Menu
▾
▴
[Scstudio-commits] SF.net SVN: scstudio:[1509] trunk
|
From: <xb...@us...> - 2012-12-06 12:18:34
|
Revision: 1509
http://scstudio.svn.sourceforge.net/scstudio/?rev=1509&view=rev
Author: xborza
Date: 2012-12-06 12:18:25 +0000 (Thu, 06 Dec 2012)
Log Message:
-----------
Modified Paths:
--------------
trunk/src/data/pcap/CMakeLists.txt
trunk/src/data/pcap/application_layer.cpp
trunk/src/data/pcap/application_layer.h
trunk/src/data/pcap/ethernet_layer.cpp
trunk/src/data/pcap/flow.cpp
trunk/src/data/pcap/flow.h
trunk/src/data/pcap/flow_stats.cpp
trunk/src/data/pcap/flow_stats.h
trunk/src/data/pcap/pcap_handler.cpp
trunk/src/data/pcap/pcap_handler.h
trunk/src/data/pcap/pcap_load.cpp
trunk/src/data/pcap/pcap_settings.cpp
trunk/src/data/pcap/pcap_settings.h
trunk/src/data/pcap/protocols.h
trunk/src/data/pcap/transport_layer.cpp
trunk/src/data/pcap/transport_layer.h
trunk/src/view/visio/addon/dllmodule.rc
trunk/src/view/visio/addon/registryManager.cpp
trunk/src/view/visio/addon/resource.h
trunk/src/view/visio/addon/settingsDlg.cpp
trunk/src/view/visio/scstudio.nsi
trunk/tests/pcap/pcap_test.cpp
Modified: trunk/src/data/pcap/CMakeLists.txt
===================================================================
--- trunk/src/data/pcap/CMakeLists.txt 2012-12-05 10:49:01 UTC (rev 1508)
+++ trunk/src/data/pcap/CMakeLists.txt 2012-12-06 12:18:25 UTC (rev 1509)
@@ -6,11 +6,13 @@
export.h
bytes.h
protocols.h
+ packet.h
+ packet.cpp
+ pcap_settings.h
+ pcap_settings.cpp
module.cpp
flow_stats.h
flow_stats.cpp
- application_layer.h
- application_layer.cpp
flow.h
flow.cpp
ethernet_layer.h
@@ -19,6 +21,8 @@
internet_layer.cpp
transport_layer.h
transport_layer.cpp
+ application_layer.h
+ application_layer.cpp
pcap_handler.h
pcap_handler.cpp
pcap_load.h
Modified: trunk/src/data/pcap/application_layer.cpp
===================================================================
--- trunk/src/data/pcap/application_layer.cpp 2012-12-05 10:49:01 UTC (rev 1508)
+++ trunk/src/data/pcap/application_layer.cpp 2012-12-06 12:18:25 UTC (rev 1509)
@@ -57,6 +57,7 @@
{
std::stringstream ss;
int count = 0,iterator = 0;
+ u_char a,c;
ss << "DNS ";
// get first query
@@ -64,10 +65,14 @@
// name begins with number of characters after numb
// example: sip.arpa.net == 3sip4arpa3net
count = (int)dns_data[iterator++];
- while(count > 0){
- ss << (char)dns_data[iterator++];
+ while(count > 0 && iterator < 30) // I don't want more then 30 chars --> ERROR CLEAR
+ {
+ c = (char)dns_data[iterator++];
+ a = ( c >=32 && c <=128) ? (unsigned char) c : '.'; // spam
+ ss << a;
count--;
- if(count == 0){
+ if(count == 0)
+ {
count = (int)dns_data[iterator++];
if(count)
ss << ".";
@@ -280,16 +285,24 @@
HttpMessage* msg = new HttpMessage();
http_message_init(msg);
// init pack for parser and message
+<<<<<<< .mine
+ http_parsers.insert(std::make_pair(ports,HttpParsePack(parser,msg)));
+=======
std::cout << ports.src <<" " <<ports.dst << " ";
http_parsers.insert(std::pair<Ports,HttpParsePack>(ports,HttpParsePack(parser,msg)));
std::cout << "HTTP ok\n";
//parser = http_parsers[ports].parser;
std::cout << "HTTP ok continue 1\n";
+>>>>>>> .r1508
}
else
{ // check, if need reset parser and message
+<<<<<<< .mine
+ if(http_parsers[ports].message->message_complete)
+=======
std::cout << "EE\n";
if(http_parsers[ports].message->message_complete)
+>>>>>>> .r1508
{
std::cout << "EEEE\n";
is_new_packet = true;
@@ -298,8 +311,12 @@
}
parser = http_parsers[ports].parser;
}
+<<<<<<< .mine
+=======
+
std::cout << "here\n";
+>>>>>>> .r1508
// execute parser
parser->data = (char*)data;
nparsed = http_parser_execute(parser, settings, buffer, data_size);
@@ -490,6 +507,7 @@
if(settings->show_version)
ss << "\\" << osip_message_get_version(sip) << " ";
+
if(MSG_IS_REQUEST(sip))
{
ss << sip->sip_method << " ";
@@ -515,31 +533,40 @@
}
if(settings->show_from_to)
{
- if(settings->show_only_nick_names)
- {
- if((sip->from)->displayname != NULL)
- ss << "FROM:" << (sip->from)->displayname << " ";
+ char* rquri = new char[50];
+ if(settings->show_only_nick_names && (sip->from)->displayname != NULL)
+ {
+ rquri = osip_from_get_displayname(sip->from);
+ }
else
+<<<<<<< .mine
+ {
+ osip_from_to_str(sip->from,&rquri);
+ }
+ ss << "FROM:" << rquri << " ";
+
+ if(settings->show_only_nick_names && (sip->to)->displayname != NULL)
+ {
+ rquri = osip_from_get_displayname(sip->to);
+ }
+=======
ss << "FROM:" << osip_uri_get_username((sip->from)->url) << " ";
if((sip->to)->displayname != NULL)
ss << "TO: " << (sip->to)->displayname << " ";
+>>>>>>> .r1508
else
- ss << "TO:" << osip_uri_get_username((sip->to)->url) << " ";
- }
- else
- {
- char* rquri = NULL;
- if(osip_uri_to_str((sip->from)->url,&rquri) == 0)
- ss << "FROM:" << rquri << " ";
-
- if(osip_uri_to_str((sip->to)->url,&rquri) == 0)
- ss << "TO:" << rquri << " ";
+ {
+ osip_from_to_str(sip->to,&rquri);
+ }
+ ss << "TO:" << rquri << " ";
osip_free(rquri);
- }
}
+<<<<<<< .mine
+=======
+>>>>>>> .r1508
return ss.str();
}
Modified: trunk/src/data/pcap/application_layer.h
===================================================================
--- trunk/src/data/pcap/application_layer.h 2012-12-05 10:49:01 UTC (rev 1508)
+++ trunk/src/data/pcap/application_layer.h 2012-12-06 12:18:25 UTC (rev 1509)
@@ -143,7 +143,20 @@
parser = p;
message = m;
}
+<<<<<<< .mine
+ // WHY IT DONT WORK ????!!!!!
