++

Author: Damir Zainullin

new-process-api/Makefile

@@ -6,7 +6,7 @@ SRC := main.cpp \
 	$(wildcard process/common/*/*.cpp) \
 	$(wildcard process/*/src/*.cpp)
 
-INCLUDE := -I. -I../include/ipfixprobe/pluginFactory -Iprocess/common
+INCLUDE := -I. -I../include/ipfixprobe/pluginFactory -Iprocess/common -I../include
 
 OBJ := $(SRC:.cpp=.o)
 

new-process-api/packet.hpp

@@ -1,38 +1,170 @@
-#pragma once
+/**
+ * \file packet.hpp
+ * \brief Structs/classes for communication between packet reader and flow cache
+ * \author Vaclav Bartos <[email protected]>
+ * \author Jiri Havranek <[email protected]>
+ * \date 2014
+ * \date 2015
+ * \date 2016
+ */
+/*
+ * Copyright (C) 2014-2016 CESNET
+ *
+ * LICENSE TERMS
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name of the Company nor the names of its contributors
+ *    may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ *
+ *
+ */
 
-#include <cstdint>
+#ifndef IPXP_PACKET_HPP
+#define IPXP_PACKET_HPP
+
+#include <ipfixprobe/flowifc.hpp>
+#include <ipfixprobe/ipaddr.hpp>
+#include <stdint.h>
+#include <stdlib.h>
 #include <sys/time.h>
-#include <span>
-#include <optional>
 
-#include "directionalField.hpp"
-#include "tcpData.hpp"
-#include "flowKey.hpp"
+namespace ipxp {
+
+/**
+ * \brief Structure for storing parsed packet fields
+ */
+struct Packet : public Record {
+	struct timeval ts;
+
+	uint8_t dst_mac[6];
+	uint8_t src_mac[6];
+	uint16_t ethertype;
+
+	uint16_t ip_len; /**< Length of IP header + its payload */
+		uint16_t tcp_window;
+	uint64_t tcp_options;
+	uint32_t tcp_mss;
+	uint16_t ip_payload_len; /**< Length of IP payload */
+	uint8_t ip_version;
+	uint8_t ip_ttl;
+	uint8_t ip_proto;
+	uint8_t ip_tos;
+	uint8_t ip_flags;
+	ipaddr_t src_ip;
+	ipaddr_t dst_ip;
+	uint32_t vlan_id;
+	uint32_t frag_id;
+	uint16_t frag_off;
+	bool more_fragments;
 
-namespace ipxp
-{
+	uint16_t src_port;
+	uint16_t dst_port;
+	uint8_t tcp_flags;
+	uint16_t tcp_window;
+	uint64_t tcp_options;
+	uint32_t tcp_mss;
+	uint32_t tcp_seq;
+	uint32_t tcp_ack;
 
-struct Packet {
-    FlowKey flowKey{};
+	/**
+	 * @brief The top level mpls
+	 *
+	 * Contents are (from MSb to LSb):
+	 *   20-bit - Label,
+	 *   3-bit  - Traffic class / EXP,
+	 *   1-bit  - Bottom of stack (true if last),
+	 *   8-bit  - TTL (Time To Live)
+	 */
+	uint32_t mplsTop;
 
-    uint64_t timestamp{0};
-    uint8_t ipTTL{0};
-    uint8_t ipFlags{0};
-    uint16_t ipLength{0};
+	const uint8_t* packet; /**< Pointer to begin of packet, if available */
+	uint16_t packet_len; /**< Length of data in packet buffer, packet_len <= packet_len_wire */
+	uint16_t packet_len_wire; /**< Original packet length on wire */
 
-    std::optional<TCPData> tcpData{std::nullopt};
+	const uint8_t* payload; /**< Pointer to begin of payload, if available */
+	uint16_t payload_len; /**< Length of data in payload buffer, payload_len <= payload_len_wire */
+	uint16_t payload_len_wire; /**< Original payload length computed from headers */
 
-    uint32_t realLength{0};
-    //uint32_t receivedLength{0};
+	uint8_t* custom; /**< Pointer to begin of custom data, if available */
+	uint16_t custom_len; /**< Length of data in custom buffer */
 
-    Direction direction{Direction::Forward};
+	// TODO REMOVE
+	uint8_t* buffer; /**< Buffer for packet, payload and custom data */
+	uint16_t buffer_size; /**< Size of buffer */
 
-    std::span<const std::byte> payload;   
-    std::optional<uint32_t> mplsTopLabel;
-    std::optional<uint16_t> vlanId;
+	bool source_pkt; /**< Direction of packet from flow point of view */
 
