TcpReassembly.h

Go to the documentation of this file.

#ifndef PACKETPP_TCP_REASSEMBLY
#define PACKETPP_TCP_REASSEMBLY

#include "Packet.h"
#include "IpAddress.h"
#include "PointerVector.h"
#include <map>
#include <list>
#include <time.h>


namespace pcpp
{

struct ConnectionData
{
    IPAddress srcIP;
    IPAddress dstIP;
    uint16_t srcPort;
    uint16_t dstPort;
    uint32_t flowKey;
    timeval startTime;
    timeval endTime;

    ConnectionData() : srcPort(0), dstPort(0), flowKey(0), startTime(), endTime() {}

    void setStartTime(const timeval &startTimeValue) { startTime = startTimeValue; }

    void setEndTime(const timeval &endTimeValue) { endTime = endTimeValue; }
};


class TcpReassembly;


class TcpStreamData
{
public:
    TcpStreamData(const uint8_t* tcpData, size_t tcpDataLength, size_t missingBytes, const ConnectionData& connData, timeval timestamp)
        : m_Data(tcpData), m_DataLen(tcpDataLength), m_MissingBytes(missingBytes), m_Connection(connData), m_Timestamp(timestamp)
    {
    }

    const uint8_t* getData() const { return m_Data; }

    size_t getDataLength() const { return m_DataLen; }

    size_t getMissingByteCount() const { return m_MissingBytes; }

    bool isBytesMissing() const { return getMissingByteCount() > 0; }

    const ConnectionData& getConnectionData() const { return m_Connection; }

    timeval getTimeStamp() const { return m_Timestamp; }

private:
    const uint8_t* m_Data;
    size_t m_DataLen;
    size_t m_MissingBytes;
    const ConnectionData& m_Connection;
    timeval m_Timestamp;
};


struct TcpReassemblyConfiguration
{
    bool removeConnInfo;

    uint32_t closedConnectionDelay;

    uint32_t maxNumToClean;

    uint32_t maxOutOfOrderFragments;

    bool enableBaseBufferClearCondition;

    explicit TcpReassemblyConfiguration(bool removeConnInfo = true, uint32_t closedConnectionDelay = 5, uint32_t maxNumToClean = 30, uint32_t maxOutOfOrderFragments = 0,
        bool enableBaseBufferClearCondition = true) : removeConnInfo(removeConnInfo), closedConnectionDelay(closedConnectionDelay), maxNumToClean(maxNumToClean), maxOutOfOrderFragments(maxOutOfOrderFragments), enableBaseBufferClearCondition(enableBaseBufferClearCondition)
    {
    }
};


class TcpReassembly
{
public:

    enum ConnectionEndReason
    {
        TcpReassemblyConnectionClosedByFIN_RST,
        TcpReassemblyConnectionClosedManually
    };

    enum ReassemblyStatus
    {
        TcpMessageHandled,
        OutOfOrderTcpMessageBuffered,
        FIN_RSTWithNoData,
        Ignore_PacketWithNoData,
        Ignore_PacketOfClosedFlow,
        Ignore_Retransimission,
        NonIpPacket,
        NonTcpPacket,
        Error_PacketDoesNotMatchFlow,
    };

    typedef std::map<uint32_t, ConnectionData> ConnectionInfoList;

    typedef void (*OnTcpMessageReady)(int8_t side, const TcpStreamData& tcpData, void* userCookie);

    typedef void (*OnTcpConnectionStart)(const ConnectionData& connectionData, void* userCookie);

    typedef void (*OnTcpConnectionEnd)(const ConnectionData& connectionData, ConnectionEndReason reason, void* userCookie);

    explicit TcpReassembly(OnTcpMessageReady onMessageReadyCallback, void* userCookie = NULL, OnTcpConnectionStart onConnectionStartCallback = NULL, OnTcpConnectionEnd onConnectionEndCallback = NULL, const TcpReassemblyConfiguration &config = TcpReassemblyConfiguration());

    ReassemblyStatus reassemblePacket(Packet& tcpData);

    ReassemblyStatus reassemblePacket(RawPacket* tcpRawData);

    void closeConnection(uint32_t flowKey);

    void closeAllConnections();

    const ConnectionInfoList& getConnectionInformation() const { return m_ConnectionInfo; }

    int isConnectionOpen(const ConnectionData& connection) const;

    uint32_t purgeClosedConnections(uint32_t maxNumToClean = 0);

private:
    struct TcpFragment
    {
        uint32_t sequence;
        size_t dataLength;
        uint8_t* data;
        timeval timestamp;

        TcpFragment() : sequence(0), dataLength(0), data(NULL) {}
        ~TcpFragment() { delete [] data; }
    };

    struct TcpOneSideData
    {
        IPAddress srcIP;
        uint16_t srcPort;
        uint32_t sequence;
        PointerVector<TcpFragment> tcpFragmentList;
        bool gotFinOrRst;

        TcpOneSideData() : srcPort(0), sequence(0), gotFinOrRst(false) {}
    };

    struct TcpReassemblyData
    {
        bool closed;
        int8_t numOfSides;
        int8_t prevSide;
        TcpOneSideData twoSides[2];
        ConnectionData connData;

        TcpReassemblyData() : closed(false), numOfSides(0), prevSide(-1) {}
    };

    typedef std::map<uint32_t, TcpReassemblyData> ConnectionList;
    typedef std::map<time_t, std::list<uint32_t> > CleanupList;

    OnTcpMessageReady m_OnMessageReadyCallback;
    OnTcpConnectionStart m_OnConnStart;
    OnTcpConnectionEnd m_OnConnEnd;
    void* m_UserCookie;
    ConnectionList m_ConnectionList;
    ConnectionInfoList m_ConnectionInfo;
    CleanupList m_CleanupList;
    bool m_RemoveConnInfo;
    uint32_t m_ClosedConnectionDelay;
    uint32_t m_MaxNumToClean;
    size_t m_MaxOutOfOrderFragments;
    time_t m_PurgeTimepoint;
    bool m_EnableBaseBufferClearCondition;

    void checkOutOfOrderFragments(TcpReassemblyData* tcpReassemblyData, int8_t sideIndex, bool cleanWholeFragList);

    void handleFinOrRst(TcpReassemblyData* tcpReassemblyData, int8_t sideIndex, uint32_t flowKey, bool isRst);

    void closeConnectionInternal(uint32_t flowKey, ConnectionEndReason reason);

    void insertIntoCleanupList(uint32_t flowKey);
};

}

#endif /* PACKETPP_TCP_REASSEMBLY */