+ /*~HttpParsePack()
+ {
+ free(parser);
+ delete message;
+ }*/
+}HttpParsePack;
+=======
+>>>>>>> .r1508
+<<<<<<< .mine
+class HttpPacket : public Packet
+=======
~HttpParsePack()
{
free(parser);
@@ -152,6 +165,7 @@
};
class HttpPacket : public Packet
+>>>>>>> .r1508
{
private:
u_char* data;
Modified: trunk/src/data/pcap/ethernet_layer.cpp
===================================================================
--- trunk/src/data/pcap/ethernet_layer.cpp 2012-12-05 10:49:01 UTC (rev 1508)
+++ trunk/src/data/pcap/ethernet_layer.cpp 2012-12-06 12:18:25 UTC (rev 1509)
@@ -31,8 +31,9 @@
eth_hdr = (EthernetHeader*)data;
type = TO_NTOHS(eth_hdr->ether_type);
this->data_size = data_size;
- if(type <= 1500) // it length field
+ if(type <= 1500) // it is length field
type = 1499;
+
}
EthernetPacket::~EthernetPacket()
Modified: trunk/src/data/pcap/flow.cpp
===================================================================
--- trunk/src/data/pcap/flow.cpp 2012-12-05 10:49:01 UTC (rev 1508)
+++ trunk/src/data/pcap/flow.cpp 2012-12-06 12:18:25 UTC (rev 1509)
@@ -38,7 +38,7 @@
if(!pcap_settings->is_aggregation_active() || it->second.get_smart_label() == "")
ss << id.data.get_label() << " ";
else
- ss << it->second.get_smart_label(); // USE ONLY FOR SMART AGGREGATION MOSTLY
+ ss << it->second.get_smart_label(); // USE ONLY FOR REASSEMBLING MOSLTY
if(settings->show_packet_count)
{
@@ -93,22 +93,22 @@
// check if packet with the ID interrupt some of active communications
-std::vector<std::map<msg_id,FlowStats>::iterator> FlowControl::active_com_interrupt(msg_id packet,bool inherit,FlowLevel level)
+std::vector<std::map<msg_id,FlowStats>::iterator> FlowControl::active_com_interrupt(msg_id packet,bool inherit)
{
std::vector<std::map<msg_id,FlowStats>::iterator> result;
- bool compare[15] = {false}; // instances count
- compare[packet.source_pair.first] = true;
- compare[packet.destin_pair.first] = true;
+
+ int first = packet.source_pair.first;
+ int second = packet.destin_pair.first;
int count = 0;
for(std::map<msg_id,FlowStats>::iterator it = flow_map.begin(); it != flow_map.end(); it++)
- {
- if(level != NET_PROTO_FLOW && packet.data != it->first.data)
+ { // dont't interrupt on data level
+ if(packet.data != it->first.data)
continue;
-
- if(compare[it->first.source_pair.first])
+
+ if(it->first.source_pair.first == first || it->first.source_pair.first == second)
count++;
- if(compare[it->first.destin_pair.first])
+ if(it->first.destin_pair.first == first || it->first.destin_pair.first == second)
count++;
if(count == 1 || (inherit && count == 2))
result.push_back(it);
@@ -117,6 +117,18 @@
return result;
}
+std::vector<std::map<msg_id,FlowStats>::iterator> FlowControl::interrupt_with_proto(u_short proto)
+{
+ std::vector<std::map<msg_id,FlowStats>::iterator> result;
+
+ for(std::map<msg_id,FlowStats>::iterator it = flow_map.begin(); it != flow_map.end(); it++)
+ {
+ if(it->first.data.proto == proto)
+ result.push_back(it);
+ }
+ return result;
+}
+
std::vector<flow_output> FlowControl::flush_all(){
if(settings->type == LST_FLOW)
@@ -130,36 +142,12 @@
flush_flowstats(it);
}
-
flow_map.clear();
// sort by order of incoming packets
std::sort(defer_msg.begin(),defer_msg.end());
return defer_msg;
}
-void FlowControl::flush_interrupted(num_inst_pair src_pair,num_inst_pair dst_pair,SpecData flow_data)
-{
- std::vector<flow_output> result;
- std::map<msg_id,FlowStats>::iterator it;
- msg_id def_id = msg_id(src_pair,dst_pair,flow_data);
- msg_id opposite_id = msg_id(dst_pair,src_pair);
-
- if(flow_data.level == SIP_RTP_STREAM)
- {
- std::vector<std::map<msg_id,FlowStats>::iterator> interrupted;
- interrupted = active_com_interrupt(def_id,true,NET_PROTO_FLOW);
-
- for(u_int i=0; i < interrupted.size();i++)
- {
- it = interrupted[i];
- defer_msg.push_back(get_flowout_flowstats(MESSAGE_END,it));
- }
- for(u_int i=0; i < interrupted.size();i++)
- flow_map.erase(interrupted[i]);
-
- }
-}
-
std::vector<flow_output> FlowControl::update_flow(int pkt_id,num_inst_pair src_pair,num_inst_pair dst_pair,SpecData flow_data,double time,std::string smart_label)
{
@@ -224,7 +212,7 @@
return result;
case FDX_CON_FLOW : // full duplex -> bind the CONTINOUS communication between two nodes together
- interrupted = active_com_interrupt(default_id,false,flow_data.level);
+ interrupted = active_com_interrupt(default_id,false);
if(!interrupted.empty()) // interrupt active communications
{
@@ -250,24 +238,28 @@
case TIME_FLOW:
if(!time_flow->in_interval(time)) // packet time in interval
{
- time_flow->interval_plus(); //interval += interval --> for next packets
+
+ while(!time_flow->in_interval(time))
+ {
+ time_flow->bound_plus();
+ }
+
for(std::map<msg_id,FlowStats>::iterator it = flow_map.begin(); it != flow_map.end(); it++) // Flush all
{
flush_flowstats(it);
}
flow_map.clear();
}
- else
+ if((it = flow_map.find(default_id)) != flow_map.end())
{
- if((it = flow_map.find(default_id)) != flow_map.end())
- {
- it->second.update_id_time_data(pkt_id,time,flow_data.data_size);
- }
- else //no communication yet
- {
- flow_map[default_id] = FlowStats(pkt_id,time,flow_data.data_size);
- }
+ it->second.update_id_time_data(pkt_id,time,flow_data.data_size);
}
+ else //no communication yet
+ {
+
+ flow_map[default_id] = FlowStats(pkt_id,time,flow_data.data_size);
+ }
+
return result;
case AGGREG_FLOW:
@@ -281,7 +273,7 @@
if(flow_data.http_msg->is_segment) // if its segment, update last values
it->second.update_id_time_data(pkt_id,time,flow_data.data_size);
- defer_msg.push_back(get_flowout_flowstats(MESSAGE_END,it));
+ flush_flowstats(it);
flow_map.erase(it);
if(!flow_data.http_msg->is_segment)
@@ -301,7 +293,6 @@
else
{
flow_map[default_id] = FlowStats(pkt_id,time,flow_data.data_size,smart_label);
- result.push_back(get_begin_flowout(default_id,pkt_id,time));
}
}
return result;
@@ -322,26 +313,27 @@
{
if((it = flow_map.find(default_id)) != flow_map.end()) // communication allready
{
- if(it->second.get_count() > 1)
- {
- defer_msg.push_back(get_flowout_flowstats(MESSAGE_BEGIN,it));
- defer_msg.push_back(get_flowout_flowstats(MESSAGE_END,it));
- }
- else
- {
- defer_msg.push_back(get_flowout_flowstats(WHOLE_MESSAGE,it)); // it was not segment
- }
+ flush_flowstats(it);
flow_map.erase(it);
}
- flow_map[default_id] = FlowStats(pkt_id,time,flow_data.data_size,smart_label);
+ flow_map[default_id] = FlowStats(pkt_id,time,flow_data.data_size,smart_label); // maybe segment in future
}
return result;
case SIP_RTP_STREAM:
- if(flow_data.explicit_flush) // is sip packet, flush out
+ if(flow_data.explicit_flush) // is SIP packet, flush out
{
- flush_interrupted(src_pair,dst_pair,flow_data);
- defer_msg.push_back(get_whole_flowout(default_id,pkt_id,time,smart_label));
+ interrupted = interrupt_with_proto(RTP);
+ for(u_int i=0; i < interrupted.size();i++)
+ {
+ it = interrupted[i];
+ flush_flowstats(it);
+ }
+ for(u_int i=0; i < interrupted.size();i++)
+ flow_map.erase(interrupted[i]);
+
+ defer_msg.push_back(get_whole_flowout(default_id,pkt_id,time,smart_label)); // add sip packet to defer msg
+
}
else // RTP packet
{
@@ -352,7 +344,6 @@
else
{
flow_map[default_id] = FlowStats(pkt_id,time,flow_data.data_size,smart_label);
- defer_msg.push_back(get_begin_flowout(default_id,pkt_id,time));
}
}
return result;
Modified: trunk/src/data/pcap/flow.h
===================================================================
--- trunk/src/data/pcap/flow.h 2012-12-05 10:49:01 UTC (rev 1508)
+++ trunk/src/data/pcap/flow.h 2012-12-06 12:18:25 UTC (rev 1509)
@@ -25,7 +25,12 @@
flow_output get_flowout_flowstats(MessagePart part,std::map<msg_id,FlowStats>::iterator it);
flow_output get_begin_flowout(msg_id m_id,int pckt_id,double time);
flow_output get_whole_flowout(msg_id id,int pckt_id,double time,std::string label);
- std::vector<std::map<msg_id,FlowStats>::iterator> active_com_interrupt(msg_id packet,bool inherit,FlowLevel level);
+ /*
+ * return vector of active communications, which the packet interrupt.
+ * @param inherit = is comunication interrputed, if packet is in the same communication canal as communication?
