Skip to content

Commit 2b7fcab

Browse files
ZadamsaDamir Zainullin
Zadamsa
authored and
Damir Zainullin
committed
Top ports - update parser
1 parent c8ab34b commit 2b7fcab

File tree

2 files changed

+13
-4
lines changed

2 files changed

+13
-4
lines changed

src/plugins/input/CMakeLists.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
add_subdirectory(raw)
2+
add_subdirectory(parser)
23

34
if (ENABLE_INPUT_PCAP)
45
add_subdirectory(pcap)

src/plugins/input/parser/parser.cpp

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -465,7 +465,8 @@ inline uint16_t parse_ipv6_hdr(const u_char* data_ptr, uint16_t data_len, Packet
465465
* \param [out] pkt Pointer to Packet structure where parsed fields will be stored.
466466
* \return Size of header in bytes.
467467
*/
468-
inline uint16_t parse_tcp_hdr(const u_char* data_ptr, uint16_t data_len, Packet* pkt)
468+
inline uint16_t
469+
parse_tcp_hdr(const u_char* data_ptr, uint16_t data_len, Packet* pkt, ParserStats& stats)
469470
{
470471
struct tcphdr* tcp = (struct tcphdr*) data_ptr;
471472
if (sizeof(struct tcphdr) > data_len) {
@@ -479,6 +480,9 @@ inline uint16_t parse_tcp_hdr(const u_char* data_ptr, uint16_t data_len, Packet*
479480
pkt->tcp_flags = (uint8_t) *(data_ptr + 13) & 0xFF;
480481
pkt->tcp_window = ntohs(tcp->window);
481482

483+
stats.top_ports.increment_tcp_frequency(pkt->src_port);
484+
stats.top_ports.increment_tcp_frequency(pkt->dst_port);
485+
482486
DEBUG_MSG("TCP header:\n");
483487
DEBUG_MSG("\tSrc port:\t%u\n", ntohs(tcp->source));
484488
DEBUG_MSG("\tDest port:\t%u\n", ntohs(tcp->dest));
@@ -544,7 +548,8 @@ inline uint16_t parse_tcp_hdr(const u_char* data_ptr, uint16_t data_len, Packet*
544548
* \param [out] pkt Pointer to Packet structure where parsed fields will be stored.
545549
* \return Size of header in bytes.
546550
*/
547-
inline uint16_t parse_udp_hdr(const u_char* data_ptr, uint16_t data_len, Packet* pkt)
551+
inline uint16_t
552+
parse_udp_hdr(const u_char* data_ptr, uint16_t data_len, Packet* pkt, ParserStats& stats)
548553
{
549554
struct udphdr* udp = (struct udphdr*) data_ptr;
550555
if (sizeof(struct udphdr) > data_len) {
@@ -554,6 +559,9 @@ inline uint16_t parse_udp_hdr(const u_char* data_ptr, uint16_t data_len, Packet*
554559
pkt->src_port = ntohs(udp->source);
555560
pkt->dst_port = ntohs(udp->dest);
556561

562+
stats.top_ports.increment_udp_frequency(pkt->src_port);
563+
stats.top_ports.increment_udp_frequency(pkt->dst_port);
564+
557565
DEBUG_MSG("UDP header:\n");
558566
DEBUG_MSG("\tSrc port:\t%u\n", ntohs(udp->source));
559567
DEBUG_MSG("\tDest port:\t%u\n", ntohs(udp->dest));
@@ -749,10 +757,10 @@ void parse_packet(
749757

750758
l4_hdr_offset = data_offset;
751759
if (pkt->ip_proto == IPPROTO_TCP) {
752-
data_offset += parse_tcp_hdr(data + data_offset, caplen - data_offset, pkt);
760+
data_offset += parse_tcp_hdr(data + data_offset, caplen - data_offset, pkt, stats);
753761
stats.tcp_packets++;
754762
} else if (pkt->ip_proto == IPPROTO_UDP) {
755-
data_offset += parse_udp_hdr(data + data_offset, caplen - data_offset, pkt);
763+
data_offset += parse_udp_hdr(data + data_offset, caplen - data_offset, pkt, stats);
756764
stats.udp_packets++;
757765
}
758766
} catch (const char* err) {

0 commit comments

Comments
 (0)