PcapPlusPlus  Next
TcpReassembly.h
Go to the documentation of this file.
1 #pragma once
2 
3 #include "Packet.h"
4 #include "IpAddress.h"
5 #include "PointerVector.h"
6 #include <unordered_map>
7 #include <chrono>
8 #include <map>
9 #include <list>
10 #include <time.h>
11 #include <array>
12 #include <functional>
13 
86 
89 namespace pcpp
90 {
93  struct ConnectionData
94  {
96  IPAddress srcIP;
98  IPAddress dstIP;
100  uint16_t srcPort;
102  uint16_t dstPort;
104  uint32_t flowKey;
106  timeval startTime;
108  timeval endTime;
110  std::chrono::time_point<std::chrono::high_resolution_clock> startTimePrecise;
112  std::chrono::time_point<std::chrono::high_resolution_clock> endTimePrecise;
113 
115  ConnectionData() : srcPort(0), dstPort(0), flowKey(0), startTime(), endTime()
116  {}
117 
120  void setStartTime(const std::chrono::time_point<std::chrono::high_resolution_clock>& startTimeValue);
121 
124  void setEndTime(const std::chrono::time_point<std::chrono::high_resolution_clock>& endTimeValue);
125  };
126 
127  class TcpReassembly;
128 
133  class TcpStreamData
134  {
135  public:
142  TcpStreamData(const uint8_t* tcpData, size_t tcpDataLength, size_t missingBytes, const ConnectionData& connData,
143  std::chrono::time_point<std::chrono::high_resolution_clock> timestamp)
144  : m_Data(tcpData), m_DataLen(tcpDataLength), m_MissingBytes(missingBytes), m_Connection(connData),
145  m_Timestamp(timestamp)
146  {}
147 
150  const uint8_t* getData() const
151  {
152  return m_Data;
153  }
154 
157  size_t getDataLength() const
158  {
159  return m_DataLen;
160  }
161 
164  size_t getMissingByteCount() const
165  {
166  return m_MissingBytes;
167  }
168 
171  bool isBytesMissing() const
172  {
173  return getMissingByteCount() > 0;
174  }
175 
178  const ConnectionData& getConnectionData() const
179  {
180  return m_Connection;
181  }
182 
184  timeval getTimeStamp() const;
185 
187  std::chrono::time_point<std::chrono::high_resolution_clock> getTimeStampPrecise() const
188  {
189  return m_Timestamp;
190  }
191 
192  private:
193  const uint8_t* m_Data;
194  size_t m_DataLen;
195  size_t m_MissingBytes;
196  const ConnectionData& m_Connection;
197  std::chrono::time_point<std::chrono::high_resolution_clock> m_Timestamp;
198  };
199 
202  struct TcpReassemblyConfiguration
203  {
205  bool removeConnInfo;
206 
210  uint32_t closedConnectionDelay;
211 
215  uint32_t maxNumToClean;
216 
220  uint32_t maxOutOfOrderFragments;
221 
223  bool enableBaseBufferClearCondition;
224 
236  explicit TcpReassemblyConfiguration(bool removeConnInfo = true, uint32_t closedConnectionDelay = 5,
237  uint32_t maxNumToClean = 30, uint32_t maxOutOfOrderFragments = 0,
238  bool enableBaseBufferClearCondition = true)
239  : removeConnInfo(removeConnInfo), closedConnectionDelay(closedConnectionDelay),
240  maxNumToClean(maxNumToClean), maxOutOfOrderFragments(maxOutOfOrderFragments),
241  enableBaseBufferClearCondition(enableBaseBufferClearCondition)
242  {}
243  };
244 
248  class TcpReassembly
249  {
250  public:
252  enum ConnectionEndReason
253  {
255  TcpReassemblyConnectionClosedByFIN_RST,
257  TcpReassemblyConnectionClosedManually
258  };
259 
261  enum ReassemblyStatus
262  {
272  TcpMessageHandled,
282  OutOfOrderTcpMessageBuffered,
286  FIN_RSTWithNoData,
290  Ignore_PacketWithNoData,
291 
294 
295  Ignore_PacketOfClosedFlow,
298  Ignore_Retransimission,
301  NonIpPacket,
304  NonTcpPacket,
308  Error_PacketDoesNotMatchFlow,
309  };
310 
312  using ConnectionInfoList = std::unordered_map<uint32_t, ConnectionData>;
313 
321  using OnTcpMessageReady = std::function<void(int8_t side, const TcpStreamData& tcpData, void* userCookie)>;
322 
328  using OnTcpConnectionStart = std::function<void(const ConnectionData& connectionData, void* userCookie)>;
329 
337  using OnTcpConnectionEnd =
338  std::function<void(const ConnectionData& connectionData, ConnectionEndReason reason, void* userCookie)>;
339 