+	/**
+	 * \brief Constructor.
+	 */
+	Packet()
+		: ts({0, 0})
+		, dst_mac()
+		, src_mac()
+		, ethertype(0)
+		, ip_len(0)
+		, ip_payload_len(0)
+		, ip_version(0)
+		, ip_ttl(0)
+		, ip_proto(0)
+		, ip_tos(0)
+		, ip_flags(0)
+		, src_ip({0})
+		, dst_ip({0})
+		, vlan_id(0)
+		, frag_id(0)
+		, frag_off(0)
+		, more_fragments(false)
+		, src_port(0)
+		, dst_port(0)
+		, tcp_flags(0)
+		, tcp_window(0)
+		, tcp_options(0)
+		, tcp_mss(0)
+		, tcp_seq(0)
+		, tcp_ack(0)
+		, mplsTop(0)
+		, packet(nullptr)
+		, packet_len(0)
+		, packet_len_wire(0)
+		, payload(nullptr)
+		, payload_len(0)
+		, payload_len_wire(0)
+		, custom(nullptr)
+		, custom_len(0)
+		, buffer(nullptr)
+		, buffer_size(0)
+		, source_pkt(true)
+	{
+	}
 };
 
-struct PacketFeatures {};
+struct PacketBlock {
+	Packet* pkts;
+	size_t cnt;
+	size_t bytes;
+	size_t size;
+
+	PacketBlock(size_t pkts_size)
+		: cnt(0)
+		, bytes(0)
+		, size(pkts_size)
+	{
+		pkts = new Packet[pkts_size];
+	}
+
+	~PacketBlock() { delete[] pkts; }
+};
 
-} // namespace ipxp
+} // namespace ipxp
+#endif /* IPXP_PACKET_HPP */

new-process-api/packetNew.hpp

@@ -0,0 +1,38 @@
+#pragma once
+
+#include <cstdint>
+#include <sys/time.h>
+#include <span>
+#include <optional>
+
+#include "directionalField.hpp"
+#include "tcpData.hpp"
+#include "flowKey.hpp"
+
+namespace ipxp
+{
+
+struct Packet {
+    FlowKey flowKey{};
+
+    uint64_t timestamp{0};
+    uint8_t ipTTL{0};
+    uint8_t ipFlags{0};
+    uint16_t ipLength{0};
+
+    std::optional<TCPData> tcpData{std::nullopt};
+
+    uint32_t realLength{0};
+    //uint32_t receivedLength{0};
+
+    Direction direction{Direction::Forward};
+
+    std::span<const std::byte> payload;   
+    std::optional<uint32_t> mplsTopLabel;
+    std::optional<uint16_t> vlanId;
+
+};
+
+struct PacketFeatures {};
+
+} // namespace ipxp

new-process-api/process/pstats/src/packetStats.cpp

@@ -23,7 +23,6 @@
 
 namespace ipxp {
 
-
 static const PluginManifest packetStatsPluginManifest = {
 	.name = "pstats",
 	.description = "Pstats process plugin for computing packet bursts stats.",
@@ -36,15 +35,7 @@ static const PluginManifest packetStatsPluginManifest = {
 		},
 };
 
-const inline std::vector<FieldPair<PacketStatsFields>> fields = {
-	{PacketStatsFields::PPI_PKT_LENGTHS, "PPI_PKT_LENGTHS"},
-	{PacketStatsFields::PPI_PKT_TIMES, "PPI_PKT_TIMES"},
-	{PacketStatsFields::PPI_PKT_FLAGS, "PPI_PKT_FLAGS"},
-	{PacketStatsFields::PPI_PKT_DIRECTIONS, "PPI_PKT_DIRECTIONS"},
-};
-
-
-static FieldSchema createPacketStatsSchema(FieldManager& manager, FieldHandlers<PacketStatsFields>& handlers) noexcept
+static void createPacketStatsSchema(FieldManager& manager, FieldHandlers<PacketStatsFields>& handlers) noexcept
 {
 	FieldSchema schema = fieldManager.createFieldSchema("pstats");
 
@@ -58,15 +49,12 @@ static FieldSchema createPacketStatsSchema(FieldManager& manager, FieldHandlers<
 	}));
 	handlers.insert(PacketStatsFields::PPI_PKT_DIRECTIONS, schema.addVectorField(
 		"PPI_PKT_DIRECTIONS",
-		FieldDirection::DirectionalIndifferent,
 		[](const void* context) { return getSpan(reinterpret_cast<const PacketStatsExport*>(context)->directions);
 	}));
 	handlers.insert(PacketStatsFields::PPI_PKT_TIMES, schema.addVectorField(
 		"PPI_PKT_TIMES",
 		[](const void* context) {return toSpan(reinterpret_cast<const PacketStatsExport*>(context)->timestamps);
 	}));
-
-	return schema;
 }
 
 PacketStatsPlugin::PacketStatsPlugin([[maybe_unused]]const std::string& params, FieldManager& manager)
@@ -100,9 +88,8 @@ PluginUpdateResult PacketStatsPlugin::onUpdate(const FlowContext& flowContext, v
 PluginExportResult PacketStatsPlugin::onExport(const FlowRecord& flowRecord, void* pluginContext)
 {
 	const std::size_t packetsTotal 
-		= flowRecord.dataForward.packets + flowRecord.dataReverse.packets;
+		= flowRecord.src_packets + flowRecord.dst_packets;
 
