PcapPlusPlus  20.08+
TcpReassembly.h
Go to the documentation of this file.
1 #ifndef PACKETPP_TCP_REASSEMBLY
2 #define PACKETPP_TCP_REASSEMBLY
3 
4 #include "Packet.h"
5 #include "IpAddress.h"
6 #include "PointerVector.h"
7 #include <map>
8 #include <list>
9 #include <time.h>
10 
11 
72 namespace pcpp
73 {
74 
80 {
86  uint16_t srcPort;
88  uint16_t dstPort;
90  uint32_t flowKey;
92  timeval startTime;
94  timeval endTime;
95 
99  ConnectionData() : srcPort(0), dstPort(0), flowKey(0), startTime(), endTime() {}
100 
105  void setStartTime(const timeval &startTime) { this->startTime = startTime; }
106 
111  void setEndTime(const timeval &endTime) { this->endTime = endTime; }
112 };
113 
114 
115 class TcpReassembly;
116 
117 
124 {
125 public:
133  TcpStreamData(const uint8_t* tcpData, size_t tcpDataLength, size_t missingBytes, const ConnectionData& connData)
134  : m_Data(tcpData), m_DataLen(tcpDataLength), m_MissingBytes(missingBytes), m_Connection(connData)
135  {
136  }
137 
142  const uint8_t* getData() const { return m_Data; }
143 
148  size_t getDataLength() const { return m_DataLen; }
149 
154  size_t getMissingByteCount() const { return m_MissingBytes; }
155 
160  bool isBytesMissing() const { return getMissingByteCount() > 0; }
161 
166  const ConnectionData& getConnectionData() const { return m_Connection; }
167 
168 private:
169  const uint8_t* m_Data;
170  size_t m_DataLen;
171  size_t m_MissingBytes;
172  const ConnectionData& m_Connection;
173 };
174 
175 
181 {
184 
189 
193  uint32_t maxNumToClean;
194 
199 
207  TcpReassemblyConfiguration(bool removeConnInfo = true, uint32_t closedConnectionDelay = 5, uint32_t maxNumToClean = 30, uint32_t maxOutOfOrderFragments = 0) :
208  removeConnInfo(removeConnInfo), closedConnectionDelay(closedConnectionDelay), maxNumToClean(maxNumToClean), maxOutOfOrderFragments(maxOutOfOrderFragments)
209  {
210  }
211 };
212 
213 
219 {
220 public:
221 
226  {
230  TcpReassemblyConnectionClosedManually
231  };
232 
237  {
293  };
294 
298  typedef std::map<uint32_t, ConnectionData> ConnectionInfoList;
299 
307  typedef void (*OnTcpMessageReady)(int8_t side, const TcpStreamData& tcpData, void* userCookie);
308 
315  typedef void (*OnTcpConnectionStart)(const ConnectionData& connectionData, void* userCookie);
316 
324  typedef void (*OnTcpConnectionEnd)(const ConnectionData& connectionData, ConnectionEndReason reason, void* userCookie);
325 
334  TcpReassembly(OnTcpMessageReady onMessageReadyCallback, void* userCookie = NULL, OnTcpConnectionStart onConnectionStartCallback = NULL, OnTcpConnectionEnd onConnectionEndCallback = NULL, const TcpReassemblyConfiguration &config = TcpReassemblyConfiguration());
335 
342  ReassemblyStatus reassemblePacket(Packet& tcpData);
343 
350  ReassemblyStatus reassemblePacket(RawPacket* tcpRawData);
351 
357  void closeConnection(uint32_t flowKey);
358 
363  void closeAllConnections();
364 
369  const ConnectionInfoList& getConnectionInformation() const { return m_ConnectionInfo; }
370 
376  int isConnectionOpen(const ConnectionData& connection) const;
377 
383  uint32_t purgeClosedConnections(uint32_t maxNumToClean = 0);
384 
385 private:
386  struct TcpFragment
387  {
388  uint32_t sequence;
389  size_t dataLength;
390  uint8_t* data;
391 
392  TcpFragment() : sequence(0), dataLength(0), data(NULL) {}
393  ~TcpFragment() { delete [] data; }
394  };
395 
396  struct TcpOneSideData
397  {
399  uint16_t srcPort;
400  uint32_t sequence;
401  PointerVector<TcpFragment> tcpFragmentList;
402  bool gotFinOrRst;
