PcapPlusPlus  Next
TcpReassembly.h
Go to the documentation of this file.
1 #pragma once
2 
3 #include "Packet.h"
4 #include "IpAddress.h"
5 #include "PointerVector.h"
6 #include <unordered_map>
7 #include <chrono>
8 #include <map>
9 #include <list>
10 #include <time.h>
11 #include <functional>
12 
85 
88 namespace pcpp
89 {
92  struct ConnectionData
93  {
95  IPAddress srcIP;
97  IPAddress dstIP;
99  uint16_t srcPort;
101  uint16_t dstPort;
103  uint32_t flowKey;
105  timeval startTime;
107  timeval endTime;
109  std::chrono::time_point<std::chrono::high_resolution_clock> startTimePrecise;
111  std::chrono::time_point<std::chrono::high_resolution_clock> endTimePrecise;
112 
114  ConnectionData() : srcPort(0), dstPort(0), flowKey(0), startTime(), endTime()
115  {}
116 
119  void setStartTime(const std::chrono::time_point<std::chrono::high_resolution_clock>& startTimeValue);
120 
123  void setEndTime(const std::chrono::time_point<std::chrono::high_resolution_clock>& endTimeValue);
124  };
125 
126  class TcpReassembly;
127 
132  class TcpStreamData
133  {
134  public:
141  TcpStreamData(const uint8_t* tcpData, size_t tcpDataLength, size_t missingBytes, const ConnectionData& connData,
142  std::chrono::time_point<std::chrono::high_resolution_clock> timestamp)
143  : m_Data(tcpData), m_DataLen(tcpDataLength), m_MissingBytes(missingBytes), m_Connection(connData),
144  m_Timestamp(timestamp)
145  {}
146 
149  const uint8_t* getData() const
150  {
151  return m_Data;
152  }
153 
156  size_t getDataLength() const
157  {
158  return m_DataLen;
159  }
160 
163  size_t getMissingByteCount() const
164  {
165  return m_MissingBytes;
166  }
167 
170  bool isBytesMissing() const
171  {
172  return getMissingByteCount() > 0;
173  }
174 
177  const ConnectionData& getConnectionData() const
178  {
179  return m_Connection;
180  }
181 
183  timeval getTimeStamp() const;
184 
186  std::chrono::time_point<std::chrono::high_resolution_clock> getTimeStampPrecise() const
187  {
188  return m_Timestamp;
189  }
190 
191  private:
192  const uint8_t* m_Data;
193  size_t m_DataLen;
194  size_t m_MissingBytes;
195  const ConnectionData& m_Connection;
196  std::chrono::time_point<std::chrono::high_resolution_clock> m_Timestamp;
197  };
198 
201  struct TcpReassemblyConfiguration
202  {
204  bool removeConnInfo;
205 
209  uint32_t closedConnectionDelay;
210 
214  uint32_t maxNumToClean;
215 
219  uint32_t maxOutOfOrderFragments;
220 
222  bool enableBaseBufferClearCondition;
223 
235  explicit TcpReassemblyConfiguration(bool removeConnInfo = true, uint32_t closedConnectionDelay = 5,
236  uint32_t maxNumToClean = 30, uint32_t maxOutOfOrderFragments = 0,
237  bool enableBaseBufferClearCondition = true)
238  : removeConnInfo(removeConnInfo), closedConnectionDelay(closedConnectionDelay),
239  maxNumToClean(maxNumToClean), maxOutOfOrderFragments(maxOutOfOrderFragments),
240  enableBaseBufferClearCondition(enableBaseBufferClearCondition)
241  {}
242  };
243 
247  class TcpReassembly
248  {
249  public:
251  enum ConnectionEndReason
252  {
254  TcpReassemblyConnectionClosedByFIN_RST,
256  TcpReassemblyConnectionClosedManually
257  };
258 
260  enum ReassemblyStatus
261  {
271  TcpMessageHandled,
281  OutOfOrderTcpMessageBuffered,
285  FIN_RSTWithNoData,
289  Ignore_PacketWithNoData,
290 
293 
294  Ignore_PacketOfClosedFlow,
297  Ignore_Retransimission,
300  NonIpPacket,
303  NonTcpPacket,
307  Error_PacketDoesNotMatchFlow,
308  };
309 
311  typedef std::unordered_map<uint32_t, ConnectionData> ConnectionInfoList;
312 
320  using OnTcpMessageReady = std::function<void(int8_t side, const TcpStreamData& tcpData, void* userCookie)>;
321 
327  using OnTcpConnectionStart = std::function<void(const ConnectionData& connectionData, void* userCookie)>;
328 
336  using OnTcpConnectionEnd =
337  std::function<void(const ConnectionData& connectionData, ConnectionEndReason reason, void* userCookie)>;
338 
349  explicit TcpReassembly(OnTcpMessageReady onMessageReadyCallback, void* userCookie = nullptr,
