Back to index

natlog  0.91.0
Classes | Public Types | Public Member Functions | Private Types | Private Member Functions | Private Attributes
PcapRecord Class Reference

#include <pcaprecord.h>

Collaboration diagram for PcapRecord:
Collaboration graph
[legend]

List of all members.

Classes

struct  Address
struct  AddrPort
struct  Record

Public Types

enum  Type { IN, OUT }

Public Member Functions

 PcapRecord (std::ostream &stdMsg)
 ~PcapRecord ()
void add (PcapPacket const &packet, Type type)
void remove (PcapPacket const &packet)
time_t seconds (Record const &record) const
suseconds_t microSeconds (Record const &record) const
Address sourceIP (Record const &record) const
Address viaIP (Record const &record) const
Address destIP (Record const &record) const

Private Types

enum  { TTL = 10 }
enum  Status { INCOMPLETE, ESTABLISHED, FINISHED }

Private Member Functions

void addIn (PcapPacket const &packet)
void addOut (PcapPacket const &packet)
size_t find (uint32_t sequenceNr)
void store (Record *)
std::ostream & display (std::ostream &stdMsg, Record const *record) const
void log (Record const *record, time_t seconds, suseconds_t musecs) const
Address inetAddr (struct in_addr const &addr, u_short port) const

Private Attributes

std::vector< Record * > d_connections
std::ostream & d_stdMsg
Optionsd_options

Detailed Description

Definition at line 15 of file pcaprecord.h.


Class Documentation

struct PcapRecord::AddrPort

Definition at line 34 of file pcaprecord.h.

Class Members
u_short port
struct PcapRecord::Record

Definition at line 39 of file pcaprecord.h.

Collaboration diagram for PcapRecord::Record:
Class Members
AddrPort dest
uint32_t sequenceNr
AddrPort source
Status status
AddrPort via

Member Enumeration Documentation

anonymous enum [private]
Enumerator:
TTL 

Definition at line 17 of file pcaprecord.h.

    {
        TTL = 10            // INCOMPLETE records may live for 10 secs.
    };
enum PcapRecord::Status [private]
Enumerator:
INCOMPLETE 
ESTABLISHED 
FINISHED 

Definition at line 21 of file pcaprecord.h.

Enumerator:
IN 
OUT 

Definition at line 29 of file pcaprecord.h.

        {
            IN,
            OUT
        };

Constructor & Destructor Documentation

PcapRecord::PcapRecord ( std::ostream &  stdMsg)

Definition at line 3 of file pcaprecord1.cc.

Definition at line 3 of file destructor.cc.

{
    size_t endSeconds = time(0);

    d_stdMsg << "terminating" << endl;

    for (auto &rec: d_connections)
    {
        if (rec && rec->status == ESTABLISHED)
            log(rec, endSeconds, 0);
    }
    
}

Here is the call graph for this function:


Member Function Documentation

void PcapRecord::add ( PcapPacket const &  packet,
Type  type 
)

Definition at line 3 of file add.cc.

{
    //    cerr << "Device " << type << ", Packet flags: " << hex << 
    //              packet.flags() << '\n';

    if (type == IN)
        addIn(packet);
    else
        addOut(packet);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void PcapRecord::addIn ( PcapPacket const &  packet) [private]

Definition at line 9 of file addin.cc.

{
            // the record has already been seen at the OUT interface?
    size_t idx = find(packet.sequenceNr());

    if (idx != numeric_limits<size_t>::max())
    {
        Record *record = d_connections[idx];

                            // then assign the record's source IP/port:
        record->source = {packet.destAddr(), packet.destPort()};
        record->status = ESTABLISHED;
        imsg << "Add #" << idx << endl;
        display(imsg, record) << FBB::endl;
    }
    else                    // else store a new record.
        store(
                new Record 
                {
                    INCOMPLETE,
                    packet.timeval(), 
                    {packet.destAddr(), packet.destPort()},
                    {{0}, 0},
                    {packet.sourceAddr(), packet.sourcePort()},
                    packet.sequenceNr()
                }
        );
}

Here is the call graph for this function:

Here is the caller graph for this function:

void PcapRecord::addOut ( PcapPacket const &  packet) [private]

Definition at line 9 of file addout.cc.

