diff --git a/src/fast_library.cpp b/src/fast_library.cpp index e09090e09..c7164d737 100644 --- a/src/fast_library.cpp +++ b/src/fast_library.cpp @@ -938,37 +938,37 @@ bool manage_interface_promisc_mode(std::string interface_name, bool switch_on) { // Adds traffic speed to JSON structure void serialize_traffic_counters_to_json(json_object* jobj, const attack_details_t& current_attack) { - json_object_object_add(jobj, "total_incoming_traffic", json_object_new_int(current_attack.in_bytes)); - json_object_object_add(jobj, "total_outgoing_traffic", json_object_new_int(current_attack.out_bytes)); - json_object_object_add(jobj, "total_incoming_pps", json_object_new_int(current_attack.in_packets)); - json_object_object_add(jobj, "total_outgoing_pps", json_object_new_int(current_attack.out_packets)); + json_object_object_add(jobj, "total_incoming_traffic", json_object_new_int(current_attack.total.in_bytes)); + json_object_object_add(jobj, "total_outgoing_traffic", json_object_new_int(current_attack.total.out_bytes)); + json_object_object_add(jobj, "total_incoming_pps", json_object_new_int(current_attack.total.in_packets)); + json_object_object_add(jobj, "total_outgoing_pps", json_object_new_int(current_attack.total.out_packets)); json_object_object_add(jobj, "total_incoming_flows", json_object_new_int(current_attack.in_flows)); json_object_object_add(jobj, "total_outgoing_flows", json_object_new_int(current_attack.out_flows)); - json_object_object_add(jobj, "incoming_ip_fragmented_traffic", json_object_new_int(current_attack.fragmented_in_bytes)); - json_object_object_add(jobj, "outgoing_ip_fragmented_traffic", json_object_new_int(current_attack.fragmented_out_bytes)); - json_object_object_add(jobj, "incoming_ip_fragmented_pps", json_object_new_int(current_attack.fragmented_in_packets)); - json_object_object_add(jobj, "outgoing_ip_fragmented_pps", json_object_new_int(current_attack.fragmented_out_packets)); + json_object_object_add(jobj, "incoming_ip_fragmented_traffic", json_object_new_int(current_attack.fragmented.in_bytes)); + json_object_object_add(jobj, "outgoing_ip_fragmented_traffic", json_object_new_int(current_attack.fragmented.out_bytes)); + json_object_object_add(jobj, "incoming_ip_fragmented_pps", json_object_new_int(current_attack.fragmented.in_packets)); + json_object_object_add(jobj, "outgoing_ip_fragmented_pps", json_object_new_int(current_attack.fragmented.out_packets)); - json_object_object_add(jobj, "incoming_tcp_traffic", json_object_new_int(current_attack.tcp_in_bytes)); - json_object_object_add(jobj, "outgoing_tcp_traffic", json_object_new_int(current_attack.tcp_out_bytes)); - json_object_object_add(jobj, "incoming_tcp_pps", json_object_new_int(current_attack.tcp_in_packets)); - json_object_object_add(jobj, "outgoing_tcp_pps", json_object_new_int(current_attack.tcp_out_packets)); + json_object_object_add(jobj, "incoming_tcp_traffic", json_object_new_int(current_attack.tcp.in_bytes)); + json_object_object_add(jobj, "outgoing_tcp_traffic", json_object_new_int(current_attack.tcp.out_bytes)); + json_object_object_add(jobj, "incoming_tcp_pps", json_object_new_int(current_attack.tcp.in_packets)); + json_object_object_add(jobj, "outgoing_tcp_pps", json_object_new_int(current_attack.tcp.out_packets)); - json_object_object_add(jobj, "incoming_syn_tcp_traffic", json_object_new_int(current_attack.tcp_syn_in_bytes)); - json_object_object_add(jobj, "outgoing_syn_tcp_traffic", json_object_new_int(current_attack.tcp_syn_out_bytes)); - json_object_object_add(jobj, "incoming_syn_tcp_pps", json_object_new_int(current_attack.tcp_syn_in_packets)); - json_object_object_add(jobj, "outgoing_syn_tcp_pps", json_object_new_int(current_attack.tcp_syn_out_packets)); + json_object_object_add(jobj, "incoming_syn_tcp_traffic", json_object_new_int(current_attack.tcp_syn.in_bytes)); + json_object_object_add(jobj, "outgoing_syn_tcp_traffic", json_object_new_int(current_attack.tcp_syn.out_bytes)); + json_object_object_add(jobj, "incoming_syn_tcp_pps", json_object_new_int(current_attack.tcp_syn.in_packets)); + json_object_object_add(jobj, "outgoing_syn_tcp_pps", json_object_new_int(current_attack.tcp_syn.out_packets)); - json_object_object_add(jobj, "incoming_udp_traffic", json_object_new_int(current_attack.udp_in_bytes)); - json_object_object_add(jobj, "outgoing_udp_traffic", json_object_new_int(current_attack.udp_out_bytes)); - json_object_object_add(jobj, "incoming_udp_pps", json_object_new_int(current_attack.udp_in_packets)); - json_object_object_add(jobj, "outgoing_udp_pps", json_object_new_int(current_attack.udp_out_packets)); + json_object_object_add(jobj, "incoming_udp_traffic", json_object_new_int(current_attack.udp.in_bytes)); + json_object_object_add(jobj, "outgoing_udp_traffic", json_object_new_int(current_attack.udp.out_bytes)); + json_object_object_add(jobj, "incoming_udp_pps", json_object_new_int(current_attack.udp.in_packets)); + json_object_object_add(jobj, "outgoing_udp_pps", json_object_new_int(current_attack.udp.out_packets)); - json_object_object_add(jobj, "incoming_icmp_traffic", json_object_new_int(current_attack.icmp_in_bytes)); - json_object_object_add(jobj, "outgoing_icmp_traffic", json_object_new_int(current_attack.icmp_out_bytes)); - json_object_object_add(jobj, "incoming_icmp_pps", json_object_new_int(current_attack.icmp_in_packets)); - json_object_object_add(jobj, "outgoing_icmp_pps", json_object_new_int(current_attack.icmp_out_packets)); + json_object_object_add(jobj, "incoming_icmp_traffic", json_object_new_int(current_attack.icmp.in_bytes)); + json_object_object_add(jobj, "outgoing_icmp_traffic", json_object_new_int(current_attack.icmp.out_bytes)); + json_object_object_add(jobj, "incoming_icmp_pps", json_object_new_int(current_attack.icmp.in_packets)); + json_object_object_add(jobj, "outgoing_icmp_pps", json_object_new_int(current_attack.icmp.out_packets)); } json_object* serialize_attack_description_to_json(attack_details_t& current_attack) { @@ -1014,10 +1014,10 @@ std::string serialize_attack_description(attack_details_t& current_attack) { << "Attack direction: " << get_direction_name(current_attack.attack_direction) << "\n" << "Attack protocol: " << get_printable_protocol_name(current_attack.attack_protocol) << "\n"; - attack_description << "Total incoming traffic: " << convert_speed_to_mbps(current_attack.in_bytes) << " mbps\n" - << "Total outgoing traffic: " << convert_speed_to_mbps(current_attack.out_bytes) << " mbps\n" - << "Total incoming pps: " << current_attack.in_packets << " packets per second\n" - << "Total outgoing pps: " << current_attack.out_packets << " packets per second\n" + attack_description << "Total incoming traffic: " << convert_speed_to_mbps(current_attack.total.in_bytes) << " mbps\n" + << "Total outgoing traffic: " << convert_speed_to_mbps(current_attack.total.out_bytes) << " mbps\n" + << "Total incoming pps: " << current_attack.total.in_packets << " packets per second\n" + << "Total outgoing pps: " << current_attack.total.out_packets << " packets per second\n" << "Total incoming flows: " << current_attack.in_flows << " flows per second\n" << "Total outgoing flows: " << current_attack.out_flows << " flows per second\n"; @@ -1031,29 +1031,29 @@ std::string serialize_attack_description(attack_details_t& current_attack) { << "Average outgoing flows: " << current_attack.average_out_flows << " flows per second\n"; attack_description - << "Incoming ip fragmented traffic: " << convert_speed_to_mbps(current_attack.fragmented_in_bytes) << " mbps\n" - << "Outgoing ip fragmented traffic: " << convert_speed_to_mbps(current_attack.fragmented_out_bytes) << " mbps\n" - << "Incoming ip fragmented pps: " << current_attack.fragmented_in_packets << " packets per second\n" - << "Outgoing ip fragmented pps: " << current_attack.fragmented_out_packets << " packets per second\n" - - << "Incoming tcp traffic: " << convert_speed_to_mbps(current_attack.tcp_in_bytes) << " mbps\n" - << "Outgoing tcp traffic: " << convert_speed_to_mbps(current_attack.tcp_out_bytes) << " mbps\n" - << "Incoming tcp pps: " << current_attack.tcp_in_packets << " packets per second\n" - << "Outgoing tcp pps: " << current_attack.tcp_out_packets << " packets per second\n" - << "Incoming syn tcp traffic: " << convert_speed_to_mbps(current_attack.tcp_syn_in_bytes) << " mbps\n" - << "Outgoing syn tcp traffic: " << convert_speed_to_mbps(current_attack.tcp_syn_out_bytes) << " mbps\n" - << "Incoming syn tcp pps: " << current_attack.tcp_syn_in_packets << " packets per second\n" - << "Outgoing syn tcp pps: " << current_attack.tcp_syn_out_packets << " packets per second\n" - - << "Incoming udp traffic: " << convert_speed_to_mbps(current_attack.udp_in_bytes) << " mbps\n" - << "Outgoing udp traffic: " << convert_speed_to_mbps(current_attack.udp_out_bytes) << " mbps\n" - << "Incoming udp pps: " << current_attack.udp_in_packets << " packets per second\n" - << "Outgoing udp pps: " << current_attack.udp_out_packets << " packets per second\n" - - << "Incoming icmp traffic: " << convert_speed_to_mbps(current_attack.icmp_in_bytes) << " mbps\n" - << "Outgoing icmp traffic: " << convert_speed_to_mbps(current_attack.icmp_out_bytes) << " mbps\n" - << "Incoming icmp pps: " << current_attack.icmp_in_packets << " packets per second\n" - << "Outgoing icmp pps: " << current_attack.icmp_out_packets << " packets per second\n"; + << "Incoming ip fragmented traffic: " << convert_speed_to_mbps(current_attack.fragmented.in_bytes) << " mbps\n" + << "Outgoing ip fragmented traffic: " << convert_speed_to_mbps(current_attack.fragmented.out_bytes) << " mbps\n" + << "Incoming ip fragmented pps: " << current_attack.fragmented.in_packets << " packets per second\n" + << "Outgoing ip fragmented pps: " << current_attack.fragmented.out_packets << " packets per second\n" + + << "Incoming tcp traffic: " << convert_speed_to_mbps(current_attack.tcp.in_bytes) << " mbps\n" + << "Outgoing tcp traffic: " << convert_speed_to_mbps(current_attack.tcp.out_bytes) << " mbps\n" + << "Incoming tcp pps: " << current_attack.tcp.in_packets << " packets per second\n" + << "Outgoing tcp pps: " << current_attack.tcp.out_packets << " packets per second\n" + << "Incoming syn tcp traffic: " << convert_speed_to_mbps(current_attack.tcp_syn.in_bytes) << " mbps\n" + << "Outgoing syn tcp traffic: " << convert_speed_to_mbps(current_attack.tcp_syn.out_bytes) << " mbps\n" + << "Incoming syn tcp pps: " << current_attack.tcp_syn.in_packets << " packets per second\n" + << "Outgoing syn tcp pps: " << current_attack.tcp_syn.out_packets << " packets per second\n" + + << "Incoming udp traffic: " << convert_speed_to_mbps(current_attack.udp.in_bytes) << " mbps\n" + << "Outgoing udp traffic: " << convert_speed_to_mbps(current_attack.udp.out_bytes) << " mbps\n" + << "Incoming udp pps: " << current_attack.udp.in_packets << " packets per second\n" + << "Outgoing udp pps: " << current_attack.udp.out_packets << " packets per second\n" + + << "Incoming icmp traffic: " << convert_speed_to_mbps(current_attack.icmp.in_bytes) << " mbps\n" + << "Outgoing icmp traffic: " << convert_speed_to_mbps(current_attack.icmp.out_bytes) << " mbps\n" + << "Incoming icmp pps: " << current_attack.icmp.in_packets << " packets per second\n" + << "Outgoing icmp pps: " << current_attack.icmp.out_packets << " packets per second\n"; return attack_description.str(); } @@ -1062,23 +1062,23 @@ attack_type_t detect_attack_type(attack_details_t& current_attack) { double threshold_value = 0.9; if (current_attack.attack_direction == INCOMING) { - if (current_attack.tcp_syn_in_packets > threshold_value * current_attack.in_packets) { + if (current_attack.tcp_syn.in_packets > threshold_value * current_attack.total.in_packets) { return ATTACK_SYN_FLOOD; - } else if (current_attack.icmp_in_packets > threshold_value * current_attack.in_packets) { + } else if (current_attack.icmp.in_packets > threshold_value * current_attack.total.in_packets) { return ATTACK_ICMP_FLOOD; - } else if (current_attack.fragmented_in_packets > threshold_value * current_attack.in_packets) { + } else if (current_attack.fragmented.in_packets > threshold_value * current_attack.total.in_packets) { return ATTACK_IP_FRAGMENTATION_FLOOD; - } else if (current_attack.udp_in_packets > threshold_value * current_attack.in_packets) { + } else if (current_attack.udp.in_packets > threshold_value * current_attack.total.in_packets) { return ATTACK_UDP_FLOOD; } } else if (current_attack.attack_direction == OUTGOING) { - if (current_attack.tcp_syn_out_packets > threshold_value * current_attack.out_packets) { + if (current_attack.tcp_syn.out_packets > threshold_value * current_attack.total.out_packets) { return ATTACK_SYN_FLOOD; - } else if (current_attack.icmp_out_packets > threshold_value * current_attack.out_packets) { + } else if (current_attack.icmp.out_packets > threshold_value * current_attack.total.out_packets) { return ATTACK_ICMP_FLOOD; - } else if (current_attack.fragmented_out_packets > threshold_value * current_attack.out_packets) { + } else if (current_attack.fragmented.out_packets > threshold_value * current_attack.total.out_packets) { return ATTACK_IP_FRAGMENTATION_FLOOD; - } else if (current_attack.udp_out_packets > threshold_value * current_attack.out_packets) { + } else if (current_attack.udp.out_packets > threshold_value * current_attack.total.out_packets) { return ATTACK_UDP_FLOOD; } } @@ -1111,10 +1111,10 @@ std::string serialize_network_load_to_text(subnet_counter_t& network_speed_meter prefix = "Average network"; } - buffer << prefix << " incoming traffic: " << convert_speed_to_mbps(network_speed_meter.in_bytes) << " mbps\n" - << prefix << " outgoing traffic: " << convert_speed_to_mbps(network_speed_meter.out_bytes) << " mbps\n" - << prefix << " incoming pps: " << network_speed_meter.in_packets << " packets per second\n" - << prefix << " outgoing pps: " << network_speed_meter.out_packets << " packets per second\n"; + buffer << prefix << " incoming traffic: " << convert_speed_to_mbps(network_speed_meter.total.in_bytes) << " mbps\n" + << prefix << " outgoing traffic: " << convert_speed_to_mbps(network_speed_meter.total.out_bytes) << " mbps\n" + << prefix << " incoming pps: " << network_speed_meter.total.in_packets << " packets per second\n" + << prefix << " outgoing pps: " << network_speed_meter.total.out_packets << " packets per second\n"; return buffer.str(); } @@ -1122,10 +1122,10 @@ std::string serialize_network_load_to_text(subnet_counter_t& network_speed_meter json_object* serialize_network_load_to_json(subnet_counter_t& network_speed_meter) { json_object* jobj = json_object_new_object(); - json_object_object_add(jobj, "incoming traffic", json_object_new_int(network_speed_meter.in_bytes)); - json_object_object_add(jobj, "outgoing traffic", json_object_new_int(network_speed_meter.out_bytes)); - json_object_object_add(jobj, "incoming pps", json_object_new_int(network_speed_meter.in_packets)); - json_object_object_add(jobj, "outgoing pps", json_object_new_int(network_speed_meter.out_packets)); + json_object_object_add(jobj, "incoming traffic", json_object_new_int(network_speed_meter.total.in_bytes)); + json_object_object_add(jobj, "outgoing traffic", json_object_new_int(network_speed_meter.total.out_bytes)); + json_object_object_add(jobj, "incoming pps", json_object_new_int(network_speed_meter.total.in_packets)); + json_object_object_add(jobj, "outgoing pps", json_object_new_int(network_speed_meter.total.out_packets)); return jobj; } diff --git a/src/fastnetmon_logic.cpp b/src/fastnetmon_logic.cpp index f409dbd3f..db4e0e65c 100644 --- a/src/fastnetmon_logic.cpp +++ b/src/fastnetmon_logic.cpp @@ -2024,46 +2024,46 @@ bool