element {
public:
map_element() :
in_bytes(0), out_bytes(0), in_packets(0), out_packets(0),
tcp_in_packets(0), tcp_out_packets(0), tcp_in_bytes(0), tcp_out_bytes(0),
tcp_syn_in_packets(0), tcp_syn_out_packets(0), tcp_syn_in_bytes(0), tcp_syn_out_bytes(0),
udp_in_packets(0), udp_out_packets(0), udp_in_bytes(0), udp_out_bytes(0), in_flows(0), out_flows(0),
fragmented_in_packets(0), fragmented_out_packets(0), fragmented_in_bytes(0), fragmented_out_bytes(0),
icmp_in_packets(0), icmp_out_packets(0), icmp_in_bytes(0), icmp_out_bytes(0)
{}
uint64_t in_bytes;
uint64_t out_bytes;
uint64_t in_packets;
uint64_t out_packets;
// Fragmented traffic is so recently used for attacks
uint64_t fragmented_in_packets;
uint64_t fragmented_out_packets;
uint64_t fragmented_in_bytes;
uint64_t fragmented_out_bytes;
// Additional data for correct attack protocol detection
uint64_t tcp_in_packets;
uint64_t tcp_out_packets;
uint64_t tcp_in_bytes;
uint64_t tcp_out_bytes;
// Additional details about one of most popular atatck type
uint64_t tcp_syn_in_packets;
uint64_t tcp_syn_out_packets;
uint64_t tcp_syn_in_bytes;
uint64_t tcp_syn_out_bytes;
uint64_t udp_in_packets;
uint64_t udp_out_packets;
uint64_t udp_in_bytes;
uint64_t udp_out_bytes;
uint64_t icmp_in_packets;
uint64_t icmp_out_packets;
uint64_t icmp_in_bytes;
uint64_t icmp_out_bytes;
uint64_t in_flows;
uint64_t out_flows;
};
// structure with attack details
class attack_details : public map_element {
public:
attack_details() :
attack_protocol(0), attack_power(0), max_attack_power(0), average_in_bytes(0), average_out_bytes(0), average_in_packets(0), average_out_packets(0), average_in_flows(0), average_out_flows(0), ban_time(standard_ban_time), attack_direction(OTHER) {
}
direction attack_direction;
// first attackpower detected
uint64_t attack_power;
// max attack power
uint64_t max_attack_power;
unsigned int attack_protocol;
// Average counters
uint64_t average_in_bytes;
uint64_t average_out_bytes;
uint64_t average_in_packets;
uint64_t average_out_packets;
uint64_t average_in_flows;
uint64_t average_out_flows;
// time when we but this user
time_t ban_timestamp;
int ban_time; // seconds of the ban
};
typedef attack_details banlist_item;
// struct for save per direction and per protocol details for flow
typedef struct {
uint64_t bytes;
uint64_t packets;
// will be used for Garbage Collection
time_t last_update_time;
} conntrack_key_struct;
typedef uint64_t packed_session;
// Main mega structure for storing conntracks
// We should use class instead struct for correct std::map allocation
typedef std::map<packed_session, conntrack_key_struct> contrack_map_type;
class conntrack_main_struct {
public:
contrack_map_type in_tcp;
contrack_map_type in_udp;
contrack_map_type in_icmp;
contrack_map_type in_other;
contrack_map_type out_tcp;
contrack_map_type out_udp;
contrack_map_type out_icmp;
contrack_map_type out_other;
};
typedef std::map <uint32_t, map_element> map_for_counters;
typedef std::vector<map_element> vector_of_counters;
typedef std::map <unsigned long int, vector_of_counters> map_of_vector_counters;
map_of_vector_counters SubnetVectorMap;
// Flow tracking structures
typedef std::vector<conntrack_main_struct> vector_of_flow_counters;
typedef std::map <unsigned long int, vector_of_flow_counters> map_of_vector_counters_for_flow;
map_of_vector_counters_for_flow SubnetVectorMapFlow;
class packed_conntrack_hash {
public:
packed_conntrack_hash() : opposite_ip(0), src_port(0), dst_port(0) { }
// src or dst IP
uint32_t opposite_ip;
uint16_t src_port;
uint16_t dst_port;
};
// data structure for storing data in Vector
typedef std::pair<uint32_t, map_element> pair_of_map_elements;
/* End of our data structs */
boost::mutex data_counters_mutex;

146
src/fastnetmon_types.h
View File

@ -5,6 +5,9 @@
#include <stdint.h> // uint32_t
#include <sys/time.h> // struct timeval
#include <map>
#include <vector>
// simplified packet struct for lightweight save into memory
class simple_packet {
public:
