"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/tcpdemux.h" between
tcpflow-1.5.0.tar.gz and tcpflow-1.6.1.tar.gz

About: tcpflow is a TCP/IP packet demultiplexer that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging.

[ To the main tcpflow source changes report ]

tcpdemux.h  (tcpflow-1.5.0):tcpdemux.h  (tcpflow-1.6.1)
skipping to change at line 49 skipping to change at line 49
#endif #endif
#include <queue> #include <queue>
#include "intrusive_list.h" #include "intrusive_list.h"
/** /**
* the tcp demultiplixer * the tcp demultiplixer
* This is a singleton class; we only need a single demultiplexer. * This is a singleton class; we only need a single demultiplexer.
*/ */
class tcpdemux { class tcpdemux {
/* These are not implemented */
tcpdemux(const tcpdemux &t);
tcpdemux &operator=(const tcpdemux &that);
/* see http://mikecvet.wordpress.com/tag/hashing/ */ /* see http://mikecvet.wordpress.com/tag/hashing/ */
typedef struct { typedef struct {
long operator() (const flow_addr &k) const {return k.hash(); } long operator() (const flow_addr &k) const {return k.hash(); }
} flow_addr_hash; } flow_addr_hash;
typedef struct { typedef struct {
bool operator() (const flow_addr &x, const flow_addr &y) const { return x==y;} bool operator() (const flow_addr &x, const flow_addr &y) const { return x==y;}
} flow_addr_key_eq; } flow_addr_key_eq;
#ifdef HAVE_TR1_UNORDERED_MAP #ifdef HAVE_TR1_UNORDERED_MAP
typedef std::tr1::unordered_map<flow_addr,tcpip *,flow_addr_hash,flow_addr_k ey_eq> flow_map_t; // active flows typedef std::tr1::unordered_map<flow_addr,tcpip *,flow_addr_hash,flow_addr_k ey_eq> flow_map_t; // active flows
typedef std::tr1::unordered_map<flow_addr,saved_flow *,flow_addr_hash,flow_a ddr_key_eq> saved_flow_map_t; // flows that have been saved typedef std::tr1::unordered_map<flow_addr,saved_flow *,flow_addr_hash,flow_a ddr_key_eq> saved_flow_map_t; // flows that have been saved
typedef std::tr1::unordered_map<flow_addr,sparse_saved_flow *,flow_addr_hash ,flow_addr_key_eq> sparse_saved_flow_map_t; // flows ctxt caching for pcap disse ction
#else #else
typedef std::unordered_map<flow_addr,tcpip *,flow_addr_hash,flow_addr_key_eq > flow_map_t; // active flows typedef std::unordered_map<flow_addr,tcpip *,flow_addr_hash,flow_addr_key_eq > flow_map_t; // active flows
typedef std::unordered_map<flow_addr,saved_flow *,flow_addr_hash,flow_addr_k ey_eq> saved_flow_map_t; // flows that have been saved typedef std::unordered_map<flow_addr,saved_flow *,flow_addr_hash,flow_addr_k ey_eq> saved_flow_map_t; // flows that have been saved
typedef std::unordered_map<flow_addr,sparse_saved_flow *,flow_addr_hash,flow _addr_key_eq> sparse_saved_flow_map_t; // flows ctxt caching for pcap dissection
#endif #endif
typedef std::vector<class saved_flow *> saved_flows_t; // needs to be ordere d typedef std::vector<class saved_flow *> saved_flows_t; // needs to be ordere d
tcpdemux(); tcpdemux();
#ifdef HAVE_SQLITE3 #ifdef HAVE_SQLITE3
sqlite3 *db; sqlite3 *db;
sqlite3_stmt *insert_flow; sqlite3_stmt *insert_flow;
#endif #endif
pcap_writer *flow_sorter;
/* facility logic hinge */
int (tcpdemux::*tcp_processor)(const ipaddr &src, const ipaddr &dst,sa_famil
y_t family,
const u_char *tcp_data, uint32_t tcp_length,
const be13::packet_info &pi);
public: public:
static uint32_t tcp_timeout; static uint32_t tcp_timeout;
static std::string tcp_cmd; // command to run on each tcp
flow
static int tcp_subproc_max; // how many subprocesses are we all
owed?
static int tcp_subproc; // how many do we currently have?
static int tcp_alert_fd;
static unsigned int get_max_fds(void); // returns the max static unsigned int get_max_fds(void); // returns the max
virtual ~tcpdemux(){ virtual ~tcpdemux(){
if(xreport) delete xreport; delete xreport;
if(pwriter) delete pwriter; delete pwriter;
} }
/* The pure options class means we can add new options without having to mod ify the tcpdemux constructor. */ /* The pure options class means we can add new options without having to mod ify the tcpdemux constructor. */
class options { class options {
public:; public:;
enum { MAX_SEEK=1024*1024*16 }; enum { MAX_SEEK=1024*1024*16 };
options():console_output(false),console_output_nonewline(false), options():console_output(false),console_output_nonewline(false),
store_output(true),opt_md5(false), store_output(true),opt_md5(false),
post_processing(false),gzip_decompress(true), post_processing(false),gzip_decompress(true),
max_bytes_per_flow(-1), max_bytes_per_flow(-1),
max_flows(0),suppress_header(0), max_flows(0),suppress_header(0),
output_strip_nonprint(true),output_hex(false),use_color(0), output_strip_nonprint(true),output_json(false),
output_pcap(false),output_hex(false),use_color(0),
output_packet_index(false),max_seek(MAX_SEEK) { output_packet_index(false),max_seek(MAX_SEEK) {
} }
bool console_output; bool console_output;
bool console_output_nonewline; bool console_output_nonewline;
bool store_output; // do we output? bool store_output; // do we output?
bool opt_md5; // do we calculate MD5 on DFXML output? bool opt_md5; // do we calculate MD5 on DFXML output?
bool post_processing; // decode headers after tcp connection c loses bool post_processing; // decode headers after tcp connection c loses