-	constexpr static std::size_t MIN_FLOW_LENGTH = 1;
 	if (packetsTotal <= MIN_FLOW_LENGTH) {
 		return {
 			.flowAction = FlowAction::RemovePlugin,
@@ -125,32 +112,31 @@ bool isSequenceOverflowed(const uint32_t currentValue, const uint32_t prevValue)
 	constexpr int64_t MAX_DIFF = static_cast<int64_t>(
 		static_cast<double>(std::numeric_limits<uint32_t>::max()) / 100);
 
-	return static_cast<int64_t>(currentValue)
-		- static_cast<int64_t>(prevValue) < -MAX_DIFF;
+	return static_cast<int64_t>(prevValue) 
+		- static_cast<int64_t>(currentValue) > MAX_DIFF
 }
 
 static
 bool isDuplicate(const Packet& packet, const PacketStatsData& pluginData) noexcept
 {
-	// TODO USE VALUES FROM DISSECTOR
 	constexpr std::size_t TCP = 6;
-	if (packet.flowKey.l4Protocol != TCP) {
+	if (packet.ip_proto != TCP) {
 		return false;
 	}
 
 	// Current seq <= previous ack?
 	const bool suspiciousSequence 
-		= packet.tcpData->sequence <= pluginData.processingState.lastSequence[packet.direction]
-			&& !isSequenceOverflowed(packet.tcpData->sequence, pluginData.processingState.lastSequence[packet.direction]);
+		= packet.tcp_seq <= pluginData.processingState.lastSequence[packet.source_pkt]
+			&& !isSequenceOverflowed(packet.tcp_seq, pluginData.processingState.lastSequence[packet.source_pkt]);
 
 	// Current ack <= previous ack?
 	const bool suspiciousAcknowledgment 
-		= packet.tcpData->acknowledgment <= pluginData.processingState.lastAcknowledgment[packet.direction]
-			&& !isSequenceOverflowed(packet.tcpData->acknowledgment, pluginData.processingState.lastAcknowledgment[packet.direction]);
+		= packet.tcp_ack <= pluginData.processingState.lastAcknowledgment[packet.source_pkt]
+			&& !isSequenceOverflowed(packet.tcp_ack, pluginData.processingState.lastAcknowledgment[packet.source_pkt]);
 
 	if (suspiciousSequence && suspiciousAcknowledgment 
-		&& packet.payload.size() == pluginData.processingState.lastLength[packet.direction]
-		&& packet.tcpData->flags == pluginData.processingState.lastFlags[packet.direction] 
+		&& packet.payload_len == pluginData.processingState.lastLength[packet.source_pkt]
+		&& packet.tcp_flags == pluginData.processingState.lastFlags[packet.source_pkt] 
 		&& pluginData.lengths.size() != 0) {
 		return true;
 	}
@@ -160,38 +146,34 @@ bool isDuplicate(const Packet& packet, const PacketStatsData& pluginData) noexce
 
 void PacketStatsPlugin::updatePacketsData(const Packet& packet, PacketStatsData& pluginData) noexcept
 {
-	if (!packet.tcpData.has_value()) {
-		return;
-	}
-
 	if (m_skipDuplicates && isDuplicate(packet, pluginData)) {
 		return;
 	}
 
-	pluginData.processingState.lastSequence[packet.direction] = packet.tcpData->sequence;
-	pluginData.processingState.lastAcknowledgment[packet.direction] = packet.tcpData->acknowledgment;
-	pluginData.processingState.lastLength[packet.direction] = packet.realLength;
-	pluginData.processingState.lastFlags[packet.direction] = packet.tcpData->flags;
+	pluginData.processingState.lastSequence[packet.source_pkt] = packet.tcp_seq;
+	pluginData.processingState.lastAcknowledgment[packet.source_pkt] = packet.tcp_ack;
+	pluginData.processingState.lastLength[packet.source_pkt] = packet.payload_len;
+	pluginData.processingState.lastFlags[packet.source_pkt] = TcpFlags(packet.tcp_flags);
 
-	if (packet.realLength == 0 && !m_countEmptyPackets) {
+	if (packet.packet_len == 0 && !m_countEmptyPackets) {
 		return;
 	}
 
 	if (pluginData.lengths.size() == pluginData.lengths.capacity()) {
 		return;
 	}
 
-	pluginData.lengths.push_back(static_cast<uint16_t>(packet.realLength));
+	pluginData.lengths.push_back(static_cast<uint16_t>(packet.payload_len_wire));
 
-	pluginData.tcpFlags.push_back(packet.tcpData->flags);
-	
-	pluginData.timestamps.push_back(packet.timestamp);
+	pluginData.tcpFlags.push_back(TcpFlags(packet.tcp_flags));
+
+	pluginData.timestamps.push_back(packet.ts);
 
 	/*
 	 * direction =  1 iff client -> server
 	 * direction = -1 iff server -> client
 	 */
-	const int8_t direction = packet.direction ? 1 : -1;
+	const int8_t direction = packet.source_pkt ? 1 : -1;
 	pluginData.directions.push_back(direction);
 }