Skip to content

Commit 8b030d1

Browse files
hynekkarhynekkar
committed
SSADetector: Updated coding style, Removed unnamed constants
1 parent c7d6333 commit 8b030d1

File tree

2 files changed

+137
-136
lines changed

2 files changed

+137
-136
lines changed

process/ssadetector.cpp

Lines changed: 69 additions & 79 deletions
Original file line numberDiff line numberDiff line change
@@ -52,56 +52,59 @@ int RecordExtSSADetector::REGISTERED_ID = -1;
5252

5353
__attribute__((constructor)) static void register_this_plugin()
5454
{
55-
static PluginRecord rec = PluginRecord("ssadetector", [](){return new SSADetectorPlugin();});
55+
static PluginRecord rec = PluginRecord("ssadetector", []() { return new SSADetectorPlugin(); });
5656
register_plugin(&rec);
5757
RecordExtSSADetector::REGISTERED_ID = register_extension();
5858
}
5959

60-
6160
SSADetectorPlugin::SSADetectorPlugin()
6261
{
6362
close();
6463
}
6564

66-
SSADetectorPlugin::~SSADetectorPlugin()
67-
{
68-
}
65+
SSADetectorPlugin::~SSADetectorPlugin() {}
6966

70-
void SSADetectorPlugin::init(const char *params)
71-
{
72-
}
67+
void SSADetectorPlugin::init(const char* params) {}
7368

74-
void SSADetectorPlugin::close()
75-
{
76-
}
69+
void SSADetectorPlugin::close() {}
7770

78-
ProcessPlugin *SSADetectorPlugin::copy()
71+
ProcessPlugin* SSADetectorPlugin::copy()
7972
{
8073
return new SSADetectorPlugin(*this);
8174
}
8275

83-
inline void transition_from_init(RecordExtSSADetector *record, uint16_t len,
84-
const timeval& ts, uint8_t dir)
76+
inline void SSADetectorPlugin::transition_from_init(
77+
RecordExtSSADetector* record,
78+
uint16_t len,
79+
const timeval& ts,
80+
uint8_t dir)
8581
{
8682
record->syn_table.update_entry(len, dir, ts);
8783
}
88-
inline void transition_from_syn(RecordExtSSADetector *record, uint16_t len,
89-
const timeval& ts, uint8_t dir)
84+
85+
inline void SSADetectorPlugin::transition_from_syn(
86+
RecordExtSSADetector* record,
87+
uint16_t len,
88+
const timeval& ts,
89+
uint8_t dir)
9090
{
91-
bool can_transit = record->syn_table.check_range_for_presence(len, 10, !dir, ts);
91+
bool can_transit = record->syn_table.check_range_for_presence(len, SYN_LOOKUP_WINDOW, !dir, ts);
9292
if (can_transit) {
9393
record->syn_ack_table.update_entry(len, dir, ts);
94-
}
94+
}
9595
}
9696

97-
inline bool transition_from_syn_ack(RecordExtSSADetector *record,
98-
uint16_t len, const timeval& ts, uint8_t dir)
97+
inline bool SSADetectorPlugin::transition_from_syn_ack(
98+
RecordExtSSADetector* record,
99+
uint16_t len,
100+
const timeval& ts,
101+
uint8_t dir)
99102
{
100-
return record->syn_table.check_range_for_presence(len, 12, !dir, ts);
103+
return record->syn_table.check_range_for_presence(len, SYN_ACK_LOOKUP_WINDOW, !dir, ts);
101104
}
102105

103-
void SSADetectorPlugin::update_record(RecordExtSSADetector *record, const Packet &pkt)
104-
{
106+
void SSADetectorPlugin::update_record(RecordExtSSADetector* record, const Packet& pkt)
107+
{
105108
/**
106109
* 0 - client -> server
107110
* 1 - server -> client
@@ -110,7 +113,7 @@ void SSADetectorPlugin::update_record(RecordExtSSADetector *record, const Packet
110113
uint16_t len = pkt.payload_len;
111114
timeval ts = pkt.ts;
112115

113-
if ( !(MIN_PKT_SIZE <= len && len <= MAX_PKT_SIZE) ) {
116+
if (!(MIN_PKT_SIZE <= len && len <= MAX_PKT_SIZE)) {
114117
return;
115118
}
116119

@@ -130,18 +133,19 @@ void SSADetectorPlugin::update_record(RecordExtSSADetector *record, const Packet
130133
transition_from_init(record, len, ts, dir);
131134
}
132135