{
            // the record has already been seen at the OUT interface?
            // the record has already been seen at the OUT interface?
    size_t idx = find(packet.sequenceNr());

    if (idx != numeric_limits<size_t>::max())
    {
        Record *record = d_connections[idx];

                            // then assign the record's `via' IP/port:
        record->via = {packet.destAddr(), packet.destPort()};
        record->status = ESTABLISHED;
        imsg << "Add OUT #" << idx << endl;
        display(imsg, record) << FBB::endl;
    }
    else                    // else store a new record.
        store(
                new Record
                {
                    INCOMPLETE,
                    packet.timeval(), 
                    {{0}, 0},
                    {packet.destAddr(), packet.destPort()},
                    {packet.sourceAddr(), packet.sourcePort()},
                    packet.sequenceNr()
                }
        );
}

Here is the call graph for this function:

Here is the caller graph for this function:

Address PcapRecord::destIP ( Record const &  record) const

Here is the caller graph for this function:

ostream & PcapRecord::display ( std::ostream &  stdMsg,
Record const *  record 
) const [private]

Definition at line 3 of file display.cc.

{
    Address &&src = sourceIP(*record);
    Address &&via = viaIP(*record);
    Address &&dst = destIP(*record);

    return stdMsg << ' ' << 
                src.dottedDecimalAddress() << ':' << src.port() << 
           " (via: " << 
                via.dottedDecimalAddress() << ':' << via.port() << ") "
            "to " << 
                dst.dottedDecimalAddress() << ':' << dst.port();
}

Here is the call graph for this function:

Here is the caller graph for this function:

size_t PcapRecord::find ( uint32_t  sequenceNr) [private]

Definition at line 3 of file find.cc.

{
    size_t idx = 0;
    for (auto &record: d_connections)
    {
        if (record && record->sequenceNr == sequenceNr)
            return idx;
        ++idx;
    }
    return numeric_limits<size_t>::max();
}

Here is the caller graph for this function:

Address PcapRecord::inetAddr ( struct in_addr const &  addr,
u_short  port 
) const [private]
void PcapRecord::log ( Record const *  record,
time_t  seconds,
suseconds_t  musecs 
) const [private]

Definition at line 3 of file log.cc.

{
    d_stdMsg << "from " << 
                ShowSeconds(seconds(*record)) << ':' << 
                        setfill('0') << setw(6) << microSeconds(*record) << 
            " until " << 
                ShowSeconds(endSeconds) << ':' << 
                                        setw(6) << endMicroSeconds << 
                                        ShowSeconds::utcMarker() << ": ";

    display(d_stdMsg, record) << endl;
}

Here is the call graph for this function:

Here is the caller graph for this function:

suseconds_t PcapRecord::microSeconds ( Record const &  record) const

Here is the caller graph for this function:

void PcapRecord::remove ( PcapPacket const &  packet)

Definition at line 3 of file remove.cc.

{
    size_t idx = 0;

    for (auto &element: d_connections)
    {
        if (
            element != 0
            &&
            element->source.port == packet.sourcePort()
            &&
            memcmp(&element->source.addr, &packet.sourceAddr(), 
                    sizeof(struct in_addr)) == 0
        )
        {
            imsg << "Rem #" << idx << endl;
            log(element, packet.seconds(), packet.microSeconds());
            delete element;
            element = 0;
            return;
        }
        ++idx;
    }

//    cout << "FIN/ACK: no record for " << 
//            packet.sourceIP().dottedDecimalAddress() << 
//            " (" << packet.sourcePort() << ") to " <<
//            packet.destIP().dottedDecimalAddress() << 
//            " (" << packet.destPort() << ')' << endl;
}

Here is the call graph for this function:

Here is the caller graph for this function:

time_t PcapRecord::seconds ( Record const &  record) const

Here is the caller graph for this function:

Address PcapRecord::sourceIP ( Record const &  record) const

Here is the caller graph for this function:

void PcapRecord::store ( Record record) [private]

Definition at line 3 of file store.cc.

{
    time_t now = time(0);
    size_t idx = 0;

    for (auto &element: d_connections)
    {
        if (element == 0)               // empty element
        {
            element = record;           // store the record in the empty spot
            return;
        }
                                        // delete old, incomplete records
        if (element->status == INCOMPLETE && seconds(*element) + TTL < now)
        {
            imsg << "Replacing incomplete #" << idx << endl;
            delete element;
            element = record;
            return;
        }
        ++idx;
    }
    d_connections.push_back(record);    // add the record at the end
    imsg << "New index #" << (d_connections.size() - 1) << endl;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Address PcapRecord::viaIP ( Record const &  record) const

Here is the caller graph for this function:


Member Data Documentation

std::vector<Record *> PcapRecord::d_connections [private]

Definition at line 50 of file pcaprecord.h.

Definition at line 52 of file pcaprecord.h.

std::ostream& PcapRecord::d_stdMsg [private]

Definition at line 51 of file pcaprecord.h.


The documentation for this class was generated from the following files: