Commit 14a1e145 authored by Håvard Moås's avatar Håvard Moås
Browse files

Update IPFIXLIB to add tentative metric of reordering of packets in TCP...

Update IPFIXLIB to add tentative metric of reordering of packets in TCP streams, havard.mork@gmail.com

git-svn-id: file:///home/svn/mapi/branches/haavardm-mapi@108 8d5bb341-7cf1-0310-8cf6-ba355fef3186
parent 68f0dae9
...@@ -563,7 +563,8 @@ void addPktToHash(np_ctxt_t *npctxt, ...@@ -563,7 +563,8 @@ void addPktToHash(np_ctxt_t *npctxt,
u_char *fingerprint, u_char *fingerprint,
u_char *payload, u_char *payload,
int payloadLen, int payloadLen,
u_int headerLen, u_int64_t v4_options, u_char ttl) { u_int headerLen, u_int64_t v4_options, u_char ttl,
u_int32_t seqnum) {
u_int32_t n=0, mutexIdx, idx; /* (src+dst+sport+dport) % hashSize; */ u_int32_t n=0, mutexIdx, idx; /* (src+dst+sport+dport) % hashSize; */
HashBucket *bkt; HashBucket *bkt;
u_int32_t srcHost, dstHost; u_int32_t srcHost, dstHost;
...@@ -699,6 +700,20 @@ void addPktToHash(np_ctxt_t *npctxt, ...@@ -699,6 +700,20 @@ void addPktToHash(np_ctxt_t *npctxt,
if(ttl > bkt->src2dstMaxTTL) if(ttl > bkt->src2dstMaxTTL)
bkt->src2dstMaxTTL = ttl; bkt->src2dstMaxTTL = ttl;
// Calculate packets out of sequence for various transport protocols.
switch(proto) {
case IPPROTO_TCP:
if((bkt->src2dst_last_sequence_number+payloadLen) > seqnum) {
// Packet has lower ID than expected
bkt->src2dst_num_packets_out_of_sequence++;
} else {
// Ordered, or early delivery.
bkt->src2dst_last_sequence_number = seqnum;
}
break;
};
} else { } else {
bkt->bytesRcvd += len, bkt->pktRcvd += numPkts; bkt->bytesRcvd += len, bkt->pktRcvd += numPkts;
if(bkt->firstSeenRcvd == 0) if(bkt->firstSeenRcvd == 0)
...@@ -748,6 +763,21 @@ void addPktToHash(np_ctxt_t *npctxt, ...@@ -748,6 +763,21 @@ void addPktToHash(np_ctxt_t *npctxt,
if(ttl > bkt->dst2srcMaxTTL) if(ttl > bkt->dst2srcMaxTTL)
bkt->dst2srcMaxTTL = ttl; bkt->dst2srcMaxTTL = ttl;
// Calculate packets out of sequence for various transport protocols.
if(bkt->dst2src_last_sequence_number != 0) {
switch(proto) {
case IPPROTO_TCP:
if((bkt->dst2src_last_sequence_number+payloadLen) > seqnum) {
// Packet has lower ID than expected
bkt->dst2src_num_packets_out_of_sequence++;
} else {
// Ordered, or early delivery.
bkt->dst2src_last_sequence_number = seqnum;
}
break;
};
}
if(bkt->dst2srcflowid==0) { if(bkt->dst2srcflowid==0) {
bkt->dst2srcflowid = npctxt->numObservedFlows; bkt->dst2srcflowid = npctxt->numObservedFlows;
npctxt->numObservedFlows = npctxt->numObservedFlows + 1; npctxt->numObservedFlows = npctxt->numObservedFlows + 1;
...@@ -833,6 +863,11 @@ void addPktToHash(np_ctxt_t *npctxt, ...@@ -833,6 +863,11 @@ void addPktToHash(np_ctxt_t *npctxt,
bkt->dst2srcBitrateAverager10ms[0] = 0; bkt->dst2srcBitrateAverager10ms[0] = 0;
} }
bkt->src2dst_last_sequence_number = seqnum;
bkt->src2dst_num_packets_out_of_sequence = 0;
bkt->dst2src_last_sequence_number = 0;
bkt->dst2src_num_packets_out_of_sequence = 0;
bkt->src2dstRateMax1sec = 0; bkt->src2dstRateMax1sec = 0;
bkt->src2dstRateMin1sec = MAX_UINT32; bkt->src2dstRateMin1sec = MAX_UINT32;
bkt->src2dstRateMax100ms = 0; bkt->src2dstRateMax100ms = 0;
......
...@@ -56,7 +56,8 @@ extern void addPktToHash(np_ctxt_t *npctxt, ...@@ -56,7 +56,8 @@ extern void addPktToHash(np_ctxt_t *npctxt,
unsigned long long stamp, u_int8_t flags, unsigned long long stamp, u_int8_t flags,
u_int8_t icmpType, u_char *fingerprint, u_int8_t icmpType, u_char *fingerprint,
u_char *payload, int payloadLen, u_char *payload, int payloadLen,
u_int headerLen, u_int64_t v4_options, u_char ttl); u_int headerLen, u_int64_t v4_options, u_char ttl,
u_int32_t seqnum);
extern void printICMPflags(u_int32_t flags, char *icmpBuf, int icmpBufLen); extern void printICMPflags(u_int32_t flags, char *icmpBuf, int icmpBufLen);