+ */
+ std::vector<std::map<msg_id,FlowStats>::iterator> active_com_interrupt(msg_id packet,bool inherit);
+ std::vector<std::map<msg_id,FlowStats>::iterator> interrupt_with_proto(u_short proto);
std::string get_label(std::map<msg_id,FlowStats>::iterator it);
void flush_flowstats(std::map<msg_id,FlowStats>::iterator it);
@@ -35,7 +40,6 @@
// Destructor
~FlowControl();
- void flush_interrupted(num_inst_pair src,num_inst_pair dst,SpecData flow_data);
std::vector<flow_output> update_flow(int pckt_id,num_inst_pair src_pair,num_inst_pair dst_pair,SpecData flow_data,double time = 0,std::string label="");
std::vector<flow_output> flush_all();
};
Modified: trunk/src/data/pcap/flow_stats.cpp
===================================================================
--- trunk/src/data/pcap/flow_stats.cpp 2012-12-05 10:49:01 UTC (rev 1508)
+++ trunk/src/data/pcap/flow_stats.cpp 2012-12-06 12:18:25 UTC (rev 1509)
@@ -115,15 +115,16 @@
/////////////////////////////////////////////// TIME_FLOW DATA //////////////////////////////////////////////////////////
TimeFlow::TimeFlow(double inter){
interval = inter;
+ bound = inter;
}
-void TimeFlow::interval_plus(){
- interval += interval;
+void TimeFlow::bound_plus(){
+ bound += interval;
}
bool TimeFlow::in_interval(double time){
- return (time <= interval);
+ return (time <= bound);
}
////////////////////////////////////////////FLOW STATS /////////////////////////////////////////////////////////
Modified: trunk/src/data/pcap/flow_stats.h
===================================================================
--- trunk/src/data/pcap/flow_stats.h 2012-12-05 10:49:01 UTC (rev 1508)
+++ trunk/src/data/pcap/flow_stats.h 2012-12-06 12:18:25 UTC (rev 1509)
@@ -31,11 +31,10 @@
struct SpecData
{
FlowLevel level;
- union
- {
- u_short proto;
- Ports ports;
- };
+ // for packet identification
+ u_short proto;
+ Ports ports;
+
// for some additional informations in SMART FLOW
union
{
@@ -182,10 +181,11 @@
{
private:
double interval;
+ double bound;
public:
TimeFlow(double interval);
- void interval_plus();
+ void bound_plus();
bool in_interval(double time); // return if time is in interval
};
Modified: trunk/src/data/pcap/pcap_handler.cpp
===================================================================
--- trunk/src/data/pcap/pcap_handler.cpp 2012-12-05 10:49:01 UTC (rev 1508)
+++ trunk/src/data/pcap/pcap_handler.cpp 2012-12-06 12:18:25 UTC (rev 1509)
@@ -2,12 +2,35 @@
#include <stdlib.h>
#include <iomanip>
+bool create_relative_interval(EventPtr prev_e,EventPtr new_e,double time)
+{
+ if(prev_e == NULL || new_e == NULL)
+ {
+ return false;
+ }
+
+ // get value from absolute time and remove it
+ MscTimeIntervalSet<double> time_set = prev_e->get_absolut_times().front()->get_interval_set();
+ double abs_last_time = time_set.get_set().front().get_begin().get_value();
+
+ // set interval
+ MscTimeIntervalSet<double> new_rel_interval;
+ new_rel_interval.insert(MscTimeInterval<double>(time - abs_last_time));
+
+ TimeRelationEventPtr rel = new TimeRelationEvent(new_rel_interval);
+ rel->glue_events(prev_e.get(),new_e.get());
+ return true;
+}
+
+
PcapSettings* PcapHandler::settings;
timeval PcapHandler::zero_time;
+int PcapHandler::packet_id;
PcapHandler::PcapHandler(PcapSettings* parse_set){
msc = new BMsc(L"Pcap");
inst_count = 0;
+ packet_id = 0;
settings = parse_set;
@@ -24,6 +47,11 @@
zero_time.tv_usec = 0;
}
+PcapHandler::~PcapHandler()
+{
+
+}
+
MscPtr PcapHandler::getMsc(){
return msc;
}
@@ -34,11 +62,12 @@
num_inst_pair dst_pair;
src_pair = get_num_inst(src);
- dst_pair = get_num_inst(dst);
if(src_pair.first == -1)
src_pair = create_instance(src);
+ dst_pair = get_num_inst(dst);
+
if(dst_pair.first == -1)
dst_pair = create_instance(dst);
@@ -71,28 +100,35 @@
}
}
-bool PcapHandler::create_flow_event(flow_output msg_start)
+/*
+* This function is used only for aggreagation and reassembling packets
+*/
+bool PcapHandler::create_flow_event(flow_output msg_start) // create the event, message get from
{
int id = msg_start.ids.first;
msg_id mes_id = msg_start.m_id;
if(events_map.find(id) != events_map.end())
{
- std::cout << "Key in events map allready\n";
+ std::cerr << "Key in events map allready\n";
return false;
}
- EventPtr e = mes_id.source_pair.second->get_last()->add_event();
+ //add event
+ EventPtr new_e = mes_id.source_pair.second->get_last()->add_event();
+
if(settings->show_timestamps)
{
double time = msg_start.time;
MscTimeIntervalSet<double> i;
+
+ // Add absolute time
i.insert(MscTimeInterval<double>(time));
-
- e->add_absolut_time(i);
+ new_e->add_absolut_time(i); // if there are relative times, it's only help time and should be removed [ its in abs_time_events]
+ abs_time_events.push_back(new_e);
}
- events_map.insert(std::pair<int,EventPtr>(id,e));
+ events_map.insert(std::pair<int,EventPtr>(id,new_e));
return true;
}
@@ -106,7 +142,7 @@
if(event_iter == events_map.end())
{
std::cout << "Key " << id << " not in events map\n";
- return false;
+ return 1;
}
// remove from map
events_map.erase(id);
@@ -115,7 +151,7 @@
EventPtr e2 = mes_id.destin_pair.second->get_last()->add_event();
add_new_message(e1,e2,msg_end.label,msg_end.time,false);
- return true;
+ return 0;
}
void PcapHandler::last_diagram_update()
@@ -138,26 +174,55 @@
add_new_message(e1,e2,msg.label,msg.time,true);
break;
}
-
}
}
+
+ // remove informational absolute times from set
+ if(settings->time_format == REL_TIME)
+ {
+ for(std::list<EventPtr>::iterator it = abs_time_events.begin(); it != abs_time_events.end(); it++)
+ {
+ it->get()->clear_absolut_times();
+ }
+ abs_time_events.clear();
+ }
}
-void PcapHandler::add_new_message(EventPtr src_e,EventPtr dst_e,std::string msg_label,double timestamp,bool set_all_times){
+void PcapHandler::add_new_message(EventPtr src_e,EventPtr dst_e,std::string msg_label,double time,bool set_all_times){
// create message between instances
- double time;
if(settings->show_timestamps)
{
+ // add absolute times, they are needed for relative intervals too, as addititonal information
MscTimeIntervalSet<double> i;
- time = timestamp;
i.insert(MscTimeInterval<double>(time));
dst_e->add_absolut_time(i);
- if(set_all_times)
+ abs_time_events.push_back(dst_e);
+
+ if(set_all_times /*|| settings->time_format == REL_TIME*/) // else it was set in flow_event allready
{
src_e->add_absolut_time(i);
+ abs_time_events.push_back(src_e);
}
+ // set Relative intervals?
+ if(settings->time_format == REL_TIME)
+ {
+ // chcek, if the event's are first on the src and dst instances
+ StrictEventPtr strict_src_e = boost::dynamic_pointer_cast<StrictEvent>(src_e);
+ StrictEventPtr strict_dst_e = boost::dynamic_pointer_cast<StrictEvent>(dst_e);
+
+ StrictEventPtr src_prev_e = strict_src_e->get_predecessor();
+ StrictEventPtr dst_prev_e = strict_dst_e->get_predecessor();
+
+ if(!set_all_times) // it's message with different times on src_e and dst_e, create interval between them
+ {
+ create_relative_interval(src_e,dst_e,time);
+ }
+ // it's enaugh to create interval on one instance?
+ create_relative_interval(src_prev_e,src_e,time);
+ create_relative_interval(dst_prev_e,dst_e,time);
+ }
}
/** message **/
@@ -198,9 +263,10 @@
handStruct* hands = (handStruct*)param;
PcapHandler* pcap = hands->pcap;
- static int packet_id; // packet number
packet_id++; // increase with every packet
+ //std::cout << "Packet " << packet_id << "\n";
+
timeval pom_timestamp; // in user set data units
double timestamp;
//initialise ZERO TIMESTAMP
@@ -227,15 +293,16 @@
proto = eth_p->get_upper_proto();
source = eth_p->get_src_address();
destination = eth_p->get_dst_address();
+
if(settings->parse_layer == LINK_LAYER) // CAN GET UPPER DATA ALWAYS
{
+ label = settings->get_message_label(packet_id,eth_p,all_info.str(),true);
sp_data = fill_specdata(settings,eth_p,LINK_FLOW,NO_AGGR);
- label = settings->get_message_label(packet_id,eth_p,all_info.str());
delete eth_p;
hands->pcap->diagram_update(packet_id,source,destination,label,timestamp,sp_data);
return;
}
- all_info << label;
+ all_info << settings->get_message_label(packet_id,eth_p,all_info.str(),false);
// ------------- NETWORK LAYER ---------------------------------------------------------------
Packet* net_p = NULL;
@@ -243,7 +310,16 @@
Ipv6* ipv6_p = NULL;
ArpPacket* arp_p = NULL;
int ip_ver;
- switch(eth_p->get_upper_proto())
+ int type = 0;
+ // convert to hexadecimal value (suprisingly, without it you can get negative integer from ethernet | -X != Y && Hex(X) == Hex(Y))
+ std::stringstream ss;
+ ss << std::hex << eth_p->get_upper_proto();
+ std::string pom = ss.str();
+ ss.str("");
+ ss << "0x" << pom;
+ ss >> type;
+ //
+ switch(type)
{
case IPV4:
/* GET IP VERSION encapuslation*/
@@ -272,10 +348,11 @@
net_p = new NetPacket(eth_p->get_upper_data(),eth_p->get_upper_data_size(),eth_p->get_upper_proto());
break;
}
+
if(settings->parse_layer == NET_LAYER || (net_p->get_upper_proto() == -1 && !settings->ignore_packets)) //can't parse more
{
+ label = settings->get_message_label(packet_id,net_p,all_info.str(),true);
sp_data = fill_specdata(settings,net_p,NET_PROTO_FLOW,NO_AGGR);
- label = settings->get_message_label(packet_id,net_p,all_info.str());
delete eth_p;
delete net_p;
hands->pcap->diagram_update(packet_id,source,destination,label,timestamp,sp_data);
@@ -288,8 +365,7 @@
delete net_p;
return;
}
-
- all_info << " " << label;
+ all_info <<"I"<< settings->get_message_label(packet_id,net_p,all_info.str(),false) << "I";
// ------------------- TRANSPORT LAYER ----------------------------------------------------
Ports ports;
@@ -317,14 +393,14 @@
sp_data = fill_specdata(settings,trans_p,TRANS_PROTO_FLOW,NO_AGGR);
break;
}
+
if(settings->parse_layer == TRANSPORT_LAYER || (trans_p->get_upper_data_size() == 0 && !settings->ignore_packets)) //can't parse more
{
- label = settings->get_message_label(packet_id,trans_p,all_info.str());
+ label = settings->get_message_label(packet_id,trans_p,all_info.str(),true);
delete eth_p;
delete net_p;
delete trans_p;
hands->pcap->diagram_update(packet_id,source,destination,label,timestamp,sp_data);
- std::cout << "ok\n";
return;
}
if((trans_p->get_upper_proto() == -1 || trans_p->get_upper_data_size() == 0) && settings->ignore_packets)
@@ -334,16 +410,14 @@
delete trans_p;
return;
}
+ all_info <<"I"<< settings->get_message_label(packet_id,trans_p,all_info.str(),false);
- all_info << " " << label;
-
// -------------- APPLICATION LAYER -----------------------------------------------------------
Packet* app_p = NULL;
ports = trans_p->get_ports();
switch(trans_p->get_upper_proto())
{
case(HTTP):
- std::cout << "HTTP\n";
app_p = new HttpPacket(trans_p->get_upper_data(),trans_p->get_upper_data_size(),ports,settings->adv_settings->http_settings);
sp_data = fill_specdata(settings,app_p,NO_FLOW,HTTP_AGGR);
break;
@@ -372,14 +446,12 @@
}
if(settings->parse_layer == APP_LAYER) // parsed all !!!
{
- label = settings->get_message_label(packet_id,app_p,all_info.str());
- std::cout << source << "-->" << destination << " LOOP " << packet_id << " " << label << "\n";
+ label = settings->get_message_label(packet_id,app_p,all_info.str(),true);
delete eth_p;
delete net_p;
delete trans_p;
delete app_p;
hands->pcap->diagram_update(packet_id,source,destination,label,timestamp,sp_data);
- std::cout << "OK\n";
return;
}
//pcap_breakloop(hands->handle);
Modified: trunk/src/data/pcap/pcap_handler.h
===================================================================
--- trunk/src/data/pcap/pcap_handler.h 2012-12-05 10:49:01 UTC (rev 1508)
+++ trunk/src/data/pcap/pcap_handler.h 2012-12-06 12:18:25 UTC (rev 1509)
@@ -12,8 +12,11 @@
#include "data/formatter.h"
+bool create_relative_interval(EventPtr prev_e,EventPtr new_e,double time);
+
class PcapHandler{
+ static int packet_id;
static PcapSettings* settings;
static timeval zero_time;
@@ -27,6 +30,9 @@
// for flow and specific protocol aggregation
std::map<int,EventPtr> events_map;
+ // for absolute times clearing
+ std::list<EventPtr> abs_time_events;
+
bool create_flow_event(flow_output msg_start);
bool create_flow_message(flow_output msg_end);
Modified: trunk/src/data/pcap/pcap_load.cpp
===================================================================
--- trunk/src/data/pcap/pcap_load.cpp 2012-12-05 10:49:01 UTC (rev 1508)
+++ trunk/src/data/pcap/pcap_load.cpp 2012-12-06 12:18:25 UTC (rev 1509)
@@ -27,7 +27,10 @@
std::vector<MscPtr> Pcap::load_msc(const std::string &filename)
{
std::vector<MscPtr> result;
- return result;
+ PcapSettings* settings = new PcapSettings();
+ settings->load_registry();
+
+ return load_msc(filename,settings);
}
std::vector<MscPtr> Pcap::load_msc(const std::string &filename,PcapSettings* settings)
@@ -43,7 +46,7 @@
u_int netmask;
///////////////////////////// SET THE FILTER ////////////////////////////////
-const char* packet_filter = settings->pcap_filter;
+const char* packet_filter = settings->pcap_filter.c_str();
/////////////////////////////////////////////////////////////////////////////
struct bpf_program fcode;
@@ -87,13 +90,12 @@
hands.pcap = pcapCon;
hands.handle = adhandle;
- std::cout << "\nloop begin\n";
pcap_loop(adhandle, 0, PcapHandler::packet_handler, (u_char*)&hands);
- std::cout << "loop ok\n";
// for aggregation buffer flush
hands.pcap->last_diagram_update();
- std::cout << "update ok\n";
result.push_back(hands.pcap->getMsc());
+ delete settings;
+ delete pcapCon;
return result;
}
Modified: trunk/src/data/pcap/pcap_settings.cpp
===================================================================
--- trunk/src/data/pcap/pcap_settings.cpp 2012-12-05 10:49:01 UTC (rev 1508)
+++ trunk/src/data/pcap/pcap_settings.cpp 2012-12-06 12:18:25 UTC (rev 1509)
@@ -68,22 +68,24 @@
}
}
-std::string PcapSettings::get_message_label(int packet_id,Packet* packet,std::string all_info)
+// append all info is used only if show_all_layers option is active --> If append == false, then it's used for previous parsed information
+std::string PcapSettings::get_message_label(int packet_id,Packet* packet,std::string all_info,bool append_all_info)
{
std::stringstream ss;
- if(view_settings->show_all_layers_info)
+ if(view_settings->show_all_layers_info && all_info.length() != 0 && append_all_info)
{
ss << all_info << " ";
}
if(view_settings->show_packets_numbers)
{
- ss << packet_id << " ";
+ if(!view_settings->show_all_layers_info || all_info.length() == 0) // packet ID only on begin the label
+ ss << packet_id << " ";
}
if(view_settings->show_ports)
{
Ports ports = packet->get_ports();
- if(ports != make_ports(0,0))
+ if(ports != make_ports(0,0) && (!view_settings->show_all_layers_info || all_info.find("SRC") == std::string::npos))
{
ss << "SRC:" << ports.src << " DST:" << ports.dst << " ";
}
@@ -114,14 +116,18 @@
case MICROSECONDS: result = ts.tv_sec*1000000 + (double)ts.tv_usec; break;
default : break;
}
- result = round(result,2);
+ result = round(result,3);
return result;
}
double PcapSettings::bytes_to_user_unit(u_short bytes)
{
double result;
- result = bytes/data_unit;
+ if(data_unit == BITS)
+ result = bytes*8;
+ else
+ result = bytes/data_unit;
+
result = round(result,2);
return result;
}
@@ -144,3 +150,119 @@
return false;
}
+void PcapSettings::load_registry()
+{
+ //advanced settings
+ HttpSettings* http_set = new HttpSettings();
+ http_set->show_packet_part = get_config_long(L"Pcap", L"HttpUseSplitted", 1) != 0;
+ http_set->show_version = get_config_long(L"Pcap", L"HttpVersion", 0) != 0;
+ http_set->reassembly = get_config_long(L"Pcap", L"HttpUseReassemble", 0) != 0;
+ //reg->setRegistry<DWORD>(GetRegistryFolder(), _T("HttpSpecific"), (DWORD)m_http_specific);
+
+ SipSettings* sip_set = new SipSettings();
+ sip_set->show_from_to = get_config_long(L"Pcap", L"SipFromTo", 1) != 0;
+ sip_set->show_only_nick_names = get_config_long(L"Pcap", L"SipNicknames", 1) != 0;
+ sip_set->show_specification = get_config_long(L"Pcap", L"SipSpecific", 0) != 0;
+ sip_set->show_version = get_config_long(L"Pcap", L"SipVersion", 0) != 0;
+ sip_set->reassembly = get_config_long(L"Pcap", L"SipRtpStream", 0) != 0;
+
+ TcpSettings* tcp_set = new TcpSettings();
+ tcp_set->show_flags = get_config_long(L"Pcap", L"TcpFlags", 1) != 0;
+ tcp_set->show_seqack = get_config_long(L"Pcap", L"TcpSeqack", 0) != 0;
+ tcp_set->show_segments = get_config_long(L"Pcap", L"TcpUseSplitted", 0) != 0;
+ tcp_set->reassembly = get_config_long(L"Pcap", L"TcpUseReassemble", 0) != 0;
+
+ adv_settings = new AdvancedSettings(http_set,sip_set,tcp_set);
+
+ //view settings
+ view_settings = new ViewSettings();
+ view_settings->show_data_size = get_config_long(L"Pcap", L"DataSize", 0) != 0;
+ view_settings->show_ports = get_config_long(L"Pcap", L"Ports", 0) != 0;
+ view_settings->show_packets_numbers = get_config_long(L"Pcap", L"PacketId", 1) != 0;
+ view_settings->show_all_layers_info = get_config_long(L"Pcap", L"AllInfo", 0) != 0;
+ view_settings->show_upper_proto = get_config_long(L"Pcap", L"UpperProto", 0) != 0;
+ view_settings->ignore_packets = get_config_long(L"Pcap", L"Ignore", 0) != 0;
+
+ //aggreeg settings
+ flow_settings = new AggregSettings();
+ flow_settings->apply_aggreg = get_config_long(L"Pcap", L"ApplyAggreg", 0) != 0;
+ // FlowType
+ if(get_config_long(L"Pcap", L"SrcDst", 0) != 0)
+ flow_settings->level = LINK_FLOW;
+
+ if(get_config_long(L"Pcap", L"NetProto", 1) != 0)
+ flow_settings->level = NET_PROTO_FLOW;
+
+ if(get_config_long(L"Pcap", L"TransProto", 0) != 0)
+ flow_settings->level = TRANS_PROTO_FLOW;
+
+ if(get_config_long(L"Pcap", L"AppProto", 0) != 0)
+ flow_settings->level = APP_PROTO_FLOW;
+
+ if(get_config_long(L"Pcap", L"Ports", 0) != 0)
+ flow_settings->level = PORT_FLOW;
+
+ //FlowLevel
+ if(get_config_long(L"Pcap", L"LstPackets", 1) != 0)
+ flow_settings->type = LST_FLOW;
+
+ if(get_config_long(L"Pcap", L"SdcPackets", 0) != 0)
+ flow_settings->type = HDX_FLOW;
+
+ if(get_config_long(L"Pcap", L"BdcPackets", 0) != 0)
+ flow_settings->type = FDX_CON_FLOW;
+
+ if(get_config_long(L"Pcap", L"SdPackets", 0) != 0)
+ flow_settings->type = FDX_FLOW;
+
+ if(get_config_long(L"Pcap", L"IntPackets", 0) != 0)
+ flow_settings->type = TIME_FLOW;
+
+ flow_settings->show_data_size = get_config_long(L"Pcap", L"DataSize", 0) != 0;
+ flow_settings->show_packet_count = get_config_long(L"Pcap", L"PacketsCount", 1) != 0;
+ flow_settings->ignore_packets = get_config_long(L"Pcap", L"IgnorePack", 0) != 0;
+ flow_settings->time_interval = (float)get_config_float(L"Pcap", L"IntervalSize", 10.0);
+
+ //other settings
+ //m_filter_value = reg->getRegistry<LPTSTR>(GetRegistryFolder(), _T("Filter"), L"");
+ show_timestamps = true; // default value
+ //time format
+ if(get_config_long(L"Pcap", L"AbsoluteTime", 1) != 0)
+ time_format = ABS_TIME;
+
+ if(get_config_long(L"Pcap", L"RelativeTime", 0) != 0)
+ time_format = REL_TIME;
+
+ //time unit
+ if(get_config_long(L"Pcap", L"TimeSeconds", 1) != 0)
+ time_unit = SECONDS;
+
+ if(get_config_long(L"Pcap", L"TimeMSeconds", 0) != 0)
+ time_unit = MILISECONDS;
+
+ if(get_config_long(L"Pcap", L"TimeUSeconds", 0) != 0)
+ time_unit = MICROSECONDS;
+
+ //data_unit;
+ if(get_config_long(L"Pcap", L"DataBits", 0) != 0)
+ data_unit = BITS;
+
+ if(get_config_long(L"Pcap", L"DataBytes", 1) != 0)
+ data_unit = BYTES;
+
+ if(get_config_long(L"Pcap", L"DataKBytes", 0) != 0)
+ data_unit = KBYTES;
+
+ //Parse Layer
+ if(get_config_long(L"Pcap", L"LinkLayer", 0) != 0)
+ parse_layer = LINK_LAYER;
+
+ if(get_config_long(L"Pcap", L"NetLayer",0) != 0)
+ parse_layer = NET_LAYER;
+
+ if(get_config_long(L"Pcap", L"TransLayer", 0) != 0)
+ parse_layer = TRANSPORT_LAYER;
+
+ if(get_config_long(L"Pcap", L"AppLayer", 1) != 0)
+ parse_layer = APP_LAYER;
+}
Modified: trunk/src/data/pcap/pcap_settings.h
===================================================================
--- trunk/src/data/pcap/pcap_settings.h 2012-12-05 10:49:01 UTC (rev 1508)
+++ trunk/src/data/pcap/pcap_settings.h 2012-12-06 12:18:25 UTC (rev 1509)
@@ -5,6 +5,7 @@
#include <pcap.h>
#include "packet.h"
#include <boost/shared_ptr.hpp>
+#include "data/configurator.h"
#include <sstream>
double round(double x, int prec);
@@ -90,7 +91,6 @@
{
show_data_size = true;
show_ports = true;
- ignore_packets = true;
show_packets_numbers = false;
show_all_layers_info = false;
show_upper_proto = false;
@@ -114,6 +114,7 @@
TRANS_PROTO_FLOW,
APP_PROTO_FLOW,
PORT_FLOW,
+ // ONLY FOR PCAP PRIVATE USING
NO_FLOW,
TCP_AGGR,
HTTP_AGGR,
@@ -150,7 +151,7 @@
#define MILISECONDS 1000
#define MICROSECONDS 1000000
-#define BITS 0.125
+#define BITS 8
#define BYTES 1
#define KBYTES 1000
@@ -175,13 +176,27 @@
static const char* no_filter = "";
static const char* naive_rtp_filter = "udp[1] & 1 != 1 && udp[3] & 1 != 1 && udp[8] & 0x80 == 0x80 && length < 250";
-struct PcapSettings
+
+// config provider
+class PcapConfigProvider : public ConfigProvider
{
+public:
+ virtual long get_config_long(const std::wstring& section, const std::wstring& parameter, long def = 0) const
+ { return def; }
+ virtual float get_config_float(const std::wstring& section, const std::wstring& parameter, float def = 0.0f) const
+ { return def; }
+};
+
+class PcapSettings : public ConfigReader
+{
+ PcapConfigProvider pcp;
+public:
+
bool show_timestamps;
TimeFormat time_format;
int time_unit;
int data_unit;
- const char* pcap_filter;
+ std::string pcap_filter;
ParseLayer parse_layer;
bool ignore_packets;
@@ -190,8 +205,9 @@
AdvancedSettings* adv_settings;
AggregSettings* flow_settings;
- PcapSettings() // not set pointer to other settings [view,advanced,flow]
+ PcapSettings() // not set pointer to other settings [view,advanced,flow]
{
+ set_config_provider(&pcp);
show_timestamps = true;
time_unit = MILISECONDS;
time_format = ABS_TIME;
@@ -203,6 +219,7 @@
PcapSettings(ViewSettings* view_set,AdvancedSettings* adv_set,AggregSettings* flow_set = NULL)
{
+ set_config_provider(&pcp);
show_timestamps = true;
time_unit = MILISECONDS;
time_format = ABS_TIME;
@@ -216,10 +233,12 @@
flow_settings = flow_set;
}
+ void load_registry();
+
void validate_settings();
double bytes_to_user_unit(u_short bytes);
double timeval_to_double(timeval ts);
- std::string get_message_label(int packet_id,Packet* packet,std::string all_info);
+ std::string get_message_label(int packet_id,Packet* packet,std::string all_info,bool append_all_info);
bool is_aggregation_active();
bool is_aggregation_active(FlowLevel level);
Modified: trunk/src/data/pcap/protocols.h
===================================================================
--- trunk/src/data/pcap/protocols.h 2012-12-05 10:49:01 UTC (rev 1508)
+++ trunk/src/data/pcap/protocols.h 2012-12-06 12:18:25 UTC (rev 1509)
@@ -14,7 +14,7 @@
// DEFINE NETWORK PROTOCOLS
#define IPV4 0x0800 // IP proto, ver 4
-#define IPV6 0x86DD // IP proto, ver 6
+#define IPV6 0x86dd // IP proto, ver 6
#define ARP 0x0806 // Address Resolution Protocol
#define SYN_3 0x1337 // SYN-3 heartbeat protocol
#define RARP 0x8035 // Reverse Address Resolution Protocol
@@ -207,14 +207,24 @@
(23,"TELNET") // Tellenet remote login service
(25,"SMTP") // Simple mail trnasfer protocol
(53,"DNS") // Domain name system
+ (67,"DHCP")
(80,"HTTP") // Hypertext transfer prorocol
(110,"POP3") // Post office protocol
(119,"NNTP") // Network news transfer protocol
+ (123,"NBNS") // NetBios - NS
+ (137,"NBNS")
+ (138,"NBDGM") // NetBios Datagram service
(143,"IMAP") // Internet message acces protocol
(161,"SNMP") // Simlple network managment protocol
(443,"HTTPS") // Http secure
+ (546,"DHCPv6")
+ (1024,"BFD Control")
+ (1513,"Fujitsu-dtc")
+ (1900,"SSDP")
(5060,"SIP") // SIP session initialization protocol
(5061,"SIPS") //
+ (5353,"MDNS")
+ (5355,"LLMNR") // Link local multicast nam resolution
(10000,"RTP") // I DEFINED THIS AS A DEFAULT VALUE !! --> dynamically seted normally
(2424,"TPNCP") // audiocodes
(5010,"TelepathStart");
Modified: trunk/src/data/pcap/transport_layer.cpp
===================================================================
--- trunk/src/data/pcap/transport_layer.cpp 2012-12-05 10:49:01 UTC (rev 1508)
+++ trunk/src/data/pcap/transport_layer.cpp 2012-12-06 12:18:25 UTC (rev 1509)
@@ -35,10 +35,10 @@
bool data_contains = (get_upper_data_size() > 0);
// try put the actual ports in sequence_map of ports, if it is in map, doesn't put
- actual_ret = seq_map.insert(std::pair<Ports,SeqItem>(actual_ports,SeqItem(seq_num,ack_num,flags,data_contains,true)));
- reverse_ret = seq_map.insert(std::pair<Ports,SeqItem>(reverse_ports,SeqItem(ack_num,seq_num,flags,data_contains,false)));
+ actual_ret = seq_map.insert(std::pair<Ports,SeqItem>(actual_ports,SeqItem(seq_num-1,ack_num-1,flags,data_contains,true)));
+ reverse_ret = seq_map.insert(std::pair<Ports,SeqItem>(reverse_ports,SeqItem(ack_num-1,seq_num-1,flags,data_contains,false)));
- // check, if there are the ports in map allready // --> ONE TCP CONNECTION HAS POSITIVE ID, OPPOSITE HAS NEGATIVE ID
+ // check, if there are the ports in map allready
bool first_packet = false;
if(actual_ret.second == true){
first_packet = true;
@@ -55,36 +55,34 @@
is_segment_ack = (!data_contains && !first_packet && !seq_item.data && seq_item.last_seq_num == seq_num);
// create message for FLOW
tcp_flow_item = new TcpFlowItem(flags,data_contains,segment,is_segment_ack,seq_num,ack_num);
-
- switch(flags){
- //-------------------------------------
- case SYN: // only one connection between 2 ports, setting the initial sequence number
- act_seq_iter->second = SeqItem(seq_num,ack_num,flags,false,true); // updated last_seq, last_ack...