350  OnTcpConnectionStart onConnectionStartCallback = nullptr,
351  OnTcpConnectionEnd onConnectionEndCallback = nullptr,
352  const TcpReassemblyConfiguration& config = TcpReassemblyConfiguration());
353 
360  ReassemblyStatus reassemblePacket(Packet& tcpData);
361 
368  ReassemblyStatus reassemblePacket(RawPacket* tcpRawData);
369 
375  void closeConnection(uint32_t flowKey);
376 
379  void closeAllConnections();
380 
384  const ConnectionInfoList& getConnectionInformation() const
385  {
386  return m_ConnectionInfo;
387  }
388 
393  int isConnectionOpen(const ConnectionData& connection) const;
394 
399  uint32_t purgeClosedConnections(uint32_t maxNumToClean = 0);
400 
401  private:
402  struct TcpFragment
403  {
404  uint32_t sequence;
405  size_t dataLength;
406  uint8_t* data;
407  std::chrono::time_point<std::chrono::high_resolution_clock> timestamp;
408 
409  TcpFragment() : sequence(0), dataLength(0), data(nullptr)
410  {}
411  ~TcpFragment()
412  {
413  delete[] data;
414  }
415  };
416 
417  struct TcpOneSideData
418  {
419  IPAddress srcIP;
420  uint16_t srcPort;
421  uint32_t sequence;
422  PointerVector<TcpFragment> tcpFragmentList;
423  bool gotFinOrRst;
424 
425  TcpOneSideData() : srcPort(0), sequence(0), gotFinOrRst(false)
426  {}
427  };
428 
429  struct TcpReassemblyData
430  {
431  bool closed;
432  int8_t numOfSides;
433  int8_t prevSide;
434  TcpOneSideData twoSides[2];
435  ConnectionData connData;
436 
437  TcpReassemblyData() : closed(false), numOfSides(0), prevSide(-1)
438  {}
439  };
440 
441  class OutOfOrderProcessingGuard
442  {
443  private:
444  bool& m_Flag;
445 
446  public:
447  explicit OutOfOrderProcessingGuard(bool& flag) : m_Flag(flag)
448  {
449  m_Flag = true;
450  }
451 
452  ~OutOfOrderProcessingGuard()
453  {
454  m_Flag = false;
455  }
456 
457  // Disable copy and move operations
458  OutOfOrderProcessingGuard(const OutOfOrderProcessingGuard&) = delete;
459  OutOfOrderProcessingGuard& operator=(const OutOfOrderProcessingGuard&) = delete;
460  };
461 
462  typedef std::unordered_map<uint32_t, TcpReassemblyData> ConnectionList;
463  typedef std::map<time_t, std::list<uint32_t>> CleanupList;
464 
465  OnTcpMessageReady m_OnMessageReadyCallback;
466  OnTcpConnectionStart m_OnConnStart;
467  OnTcpConnectionEnd m_OnConnEnd;
468  void* m_UserCookie;
469  ConnectionList m_ConnectionList;
470  ConnectionInfoList m_ConnectionInfo;
471  CleanupList m_CleanupList;
472  bool m_RemoveConnInfo;
473  uint32_t m_ClosedConnectionDelay;
474  uint32_t m_MaxNumToClean;
475  size_t m_MaxOutOfOrderFragments;
476  time_t m_PurgeTimepoint;
477  bool m_EnableBaseBufferClearCondition;
478  bool m_ProcessingOutOfOrder = false;
479 
480  void checkOutOfOrderFragments(TcpReassemblyData* tcpReassemblyData, int8_t sideIndex, bool cleanWholeFragList);
481 
482  void handleFinOrRst(TcpReassemblyData* tcpReassemblyData, int8_t sideIndex, uint32_t flowKey, bool isRst);
483 
484  void closeConnectionInternal(uint32_t flowKey, ConnectionEndReason reason);
485 
486  void insertIntoCleanupList(uint32_t flowKey);
487  };
488 
489 } // namespace pcpp
pcpp::IPAddress
Definition: IpAddress.h:318
pcpp::Packet
Definition: Packet.h:22
pcpp::RawPacket
Definition: RawPacket.h:259
pcpp::TcpReassembly
Definition: TcpReassembly.h:248
pcpp::TcpReassembly::reassemblePacket
ReassemblyStatus reassemblePacket(RawPacket *tcpRawData)
pcpp::TcpReassembly::isConnectionOpen
int isConnectionOpen(const ConnectionData &connection) const
pcpp::TcpReassembly::TcpReassembly
TcpReassembly(OnTcpMessageReady onMessageReadyCallback, void *userCookie=nullptr, OnTcpConnectionStart onConnectionStartCallback=nullptr, OnTcpConnectionEnd onConnectionEndCallback=nullptr, const TcpReassemblyConfiguration &config=TcpReassemblyConfiguration())
pcpp::TcpReassembly::OnTcpMessageReady
std::function< void(int8_t side, const TcpStreamData &tcpData, void *userCookie)> OnTcpMessageReady
Definition: TcpReassembly.h:320
pcpp::TcpReassembly::ReassemblyStatus
ReassemblyStatus
An enum for providing reassembly status for each processed packet.
