PcapPlusPlus  20.08
TcpReassembly.h
Go to the documentation of this file.
1 #ifndef PACKETPP_TCP_REASSEMBLY
2 #define PACKETPP_TCP_REASSEMBLY
3 
4 #include "Packet.h"
5 #include "IpAddress.h"
6 #include "PointerVector.h"
7 #include <map>
8 #include <list>
9 #include <time.h>
10 
11 
71 namespace pcpp
72 {
73 
79 {
85  uint16_t srcPort;
87  uint16_t dstPort;
89  uint32_t flowKey;
91  timeval startTime;
93  timeval endTime;
94 
98  ConnectionData() : srcPort(0), dstPort(0), flowKey(0), startTime(), endTime() {}
99 
104  void setStartTime(const timeval &startTime) { this->startTime = startTime; }
105 
110  void setEndTime(const timeval &endTime) { this->endTime = endTime; }
111 };
112 
113 
114 class TcpReassembly;
115 
116 
123 {
124 public:
132  TcpStreamData(const uint8_t* tcpData, size_t tcpDataLength, size_t missingBytes, const ConnectionData& connData)
133  : m_Data(tcpData), m_DataLen(tcpDataLength), m_MissingBytes(missingBytes), m_Connection(connData)
134  {
135  }
136 
141  const uint8_t* getData() const { return m_Data; }
142 
147  size_t getDataLength() const { return m_DataLen; }
148 
153  size_t getMissingByteCount() const { return m_MissingBytes; }
154 
159  bool isBytesMissing() const { return getMissingByteCount() > 0; }
160 
165  const ConnectionData& getConnectionData() const { return m_Connection; }
166 
167 private:
168  const uint8_t* m_Data;
169  size_t m_DataLen;
170  size_t m_MissingBytes;
171  const ConnectionData& m_Connection;
172 };
173 
174 
180 {
183 
188 
192  uint32_t maxNumToClean;
193 
200  TcpReassemblyConfiguration(bool removeConnInfo = true, uint32_t closedConnectionDelay = 5, uint32_t maxNumToClean = 30) :
201  removeConnInfo(removeConnInfo), closedConnectionDelay(closedConnectionDelay), maxNumToClean(maxNumToClean)
202  {
203  }
204 };
205 
206 
212 {
213 public:
214 
219  {
223  TcpReassemblyConnectionClosedManually
224  };
225 
230  {
286  };
287 
291  typedef std::map<uint32_t, ConnectionData> ConnectionInfoList;
292 
300  typedef void (*OnTcpMessageReady)(int8_t side, const TcpStreamData& tcpData, void* userCookie);
301 
308  typedef void (*OnTcpConnectionStart)(const ConnectionData& connectionData, void* userCookie);
309 
317  typedef void (*OnTcpConnectionEnd)(const ConnectionData& connectionData, ConnectionEndReason reason, void* userCookie);
318 
327  TcpReassembly(OnTcpMessageReady onMessageReadyCallback, void* userCookie = NULL, OnTcpConnectionStart onConnectionStartCallback = NULL, OnTcpConnectionEnd onConnectionEndCallback = NULL, const TcpReassemblyConfiguration &config = TcpReassemblyConfiguration());
328 
335  ReassemblyStatus reassemblePacket(Packet& tcpData);
336 
343  ReassemblyStatus reassemblePacket(RawPacket* tcpRawData);
344 
350  void closeConnection(uint32_t flowKey);
351 
356  void closeAllConnections();
357 
362  const ConnectionInfoList& getConnectionInformation() const { return m_ConnectionInfo; }
363 
369  int isConnectionOpen(const ConnectionData& connection) const;
370 
376  uint32_t purgeClosedConnections(uint32_t maxNumToClean = 0);
377 
378 private:
379  struct TcpFragment
380  {
381  uint32_t sequence;
382  size_t dataLength;
383  uint8_t* data;
384 
385  TcpFragment() : sequence(0), dataLength(0), data(NULL) {}
386  ~TcpFragment() { delete [] data; }
387  };
388 
389  struct TcpOneSideData
390  {
392  uint16_t srcPort;
393  uint32_t sequence;
394  PointerVector<TcpFragment> tcpFragmentList;