- rev_seq_iter->second = SeqItem(ack_num,seq_num,rev_seq_item.last_flag,rev_seq_item.data,false);
- relative_seq_num = relative_ack_num = 0;
- break;
- // initialization of new TCP connection
- case SYN_ACK:
+
+ if(flags.count(SYN) == 1 && flags.count(ACK) == 1)
+ {
act_seq_iter->second = SeqItem(seq_num,ack_num-1,flags,false,true); // updated last_seq, last_ack...
- rev_seq_iter->second = SeqItem(ack_num-1,seq_num,rev_seq_item.last_flag,rev_seq_item.data,false);
+ rev_seq_iter->second = SeqItem(ack_num-1,seq_num,rev_seq_item.last_flags,rev_seq_item.data,false);
relative_seq_num = 0;
relative_ack_num = 1;
- break;
-
- default:
+ }
+ else if(flags.count(SYN) == 1)
+ {
+ act_seq_iter->second = SeqItem(seq_num,ack_num,flags,false,true); // updated last_seq, last_ack...
+ rev_seq_iter->second = SeqItem(ack_num,seq_num,rev_seq_item.last_flags,rev_seq_item.data,false);
+ relative_seq_num = relative_ack_num = 0;
+ }
+ else
+ {
// set relative ack and seq number
relative_seq_num = seq_num - seq_item.init_seq_num;
relative_ack_num = ack_num - seq_item.init_ack_num;
-
+ }
//actualize values
act_seq_iter->second.last_ack_num = ack_num;
act_seq_iter->second.last_seq_num = seq_num;
- act_seq_iter->second.last_flag = flags;
+ act_seq_iter->second.last_flags = flags;
act_seq_iter->second.data = data_contains;
act_seq_iter->second.last_direction = true;
rev_seq_iter->second.last_direction = false;
- break;
- }
+
}
TcpFlowItem* TcpPacket::get_tcp_flow_item()
@@ -135,12 +133,15 @@
if(tcp_settings->show_flags)
{
- ss << flagsNames[flags] << " ";
+ std::set<TcpFlag>::iterator it;
+ for(it = flags.begin(); it != flags.end(); it++)
+ ss << flagsNames[*it] << " ";
+
}
- if(tcp_settings->show_seqack && (tcp_settings->show_segments || (tcp_settings->reassembly && !segment && !is_segment_ack)))
+ if(tcp_settings->show_seqack && (!tcp_settings->reassembly || (tcp_settings->reassembly && !segment && !is_segment_ack)))
{ // if it's segment or segment ack and is active reassemblation, don't show SEQ-ACk --> they are different in each packet
ss << "SEQ:" << relative_seq_num << " ";
- if(flags == ACK || flags == FIN_ACK || flags == RST_ACK || flags == PSH_ACK)
+ if(flags.count(ACK) == 1)
{
ss << "ACK:" << relative_ack_num << " ";
}
@@ -153,33 +154,28 @@
return ss.str();
}
-TcpFlag TcpPacket::get_flag(){
+std::set<TcpFlag> TcpPacket::get_flag(){
- if(tcp_hdr->fin && tcp_hdr->ack)
- return FIN_ACK;
+ std::set<TcpFlag> result;
+
if(tcp_hdr->fin)
- return FIN;
- if(tcp_hdr->rst && tcp_hdr->ack)
- return RST_ACK;
+ result.insert(FIN);
if(tcp_hdr->rst)
- return RST;
- if(tcp_hdr->psh && tcp_hdr->ack)
- return PSH_ACK;
+ result.insert(RST);
if(tcp_hdr->psh)
- return PSH;
+ result.insert(PSH);
if(tcp_hdr->urg)
- return URG;
- if(tcp_hdr->ecn)
- return ECN;
+ result.insert(URG);
if(tcp_hdr->cwr)
- return CWR;
- if(tcp_hdr->syn && tcp_hdr->ack)
- return SYN_ACK;
- if(tcp_hdr->syn)
- return SYN;
+ result.insert(CWR);
if(tcp_hdr->ack)
- return ACK;
- return ACK;
+ result.insert(ACK);
+ if(tcp_hdr->syn)
+ result.insert(SYN);
+ if(tcp_hdr->ecn)
+ result.insert(ECN);
+
+ return result;
}
//////////////////////////////////////////////////////////////////////////////////////////////////////////
Modified: trunk/src/data/pcap/transport_layer.h
===================================================================
--- trunk/src/data/pcap/transport_layer.h 2012-12-05 10:49:01 UTC (rev 1508)
+++ trunk/src/data/pcap/transport_layer.h 2012-12-06 12:18:25 UTC (rev 1509)
@@ -9,6 +9,7 @@
#include <stdexcept>
#include "protocols.h"
#include "packet.h"
+#include <set>
#include <time.h>
#include "data/formatter.h"
#include <algorithm>
@@ -22,13 +23,9 @@
typedef enum{
FIN = 0,
- FIN_ACK,
SYN,
- SYN_ACK,
RST,
- RST_ACK,
PSH,
- PSH_ACK,
ACK,
URG,
ECN,
@@ -38,13 +35,9 @@
static const char* flagsNames[] =
{
stringify( FIN ),
- stringify( FIN_ACK ),
stringify( SYN ),
- stringify( SYN_ACK ),
- stringify( RST ),
- stringify( RST_ACK ),
+ stringify( RST ),
stringify( PSH ),
- stringify( PSH_ACK ),
stringify( ACK ),
stringify( URG ),
stringify( ECN ),
@@ -57,16 +50,16 @@
bpf_u_int32 init_ack_num; // init acknowledgment number
bpf_u_int32 last_seq_num; // for segmentation, actualize with every packet in this tcp connection
bpf_u_int32 last_ack_num;
- TcpFlag last_flag;
+ std::set<TcpFlag> last_flags;
bool data;
bool last_direction;
SeqItem(){}
- SeqItem(bpf_u_int32 seq, bpf_u_int32 ack,TcpFlag flag,bool data_contains,bool direction){
+ SeqItem(bpf_u_int32 seq, bpf_u_int32 ack,std::set<TcpFlag> flags,bool data_contains,bool direction){
init_seq_num = last_seq_num = seq;
init_ack_num = last_ack_num = ack;
- last_flag = flag;
+ last_flags = flags;
data = data_contains;
last_direction = direction;
}
@@ -74,7 +67,7 @@
struct TcpFlowItem
{
- TcpFlag flag;
+ std::set<TcpFlag> flags;
bool data;
bool segment;
bool segment_ack;
@@ -82,9 +75,9 @@
bpf_u_int32 seq_num;
TcpFlowItem(){}
- TcpFlowItem(TcpFlag flg,bool has_data,bool is_segment,bool is_segment_ack,bpf_u_int32 s_num,bpf_u_int32 a_num)
+ TcpFlowItem(std::set<TcpFlag> flg,bool has_data,bool is_segment,bool is_segment_ack,bpf_u_int32 s_num,bpf_u_int32 a_num)
{
- flag = flg;
+ flags = flg;
data = has_data;
segment = is_segment;
segment_ack = is_segment_ack;
@@ -132,7 +125,7 @@
bpf_u_int32 relative_seq_num;
bpf_u_int32 relative_ack_num;
- TcpFlag flags;
+ std::set<TcpFlag> flags;
/*
* check if the packet is segment of previous data -> if last ACK number in this direction equals the actual ACK number
* if they are the same, there wasn't sent new data in the opposite direction. So in this way, this is only next part of
@@ -161,7 +154,7 @@
Ports get_ports();
TcpFlowItem* get_tcp_flow_item();
- TcpFlag get_flag();
+ std::set<TcpFlag> get_flag();
};
////////////////////////////////////////// UDP ////////////////////////////////////////////
Modified: trunk/src/view/visio/addon/dllmodule.rc
===================================================================
--- trunk/src/view/visio/addon/dllmodule.rc 2012-12-05 10:49:01 UTC (rev 1508)
+++ trunk/src/view/visio/addon/dllmodule.rc 2012-12-06 12:18:25 UTC (rev 1509)
@@ -13,13 +13,11 @@