350  explicit TcpReassembly(OnTcpMessageReady onMessageReadyCallback, void* userCookie = nullptr,
351  OnTcpConnectionStart onConnectionStartCallback = nullptr,
352  OnTcpConnectionEnd onConnectionEndCallback = nullptr,
353  const TcpReassemblyConfiguration& config = TcpReassemblyConfiguration());
354 
361  ReassemblyStatus reassemblePacket(Packet& tcpData);
362 
369  ReassemblyStatus reassemblePacket(RawPacket* tcpRawData);
370 
376  void closeConnection(uint32_t flowKey);
377 
380  void closeAllConnections();
381 
385  const ConnectionInfoList& getConnectionInformation() const
386  {
387  return m_ConnectionInfo;
388  }
389 
394  int isConnectionOpen(const ConnectionData& connection) const;
395 
400  uint32_t purgeClosedConnections(uint32_t maxNumToClean = 0);
401 
402  private:
403  struct TcpFragment
404  {
405  uint32_t sequence = 0;
406  size_t dataLength = 0;
407  uint8_t* data = nullptr;
408  std::chrono::time_point<std::chrono::high_resolution_clock> timestamp;
409 
410  ~TcpFragment()
411  {
412  delete[] data;
413  }
414  };
415 
416  struct TcpOneSideData
417  {
418  PointerVector<TcpFragment> tcpFragmentList;
419  uint32_t sequence = 0;
420  uint16_t srcPort = 0;
421  IPAddress srcIP;
422  bool gotFinOrRst = false;
423  };
424 
425  struct TcpReassemblyData
426  {
427  bool closed = false;
428  int8_t numOfSides = 0;
429  int8_t prevSide = -1;
430  std::array<TcpOneSideData, 2> twoSides;
431  ConnectionData connData;
432  };
433 
434  class OutOfOrderProcessingGuard
435  {
436  private:
437  bool& m_Flag;
438 
439  public:
440  explicit OutOfOrderProcessingGuard(bool& flag) : m_Flag(flag)
441  {
442  m_Flag = true;
443  }
444 
445  ~OutOfOrderProcessingGuard()
446  {
447  m_Flag = false;
448  }
449 
450  // Disable copy and move operations
451  OutOfOrderProcessingGuard(const OutOfOrderProcessingGuard&) = delete;
452  OutOfOrderProcessingGuard& operator=(const OutOfOrderProcessingGuard&) = delete;
453  };
454 
455  using ConnectionList = std::unordered_map<uint32_t, TcpReassemblyData>;
456  using CleanupMultiMap = std::multimap<time_t, uint32_t>;
457 
458  OnTcpMessageReady m_OnMessageReadyCallback;
459  OnTcpConnectionStart m_OnConnStart;
460  OnTcpConnectionEnd m_OnConnEnd;
461  void* m_UserCookie;
462  ConnectionList m_ConnectionList;
463  ConnectionInfoList m_ConnectionInfo;
464  CleanupMultiMap m_CleanupMultimap;
465  bool m_RemoveConnInfo;
466  uint32_t m_ClosedConnectionDelay;
467  uint32_t m_MaxNumToClean;
468  size_t m_MaxOutOfOrderFragments;
469  time_t m_PurgeTimepoint;
470  bool m_EnableBaseBufferClearCondition;
471  bool m_ProcessingOutOfOrder = false;
472 
473  void checkOutOfOrderFragments(TcpReassemblyData* tcpReassemblyData, int8_t sideIndex, bool cleanWholeFragList);
474 
475  void handleFinOrRst(TcpReassemblyData* tcpReassemblyData, int8_t sideIndex, uint32_t flowKey, bool isRst);
476 
477  void closeConnectionInternal(uint32_t flowKey, ConnectionEndReason reason);
478 
479  void scheduleCleanup(uint32_t flowKey);
480  };
481 
482 } // namespace pcpp
pcpp::IPAddress
Definition: IpAddress.h:318
pcpp::Packet
Definition: Packet.h:48
pcpp::RawPacket
Definition: RawPacket.h:290
pcpp::TcpReassembly
Definition: TcpReassembly.h:249
pcpp::TcpReassembly::reassemblePacket
ReassemblyStatus reassemblePacket(RawPacket *tcpRawData)
pcpp::TcpReassembly::isConnectionOpen
int isConnectionOpen(const ConnectionData &connection) const
pcpp::TcpReassembly::TcpReassembly
TcpReassembly(OnTcpMessageReady onMessageReadyCallback, void *userCookie=nullptr, OnTcpConnectionStart onConnectionStartCallback=nullptr, OnTcpConnectionEnd onConnectionEndCallback=nullptr, const TcpReassemblyConfiguration &config=TcpReassemblyConfiguration())
pcpp::TcpReassembly::OnTcpMessageReady
std::function< void(int8_t side, const TcpStreamData &tcpData, void *userCookie)> OnTcpMessageReady
Definition: TcpReassembly.h:321
pcpp::TcpReassembly::ReassemblyStatus
ReassemblyStatus
An enum for providing reassembly status for each processed packet.