133-
int SSADetectorPlugin::post_create(Flow &rec, const Packet &pkt)
136+
int SSADetectorPlugin::post_create(Flow& rec, const Packet& pkt)
134137
{
135-
RecordExtSSADetector *record = new RecordExtSSADetector();
138+
RecordExtSSADetector* record = new RecordExtSSADetector();
136139
rec.add_extension(record);
137140

138141
update_record(record, pkt);
139142
return 0;
140143
}
141144

142-
int SSADetectorPlugin::post_update(Flow &rec, const Packet &pkt)
145+
int SSADetectorPlugin::post_update(Flow& rec, const Packet& pkt)
143146
{
144-
RecordExtSSADetector *record = (RecordExtSSADetector *) rec.get_extension(RecordExtSSADetector::REGISTERED_ID);
147+
RecordExtSSADetector* record
148+
= (RecordExtSSADetector*) rec.get_extension(RecordExtSSADetector::REGISTERED_ID);
145149
update_record(record, pkt);
146150
return 0;
147151
}
@@ -150,7 +154,8 @@ double classes_ratio(uint8_t* syn_pkts, uint8_t size)
150154
{
151155
uint8_t unique_members = 0;
152156
bool marked[size];
153-
for (uint8_t i = 0; i < size; ++i) marked[i] = false;
157+
for (uint8_t i = 0; i < size; ++i)
158+
marked[i] = false;
154159
for (uint8_t i = 0; i < size; ++i) {
155160
if (marked[i]) {
156161
continue;
@@ -168,76 +173,56 @@ double classes_ratio(uint8_t* syn_pkts, uint8_t size)
168173
}
169174
}
170175

171-
return double(unique_members) / double(size);
176+
return double(unique_members) / double(size);
172177
}
173178

174-
void SSADetectorPlugin::pre_export(Flow &rec)
179+
void SSADetectorPlugin::pre_export(Flow& rec)
175180
{
176-
//do not export for small packets flows
181+
// do not export for small packets flows
177182
uint32_t packets = rec.src_packets + rec.dst_packets;
178-
if (packets <= 30) {
183+
if (packets <= MIN_PKT_IN_FLOW) {
179184
rec.remove_extension(RecordExtSSADetector::REGISTERED_ID);
180185
return;
181186
}
182187

183-
RecordExtSSADetector *record = (RecordExtSSADetector *) rec.get_extension(RecordExtSSADetector::REGISTERED_ID);
184-
const auto& suspects = record->suspects;
185-
if (suspects < 3) {
188+
RecordExtSSADetector* record
189+
= (RecordExtSSADetector*) rec.get_extension(RecordExtSSADetector::REGISTERED_ID);
190+
const auto& suspects = record->suspects;
191+
if (suspects < MIN_NUM_SUSPECTS) {
186192
return;
187193
}
188-
if (double(packets)/double(suspects) > 2500) {
194+
if (double(packets) / double(suspects) > MIN_SUSPECTS_RATIO) {
189195
return;
190196
}
191-
if (suspects < 15) {
192-
if (classes_ratio(record->syn_pkts, record->syn_pkts_idx) > 0.6) {
197+
if (suspects < LOW_NUM_SUSPECTS_THRESHOLD) {
198+
if (classes_ratio(record->syn_pkts, record->syn_pkts_idx) > LOW_NUM_SUSPECTS_MAX_RATIO) {
193199
return;
194200
}
195-
} else if (suspects < 40) {
196-
if (classes_ratio(record->syn_pkts, record->syn_pkts_idx) > 0.4) {
201+
} else if (suspects < MID_NUM_SUSPECTS_THRESHOLD) {
202+
if (classes_ratio(record->syn_pkts, record->syn_pkts_idx) > MID_NUM_SUSPECTS_MAX_RATIO) {
197203
return;
198204
}
199205
} else {
200-
if (classes_ratio(record->syn_pkts, record->syn_pkts_idx) > 0.2) {
206+
if (classes_ratio(record->syn_pkts, record->syn_pkts_idx) > HIGH_NUM_SUSPECTS_MAX_RATIO) {
201207
return;
202208
}
203209
}
204210