#undef APSTUDIO_READONLY_SYMBOLS
/////////////////////////////////////////////////////////////////////////////
-// Czech resources
+// Czech (Czech Republic) resources
#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CSY)
-#ifdef _WIN32
LANGUAGE LANG_CZECH, SUBLANG_DEFAULT
#pragma code_page(1250)
-#endif //_WIN32
/////////////////////////////////////////////////////////////////////////////
//
@@ -70,7 +68,7 @@
//
#ifdef APSTUDIO_INVOKED
-GUIDELINES DESIGNINFO
+GUIDELINES DESIGNINFO
BEGIN
IDD_MESSAGE_SEQUENCE_OPTIONS, DIALOG
BEGIN
@@ -85,18 +83,140 @@
END
#endif // APSTUDIO_INVOKED
-#endif // Czech resources
+#endif // Czech (Czech Republic) resources
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
-// English (U.S.) resources
+// Slovak (Slovakia) resources
+#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_SKY)
+LANGUAGE LANG_SLOVAK, SUBLANG_DEFAULT
+#pragma code_page(1250)
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Dialog
+//
+
+IDD_PCAP_SETTINGS_VIEW DIALOGEX 0, 0, 300, 205
+STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_VISIBLE | WS_SYSMENU
+FONT 8, "MS Shell Dlg", 400, 0, 0x1
+BEGIN
+ GROUPBOX "Show parsed data from",IDC_STATIC,36,16,228,49
+ CONTROL "Selected layer",IDC_SEL_INFO_RDO,"Button",BS_AUTORADIOBUTTON,48,30,61,10
+ CONTROL "All parsed layers",IDC_ALL_INFO_RDO,"Button",BS_AUTORADIOBUTTON,48,47,69,10
+ GROUPBOX "From packet can't be parsed any selected layer data",IDC_STATIC,36,76,228,49
+ CONTROL "Don't add packet to diagram",IDC_IGNORE_RDO,"Button",BS_AUTORADIOBUTTON,48,89,106,10
+ CONTROL "Show data from last parsed layer",IDC_LOWER_INFO_RDO,
+ "Button",BS_AUTORADIOBUTTON,48,107,122,10
+ GROUPBOX "Show informations about",IDC_STATIC,36,136,228,49
+ CONTROL "Data size",IDC_DATA_SIZE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,48,149,45,10
+ CONTROL "Packet Number",IDC_PACKET_ID,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,48,167,64,10
+ CONTROL "Ports (if available)",IDC_PORTS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,156,149,74,10
+ CONTROL "Encapsulated protocol",IDC_UPP_PROTO,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,156,167,87,10
+END
+
+IDD_PCAP_SETTINGS_AGGREG DIALOGEX 0, 0, 300, 240
+STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_VISIBLE | WS_SYSMENU
+FONT 8, "MS Shell Dlg", 400, 0, 0x1
+BEGIN
+ CONTROL "Apply agregation",IDC_APPLY_AGGREG,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,10,18,71,10
+ GROUPBOX "Suitable packets for aggregation have equal",IDC_STATIC,10,33,150,76
+ CONTROL "Source and destination address",IDC_SRC_DST_RDO,"Button",BS_AUTORADIOBUTTON,20,44,117,10
+ CONTROL "Network protocol",IDC_NET_PROTO_RDO,"Button",BS_AUTORADIOBUTTON,20,57,71,10
+ CONTROL "Transport protocol",IDC_TRANS_PROTO_RDO,"Button",BS_AUTORADIOBUTTON,20,69,75,10
+ CONTROL "Application protocol",IDC_APP_PROTO_RDO,"Button",BS_AUTORADIOBUTTON,20,81,79,10
+ CONTROL "Ports",IDC_PORTS_RDO,"Button",BS_AUTORADIOBUTTON,20,94,33,10
+ GROUPBOX "Can't apply equality rule for packet",IDC_STATIC,10,115,283,31
+ CONTROL "Ignore packet",IDC_IGNORE_RDO,"Button",BS_AUTORADIOBUTTON,20,127,61,10
+ CONTROL "Use lower equality rule",IDC_USE_LOWER_RDO,"Button",BS_AUTORADIOBUTTON,150,127,89,10
+ GROUPBOX "Show info about",IDC_STATIC,168,46,125,48
+ CONTROL "Aggregated data size",IDC_AGG_DATA_SIZE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,178,59,85,10
+ CONTROL "Aggregated packet count",IDC_PACKETS_COUNT,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,178,69,97,10
+ GROUPBOX "Choose aggregation rule",IDC_STATIC,10,150,283,83
+ CONTROL "Succesive equal packets in entire communication",IDC_LST_PACKETS_RDO,
+ "Button",BS_AUTORADIOBUTTON,20,161,170,10
+ CONTROL "Continuous one-way communication in every canal",IDC_SDC_PACKETS_RDO,
+ "Button",BS_AUTORADIOBUTTON,20,173,177,10
+ CONTROL "Continuous both-way communication in every canal",IDC_BDC_PACKETS_RDO,
+ "Button",BS_AUTORADIOBUTTON,20,185,180,10
+ CONTROL "Equal packets in entire communication",IDC_SD_PACKETS_RDO,
+ "Button",BS_AUTORADIOBUTTON,20,197,137,10
+ CONTROL "Equal packets in interval:",IDC_INT_PACKETS_RDO,"Button",BS_AUTORADIOBUTTON,20,209,96,10
+ EDITTEXT IDC_INTERVAL_VALUE,113,209,36,12,ES_AUTOHSCROLL
+ CONTROL "",IDC_SPIN_CONTROL,"msctls_updown32",UDS_ALIGNRIGHT | UDS_ARROWKEYS,126,209,11,12
+ LTEXT "data units",IDC_STATIC,168,209,33,8
+END
+
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// DESIGNINFO
+//
+
+#ifdef APSTUDIO_INVOKED
+GUIDELINES DESIGNINFO
+BEGIN
+ IDD_PCAP_SETTINGS_VIEW, DIALOG
+ BEGIN
+ LEFTMARGIN, 6
+ RIGHTMARGIN, 293
+ VERTGUIDE, 36
+ VERTGUIDE, 48
+ VERTGUIDE, 156
+ VERTGUIDE, 264
+ TOPMARGIN, 7
+ BOTTOMMARGIN, 198
+ HORZGUIDE, 30
+ HORZGUIDE, 47
+ HORZGUIDE, 89
+ HORZGUIDE, 107
+ HORZGUIDE, 149
+ HORZGUIDE, 167
+ END
+
+ IDD_PCAP_SETTINGS_AGGREG, DIALOG
+ BEGIN
+ LEFTMARGIN, 7
+ RIGHTMARGIN, 293
+ VERTGUIDE, 10
+ VERTGUIDE, 20
+ VERTGUIDE, 113
+ VERTGUIDE, 168
+ VERTGUIDE, 178
+ VERTGUIDE, 287
+ TOPMARGIN, 7
+ BOTTOMMARGIN, 233
+ HORZGUIDE, 18
+ HORZGUIDE, 33
+ HORZGUIDE, 44
+ HORZGUIDE, 57
+ HORZGUIDE, 69
+ HORZGUIDE, 81
+ HORZGUIDE, 94
+ HORZGUIDE, 104
+ HORZGUIDE, 127
+ HORZGUIDE, 161
+ HORZGUIDE, 173
+ HORZGUIDE, 185
+ HORZGUIDE, 197
+ HORZGUIDE, 209
+ HORZGUIDE, 221
+ END
+END
+#endif // APSTUDIO_INVOKED
+
+#endif // Slovak (Slovakia) resources
+/////////////////////////////////////////////////////////////////////////////
+
+
+/////////////////////////////////////////////////////////////////////////////
+// English (United States) resources
+
#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
-#ifdef _WIN32
LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
#pragma code_page(1252)
-#endif //_WIN32
/////////////////////////////////////////////////////////////////////////////
//
@@ -309,7 +429,7 @@
//
#ifdef APSTUDIO_INVOKED
-GUIDELINES DESIGNINFO
+GUIDELINES DESIGNINFO
BEGIN
IDD_CHECK_OPTIONS, DIALOG
BEGIN
@@ -529,7 +649,7 @@
// String Table
//
-STRINGTABLE
+STRINGTABLE
BEGIN
IDS_ADDON_NAME "Sequence Chart Studio"
IDS_ERROR_VISIO_VERSION "This application requires Microsoft Office Visio 2003 or later."