Definition: TcpReassembly.h:262
pcpp::TcpReassembly::NonIpPacket
@ NonIpPacket
Definition: TcpReassembly.h:301
pcpp::TcpReassembly::FIN_RSTWithNoData
@ FIN_RSTWithNoData
Definition: TcpReassembly.h:286
pcpp::TcpReassembly::Error_PacketDoesNotMatchFlow
@ Error_PacketDoesNotMatchFlow
Definition: TcpReassembly.h:308
pcpp::TcpReassembly::Ignore_PacketOfClosedFlow
@ Ignore_PacketOfClosedFlow
Definition: TcpReassembly.h:295
pcpp::TcpReassembly::NonTcpPacket
@ NonTcpPacket
Definition: TcpReassembly.h:304
pcpp::TcpReassembly::Ignore_Retransimission
@ Ignore_Retransimission
Definition: TcpReassembly.h:298
pcpp::TcpReassembly::TcpMessageHandled
@ TcpMessageHandled
Definition: TcpReassembly.h:272
pcpp::TcpReassembly::OutOfOrderTcpMessageBuffered
@ OutOfOrderTcpMessageBuffered
Definition: TcpReassembly.h:282
pcpp::TcpReassembly::Ignore_PacketWithNoData
@ Ignore_PacketWithNoData
Definition: TcpReassembly.h:290
pcpp::TcpReassembly::OnTcpConnectionEnd
std::function< void(const ConnectionData &connectionData, ConnectionEndReason reason, void *userCookie)> OnTcpConnectionEnd
Definition: TcpReassembly.h:338
pcpp::TcpReassembly::ConnectionInfoList
std::unordered_map< uint32_t, ConnectionData > ConnectionInfoList
The type for storing the connection information.
Definition: TcpReassembly.h:312
pcpp::TcpReassembly::getConnectionInformation
const ConnectionInfoList & getConnectionInformation() const
Definition: TcpReassembly.h:385
pcpp::TcpReassembly::purgeClosedConnections
uint32_t purgeClosedConnections(uint32_t maxNumToClean=0)
pcpp::TcpReassembly::reassemblePacket
ReassemblyStatus reassemblePacket(Packet &tcpData)
pcpp::TcpReassembly::closeConnection
void closeConnection(uint32_t flowKey)
pcpp::TcpReassembly::ConnectionEndReason
ConnectionEndReason
An enum for connection end reasons.
Definition: TcpReassembly.h:253
pcpp::TcpReassembly::TcpReassemblyConnectionClosedByFIN_RST
@ TcpReassemblyConnectionClosedByFIN_RST
Connection ended because of FIN or RST packet.
Definition: TcpReassembly.h:255
pcpp::TcpReassembly::TcpReassemblyConnectionClosedManually
@ TcpReassemblyConnectionClosedManually
Connection ended manually by the user.
