TcpReassembly.h

Go to the documentation of this file.

#pragma once
 
#include "Packet.h"
#include "IpAddress.h"
#include "PointerVector.h"
#include <unordered_map>
#include <chrono>
#include <map>
#include <list>
#include <time.h>
 
namespace pcpp
{
 
    struct ConnectionData
    {
        IPAddress srcIP;
        IPAddress dstIP;
        uint16_t srcPort;
        uint16_t dstPort;
        uint32_t flowKey;
        timeval startTime;
        timeval endTime;
        std::chrono::time_point<std::chrono::high_resolution_clock> startTimePrecise;
        std::chrono::time_point<std::chrono::high_resolution_clock> endTimePrecise;
 
        ConnectionData() : srcPort(0), dstPort(0), flowKey(0), startTime(), endTime()
        {}
 
        void setStartTime(const std::chrono::time_point<std::chrono::high_resolution_clock>& startTimeValue);
 
        void setEndTime(const std::chrono::time_point<std::chrono::high_resolution_clock>& endTimeValue);
    };
 
    class TcpReassembly;
 
    class TcpStreamData
    {
    public:
        TcpStreamData(const uint8_t* tcpData, size_t tcpDataLength, size_t missingBytes, const ConnectionData& connData,
                      std::chrono::time_point<std::chrono::high_resolution_clock> timestamp)
            : m_Data(tcpData), m_DataLen(tcpDataLength), m_MissingBytes(missingBytes), m_Connection(connData),
              m_Timestamp(timestamp)
        {}
 
        const uint8_t* getData() const
        {
            return m_Data;
        }
 
        size_t getDataLength() const
        {
            return m_DataLen;
        }
 
        size_t getMissingByteCount() const
        {
            return m_MissingBytes;
        }
 
        bool isBytesMissing() const
        {
            return getMissingByteCount() > 0;
        }
 
        const ConnectionData& getConnectionData() const
        {
            return m_Connection;
        }
 
        timeval getTimeStamp() const;
 
        std::chrono::time_point<std::chrono::high_resolution_clock> getTimeStampPrecise() const
        {
            return m_Timestamp;
        }
 
    private:
        const uint8_t* m_Data;
        size_t m_DataLen;
        size_t m_MissingBytes;
        const ConnectionData& m_Connection;
        std::chrono::time_point<std::chrono::high_resolution_clock> m_Timestamp;
    };
 
    struct TcpReassemblyConfiguration
    {
        bool removeConnInfo;
 
        uint32_t closedConnectionDelay;
 
        uint32_t maxNumToClean;
 
        uint32_t maxOutOfOrderFragments;
 
        bool enableBaseBufferClearCondition;
 
        explicit TcpReassemblyConfiguration(bool removeConnInfo = true, uint32_t closedConnectionDelay = 5,
                                            uint32_t maxNumToClean = 30, uint32_t maxOutOfOrderFragments = 0,
                                            bool enableBaseBufferClearCondition = true)
            : removeConnInfo(removeConnInfo), closedConnectionDelay(closedConnectionDelay),
              maxNumToClean(maxNumToClean), maxOutOfOrderFragments(maxOutOfOrderFragments),
              enableBaseBufferClearCondition(enableBaseBufferClearCondition)
        {}
    };
 
    class TcpReassembly
    {
    public:
        enum ConnectionEndReason
        {
            TcpReassemblyConnectionClosedByFIN_RST,
            TcpReassemblyConnectionClosedManually
        };
 
        enum ReassemblyStatus
        {
            TcpMessageHandled,
            OutOfOrderTcpMessageBuffered,
            FIN_RSTWithNoData,
            Ignore_PacketWithNoData,
            Ignore_PacketOfClosedFlow,
            Ignore_Retransimission,
            NonIpPacket,
            NonTcpPacket,
            Error_PacketDoesNotMatchFlow,
        };
 
        typedef std::unordered_map<uint32_t, ConnectionData> ConnectionInfoList;
 
        typedef void (*OnTcpMessageReady)(int8_t side, const TcpStreamData& tcpData, void* userCookie);
 
