int Active_ForceDropAction(Packet *p)
{
if ( !IsIP(p) )
return 0;
// explicitly drop packet
Active_ForceDropPacket();
switch ( GET_IPH_PROTO(p) )
{
case IPPROTO_TCP:
case IPPROTO_UDP:
Active_DropSession();
_Active_ForceIgnoreSession(p);
}
return 0;
}
static void UpdateFlows(char * src_ip, char * dst_ip, uint16_t src_port, uint16_t dst_port, uint16_t proto, uint32_t seq_number, long sec, long usec, char * payload, uint16_t payload_size, uint16_t hash_value, Packet *p)
{
//printf("UpdateFlows\n");
FlowRecord * ite_record = hash_table[hash_value].hash_flow_header;
//the first node in the index
if(ite_record == NULL)
{
FlowRecord * new_record = (FlowRecord *)malloc(sizeof(FlowRecord));
new_record->pkt_entropy[0] = AboveEntropy(payload, payload_size);
if(payload_size > 16)
{
new_record->have_payload = 1;
}
else
{
new_record->have_payload = 0;
}
new_record->packet_count = 1;
new_record->labeled = -1;
strcpy(new_record->src_ip, src_ip);
strcpy(new_record->dst_ip, dst_ip);
new_record->proto = proto;
new_record->first_sec = sec;
new_record->first_usec = usec;
new_record->src_port = src_port;
new_record->dst_port = dst_port;
new_record->last_sec = sec;
new_record->last_usec = usec;
new_record->prev = NULL;
new_record->next = NULL;
hash_table[hash_value].hash_flow_header = new_record;
return;
}
while(1)
{
//find the right record
if( ( (proto == ite_record->proto) && (strcmp(ite_record->src_ip, src_ip) == 0)&&(strcmp(ite_record->dst_ip, dst_ip) == 0)&&(ite_record->src_port == src_port)&&(ite_record->dst_port == dst_port) ) ||
( (strcmp(ite_record->src_ip, dst_ip) == 0)&&(strcmp(ite_record->dst_ip, src_ip) == 0)&&(ite_record->src_port == dst_port)&&(ite_record->dst_port == src_port) && (proto == ite_record->proto) ) )
{
if(ite_record->labeled == -1)
{
if(ite_record->packet_count < PKTSPERFLOW)
{
ite_record->pkt_entropy[ite_record->packet_count] = AboveEntropy(payload, payload_size);
}
if(ite_record->packet_count == PktsLimit)
{
//printf("Decide\n");
DecideHighEntropyFlow(ite_record);
}
if(payload_size > 0)
{
ite_record->have_payload = 1;
}
}
else if(ite_record->labeled == 1)
{
//printf("Drop packet\n");
DisableAllDetect(p);
Active_DropSession(p);
}
ite_record->packet_count++;
ite_record->last_sec = sec;
ite_record->last_usec = usec;
return;
}
if(ite_record->next != NULL)
{
ite_record = ite_record->next;
}
else
{
break;
}
}
FlowRecord * new_record = (FlowRecord *)malloc(sizeof(FlowRecord));
new_record->pkt_entropy[0] = AboveEntropy(payload, payload_size);
new_record->packet_count = 1;
if(payload_size > 0)
{
new_record->have_payload = 1;
}
else
{
new_record->have_payload = 0;
}
new_record->labeled = -1;
strcpy(new_record->src_ip, src_ip);
strcpy(new_record->dst_ip, dst_ip);
new_record->src_port = src_port;
new_record->dst_port = dst_port;
new_record->proto = proto;
new_record->first_sec = sec;
new_record->first_usec = usec;
new_record->last_sec = sec;
new_record->last_usec = usec;
new_record->prev = ite_record;
new_record->next = NULL;
ite_record->next = new_record;
}