@@ -537,18 +657,16 @@
IDS_REPORT_VIEW "Verification Report"
END
-#endif // English (U.S.) resources
+#endif // English (United States) resources
/////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
-// English (U.K.) resources
+// English (United Kingdom) resources
#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENG)
-#ifdef _WIN32
LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_UK
#pragma code_page(1252)
-#endif //_WIN32
/////////////////////////////////////////////////////////////////////////////
//
@@ -654,20 +772,68 @@
CONTROL "original value",IDC_ORIGINAL_CONDITION_RDO,"Button",BS_AUTORADIOBUTTON,12,193,133,10
END
+IDD_PCAP_SETTINGS_ADVANCED DIALOGEX 0, 0, 300, 200
+STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_VISIBLE | WS_SYSMENU
+FONT 8, "MS Shell Dlg", 400, 0, 0x1
+BEGIN
+ GROUPBOX "TCP",IDC_STATIC,18,15,253,47
+ GROUPBOX "HTTP",IDC_STATIC,18,69,253,47
+ GROUPBOX "SIP",IDC_STATIC,18,122,253,63
+ CONTROL "Show SEQ/ACK numbers",IDC_TCP_SEQACK,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,132,28,94,10
+ CONTROL "Show TCP flags",IDC_TCP_FLAGS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,132,44,65,10
+ CONTROL "RTP stream reassemble",IDC_SIP_RTP_STREAM,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,31,134,91,10
+ CONTROL "Show status description",IDC_SIP_SPECIFIC,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,31,150,92,10
+ CONTROL "Show version",IDC_SIP_VERSION,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,31,167,59,10
+ CONTROL "Show FROM/TO",IDC_SIP_FROM_TO,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,132,134,67,10
+ CONTROL "Only nicknames (if available)",IDC_SIP_NICKNAMES,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,132,150,107,10
+ CONTROL "Show version",IDC_HTTP_VERSION,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,132,82,59,10
+ CONTROL "Show method/status description",IDC_HTTP_SPECIFIC,
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,132,98,119,10
+ CONTROL "Show splitted parts",IDC_TCP_SPLITTED_N,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,31,28,77,10
+ CONTROL "Reassemble segments",IDC_TCP_REASSEMBLE_N,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,31,44,87,10
+ CONTROL "Show splitted parts",IDC_HTTP_SPLITTED_N,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,31,82,77,10
+ CONTROL "Reassemble segments",IDC_HTTP_REASSEMBLE_N,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,31,98,87,10
+END
+IDD_PCAP_SETTINGS_GENERAL DIALOGEX 0, 0, 300, 230
+STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_VISIBLE | WS_SYSMENU
+FONT 8, "MS Shell Dlg", 400, 0, 0x1
+BEGIN
+ LTEXT "Apply pcap filter",IDC_STATIC,36,18,56,8
+ COMBOBOX IDC_FILTER_BOX,102,14,166,89,CBS_DROPDOWN | CBS_AUTOHSCROLL | CBS_SORT | WS_VSCROLL | WS_TABSTOP
+ GROUPBOX "Choose layer to parse [ISO/OSI]",IDC_STATIC,30,37,238,67
+ CONTROL "Link layer",IDC_LINK_LAYER_RDO,"Button",BS_AUTORADIOBUTTON,36,49,46,10
+ CONTROL "Network layer",IDC_NET_LAYER_RDO,"Button",BS_AUTORADIOBUTTON,36,61,61,10
+ CONTROL "Transport layer",IDC_TRANS_LAYER_RDO,"Button",BS_AUTORADIOBUTTON,36,72,65,10
+ CONTROL "Application layer",IDC_APP_LAYER_RDO,"Button",BS_AUTORADIOBUTTON,36,84,69,10
+ GROUPBOX "Time format",IDC_STATIC,30,105,238,40
+ CONTROL "Absolut times",IDC_TIME_ABSOLUTE_RDO,"Button",BS_AUTORADIOBUTTON,36,129,59,10
+ CONTROL "Relative time intervals",IDC_TIME_RELATIVE_RDO,"Button",BS_AUTORADIOBUTTON,36,116,84,10
+ GROUPBOX "Time unit",IDC_STATIC,30,150,238,30
+ CONTROL "Second",IDC_SECONDS_RDO,"Button",BS_AUTORADIOBUTTON,36,163,39,10
+ CONTROL "Milisecond",IDC_MSECONDS_RDO,"Button",BS_AUTORADIOBUTTON,120,163,48,10
+ CONTROL "Microsecond",IDC_USECONDS_RDO,"Button",BS_AUTORADIOBUTTON,185,163,55,10
+ GROUPBOX "Data unit",IDC_STATIC,30,187,238,30
+ CONTROL "Bit",IDC_BITS_RDO,"Button",BS_AUTORADIOBUTTON,36,199,24,10
+ CONTROL "Byte",IDC_BYTES_RDO,"Button",BS_AUTORADIOBUTTON,120,199,31,10
+ CONTROL "Kilobyte",IDC_KBYTES_RDO,"Button",BS_AUTORADIOBUTTON,185,199,41,10
+END
+
+
/////////////////////////////////////////////////////////////////////////////
//
// DESIGNINFO
//
#ifdef APSTUDIO_INVOKED
-GUIDELINES DESIGNINFO
+GUIDELINES DESIGNINFO
BEGIN
IDD_BEAUTIFY_SETTINGS_ADDITIONAL, DIALOG
BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 293
VERTGUIDE, 17
+ VERTGUIDE, 293
TOPMARGIN, 7
BOTTOMMARGIN, 238
END
@@ -692,6 +858,49 @@
TOPMARGIN, 7
BOTTOMMARGIN, 213
END
+
+ IDD_PCAP_SETTINGS_ADVANCED, DIALOG
+ BEGIN
+ LEFTMARGIN, 7
+ RIGHTMARGIN, 293
+ VERTGUIDE, 18
+ VERTGUIDE, 31
+ VERTGUIDE, 132
+ TOPMARGIN, 7
+ BOTTOMMARGIN, 193
+ HORZGUIDE, 38
+ HORZGUIDE, 54
+ HORZGUIDE, 92
+ HORZGUIDE, 108
+ HORZGUIDE, 144
+ HORZGUIDE, 160
+ HORZGUIDE, 177
+ END
+
+ IDD_PCAP_SETTINGS_GENERAL, DIALOG
+ BEGIN
+ LEFTMARGIN, 7
+ RIGHTMARGIN, 293
+ VERTGUIDE, 30
+ VERTGUIDE, 36
+ VERTGUIDE, 120
+ VERTGUIDE, 185
+ VERTGUIDE, 268
+ TOPMARGIN, 6
+ BOTTOMMARGIN, 223
+ HORZGUIDE, 49
+ HORZGUIDE, 61
+ HORZGUIDE, 72
+ HORZGUIDE, 84
+ HORZGUIDE, 104
+ HORZGUIDE, 105
+ HORZGUIDE, 116
+ HORZGUIDE, 129
+ HORZGUIDE, 163
+ HORZGUIDE, 180
+ HORZGUIDE, 187
+ HORZGUIDE, 199
+ END
END
#endif // APSTUDIO_INVOKED
@@ -705,7 +914,7 @@
IDB_SPACING_BMP BITMAP "spacing .bmp"
IDB_INTERVALS_BMP BITMAP "intervals.bmp"
IDB_ABSOLUTE_BMP BITMAP "abs_time.bmp"
-#endif // English (U.K.) resources
+#endif // English (United Kingdom) resources
/////////////////////////////////////////////////////////////////////////////
Modified: trunk/src/view/visio/addon/registryManager.cpp
===================================================================
--- trunk/src/view/visio/addon/registryManager.cpp 2012-12-05 10:49:01 UTC (rev 1508)
+++ trunk/src/view/visio/addon/registryManager.cpp 2012-12-06 12:18:25 UTC (rev 1509)
@@ -66,7 +66,11 @@
HKEY hKey;
if(RegCreateKey(HKEY_CURRENT_USER, path, &hKey) != ERROR_SUCCESS)
return false;
- if(RegSetValueEx(hKey,_T("AutoEnumStyleAddition"),0,
+
+ /*if(RegSetValueEx(hKey,_T("AutoEnum...
[truncated message content] |