395  bool gotFinOrRst;
396 
397  TcpOneSideData() : srcPort(0), sequence(0), gotFinOrRst(false) {}
398  };
399 
400  struct TcpReassemblyData
401  {
402  bool closed;
403  int8_t numOfSides;
404  int8_t prevSide;
405  TcpOneSideData twoSides[2];
406  ConnectionData connData;
407 
408  TcpReassemblyData() : closed(false), numOfSides(0), prevSide(-1) {}
409  };
410 
411  typedef std::map<uint32_t, TcpReassemblyData> ConnectionList;
412  typedef std::map<time_t, std::list<uint32_t> > CleanupList;
413 
414  OnTcpMessageReady m_OnMessageReadyCallback;
415  OnTcpConnectionStart m_OnConnStart;
416  OnTcpConnectionEnd m_OnConnEnd;
417  void* m_UserCookie;
418  ConnectionList m_ConnectionList;
419  ConnectionInfoList m_ConnectionInfo;
420  CleanupList m_CleanupList;
421  bool m_RemoveConnInfo;
422  uint32_t m_ClosedConnectionDelay;
423  uint32_t m_MaxNumToClean;
424  time_t m_PurgeTimepoint;
425 
426  void checkOutOfOrderFragments(TcpReassemblyData* tcpReassemblyData, int8_t sideIndex, bool cleanWholeFragList);
427 
428  void handleFinOrRst(TcpReassemblyData* tcpReassemblyData, int8_t sideIndex, uint32_t flowKey);
429 
430  void closeConnectionInternal(uint32_t flowKey, ConnectionEndReason reason);
431 
432  void insertIntoCleanupList(uint32_t flowKey);
433 };
434 
435 }
436 
437 #endif /* PACKETPP_TCP_REASSEMBLY */
The main namespace for the PcapPlusPlus lib.
std::map< uint32_t, ConnectionData > ConnectionInfoList
Definition: TcpReassembly.h:291
Definition: TcpReassembly.h:264
ConnectionData()
Definition: TcpReassembly.h:98
TcpStreamData(const uint8_t *tcpData, size_t tcpDataLength, size_t missingBytes, const ConnectionData &connData)
Definition: TcpReassembly.h:132
const ConnectionInfoList & getConnectionInformation() const
Definition: TcpReassembly.h:362
uint16_t srcPort
Definition: TcpReassembly.h:85
ConnectionEndReason
Definition: TcpReassembly.h:218
const ConnectionData & getConnectionData() const
Definition: TcpReassembly.h:165
Definition: Packet.h:26
timeval endTime
Definition: TcpReassembly.h:93
IPAddress dstIP
Definition: TcpReassembly.h:83
Definition: TcpReassembly.h:179
Definition: RawPacket.h:252
Definition: TcpReassembly.h:211
Definition: TcpReassembly.h:279
const uint8_t * getData() const
Definition: TcpReassembly.h:141
uint16_t dstPort
Definition: TcpReassembly.h:87
uint32_t closedConnectionDelay
Definition: TcpReassembly.h:187
TcpReassemblyConfiguration(bool removeConnInfo=true, uint32_t closedConnectionDelay=5, uint32_t maxNumToClean=30)
Definition: TcpReassembly.h:200
uint32_t maxNumToClean
Definition: TcpReassembly.h:192
Definition: TcpReassembly.h:274
ReassemblyStatus
Definition: TcpReassembly.h:229
void setEndTime(const timeval &endTime)
Definition: TcpReassembly.h:110
Definition: TcpReassembly.h:239
uint32_t flowKey
Definition: TcpReassembly.h:89
size_t getMissingByteCount() const
Definition: TcpReassembly.h:153
bool removeConnInfo
Definition: TcpReassembly.h:182
Definition: TcpReassembly.h:122
bool isBytesMissing() const
Definition: TcpReassembly.h:159
Definition: TcpReassembly.h:259
timeval startTime
Definition: TcpReassembly.h:91
size_t getDataLength() const
Definition: TcpReassembly.h:147
Definition: TcpReassembly.h:78
Definition: IpAddress.h:236
IPAddress srcIP
Definition: TcpReassembly.h:81
void setStartTime(const timeval &startTime)
Definition: TcpReassembly.h:104
Definition: TcpReassembly.h:269
Definition: TcpReassembly.h:253