Definition: TcpReassembly.h:261
pcpp::TcpReassembly::NonIpPacket
@ NonIpPacket
Definition: TcpReassembly.h:300
pcpp::TcpReassembly::FIN_RSTWithNoData
@ FIN_RSTWithNoData
Definition: TcpReassembly.h:285
pcpp::TcpReassembly::Error_PacketDoesNotMatchFlow
@ Error_PacketDoesNotMatchFlow
Definition: TcpReassembly.h:307
pcpp::TcpReassembly::Ignore_PacketOfClosedFlow
@ Ignore_PacketOfClosedFlow
Definition: TcpReassembly.h:294
pcpp::TcpReassembly::NonTcpPacket
@ NonTcpPacket
Definition: TcpReassembly.h:303
pcpp::TcpReassembly::Ignore_Retransimission
@ Ignore_Retransimission
Definition: TcpReassembly.h:297
pcpp::TcpReassembly::TcpMessageHandled
@ TcpMessageHandled
Definition: TcpReassembly.h:271
pcpp::TcpReassembly::OutOfOrderTcpMessageBuffered
@ OutOfOrderTcpMessageBuffered
Definition: TcpReassembly.h:281
pcpp::TcpReassembly::Ignore_PacketWithNoData
@ Ignore_PacketWithNoData
Definition: TcpReassembly.h:289
pcpp::TcpReassembly::OnTcpConnectionEnd
std::function< void(const ConnectionData &connectionData, ConnectionEndReason reason, void *userCookie)> OnTcpConnectionEnd
Definition: TcpReassembly.h:337
pcpp::TcpReassembly::getConnectionInformation
const ConnectionInfoList & getConnectionInformation() const
Definition: TcpReassembly.h:384
pcpp::TcpReassembly::purgeClosedConnections
uint32_t purgeClosedConnections(uint32_t maxNumToClean=0)
pcpp::TcpReassembly::reassemblePacket
ReassemblyStatus reassemblePacket(Packet &tcpData)
pcpp::TcpReassembly::ConnectionInfoList
std::unordered_map< uint32_t, ConnectionData > ConnectionInfoList
The type for storing the connection information.
Definition: TcpReassembly.h:311
pcpp::TcpReassembly::closeConnection
void closeConnection(uint32_t flowKey)
pcpp::TcpReassembly::ConnectionEndReason
ConnectionEndReason
An enum for connection end reasons.
Definition: TcpReassembly.h:252
pcpp::TcpReassembly::TcpReassemblyConnectionClosedByFIN_RST
@ TcpReassemblyConnectionClosedByFIN_RST
Connection ended because of FIN or RST packet.
Definition: TcpReassembly.h:254
pcpp::TcpReassembly::TcpReassemblyConnectionClosedManually
@ TcpReassemblyConnectionClosedManually
Connection ended manually by the user.