fill_attack_information(subnet_counter_t average_speed_element, current_attack.attack_power = pps; current_attack.max_attack_power = pps; - current_attack.in_packets = in_pps; - current_attack.out_packets = out_pps; + current_attack.total.in_packets = in_pps; + current_attack.total.out_packets = out_pps; - current_attack.in_bytes = in_bps; - current_attack.out_bytes = out_bps; + current_attack.total.in_bytes = in_bps; + current_attack.total.out_bytes = out_bps; // pass flow information current_attack.in_flows = in_flows; current_attack.out_flows = out_flows; - current_attack.fragmented_in_packets = average_speed_element.fragmented_in_packets; - current_attack.tcp_in_packets = average_speed_element.tcp_in_packets; - current_attack.tcp_syn_in_packets = average_speed_element.tcp_syn_in_packets; - current_attack.udp_in_packets = average_speed_element.udp_in_packets; - current_attack.icmp_in_packets = average_speed_element.icmp_in_packets; - - current_attack.fragmented_out_packets = average_speed_element.fragmented_out_packets; - current_attack.tcp_out_packets = average_speed_element.tcp_out_packets; - current_attack.tcp_syn_out_packets = average_speed_element.tcp_syn_out_packets; - current_attack.udp_out_packets = average_speed_element.udp_out_packets; - current_attack.icmp_out_packets = average_speed_element.icmp_out_packets; - - current_attack.fragmented_out_bytes = average_speed_element.fragmented_out_bytes; - current_attack.tcp_out_bytes = average_speed_element.tcp_out_bytes; - current_attack.tcp_syn_out_bytes = average_speed_element.tcp_syn_out_bytes; - current_attack.udp_out_bytes = average_speed_element.udp_out_bytes; - current_attack.icmp_out_bytes = average_speed_element.icmp_out_bytes; - - current_attack.fragmented_in_bytes = average_speed_element.fragmented_in_bytes; - current_attack.tcp_in_bytes = average_speed_element.tcp_in_bytes; - current_attack.tcp_syn_in_bytes = average_speed_element.tcp_syn_in_bytes; - current_attack.udp_in_bytes = average_speed_element.udp_in_bytes; - current_attack.icmp_in_bytes = average_speed_element.icmp_in_bytes; - - current_attack.average_in_packets = average_speed_element.in_packets; - current_attack.average_in_bytes = average_speed_element.in_bytes; + current_attack.fragmented.in_packets = average_speed_element.fragmented.in_packets; + current_attack.tcp.in_packets = average_speed_element.tcp.in_packets; + current_attack.tcp_syn.in_packets = average_speed_element.tcp_syn.in_packets; + current_attack.udp.in_packets = average_speed_element.udp.in_packets; + current_attack.icmp.in_packets = average_speed_element.icmp.in_packets; + + current_attack.fragmented.out_packets = average_speed_element.fragmented.out_packets; + current_attack.tcp.out_packets = average_speed_element.tcp.out_packets; + current_attack.tcp_syn.out_packets = average_speed_element.tcp_syn.out_packets; + current_attack.udp.out_packets = average_speed_element.udp.out_packets; + current_attack.icmp.out_packets = average_speed_element.icmp.out_packets; + + current_attack.fragmented.out_bytes = average_speed_element.fragmented.out_bytes; + current_attack.tcp.out_bytes = average_speed_element.tcp.out_bytes; + current_attack.tcp_syn.out_bytes = average_speed_element.tcp_syn.out_bytes; + current_attack.udp.out_bytes = average_speed_element.udp.out_bytes; + current_attack.icmp.out_bytes = average_speed_element.icmp.out_bytes; + + current_attack.fragmented.in_bytes = average_speed_element.fragmented.in_bytes; + current_attack.tcp.in_bytes = average_speed_element.tcp.in_bytes; + current_attack.tcp_syn.in_bytes = average_speed_element.tcp_syn.in_bytes; + current_attack.udp.in_bytes = average_speed_element.udp.in_bytes; + current_attack.icmp.in_bytes = average_speed_element.icmp.in_bytes; + + current_attack.average_in_packets = average_speed_element.total.in_packets; + current_attack.average_in_bytes = average_speed_element.total.in_bytes; current_attack.average_in_flows = average_speed_element.in_flows; - current_attack.average_out_packets = average_speed_element.out_packets; - current_attack.average_out_bytes = average_speed_element.out_bytes; + current_attack.average_out_packets = average_speed_element.total.out_packets; + current_attack.average_out_bytes = average_speed_element.total.out_bytes; current_attack.average_out_flows = average_speed_element.out_flows; return true; @@ -2201,11 +2201,11 @@ void recalculate_speed() { subnet_counter_t new_speed_element; - new_speed_element.in_packets = uint64_t((double)subnet_traffic->in_packets / speed_calc_period); - new_speed_element.in_bytes = uint64_t((double)subnet_traffic->in_bytes / speed_calc_period); + new_speed_element.total.in_packets = uint64_t((double)subnet_traffic->total.in_packets / speed_calc_period); + new_speed_element.total.in_bytes = uint64_t((double)subnet_traffic->total.in_bytes / speed_calc_period); - new_speed_element.out_packets = uint64_t((double)subnet_traffic->out_packets / speed_calc_period); - new_speed_element.out_bytes = uint64_t((double)subnet_traffic->out_bytes / speed_calc_period); + new_speed_element.total.out_packets = uint64_t((double)subnet_traffic->total.out_packets / speed_calc_period); + new_speed_element.total.out_bytes = uint64_t((double)subnet_traffic->total.out_bytes / speed_calc_period); /* Moving average recalculation for subnets */ /* http://en.wikipedia.org/wiki/Moving_average#Application_to_measuring_computer_performance */ @@ -2214,21 +2214,21 @@ void recalculate_speed() { subnet_counter_t* current_average_speed_element = &PerSubnetAverageSpeedMap[current_subnet]; - current_average_speed_element->in_bytes = - uint64_t(new_speed_element.in_bytes + exp_value_subnet * ((double)current_average_speed_element->in_bytes - - (double)new_speed_element.in_bytes)); + current_average_speed_element->total.in_bytes = + uint64_t(new_speed_element.total.in_bytes + exp_value_subnet * ((double)current_average_speed_element->total.in_bytes - + (double)new_speed_element.total.in_bytes)); - current_average_speed_element->out_bytes = - uint64_t(new_speed_element.out_bytes + exp_value_subnet * ((double)current_average_speed_element->out_bytes - - (double)new_speed_element.out_bytes)); + current_average_speed_element->total.out_bytes = + uint64_t(new_speed_element.total.out_bytes + exp_value_subnet * ((double)current_average_speed_element->total.out_bytes - + (double)new_speed_element.total.out_bytes)); - current_average_speed_element->in_packets = - uint64_t(new_speed_element.in_packets + exp_value_subnet * ((double)current_average_speed_element->in_packets - - (double)new_speed_element.in_packets)); + current_average_speed_element->total.in_packets = + uint64_t(new_speed_element.total.in_packets + exp_value_subnet * ((double)current_average_speed_element->total.in_packets - + (double)new_speed_element.total.in_packets)); - current_average_speed_element->out_packets = - uint64_t(new_speed_element.out_packets + exp_value_subnet * ((double)current_average_speed_element->out_packets - - (double)new_speed_element.out_packets)); + current_average_speed_element->total.out_packets = + uint64_t(new_speed_element.total.out_packets + exp_value_subnet * ((double)current_average_speed_element->total.out_packets - + (double)new_speed_element.total.out_packets)); // Update speed calculation structure PerSubnetSpeedMap[current_subnet] = new_speed_element; @@ -2471,12 +2471,12 @@ std::string draw_table_ipv6(direction_t sort_direction, bool do_redis_update, so // Create polymorphic pps, byte and flow counters if (sort_direction == INCOMING) { - pps = current_speed_element->in_packets; - bps = current_speed_element->in_bytes; + pps = current_speed_element->total.in_packets; + bps = current_speed_element->total.in_bytes; flows = current_speed_element->in_flows; } else if (sort_direction == OUTGOING) { - pps = current_speed_element->out_packets; - bps = current_speed_element->out_bytes; + pps = current_speed_element->total.out_packets; + bps = current_speed_element->total.out_bytes; flows = current_speed_element->out_flows; } @@ -2570,12 +2570,12 @@ std::string draw_table_ipv4(direction_t data_direction, bool do_redis_update, so // Create polymorphic pps, byte and flow counters if (data_direction == INCOMING) { - pps = current_speed_element->in_packets; - bps = current_speed_element->in_bytes; + pps = current_speed_element->total.in_packets; + bps = current_speed_element->total.in_bytes; flows = current_speed_element->in_flows; } else if (data_direction == OUTGOING) { - pps = current_speed_element->out_packets; - bps = current_speed_element->out_bytes; + pps = current_speed_element->total.out_packets; + bps = current_speed_element->total.out_bytes; flows = current_speed_element->out_flows; } @@ -2698,11 +2698,11 @@ void process_packet(simple_packet_t& current_packet) { subnet_counter_t* counter_ptr = &ipv6_subnet_counters.counter_map[ipv6_cidr_subnet]; if (current_packet.packet_direction == OUTGOING) { - counter_ptr->out_packets += sampled_number_of_packets; - counter_ptr->out_bytes += sampled_number_of_bytes; + counter_ptr->total.out_packets += sampled_number_of_packets; + counter_ptr->total.out_bytes += sampled_number_of_bytes; } else if (current_packet.packet_direction == INCOMING) { - counter_ptr->in_packets += sampled_number_of_packets; - counter_ptr->in_bytes += sampled_number_of_bytes; + counter_ptr->total.in_packets += sampled_number_of_packets; + counter_ptr->total.in_bytes += sampled_number_of_bytes; } } @@ -2930,29 +2930,29 @@ void increment_outgoing_counters(subnet_counter_t* current_element, current_element->last_update_time = current_inaccurate_time; // Main packet/bytes counter - __atomic_add_fetch(¤t_element->out_packets, sampled_number_of_packets, __ATOMIC_RELAXED); - __atomic_add_fetch(¤t_element->out_bytes, sampled_number_of_bytes, __ATOMIC_RELAXED); + __atomic_add_fetch(¤t_element->total.out_packets, sampled_number_of_packets, __ATOMIC_RELAXED); + __atomic_add_fetch(¤t_element->total.out_bytes, sampled_number_of_bytes, __ATOMIC_RELAXED); // Fragmented IP packets if (current_packet.ip_fragmented) { - __atomic_add_fetch(¤t_element->fragmented_out_packets, sampled_number_of_packets, __ATOMIC_RELAXED); - __atomic_add_fetch(¤t_element->fragmented_out_bytes, sampled_number_of_bytes, __ATOMIC_RELAXED); + __atomic_add_fetch(¤t_element->fragmented.out_packets, sampled_number_of_packets, __ATOMIC_RELAXED); + __atomic_add_fetch(¤t_element->fragmented.out_bytes, sampled_number_of_bytes, __ATOMIC_RELAXED); } if (current_packet.protocol == IPPROTO_TCP) { - __atomic_add_fetch(¤t_element->tcp_out_packets, sampled_number_of_packets, __ATOMIC_RELAXED); - __atomic_add_fetch(¤t_element->tcp_out_bytes, sampled_number_of_bytes, __ATOMIC_RELAXED); + __atomic_add_fetch(¤t_element->tcp.out_packets, sampled_number_of_packets, __ATOMIC_RELAXED); + __atomic_add_fetch(¤t_element->tcp.out_bytes, sampled_number_of_bytes, __ATOMIC_RELAXED); if (extract_bit_value(current_packet.flags, TCP_SYN_FLAG_SHIFT)) { - __atomic_add_fetch(¤t_element->tcp_syn_out_packets, sampled_number_of_packets, __ATOMIC_RELAXED); - __atomic_add_fetch(¤t_element->tcp_syn_out_bytes, sampled_number_of_bytes, __ATOMIC_RELAXED); + __atomic_add_fetch(¤t_element->tcp_syn.out_packets, sampled_number_of_packets, __ATOMIC_RELAXED); + __atomic_add_fetch(¤t_element->tcp_syn.out_bytes, sampled_number_of_bytes, __ATOMIC_RELAXED); } } else if (current_packet.protocol == IPPROTO_UDP) { - __atomic_add_fetch(¤t_element->udp_out_packets, sampled_number_of_packets, __ATOMIC_RELAXED); - __atomic_add_fetch(¤t_element->udp_out_bytes, sampled_number_of_bytes, __ATOMIC_RELAXED); + __atomic_add_fetch(¤t_element->udp.out_packets, sampled_number_of_packets, __ATOMIC_RELAXED); + __atomic_add_fetch(¤t_element->udp.out_bytes, sampled_number_of_bytes, __ATOMIC_RELAXED); } else if (current_packet.protocol == IPPROTO_ICMP) { - __atomic_add_fetch(¤t_element->icmp_out_packets, sampled_number_of_packets, __ATOMIC_RELAXED); - __atomic_add_fetch(¤t_element->icmp_out_bytes, sampled_number_of_bytes, __ATOMIC_RELAXED); + __atomic_add_fetch(¤t_element->icmp.out_packets, sampled_number_of_packets, __ATOMIC_RELAXED); + __atomic_add_fetch(¤t_element->icmp.out_bytes, sampled_number_of_bytes, __ATOMIC_RELAXED); // no flow tracking for icmp } else { } @@ -2968,29 +2968,29 @@ void increment_outgoing_counters(subnet_counter_t* current_element, current_element->last_update_time = current_inaccurate_time; // Main packet/bytes counter - __sync_fetch_and_add(¤t_element->out_packets, sampled_number_of_packets); - __sync_fetch_and_add(¤t_element->out_bytes, sampled_number_of_bytes); + __sync_fetch_and_add(¤t_element->total.out_packets, sampled_number_of_packets); + __sync_fetch_and_add(¤t_element->total.out_bytes, sampled_number_of_bytes); // Fragmented IP packets if (current_packet.ip_fragmented) { - __sync_fetch_and_add(¤t_element->fragmented_out_packets, sampled_number_of_packets); - __sync_fetch_and_add(¤t_element->fragmented_out_bytes, sampled_number_of_bytes); + __sync_fetch_and_add(¤t_element->fragmented.out_packets, sampled_number_of_packets); + __sync_fetch_and_add(¤t_element->fragmented.out_bytes, sampled_number_of_bytes); } if (current_packet.protocol == IPPROTO_TCP) { - __sync_fetch_and_add(¤t_element->tcp_out_packets, sampled_number_of_packets); - __sync_fetch_and_add(¤t_element->tcp_out_bytes, sampled_number_of_bytes); + __sync_fetch_and_add(¤t_element->tcp.out_packets, sampled_number_of_packets); + __sync_fetch_and_add(¤t_element->tcp.out_bytes, sampled_number_of_bytes); if (extract_bit_value(current_packet.flags, TCP_SYN_FLAG_SHIFT)) { - __sync_fetch_and_add(¤t_element->tcp_syn_out_packets, sampled_number_of_packets); - __sync_fetch_and_add(¤t_element->tcp_syn_out_bytes, sampled_number_of_bytes); + __sync_fetch_and_add(¤t_element->tcp_syn.out_packets, sampled_number_of_packets); + __sync_fetch_and_add(¤t_element->tcp_syn.out_bytes, sampled_number_of_bytes); } } else if (current_packet.protocol == IPPROTO_UDP) { - __sync_fetch_and_add(¤t_element->udp_out_packets, sampled_number_of_packets); - __sync_fetch_and_add(¤t_element->udp_out_bytes, sampled_number_of_bytes); + __sync_fetch_and_add(¤t_element->udp.out_packets, sampled_number_of_packets); + __sync_fetch_and_add(¤t_element->udp.out_bytes, sampled_number_of_bytes); } else if (current_packet.protocol == IPPROTO_ICMP) { - __sync_fetch_and_add(¤t_element->icmp_out_packets, sampled_number_of_packets); - __sync_fetch_and_add(¤t_element->icmp_out_bytes, sampled_number_of_bytes); + __sync_fetch_and_add(¤t_element->icmp.out_packets, sampled_number_of_packets); + __sync_fetch_and_add(¤t_element->icmp.out_bytes, sampled_number_of_bytes); // no flow tracking for icmp } else { } @@ -3009,30 +3009,30 @@ void increment_incoming_counters(subnet_counter_t* current_element, current_element->last_update_time = current_inaccurate_time; // Main packet/bytes counter - __atomic_add_fetch(¤t_element->in_packets, sampled_number_of_packets, __ATOMIC_RELAXED); - __atomic_add_fetch(¤t_element->in_bytes, sampled_number_of_bytes, __ATOMIC_RELAXED); + __atomic_add_fetch(¤t_element->total.in_packets, sampled_number_of_packets, __ATOMIC_RELAXED); + __atomic_add_fetch(¤t_element->total.in_bytes, sampled_number_of_bytes, __ATOMIC_RELAXED); // Count fragmented IP packets if (current_packet.ip_fragmented) { - __atomic_add_fetch(¤t_element->fragmented_in_packets, sampled_number_of_packets, __ATOMIC_RELAXED); - __atomic_add_fetch(¤t_element->fragmented_in_bytes, sampled_number_of_bytes, __ATOMIC_RELAXED); + __atomic_add_fetch(¤t_element->fragmented.in_packets, sampled_number_of_packets, __ATOMIC_RELAXED); + __atomic_add_fetch(¤t_element->fragmented.in_bytes, sampled_number_of_bytes, __ATOMIC_RELAXED); } // Count