Definition: TcpReassembly.h:257
pcpp::TcpReassembly::OnTcpConnectionStart
std::function< void(const ConnectionData &connectionData, void *userCookie)> OnTcpConnectionStart
Definition: TcpReassembly.h:328
pcpp::TcpStreamData
Definition: TcpReassembly.h:134
pcpp::TcpStreamData::isBytesMissing
bool isBytesMissing() const
Definition: TcpReassembly.h:171
pcpp::TcpStreamData::getDataLength
size_t getDataLength() const
Definition: TcpReassembly.h:157
pcpp::TcpStreamData::getTimeStamp
timeval getTimeStamp() const
pcpp::TcpStreamData::getMissingByteCount
size_t getMissingByteCount() const
Definition: TcpReassembly.h:164
pcpp::TcpStreamData::TcpStreamData
TcpStreamData(const uint8_t *tcpData, size_t tcpDataLength, size_t missingBytes, const ConnectionData &connData, std::chrono::time_point< std::chrono::high_resolution_clock > timestamp)
Definition: TcpReassembly.h:142
pcpp::TcpStreamData::getTimeStampPrecise
std::chrono::time_point< std::chrono::high_resolution_clock > getTimeStampPrecise() const
Definition: TcpReassembly.h:187
pcpp::TcpStreamData::getData
const uint8_t * getData() const
Definition: TcpReassembly.h:150
pcpp::TcpStreamData::getConnectionData
const ConnectionData & getConnectionData() const
Definition: TcpReassembly.h:178
pcpp
The main namespace for the PcapPlusPlus lib.
Definition: AssertionUtils.h:19
pcpp::ConnectionData
Definition: TcpReassembly.h:94
pcpp::ConnectionData::srcIP
IPAddress srcIP
Source IP address.
Definition: TcpReassembly.h:96
pcpp::ConnectionData::dstIP
IPAddress dstIP
Destination IP address.
Definition: TcpReassembly.h:98
pcpp::ConnectionData::startTimePrecise
std::chrono::time_point< std::chrono::high_resolution_clock > startTimePrecise
Start timestamp of the connection with nanosecond precision.
Definition: TcpReassembly.h:110
pcpp::ConnectionData::endTime
timeval endTime
End timestamp of the connection with microsecond precision.
Definition: TcpReassembly.h:108
pcpp::ConnectionData::startTime
timeval startTime
Start timestamp of the connection with microsecond precision.
Definition: TcpReassembly.h:106
pcpp::ConnectionData::setStartTime
void setStartTime(const std::chrono::time_point< std::chrono::high_resolution_clock > &startTimeValue)
pcpp::ConnectionData::endTimePrecise
std::chrono::time_point< std::chrono::high_resolution_clock > endTimePrecise
End timestamp of the connection with nanosecond precision.
Definition: TcpReassembly.h:112
pcpp::ConnectionData::dstPort
uint16_t dstPort
Destination TCP/UDP port.
Definition: TcpReassembly.h:102
pcpp::ConnectionData::srcPort
uint16_t srcPort
Source TCP/UDP port.
Definition: TcpReassembly.h:100
pcpp::ConnectionData::ConnectionData
ConnectionData()
A c'tor for this struct that basically zeros all members.
Definition: TcpReassembly.h:115
pcpp::ConnectionData::flowKey
uint32_t flowKey
A 4-byte hash key representing the connection.
Definition: TcpReassembly.h:104
pcpp::ConnectionData::setEndTime
void setEndTime(const std::chrono::time_point< std::chrono::high_resolution_clock > &endTimeValue)
pcpp::TcpReassemblyConfiguration
Definition: TcpReassembly.h:203
pcpp::TcpReassemblyConfiguration::closedConnectionDelay
uint32_t closedConnectionDelay
Definition: TcpReassembly.h:210
pcpp::TcpReassemblyConfiguration::maxNumToClean
uint32_t maxNumToClean
Definition: TcpReassembly.h:215
pcpp::TcpReassemblyConfiguration::maxOutOfOrderFragments
uint32_t maxOutOfOrderFragments
Definition: TcpReassembly.h:220
pcpp::TcpReassemblyConfiguration::TcpReassemblyConfiguration
TcpReassemblyConfiguration(bool removeConnInfo=true, uint32_t closedConnectionDelay=5, uint32_t maxNumToClean=30, uint32_t maxOutOfOrderFragments=0, bool enableBaseBufferClearCondition=true)
Definition: TcpReassembly.h:236
pcpp::TcpReassemblyConfiguration::enableBaseBufferClearCondition
bool enableBaseBufferClearCondition
To enable to clear buffer once packet contains data from a different side than the side seen before.
Definition: TcpReassembly.h:223
pcpp::TcpReassemblyConfiguration::removeConnInfo
bool removeConnInfo
The flag indicating whether to remove the connection data after a connection is closed.
Definition: TcpReassembly.h:205