Definition: TcpReassembly.h:256
pcpp::TcpReassembly::OnTcpConnectionStart
std::function< void(const ConnectionData &connectionData, void *userCookie)> OnTcpConnectionStart
Definition: TcpReassembly.h:327
pcpp::TcpStreamData
Definition: TcpReassembly.h:133
pcpp::TcpStreamData::isBytesMissing
bool isBytesMissing() const
Definition: TcpReassembly.h:170
pcpp::TcpStreamData::getDataLength
size_t getDataLength() const
Definition: TcpReassembly.h:156
pcpp::TcpStreamData::getTimeStamp
timeval getTimeStamp() const
pcpp::TcpStreamData::getMissingByteCount
size_t getMissingByteCount() const
Definition: TcpReassembly.h:163
pcpp::TcpStreamData::TcpStreamData
TcpStreamData(const uint8_t *tcpData, size_t tcpDataLength, size_t missingBytes, const ConnectionData &connData, std::chrono::time_point< std::chrono::high_resolution_clock > timestamp)
Definition: TcpReassembly.h:141
pcpp::TcpStreamData::getTimeStampPrecise
std::chrono::time_point< std::chrono::high_resolution_clock > getTimeStampPrecise() const
Definition: TcpReassembly.h:186
pcpp::TcpStreamData::getData
const uint8_t * getData() const
Definition: TcpReassembly.h:149
pcpp::TcpStreamData::getConnectionData
const ConnectionData & getConnectionData() const
Definition: TcpReassembly.h:177
pcpp
The main namespace for the PcapPlusPlus lib.
Definition: AssertionUtils.h:19
pcpp::ConnectionData
Definition: TcpReassembly.h:93
pcpp::ConnectionData::srcIP
IPAddress srcIP
Source IP address.
Definition: TcpReassembly.h:95
pcpp::ConnectionData::dstIP
IPAddress dstIP
Destination IP address.
Definition: TcpReassembly.h:97
pcpp::ConnectionData::startTimePrecise
std::chrono::time_point< std::chrono::high_resolution_clock > startTimePrecise
Start timestamp of the connection with nanosecond precision.
Definition: TcpReassembly.h:109
pcpp::ConnectionData::endTime
timeval endTime
End timestamp of the connection with microsecond precision.
Definition: TcpReassembly.h:107
pcpp::ConnectionData::startTime
timeval startTime
Start timestamp of the connection with microsecond precision.
Definition: TcpReassembly.h:105
pcpp::ConnectionData::setStartTime
void setStartTime(const std::chrono::time_point< std::chrono::high_resolution_clock > &startTimeValue)
pcpp::ConnectionData::endTimePrecise
std::chrono::time_point< std::chrono::high_resolution_clock > endTimePrecise
End timestamp of the connection with nanosecond precision.
Definition: TcpReassembly.h:111
pcpp::ConnectionData::dstPort
uint16_t dstPort
Destination TCP/UDP port.
Definition: TcpReassembly.h:101
pcpp::ConnectionData::srcPort
uint16_t srcPort
Source TCP/UDP port.
Definition: TcpReassembly.h:99
pcpp::ConnectionData::ConnectionData
ConnectionData()
A c'tor for this struct that basically zeros all members.
Definition: TcpReassembly.h:114
pcpp::ConnectionData::flowKey
uint32_t flowKey
A 4-byte hash key representing the connection.
Definition: TcpReassembly.h:103
pcpp::ConnectionData::setEndTime
void setEndTime(const std::chrono::time_point< std::chrono::high_resolution_clock > &endTimeValue)
pcpp::TcpReassemblyConfiguration
Definition: TcpReassembly.h:202
pcpp::TcpReassemblyConfiguration::closedConnectionDelay
uint32_t closedConnectionDelay
Definition: TcpReassembly.h:209
pcpp::TcpReassemblyConfiguration::maxNumToClean
uint32_t maxNumToClean
Definition: TcpReassembly.h:214
pcpp::TcpReassemblyConfiguration::maxOutOfOrderFragments
uint32_t maxOutOfOrderFragments
Definition: TcpReassembly.h:219
pcpp::TcpReassemblyConfiguration::TcpReassemblyConfiguration
TcpReassemblyConfiguration(bool removeConnInfo=true, uint32_t closedConnectionDelay=5, uint32_t maxNumToClean=30, uint32_t maxOutOfOrderFragments=0, bool enableBaseBufferClearCondition=true)
Definition: TcpReassembly.h:235
pcpp::TcpReassemblyConfiguration::enableBaseBufferClearCondition
bool enableBaseBufferClearCondition
To enable to clear buffer once packet contains data from a different side than the side seen before.
Definition: TcpReassembly.h:222
pcpp::TcpReassemblyConfiguration::removeConnInfo
bool removeConnInfo
The flag indicating whether to remove the connection data after a connection is closed.
Definition: TcpReassembly.h:204