Skip to content

Commit

Permalink
Store allowed flow types in a common structure dump_allowed
Browse files Browse the repository at this point in the history
It is easier to spot the right place which must be modified to add more flow
types when the configuration for them is stored the same way in a common
variable/structure.
  • Loading branch information
ecsv committed Feb 11, 2014
1 parent 5435c7a commit 7ab06c0
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 15 deletions.
43 changes: 28 additions & 15 deletions pkt2flow.c
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <unistd.h>
#include <dirent.h>
#include <arpa/inet.h>
Expand All @@ -51,8 +52,7 @@
#include <pcap/pcap.h>
#include "pkt2flow.h"

static char tcpsyn = 1;
static char dumpudp = 0;
static uint32_t dump_allowed;
static char *readfile = NULL;
//char *interface = NULL;
static char *outputdir = "pkt2flow.out";
Expand Down Expand Up @@ -88,10 +88,10 @@ static void parseargs(int argc, char *argv[])
outputdir = optarg;
break;
case 'u':
dumpudp = 1;
dump_allowed |= DUMP_UDP_ALLOWED;
break;
case 'v':
tcpsyn = 0;
dump_allowed |= DUMP_TCP_NOSYN_ALLOWED;
break;
default:
usage(argv [0]);
Expand Down Expand Up @@ -201,14 +201,20 @@ static void process_trace(void)
dst_ip = ntohl(iph->ip_dst.s_addr);

offset = EH_SIZE + (iph->ip_hl * 4);
if (iph->ip_p != IPPROTO_TCP) {
// Check the flag to dump UDP or not
if (dumpudp == 0)
// Omit the non-TCP packets
switch (iph->ip_p) {
case IPPROTO_TCP:
/* always accept tcp */
break;
case IPPROTO_UDP:
if (!isset_bits(dump_allowed, DUMP_UDP_ALLOWED))
// Omit the UDP packets
continue;
else if (iph->ip_p != IPPROTO_UDP)
// Omit the non-TCP or non-UDP packets
break;
default:
if (!isset_bits(dump_allowed, DUMP_OTHER_ALLOWED))
// Omit the other packets
continue;
break;
}

// Get the src and dst ports of TCP or UDP
Expand Down Expand Up @@ -237,21 +243,28 @@ static void process_trace(void)
pair = find_ip_pair(iph->ip_src.s_addr, iph->ip_dst.s_addr,
src_port, dst_port);
if (pair == NULL) {
if ((iph->ip_p == IPPROTO_TCP) && (tcpsyn == 1) &&
((tcph->th_flags & TH_SYN) != TH_SYN)) {
if ((iph->ip_p == IPPROTO_TCP) &&
((tcph->th_flags & TH_SYN) != TH_SYN) &&
!isset_bits(dump_allowed, DUMP_TCP_NOSYN_ALLOWED)) {
// No SYN detected and don't create a new flow
continue;
}
pair = register_ip_pair(iph->ip_src.s_addr,
iph->ip_dst.s_addr, src_port,
dst_port);
if (iph->ip_p == IPPROTO_UDP)
pair->pdf.status = STS_UDP;
else {
switch (iph->ip_p) {
case IPPROTO_TCP:
if ((tcph->th_flags & TH_SYN) == TH_SYN)
pair->pdf.status = STS_TCP_SYN;
else
pair->pdf.status = STS_TCP_NOSYN;
break;
case IPPROTO_UDP:
pair->pdf.status = STS_UDP;
break;
default:
pair->pdf.status = STS_UNSET;
break;
}
}

Expand Down
10 changes: 10 additions & 0 deletions pkt2flow.h
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,16 @@
#define FILE_NAME_LENGTH 128
#define PATH_NAME_LENGTH 1024

#define BIT(bitnr) (1ULL << (bitnr))
#define isset_bits(x, bitmask) ({ typeof(bitmask) _bitmask = (bitmask); \
(_bitmask & (x)) == _bitmask; })

enum dump_allow_flags {
DUMP_OTHER_ALLOWED = BIT(0),
DUMP_TCP_NOSYN_ALLOWED = BIT(1),
DUMP_UDP_ALLOWED = BIT(2),
};

enum pkt_dump_file_status {
STS_UNSET,
STS_TCP_SYN,
Expand Down

0 comments on commit 7ab06c0

Please sign in to comment.