Back to index

natlog  0.91.0
addin.cc
Go to the documentation of this file.
00001 #include "pcaprecord.ih"
00002 
00003 // See ../tcpdump.nat: a SYN/ACK packet was received from the destination, so
00004 //  the record's source is the remote (at the OUT interface) destination
00005 //  address and record's destination is the source address (at the IN
00006 //  interface) which has been natted by the firewall: 
00007 // IN.source = record.dest = IN.dest = record.src
00008 
00009 void PcapRecord::addIn(PcapPacket const &packet)
00010 {
00011             // the record has already been seen at the OUT interface?
00012     size_t idx = find(packet.sequenceNr());
00013 
00014     if (idx != numeric_limits<size_t>::max())
00015     {
00016         Record *record = d_connections[idx];
00017 
00018                             // then assign the record's source IP/port:
00019         record->source = {packet.destAddr(), packet.destPort()};
00020         record->status = ESTABLISHED;
00021         imsg << "Add #" << idx << endl;
00022         display(imsg, record) << FBB::endl;
00023     }
00024     else                    // else store a new record.
00025         store(
00026                 new Record 
00027                 {
00028                     INCOMPLETE,
00029                     packet.timeval(), 
00030                     {packet.destAddr(), packet.destPort()},
00031                     {{0}, 0},
00032                     {packet.sourceAddr(), packet.sourcePort()},
00033                     packet.sequenceNr()
00034                 }
00035         );
00036 }
00037 
00038 
00039 
00040