205211
record->possible_vpn = 1;
206212
}
207213

208-
void SSADetectorPlugin::transition_from_init(RecordExtSSADetector *record,
209-
uint16_t len, const timeval& ts, uint8_t dir)
210-
{
211-
record->syn_table.update_entry(len, dir, ts);
212-
}
213-
214-
void SSADetectorPlugin::transition_from_syn(RecordExtSSADetector *record,
215-
uint16_t len, const timeval& ts, uint8_t dir)
216-
{
217-
bool can_transit = record->syn_table.check_range_for_presence(len, 10, !dir, ts);
218-
if (can_transit) {
219-
record->syn_ack_table.update_entry(len, dir, ts);
220-
}
221-
}
222-
223-
bool SSADetectorPlugin::transition_from_syn_ack(RecordExtSSADetector *record, uint16_t len,
224-
const timeval& ts, uint8_t dir)
225-
{
226-
return record->syn_table.check_range_for_presence(len, 12, !dir, ts);
227-
}
228-
229214
//--------------------RecordExtSSADetector::pkt_entry-------------------------------
230-
void RecordExtSSADetector::pkt_entry::reset()
215+
void RecordExtSSADetector::pkt_entry::reset()
231216
{
232-
ts_dir1.tv_sec = 0;
233-
ts_dir1.tv_usec = 0;
234-
ts_dir2.tv_sec = 0;
235-
ts_dir2.tv_usec = 0;
217+
ts_dir1.tv_sec = 0;
218+
ts_dir1.tv_usec = 0;
219+
ts_dir2.tv_sec = 0;
220+
ts_dir2.tv_usec = 0;
236221
}
237222

238223
timeval& RecordExtSSADetector::pkt_entry::get_time(dir_t dir)
239224
{
240-
return (dir == 1)? ts_dir1 : ts_dir2;
225+
return (dir == 1) ? ts_dir1 : ts_dir2;
241226
}
242227

243228
RecordExtSSADetector::pkt_entry::pkt_entry()
@@ -249,12 +234,15 @@ RecordExtSSADetector::pkt_entry::pkt_entry()
249234
void RecordExtSSADetector::pkt_table::reset()
250235
{
251236
for (int i = 0; i < PKT_TABLE_SIZE; ++i) {
252-
table_[i].reset();
253-
}
237+
table_[i].reset();
238+
}
254239
}
255240

256-
bool RecordExtSSADetector::pkt_table::check_range_for_presence(uint16_t len, uint8_t down_by,
257-
dir_t dir, const timeval& ts_to_compare)
241+
bool RecordExtSSADetector::pkt_table::check_range_for_presence(
242+
uint16_t len,
243+
uint8_t down_by,
244+
dir_t dir,
245+
const timeval& ts_to_compare)
258246
{
259247
int8_t idx = get_idx_from_len(len);
260248
for (int8_t i = std::max(idx - down_by, 0); i <= idx; ++i) {
@@ -270,7 +258,7 @@ void RecordExtSSADetector::pkt_table::update_entry(uint16_t len, dir_t dir, time
270258
int8_t idx = get_idx_from_len(len);
271259
if (dir == 1) {
272260
table_[idx].ts_dir1 = ts;
273-
} else {
261+
} else {
274262
table_[idx].ts_dir2 = ts;
275263
}
276264
}
@@ -281,18 +269,21 @@ bool RecordExtSSADetector::pkt_table::time_in_window(const timeval& ts_now, cons
281269
long diff_micro_secs = ts_now.tv_usec - ts_old.tv_usec;
282270

283271
diff_micro_secs += diff_secs * 1000000;
284-
if (diff_micro_secs > MAX_TIME_WINDOW) {
272+
if (diff_micro_secs > MAX_TIME_WINDOW) {
285273
return false;
286274
}
287275
return true;
288276
}
289277

290-
bool RecordExtSSADetector::pkt_table::entry_is_present(int8_t idx, dir_t dir, const timeval& ts_to_compare)
278+
bool RecordExtSSADetector::pkt_table::entry_is_present(
279+
int8_t idx,
280+
dir_t dir,
281+
const timeval& ts_to_compare)
291282
{
292283
timeval& ts = table_[idx].get_time(dir);
293284
if (time_in_window(ts_to_compare, ts)) {
294285
return true;
295-
}
286+
}
296287
return false;
297288
}
298289

@@ -301,5 +292,4 @@ int8_t RecordExtSSADetector::pkt_table::get_idx_from_len(uint16_t len)
301292
return std::max(int(len) - MIN_PKT_SIZE, 0);
302293
}
303294

304-
}
305-
295+
} // namespace ipxp

0 commit comments

Comments
 (0)