bool gzip_decompress; bool gzip_decompress;
int64_t max_bytes_per_flow; int64_t max_bytes_per_flow;
uint32_t max_flows; uint32_t max_flows;
bool suppress_header; bool suppress_header;
bool output_strip_nonprint; bool output_strip_nonprint;
bool output_json;
bool output_pcap;
bool output_hex; bool output_hex;
bool use_color; bool use_color;
bool output_packet_index; // Generate a packet index file giving t he timestamp and location bool output_packet_index; // Generate a packet index file giving t he timestamp and location
// bytes written to the flow file. // bytes written to the flow file.
int32_t max_seek; // signed becuase we compare with abs() int32_t max_seek; // signed becuase we compare with abs()
}; };
enum { WARN_TOO_MANY_FILES=10000}; // warn if more than this number of file s in a directory enum { WARN_TOO_MANY_FILES=10000}; // warn if more than this number of file s in a directory
std::string outdir; /* output directory */ std::string outdir; /* output directory */
uint64_t flow_counter; // how many flows have we seen? uint64_t flow_counter; // how many flows have we seen?
uint64_t packet_counter; // monotomically increasing uint64_t packet_counter; // monotomically increasing
dfxml_writer *xreport; // DFXML output file dfxml_writer *xreport; // DFXML output file
pcap_writer *pwriter; // where we should write packets pcap_writer *pwriter; // where we should write packets
unsigned int max_open_flows; // how large did it ever get? unsigned int max_open_flows; // how large did it ever get?
unsigned int max_fds; // maximum number of file descriptors fo r this tcpdemux unsigned int max_fds; // maximum number of file descriptors fo r this tcpdemux
uint64_t unique_id; // next unique id to assign
flow_map_t flow_map; // db of open tcpip objects, indexed by flow flow_map_t flow_map; // db of open tcpip objects, indexed by flow
intrusive_list<tcpip> open_flows; // the tcpip flows with open files in acce ss order intrusive_list<tcpip> open_flows; // the tcpip flows with open files in acce ss order
saved_flow_map_t saved_flow_map; // db of saved flows, indexed by flow saved_flow_map_t saved_flow_map; // db of saved flows, indexed by flow
sparse_saved_flow_map_t flow_fd_cache_map; // db caching saved flows descri ptors, indexed by flow
saved_flows_t saved_flows; // the flows that were saved saved_flows_t saved_flows; // the flows that were saved
bool start_new_connections; // true if we should start new conn ections bool start_new_connections; // true if we should start new conn ections
options opt; options opt;
class feature_recorder_set *fs; // where features extracted from each class feature_recorder_set *fs; // where features extracted from each flow s
flow should be stored hould be stored
static uint32_t max_saved_flows; // how many saved flows are kept in t he saved_flow_map static uint32_t max_saved_flows; // how many saved flows are kept in t he saved_flow_map
void alter_processing_core();
static tcpdemux *getInstance(); static tcpdemux *getInstance();
/* Databse */ /* Databse */
void openDB(); // open the database file if we are using it in outdir directory. void openDB(); // open the database file if we are using it in outdir directory.
void write_flow_record(const std::string &starttime,const std::string &endt ime, void write_flow_record(const std::string &starttime,const std::string &endt ime,
const std::string &src_ipn,const std::string &dst_ip n, const std::string &src_ipn,const std::string &dst_ip n,
const std::string &mac_daddr,const std::string &mac_ saddr, const std::string &mac_daddr,const std::string &mac_ saddr,
uint64_t packets,uint16_t srcport,uint16_t dstport, uint64_t packets,uint16_t srcport,uint16_t dstport,
const std::string &hashdigest_md5); const std::string &hashdigest_md5);
skipping to change at line 175 skipping to change at line 191
* new flows. * new flows.
*/ */
void save_flow(tcpip *); void save_flow(tcpip *);
/** packet processing. /** packet processing.
* Each returns 0 if processed, 1 if not processed, -1 if error. * Each returns 0 if processed, 1 if not processed, -1 if error.
*/ */
int process_tcp(const ipaddr &src, const ipaddr &dst,sa_family_t family, int process_tcp(const ipaddr &src, const ipaddr &dst,sa_family_t family,
const u_char *tcp_data, uint32_t tcp_length, const u_char *tcp_data, uint32_t tcp_length,
const be13::packet_info &pi); const be13::packet_info &pi);
int dissect_tcp(const ipaddr &src, const ipaddr &dst,sa_family_t family,
const u_char *tcp_data, uint32_t tcp_length,
const be13::packet_info &pi);
int process_ip4(const be13::packet_info &pi); int process_ip4(const be13::packet_info &pi);
int process_ip6(const be13::packet_info &pi); int process_ip6(const be13::packet_info &pi);
int process_pkt(const be13::packet_info &pi); int process_pkt(const be13::packet_info &pi);
private:;
/* These are not implemented */
tcpdemux(const tcpdemux &t);
tcpdemux &operator=(const tcpdemux &that);
}; };
#endif #endif
 End of changes. 16 change blocks. 
16 lines changed or deleted 43 lines changed or added
To the Header Files section of the tcpflow source changes report or the top of this page
Mainly generated by pkgdiff using rfcdiff
Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)