        typedef void (*OnTcpConnectionStart)(const ConnectionData& connectionData, void* userCookie);
 
        typedef void (*OnTcpConnectionEnd)(const ConnectionData& connectionData, ConnectionEndReason reason,
                                           void* userCookie);
 
        explicit TcpReassembly(OnTcpMessageReady onMessageReadyCallback, void* userCookie = nullptr,
                               OnTcpConnectionStart onConnectionStartCallback = nullptr,
                               OnTcpConnectionEnd onConnectionEndCallback = nullptr,
                               const TcpReassemblyConfiguration& config = TcpReassemblyConfiguration());
 
        ReassemblyStatus reassemblePacket(Packet& tcpData);
 
        ReassemblyStatus reassemblePacket(RawPacket* tcpRawData);
 
        void closeConnection(uint32_t flowKey);
 
        void closeAllConnections();
 
        const ConnectionInfoList& getConnectionInformation() const
        {
            return m_ConnectionInfo;
        }
 
        int isConnectionOpen(const ConnectionData& connection) const;
 
        uint32_t purgeClosedConnections(uint32_t maxNumToClean = 0);
 
    private:
        struct TcpFragment
        {
            uint32_t sequence;
            size_t dataLength;
            uint8_t* data;
            std::chrono::time_point<std::chrono::high_resolution_clock> timestamp;
 
            TcpFragment() : sequence(0), dataLength(0), data(nullptr)
            {}
            ~TcpFragment()
            {
                delete[] data;
            }
        };
 
        struct TcpOneSideData
        {
            IPAddress srcIP;
            uint16_t srcPort;
            uint32_t sequence;
            PointerVector<TcpFragment> tcpFragmentList;
            bool gotFinOrRst;
 
            TcpOneSideData() : srcPort(0), sequence(0), gotFinOrRst(false)
            {}
        };
 
        struct TcpReassemblyData
        {
            bool closed;
            int8_t numOfSides;
            int8_t prevSide;
            TcpOneSideData twoSides[2];
            ConnectionData connData;
 
            TcpReassemblyData() : closed(false), numOfSides(0), prevSide(-1)
            {}
        };
 
        class OutOfOrderProcessingGuard
        {
        private:
            bool& m_Flag;
 
        public:
            explicit OutOfOrderProcessingGuard(bool& flag) : m_Flag(flag)
            {
                m_Flag = true;
            }
 
            ~OutOfOrderProcessingGuard()
            {
                m_Flag = false;
            }
 
            // Disable copy and move operations
            OutOfOrderProcessingGuard(const OutOfOrderProcessingGuard&) = delete;
            OutOfOrderProcessingGuard& operator=(const OutOfOrderProcessingGuard&) = delete;
        };
 
        typedef std::unordered_map<uint32_t, TcpReassemblyData> ConnectionList;
        typedef std::map<time_t, std::list<uint32_t>> CleanupList;
 
        OnTcpMessageReady m_OnMessageReadyCallback;
        OnTcpConnectionStart m_OnConnStart;
        OnTcpConnectionEnd m_OnConnEnd;
        void* m_UserCookie;
        ConnectionList m_ConnectionList;
        ConnectionInfoList m_ConnectionInfo;
        CleanupList m_CleanupList;
        bool m_RemoveConnInfo;
        uint32_t m_ClosedConnectionDelay;
        uint32_t m_MaxNumToClean;
        size_t m_MaxOutOfOrderFragments;
        time_t m_PurgeTimepoint;
        bool m_EnableBaseBufferClearCondition;
        bool m_ProcessingOutOfOrder = false;
 
        void checkOutOfOrderFragments(TcpReassemblyData* tcpReassemblyData, int8_t sideIndex, bool cleanWholeFragList);
 
        void handleFinOrRst(TcpReassemblyData* tcpReassemblyData, int8_t sideIndex, uint32_t flowKey, bool isRst);
 
        void closeConnectionInternal(uint32_t flowKey, ConnectionEndReason reason);
 
        void insertIntoCleanupList(uint32_t flowKey);
    };
 
}  // namespace pcpp