per protocol packets if (current_packet.protocol == IPPROTO_TCP) { - __atomic_add_fetch(¤t_element->tcp_in_packets, sampled_number_of_packets, __ATOMIC_RELAXED); - __atomic_add_fetch(¤t_element->tcp_in_bytes, sampled_number_of_bytes, __ATOMIC_RELAXED); + __atomic_add_fetch(¤t_element->tcp.in_packets, sampled_number_of_packets, __ATOMIC_RELAXED); + __atomic_add_fetch(¤t_element->tcp.in_bytes, sampled_number_of_bytes, __ATOMIC_RELAXED); if (extract_bit_value(current_packet.flags, TCP_SYN_FLAG_SHIFT)) { - __atomic_add_fetch(¤t_element->tcp_syn_in_packets, sampled_number_of_packets, __ATOMIC_RELAXED); - __atomic_add_fetch(¤t_element->tcp_syn_in_bytes, sampled_number_of_bytes, __ATOMIC_RELAXED); + __atomic_add_fetch(¤t_element->tcp_syn.in_packets, sampled_number_of_packets, __ATOMIC_RELAXED); + __atomic_add_fetch(¤t_element->tcp_syn.in_bytes, sampled_number_of_bytes, __ATOMIC_RELAXED); } } else if (current_packet.protocol == IPPROTO_UDP) { - __atomic_add_fetch(¤t_element->udp_in_packets, sampled_number_of_packets, __ATOMIC_RELAXED); - __atomic_add_fetch(¤t_element->udp_in_bytes, sampled_number_of_bytes, __ATOMIC_RELAXED); + __atomic_add_fetch(¤t_element->udp.in_packets, sampled_number_of_packets, __ATOMIC_RELAXED); + __atomic_add_fetch(¤t_element->udp.in_bytes, sampled_number_of_bytes, __ATOMIC_RELAXED); } else if (current_packet.protocol == IPPROTO_ICMP) { - __atomic_add_fetch(¤t_element->icmp_in_packets, sampled_number_of_packets, __ATOMIC_RELAXED); - __atomic_add_fetch(¤t_element->icmp_in_bytes, sampled_number_of_bytes, __ATOMIC_RELAXED); + __atomic_add_fetch(¤t_element->icmp.in_packets, sampled_number_of_packets, __ATOMIC_RELAXED); + __atomic_add_fetch(¤t_element->icmp.in_bytes, sampled_number_of_bytes, __ATOMIC_RELAXED); } else { // TBD } @@ -3050,30 +3050,30 @@ void increment_incoming_counters(subnet_counter_t* current_element, current_element->last_update_time = current_inaccurate_time; // Main packet/bytes counter - __sync_fetch_and_add(¤t_element->in_packets, sampled_number_of_packets); - __sync_fetch_and_add(¤t_element->in_bytes, sampled_number_of_bytes); + __sync_fetch_and_add(¤t_element->total.in_packets, sampled_number_of_packets); + __sync_fetch_and_add(¤t_element->total.in_bytes, sampled_number_of_bytes); // Count fragmented IP packets if (current_packet.ip_fragmented) { - __sync_fetch_and_add(¤t_element->fragmented_in_packets, sampled_number_of_packets); - __sync_fetch_and_add(¤t_element->fragmented_in_bytes, sampled_number_of_bytes); + __sync_fetch_and_add(¤t_element->fragmented.in_packets, sampled_number_of_packets); + __sync_fetch_and_add(¤t_element->fragmented.in_bytes, sampled_number_of_bytes); } // Count per protocol packets if (current_packet.protocol == IPPROTO_TCP) { - __sync_fetch_and_add(¤t_element->tcp_in_packets, sampled_number_of_packets); - __sync_fetch_and_add(¤t_element->tcp_in_bytes, sampled_number_of_bytes); + __sync_fetch_and_add(¤t_element->tcp.in_packets, sampled_number_of_packets); + __sync_fetch_and_add(¤t_element->tcp.in_bytes, sampled_number_of_bytes); if (extract_bit_value(current_packet.flags, TCP_SYN_FLAG_SHIFT)) { - __sync_fetch_and_add(¤t_element->tcp_syn_in_packets, sampled_number_of_packets); - __sync_fetch_and_add(¤t_element->tcp_syn_in_bytes, sampled_number_of_bytes); + __sync_fetch_and_add(¤t_element->tcp_syn.in_packets, sampled_number_of_packets); + __sync_fetch_and_add(¤t_element->tcp_syn.in_bytes, sampled_number_of_bytes); } } else if (current_packet.protocol == IPPROTO_UDP) { - __sync_fetch_and_add(¤t_element->udp_in_packets, sampled_number_of_packets); - __sync_fetch_and_add(¤t_element->udp_in_bytes, sampled_number_of_bytes); + __sync_fetch_and_add(¤t_element->udp.in_packets, sampled_number_of_packets); + __sync_fetch_and_add(¤t_element->udp.in_bytes, sampled_number_of_bytes); } else if (current_packet.protocol == IPPROTO_ICMP) { - __sync_fetch_and_add(¤t_element->icmp_in_packets, sampled_number_of_packets); - __sync_fetch_and_add(¤t_element->icmp_in_bytes, sampled_number_of_bytes); + __sync_fetch_and_add(¤t_element->icmp.in_packets, sampled_number_of_packets); + __sync_fetch_and_add(¤t_element->icmp.in_bytes, sampled_number_of_bytes); } else { // TBD } diff --git a/src/fastnetmon_types.hpp b/src/fastnetmon_types.hpp index 6192f7330..f593808dc 100644 --- a/src/fastnetmon_types.hpp +++ b/src/fastnetmon_types.hpp @@ -100,17 +100,17 @@ template class TrafficComparatorClass { } } else if (sort_field == PACKETS) { if (sort_direction == INCOMING) { - return a.second.in_packets > b.second.in_packets; + return a.second.total.in_packets > b.second.total.in_packets; } else if (sort_direction == OUTGOING) { - return a.second.out_packets > b.second.out_packets; + return a.second.total.out_packets > b.second.total.out_packets; } else { return false; } } else if (sort_field == BYTES) { if (sort_direction == INCOMING) { - return a.second.in_bytes > b.second.in_bytes; + return a.second.total.in_bytes > b.second.total.in_bytes; } else if (sort_direction == OUTGOING) { - return a.second.out_bytes > b.second.out_bytes; + return a.second.total.out_bytes > b.second.total.out_bytes; } else { return false; } diff --git a/src/subnet_counter.hpp b/src/subnet_counter.hpp index c3f520a83..2a1d454b7 