403 
404  TcpOneSideData() : srcPort(0), sequence(0), gotFinOrRst(false) {}
405  };
406 
407  struct TcpReassemblyData
408  {
409  bool closed;
410  int8_t numOfSides;
411  int8_t prevSide;
412  TcpOneSideData twoSides[2];
413  ConnectionData connData;
414 
415  TcpReassemblyData() : closed(false), numOfSides(0), prevSide(-1) {}
416  };
417 
418  typedef std::map<uint32_t, TcpReassemblyData> ConnectionList;
419  typedef std::map<time_t, std::list<uint32_t> > CleanupList;
420 
421  OnTcpMessageReady m_OnMessageReadyCallback;
422  OnTcpConnectionStart m_OnConnStart;
423  OnTcpConnectionEnd m_OnConnEnd;
424  void* m_UserCookie;
425  ConnectionList m_ConnectionList;
426  ConnectionInfoList m_ConnectionInfo;
427  CleanupList m_CleanupList;
428  bool m_RemoveConnInfo;
429  uint32_t m_ClosedConnectionDelay;
430  uint32_t m_MaxNumToClean;
431  size_t m_MaxOutOfOrderFragments;
432  time_t m_PurgeTimepoint;
433 
434  void checkOutOfOrderFragments(TcpReassemblyData* tcpReassemblyData, int8_t sideIndex, bool cleanWholeFragList);
435 
436  void handleFinOrRst(TcpReassemblyData* tcpReassemblyData, int8_t sideIndex, uint32_t flowKey);
437 
438  void closeConnectionInternal(uint32_t flowKey, ConnectionEndReason reason);
439 
440  void insertIntoCleanupList(uint32_t flowKey);
441 };
442 
443 }
444 
445 #endif /* PACKETPP_TCP_REASSEMBLY */
The main namespace for the PcapPlusPlus lib.
std::map< uint32_t, ConnectionData > ConnectionInfoList
Definition: TcpReassembly.h:298
Definition: TcpReassembly.h:271
ConnectionData()
Definition: TcpReassembly.h:99
TcpStreamData(const uint8_t *tcpData, size_t tcpDataLength, size_t missingBytes, const ConnectionData &connData)
Definition: TcpReassembly.h:133
const ConnectionInfoList & getConnectionInformation() const
Definition: TcpReassembly.h:369
uint16_t srcPort
Definition: TcpReassembly.h:86
ConnectionEndReason
Definition: TcpReassembly.h:225
const ConnectionData & getConnectionData() const
Definition: TcpReassembly.h:166
Definition: Packet.h:26
timeval endTime
Definition: TcpReassembly.h:94
IPAddress dstIP
Definition: TcpReassembly.h:84
Definition: TcpReassembly.h:180
Definition: RawPacket.h:252
Definition: TcpReassembly.h:218
Definition: TcpReassembly.h:286
const uint8_t * getData() const
Definition: TcpReassembly.h:142
uint16_t dstPort
Definition: TcpReassembly.h:88
uint32_t closedConnectionDelay
Definition: TcpReassembly.h:188
uint32_t maxNumToClean
Definition: TcpReassembly.h:193
uint32_t maxOutOfOrderFragments
Definition: TcpReassembly.h:198
Definition: TcpReassembly.h:281
ReassemblyStatus
Definition: TcpReassembly.h:236
void setEndTime(const timeval &endTime)
Definition: TcpReassembly.h:111
Definition: TcpReassembly.h:246
uint32_t flowKey
Definition: TcpReassembly.h:90
TcpReassemblyConfiguration(bool removeConnInfo=true, uint32_t closedConnectionDelay=5, uint32_t maxNumToClean=30, uint32_t maxOutOfOrderFragments=0)
Definition: TcpReassembly.h:207
size_t getMissingByteCount() const
Definition: TcpReassembly.h:154
bool removeConnInfo
Definition: TcpReassembly.h:183
Definition: TcpReassembly.h:123
bool isBytesMissing() const
Definition: TcpReassembly.h:160
Definition: TcpReassembly.h:266
timeval startTime
Definition: TcpReassembly.h:92
size_t getDataLength() const
Definition: TcpReassembly.h:148
Definition: TcpReassembly.h:79
Definition: IpAddress.h:236
IPAddress srcIP
Definition: TcpReassembly.h:82
void setStartTime(const timeval &startTime)
Definition: TcpReassembly.h:105
Definition: TcpReassembly.h:276
Definition: TcpReassembly.h:260