Skip to content

Commit 37fdac2

Browse files
ZadamsaZadamsa
committed
Top ports - update parser
1 parent 03c4dc1 commit 37fdac2

File tree

2 files changed

+11
-4
lines changed

2 files changed

+11
-4
lines changed

src/plugins/input/CMakeLists.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
add_subdirectory(raw)
2+
add_subdirectory(parser)
23

34
if (ENABLE_INPUT_PCAP)
45
add_subdirectory(pcap)

src/plugins/input/parser/parser.cpp

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -464,7 +464,7 @@ inline uint16_t parse_ipv6_hdr(const u_char* data_ptr, uint16_t data_len, Packet
464464
* \param [out] pkt Pointer to Packet structure where parsed fields will be stored.
465465
* \return Size of header in bytes.
466466
*/
467-
inline uint16_t parse_tcp_hdr(const u_char* data_ptr, uint16_t data_len, Packet* pkt)
467+
inline uint16_t parse_tcp_hdr(const u_char* data_ptr, uint16_t data_len, Packet* pkt, ParserStats& stats)
468468
{
469469
struct tcphdr* tcp = (struct tcphdr*) data_ptr;
470470
if (sizeof(struct tcphdr) > data_len) {
@@ -478,6 +478,9 @@ inline uint16_t parse_tcp_hdr(const u_char* data_ptr, uint16_t data_len, Packet*
478478
pkt->tcp_flags = (uint8_t) * (data_ptr + 13) & 0xFF;
479479
pkt->tcp_window = ntohs(tcp->window);
480480

481+
stats.top_ports.increment_tcp_frequency(pkt->src_port);
482+
stats.top_ports.increment_tcp_frequency(pkt->dst_port);
483+
481484
DEBUG_MSG("TCP header:\n");
482485
DEBUG_MSG("\tSrc port:\t%u\n", ntohs(tcp->source));
483486
DEBUG_MSG("\tDest port:\t%u\n", ntohs(tcp->dest));
@@ -543,7 +546,7 @@ inline uint16_t parse_tcp_hdr(const u_char* data_ptr, uint16_t data_len, Packet*
543546
* \param [out] pkt Pointer to Packet structure where parsed fields will be stored.
544547
* \return Size of header in bytes.
545548
*/
546-
inline uint16_t parse_udp_hdr(const u_char* data_ptr, uint16_t data_len, Packet* pkt)
549+
inline uint16_t parse_udp_hdr(const u_char* data_ptr, uint16_t data_len, Packet* pkt, ParserStats& stats)
547550
{
548551
struct udphdr* udp = (struct udphdr*) data_ptr;
549552
if (sizeof(struct udphdr) > data_len) {
@@ -553,6 +556,9 @@ inline uint16_t parse_udp_hdr(const u_char* data_ptr, uint16_t data_len, Packet*
553556
pkt->src_port = ntohs(udp->source);
554557
pkt->dst_port = ntohs(udp->dest);
555558

559+
stats.top_ports.increment_udp_frequency(pkt->src_port);
560+
stats.top_ports.increment_udp_frequency(pkt->dst_port);
561+
556562
DEBUG_MSG("UDP header:\n");
557563
DEBUG_MSG("\tSrc port:\t%u\n", ntohs(udp->source));
558564
DEBUG_MSG("\tDest port:\t%u\n", ntohs(udp->dest));
@@ -748,10 +754,10 @@ void parse_packet(
748754

749755
l4_hdr_offset = data_offset;
750756
if (pkt->ip_proto == IPPROTO_TCP) {
751-
data_offset += parse_tcp_hdr(data + data_offset, caplen - data_offset, pkt);
757+
data_offset += parse_tcp_hdr(data + data_offset, caplen - data_offset, pkt, stats);
752758
stats.tcp_packets++;
753759
} else if (pkt->ip_proto == IPPROTO_UDP) {
754-
data_offset += parse_udp_hdr(data + data_offset, caplen - data_offset, pkt);
760+
data_offset += parse_udp_hdr(data + data_offset, caplen - data_offset, pkt, stats);
755761
stats.udp_packets++;
756762
}
757763
} catch (const char* err) {

0 commit comments

Comments
 (0)