100644 --- a/src/subnet_counter.hpp +++ b/src/subnet_counter.hpp @@ -2,44 +2,51 @@ #include +// This class keeps all our counters for specific traffic type +class traffic_counter_element_t { + public: + uint64_t in_bytes = 0; + uint64_t out_bytes = 0; + uint64_t in_packets = 0; + uint64_t out_packets = 0; + + void zeroify() { + in_bytes = 0; + out_bytes = 0; + in_packets = 0; + out_packets = 0; + } + + // Returns zero when all counters are zero + bool is_zero() const { + return in_bytes == 0 && out_bytes == 0 && in_packets == 0 && out_packets == 0; + } + + template void serialize(Archive& ar, [[maybe_unused]] const unsigned int version) { + ar& BOOST_SERIALIZATION_NVP(in_bytes); + ar& BOOST_SERIALIZATION_NVP(out_bytes); + ar& BOOST_SERIALIZATION_NVP(in_packets); + ar& BOOST_SERIALIZATION_NVP(out_packets); + } +}; + // main data structure for storing traffic and speed data for all our IPs class subnet_counter_t { public: // We use inaccurate time source for it becasue we do not care about precise time in this case time_t last_update_time = 0; - uint64_t in_bytes = 0; - uint64_t out_bytes = 0; - uint64_t in_packets = 0; - uint64_t out_packets = 0; + traffic_counter_element_t total; + + traffic_counter_element_t tcp; + traffic_counter_element_t udp; + traffic_counter_element_t icmp; - // Fragmented traffic is so recently used for attacks - uint64_t fragmented_in_packets = 0; - uint64_t fragmented_out_packets = 0; - uint64_t fragmented_in_bytes = 0; - uint64_t fragmented_out_bytes = 0; - - // Additional data for correct attack protocol detection - uint64_t tcp_in_packets = 0; - uint64_t tcp_out_packets = 0; - uint64_t tcp_in_bytes = 0; - uint64_t tcp_out_bytes = 0; - - // Additional details about one of most popular atatck type - uint64_t tcp_syn_in_packets = 0; - uint64_t tcp_syn_out_packets = 0; - uint64_t tcp_syn_in_bytes = 0; - uint64_t tcp_syn_out_bytes = 0; - - uint64_t udp_in_packets = 0; - uint64_t udp_out_packets = 0; - uint64_t udp_in_bytes = 0; - uint64_t udp_out_bytes = 0; - - uint64_t icmp_in_packets = 0; - uint64_t icmp_out_packets = 0; - uint64_t icmp_in_bytes = 0; - uint64_t icmp_out_bytes = 0; + traffic_counter_element_t fragmented; + traffic_counter_element_t tcp_syn; + + // Total number of dropped traffic + traffic_counter_element_t dropped; uint64_t in_flows = 0; uint64_t out_flows = 0; @@ -48,70 +55,37 @@ class subnet_counter_t { // be counted twice // Once: in total counter (in_bytes) and secondly in per protocol counter (for example: udp_in_bytes) bool is_zero() const { - return in_bytes == 0 && out_bytes == 0 && in_packets == 0 && out_packets == 0 && in_flows == 0 && out_flows == 0; + return total.in_bytes == 0 && total.out_bytes == 0 && total.in_packets == 0 && total.out_packets == 0 && + in_flows == 0 && out_flows == 0; } // Fill all counters by zeros void zeroify() { - in_bytes = 0; - out_bytes = 0; - in_packets = 0; - out_packets = 0; + total.zeroify(); + dropped.zeroify(); - fragmented_in_packets = 0; - fragmented_out_packets = 0; - fragmented_in_bytes = 0; - fragmented_out_bytes = 0; + tcp.zeroify(); + udp.zeroify(); + icmp.zeroify(); - tcp_in_packets = 0; - tcp_out_packets = 0; - tcp_in_bytes = 0; - tcp_out_bytes = 0; - - tcp_syn_in_packets = 0; - tcp_syn_out_packets = 0; - tcp_syn_in_bytes = 0; - tcp_syn_out_bytes = 0; - - udp_in_packets = 0; - udp_out_packets = 0; - udp_in_bytes = 0; - udp_out_bytes = 0; - - icmp_in_packets = 0; - icmp_out_packets = 0; - icmp_in_bytes = 0; - icmp_out_bytes = 0; + fragmented.zeroify(); + tcp_syn.zeroify(); in_flows = 0; out_flows = 0; } - template void serialize(Archive& ar, const unsigned int version) { - ar& BOOST_SERIALIZATION_NVP(in_bytes); - ar& BOOST_SERIALIZATION_NVP(out_bytes); - ar& BOOST_SERIALIZATION_NVP(in_packets); - ar& BOOST_SERIALIZATION_NVP(out_packets); - ar& BOOST_SERIALIZATION_NVP(fragmented_in_packets); - ar& BOOST_SERIALIZATION_NVP(fragmented_out_packets); - ar& BOOST_SERIALIZATION_NVP(fragmented_in_bytes); - ar& BOOST_SERIALIZATION_NVP(fragmented_out_bytes); - ar& BOOST_SERIALIZATION_NVP(tcp_in_packets); - ar& BOOST_SERIALIZATION_NVP(tcp_out_packets); - ar& BOOST_SERIALIZATION_NVP(tcp_in_bytes); - ar& BOOST_SERIALIZATION_NVP(tcp_out_bytes); - ar& BOOST_SERIALIZATION_NVP(tcp_syn_in_packets); - ar& BOOST_SERIALIZATION_NVP(tcp_syn_out_packets); - ar& BOOST_SERIALIZATION_NVP(tcp_syn_in_bytes); - ar& BOOST_SERIALIZATION_NVP(tcp_syn_out_bytes); - ar& BOOST_SERIALIZATION_NVP(udp_in_packets); - ar& BOOST_SERIALIZATION_NVP(udp_out_packets); - ar& BOOST_SERIALIZATION_NVP(udp_in_bytes); - ar& BOOST_SERIALIZATION_NVP(udp_out_bytes); - ar& BOOST_SERIALIZATION_NVP(icmp_in_packets); - ar& BOOST_SERIALIZATION_NVP(icmp_out_packets); - ar& BOOST_SERIALIZATION_NVP(icmp_in_bytes); - ar& BOOST_SERIALIZATION_NVP(icmp_out_bytes); + template void serialize(Archive& ar, [[maybe_unused]] const unsigned int version) { + ar& BOOST_SERIALIZATION_NVP(total); + ar& BOOST_SERIALIZATION_NVP(dropped); + + ar& BOOST_SERIALIZATION_NVP(tcp); + ar& BOOST_SERIALIZATION_NVP(udp); + ar& BOOST_SERIALIZATION_NVP(icmp); + + ar& BOOST_SERIALIZATION_NVP(fragmented); + ar& BOOST_SERIALIZATION_NVP(tcp_syn); + ar& BOOST_SERIALIZATION_NVP(in_flows); ar& BOOST_SERIALIZATION_NVP(out_flows); }