@ -27,4 +30,147 @@ public:
typedef std::pair<uint32_t, uint32_t> subnet;
typedef void (*process_packet_pointer)(simple_packet&);
// Enum with available sort by field
enum sort_type { PACKETS, BYTES, FLOWS };
enum direction {
INCOMING = 0,
OUTGOING,
INTERNAL,
OTHER
};
typedef struct {
uint64_t bytes;
uint64_t packets;
uint64_t flows;
} total_counter_element;
// main data structure for storing traffic and speed data for all our IPs
class map_element {
public:
map_element() :
in_bytes(0), out_bytes(0), in_packets(0), out_packets(0),
tcp_in_packets(0), tcp_out_packets(0), tcp_in_bytes(0), tcp_out_bytes(0),
tcp_syn_in_packets(0), tcp_syn_out_packets(0), tcp_syn_in_bytes(0), tcp_syn_out_bytes(0),
udp_in_packets(0), udp_out_packets(0), udp_in_bytes(0), udp_out_bytes(0), in_flows(0), out_flows(0),
fragmented_in_packets(0), fragmented_out_packets(0), fragmented_in_bytes(0), fragmented_out_bytes(0),
icmp_in_packets(0), icmp_out_packets(0), icmp_in_bytes(0), icmp_out_bytes(0)
{}
uint64_t in_bytes;
uint64_t out_bytes;
uint64_t in_packets;
uint64_t out_packets;
// Fragmented traffic is so recently used for attacks
uint64_t fragmented_in_packets;
uint64_t fragmented_out_packets;
uint64_t fragmented_in_bytes;
uint64_t fragmented_out_bytes;
// Additional data for correct attack protocol detection
uint64_t tcp_in_packets;
uint64_t tcp_out_packets;
uint64_t tcp_in_bytes;
uint64_t tcp_out_bytes;
// Additional details about one of most popular atatck type
uint64_t tcp_syn_in_packets;
uint64_t tcp_syn_out_packets;
uint64_t tcp_syn_in_bytes;
uint64_t tcp_syn_out_bytes;
uint64_t udp_in_packets;
uint64_t udp_out_packets;
uint64_t udp_in_bytes;
uint64_t udp_out_bytes;
uint64_t icmp_in_packets;
uint64_t icmp_out_packets;
uint64_t icmp_in_bytes;
uint64_t icmp_out_bytes;
uint64_t in_flows;
uint64_t out_flows;
};
// structure with attack details
class attack_details : public map_element {
public:
attack_details() :
attack_protocol(0), attack_power(0), max_attack_power(0), average_in_bytes(0), average_out_bytes(0), average_in_packets(0), average_out_packets(0), average_in_flows(0), average_out_flows(0), ban_time(0), attack_direction(OTHER) {
}
direction attack_direction;
// first attackpower detected
uint64_t attack_power;
// max attack power
uint64_t max_attack_power;
unsigned int attack_protocol;
// Average counters
uint64_t average_in_bytes;
uint64_t average_out_bytes;
uint64_t average_in_packets;
uint64_t average_out_packets;
uint64_t average_in_flows;
uint64_t average_out_flows;
// time when we but this user
time_t ban_timestamp;
int ban_time; // seconds of the ban
};
typedef attack_details banlist_item;
// struct for save per direction and per protocol details for flow
typedef struct {
uint64_t bytes;
uint64_t packets;
// will be used for Garbage Collection
time_t last_update_time;
} conntrack_key_struct;
typedef uint64_t packed_session;
// Main mega structure for storing conntracks
// We should use class instead struct for correct std::map allocation
typedef std::map<packed_session, conntrack_key_struct> contrack_map_type;
class conntrack_main_struct {
public:
contrack_map_type in_tcp;
contrack_map_type in_udp;
contrack_map_type in_icmp;
contrack_map_type in_other;
contrack_map_type out_tcp;
contrack_map_type out_udp;
contrack_map_type out_icmp;
contrack_map_type out_other;
};
typedef std::map <uint32_t, map_element> map_for_counters;
typedef std::vector<map_element> vector_of_counters;
typedef std::map <unsigned long int, vector_of_counters> map_of_vector_counters;
// Flow tracking structures
typedef std::vector<conntrack_main_struct> vector_of_flow_counters;
typedef std::map <unsigned long int, vector_of_flow_counters> map_of_vector_counters_for_flow;
class packed_conntrack_hash {
public:
packed_conntrack_hash() : opposite_ip(0), src_port(0), dst_port(0) { }
// src or dst IP
uint32_t opposite_ip;
uint16_t src_port;
uint16_t dst_port;
};
// data structure for storing data in Vector
typedef std::pair<uint32_t, map_element> pair_of_map_elements;
#endif