extern void printFlow(np_ctxt_t *npctxt, HashBucket *theFlow, int direction); extern void printFlow(np_ctxt_t *npctxt, HashBucket *theFlow, int direction);
extern int isFlowExpired(np_ctxt_t *npctxt, HashBucket *myBucket, time_t theTime); extern int isFlowExpired(np_ctxt_t *npctxt, HashBucket *myBucket, time_t theTime);
......
...@@ -54,6 +54,7 @@ nprobeProcessPacket(void *ctxt, mapid_pkthdr_t *pkt_head, const void *pkt) ...@@ -54,6 +54,7 @@ nprobeProcessPacket(void *ctxt, mapid_pkthdr_t *pkt_head, const void *pkt)
u_int caplen = pkt_head->caplen, length = pkt_head->wlen, offset; u_int caplen = pkt_head->caplen, length = pkt_head->wlen, offset;
u_short eth_type, off=0, numPkts = 1; u_short eth_type, off=0, numPkts = 1;
u_int8_t flags = 0, proto = 0; u_int8_t flags = 0, proto = 0;
u_int32_t seqnum = 0;
struct ip ip; struct ip ip;
struct ip6_hdr ipv6; struct ip6_hdr ipv6;
struct tcphdr tp; struct tcphdr tp;
...@@ -176,6 +177,7 @@ nprobeProcessPacket(void *ctxt, mapid_pkthdr_t *pkt_head, const void *pkt) ...@@ -176,6 +177,7 @@ nprobeProcessPacket(void *ctxt, mapid_pkthdr_t *pkt_head, const void *pkt)
if(!npctxt->ignoreTcpUdpPorts) if(!npctxt->ignoreTcpUdpPorts)
sport = ntohs(tp.th_sport), dport = ntohs(tp.th_dport); sport = ntohs(tp.th_sport), dport = ntohs(tp.th_dport);
flags = tp.th_flags; flags = tp.th_flags;
seqnum = tp.th_seq;
payloadLen = caplen - offset - (tp.th_off * 4); payloadLen = caplen - offset - (tp.th_off * 4);
if(payloadLen > 0) if(payloadLen > 0)
payload = (unsigned char*)pkt+offset+(tp.th_off * 4); payload = (unsigned char*)pkt+offset+(tp.th_off * 4);
...@@ -394,7 +396,7 @@ nprobeProcessPacket(void *ctxt, mapid_pkthdr_t *pkt_head, const void *pkt) ...@@ -394,7 +396,7 @@ nprobeProcessPacket(void *ctxt, mapid_pkthdr_t *pkt_head, const void *pkt)
(proto == IPPROTO_ICMP) ? icmpPkt.icmp_type : 0, (proto == IPPROTO_ICMP) ? icmpPkt.icmp_type : 0,
npctxt->computeFingerprint ? fingerprint : NULL, npctxt->computeFingerprint ? fingerprint : NULL,
payload, payloadLen, payload, payloadLen,
hlen,v4_options, ip.ip_ttl); hlen,v4_options, ip.ip_ttl,seqnum);
} }
#ifdef DEBUG #ifdef DEBUG
else { else {
......
...@@ -185,6 +185,10 @@ typedef struct hashBucket { ...@@ -185,6 +185,10 @@ typedef struct hashBucket {
u_char dst2srcMinTTL; u_char dst2srcMinTTL;
u_char dst2srcMaxTTL; u_char dst2srcMaxTTL;
u_int32_t src2dst_last_sequence_number;
u_int32_t src2dst_num_packets_out_of_sequence;
u_int32_t dst2src_last_sequence_number;
u_int32_t dst2src_num_packets_out_of_sequence;
} HashBucket; } HashBucket;
...@@ -55,6 +55,7 @@ ...@@ -55,6 +55,7 @@
#define FID_QSUM_PKT_DIST 32796 #define FID_QSUM_PKT_DIST 32796
#define FID_QSUM_PKT_LENGTH 32797 #define FID_QSUM_PKT_LENGTH 32797
#define FID_CONNDIRECTION 32798 #define FID_CONNDIRECTION 32798
#define FID_PACKET_REORDER 32799
#ifndef __KERNEL__ #ifndef __KERNEL__
...@@ -793,6 +794,8 @@ static V9TemplateId ver9_templates[] = { ...@@ -793,6 +794,8 @@ static V9TemplateId ver9_templates[] = {
{ FID_QSUM_PKT_LENGTH, 8, "QSUM_PKT_LENGTH" }, { FID_QSUM_PKT_LENGTH, 8, "QSUM_PKT_LENGTH" },
{ FID_CONNDIRECTION, 1, "CONN_DIRECTION" }, { FID_CONNDIRECTION, 1, "CONN_DIRECTION" },
{ FID_PACKET_REORDER, 4, "PKT_REORDERED" },
{ 0, 0, NULL } { 0, 0, NULL }
}; };
...@@ -1498,6 +1501,9 @@ static void handleTemplate(np_ctxt_t *npctxt, V9TemplateId *theTemplate, ...@@ -1498,6 +1501,9 @@ static void handleTemplate(np_ctxt_t *npctxt, V9TemplateId *theTemplate,
} }
} }
break; break;
case FID_PACKET_REORDER:
copyInt32(direction==0?theFlow->src2dst_num_packets_out_of_sequence:theFlow->dst2src_num_packets_out_of_sequence, outBuffer, outBufferBegin,outBufferMax);
break;
}; };
} }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment