|
Lines 121-145
Link Here
|
| 121 |
return (char *)buffer; |
121 |
return (char *)buffer; |
| 122 |
} |
122 |
} |
| 123 |
|
123 |
|
| 124 |
static int sprintf_conntrack_key(char *buf, struct nfct_conntrack *ct, |
124 |
static string make_key(nfct_conntrack* ct, int flags, int type) |
| 125 |
unsigned int flags) |
|
|
| 126 |
{ |
| 127 |
int size = 0; |
| 128 |
|
| 129 |
size += nfct_sprintf_protocol(buf, ct); |
| 130 |
size += nfct_sprintf_address(buf+size, &ct->tuple[NFCT_DIR_ORIGINAL]); |
| 131 |
size += nfct_sprintf_proto(buf+size, &ct->tuple[NFCT_DIR_ORIGINAL]); |
| 132 |
|
| 133 |
/* Delete the last blank space */ |
| 134 |
buf[size-1] = '\0'; |
| 135 |
|
| 136 |
return size; |
| 137 |
} |
| 138 |
|
| 139 |
static string make_key(nfct_conntrack* ct, int flags) |
| 140 |
{ |
125 |
{ |
| 141 |
char key[512]; |
126 |
char key[512]; |
| 142 |
int keysize = sprintf_conntrack_key(key, ct, flags); |
127 |
int keysize = nfct_snprintf(key, sizeof(key), (const nf_conntrack *)ct, type, NFCT_O_DEFAULT, flags); |
| 143 |
if(keysize >= 512){ |
128 |
if(keysize >= 512){ |
| 144 |
cerr << "Yike! Overflowed key!\n"; |
129 |
cerr << "Yike! Overflowed key!\n"; |
| 145 |
exit(1); |
130 |
exit(1); |
|
Lines 148-175
Link Here
|
| 148 |
return key; |
133 |
return key; |
| 149 |
} |
134 |
} |
| 150 |
|
135 |
|
| 151 |
static int l7_handle_conntrack_event(void *arg, unsigned int flags, int type, |
136 |
static int l7_handle_conntrack_event(enum nf_conntrack_msg_type type, struct nf_conntrack* arg, |
| 152 |
void *data) |
137 |
void *data) |
| 153 |
{ |
138 |
{ |
| 154 |
l7_conntrack * l7_conntrack_handler = (l7_conntrack *) data; |
139 |
l7_conntrack * l7_conntrack_handler = (l7_conntrack *) data; |
| 155 |
|
140 |
|
| 156 |
nfct_conntrack* ct = (nfct_conntrack*)arg; |
141 |
nfct_conntrack* ct = (nfct_conntrack*)arg; |
|
|
142 |
u_int8_t protonum = *(u_int8_t *)nfct_get_attr((const nf_conntrack *)ct, ATTR_ORIG_L4PROTO); |
| 157 |
|
143 |
|
| 158 |
// I don't think there is any demand for ICMP. These are enough work for now. |
144 |
// I don't think there is any demand for ICMP. These are enough work for now. |
| 159 |
if(ct->tuple[0].protonum != IPPROTO_TCP && |
145 |
if(protonum != IPPROTO_TCP && protonum != IPPROTO_UDP) return 0; |
| 160 |
ct->tuple[0].protonum != IPPROTO_UDP) return 0; |
|
|
| 161 |
|
146 |
|
| 162 |
if(type == NFCT_MSG_DESTROY) l7printf(3, "Got event: NFCT_MSG_DESTROY\n"); |
147 |
if(type == NFCT_T_DESTROY) l7printf(3, "Got event: NFCT_T_DESTROY\n"); |
| 163 |
if(type == NFCT_MSG_NEW) l7printf(3, "Got event: NFCT_MSG_NEW\n"); |
148 |
if(type == NFCT_T_NEW) l7printf(3, "Got event: NFCT_T_NEW\n"); |
| 164 |
if(type == NFCT_MSG_UPDATE) l7printf(3, "Got event: NFCT_MSG_UPDATE\n"); |
149 |
if(type == NFCT_T_UPDATE) l7printf(3, "Got event: NFCT_T_UPDATE\n"); |
| 165 |
if(type == NFCT_MSG_UNKNOWN) l7printf(3, "Got event: NFCT_MSG_UNKNOWN\n"); |
150 |
if(type == NFCT_T_UNKNOWN) l7printf(3, "Got event: NFCT_T_UNKNOWN\n"); |
| 166 |
|
151 |
|
| 167 |
// On the first packet, create the connection buffer, etc. |
152 |
// On the first packet, create the connection buffer, etc. |
| 168 |
if(type == NFCT_MSG_NEW){ |
153 |
if(type == NFCT_T_NEW){ |
| 169 |
string key = make_key(ct, flags); |
154 |
string key = make_key(ct, 0, NFCT_T_NEW); |
| 170 |
if (l7_conntrack_handler->get_l7_connection(key)){ |
155 |
if (l7_conntrack_handler->get_l7_connection(key)){ |
| 171 |
// this happens sometimes |
156 |
// this happens sometimes |
| 172 |
cerr << "Received NFCT_MSG_NEW but already have a connection. Packets = " |
157 |
cerr << "Received NFCT_T_NEW but already have a connection. Packets = " |
| 173 |
<< l7_conntrack_handler->get_l7_connection(key)->get_num_packets() |
158 |
<< l7_conntrack_handler->get_l7_connection(key)->get_num_packets() |
| 174 |
<< endl; |
159 |
<< endl; |
| 175 |
l7_conntrack_handler->remove_l7_connection(key); |
160 |
l7_conntrack_handler->remove_l7_connection(key); |
|
Lines 179-187
Link Here
|
| 179 |
l7_conntrack_handler->add_l7_connection(thisconnection, key); |
164 |
l7_conntrack_handler->add_l7_connection(thisconnection, key); |
| 180 |
thisconnection->key = key; |
165 |
thisconnection->key = key; |
| 181 |
} |
166 |
} |
| 182 |
else if(type == NFCT_MSG_DESTROY){ |
167 |
else if(type == NFCT_T_DESTROY){ |
| 183 |
// clean up the connection buffer, etc. |
168 |
// clean up the connection buffer, etc. |
| 184 |
string key = make_key(ct, flags); |
169 |
string key = make_key(ct, 0, NFCT_T_DESTROY); |
| 185 |
if(l7_conntrack_handler->get_l7_connection(key)){ |
170 |
if(l7_conntrack_handler->get_l7_connection(key)){ |
| 186 |
l7_conntrack_handler->remove_l7_connection(key); |
171 |
l7_conntrack_handler->remove_l7_connection(key); |
| 187 |
} |
172 |
} |
|
Lines 193-199
Link Here
|
| 193 |
|
178 |
|
| 194 |
l7_conntrack::~l7_conntrack() |
179 |
l7_conntrack::~l7_conntrack() |
| 195 |
{ |
180 |
{ |
| 196 |
nfct_conntrack_free(ct); |
181 |
free(ct); |
| 197 |
nfct_close(cth); |
182 |
nfct_close(cth); |
| 198 |
} |
183 |
} |
| 199 |
|
184 |
|
|
Lines 230-238
Link Here
|
| 230 |
{ |
215 |
{ |
| 231 |
int ret; |
216 |
int ret; |
| 232 |
|
217 |
|
| 233 |
nfct_register_callback(cth, l7_handle_conntrack_event, (void *)this); |
218 |
nfct_callback_register(cth, NFCT_T_NEW, l7_handle_conntrack_event, (void *)this); |
| 234 |
ret = nfct_event_conntrack(cth); // this is the main loop |
219 |
ret = nfct_catch(cth); // this is the main loop |
| 235 |
|
220 |
|
| 236 |
nfct_close(cth); |
221 |
nfct_close(cth); |
| 237 |
nfct_conntrack_free(ct); |
222 |
free(ct); |
| 238 |
} |
223 |
} |
