void dir_per_packet(struct libtrace_packet_t *packet)
{
if (trace_get_direction(packet)==-1)
return;
dir_bytes[trace_get_direction(packet)]+=trace_get_wire_length(packet);
++dir_packets[trace_get_direction(packet)];
}
int protocolTCP::addPkt(libtrace_packet_t *pkt, m_Packet tcppkt)
{
//DownLink flag can be set here to tcppkt
m_totalpkts++;
m_totaldata+=tcppkt.getDataLen();
if( tcppkt.ethernetlayer.ether_type == TRACE_ETHERTYPE_IP)
m_totalipv4++;
else if ( tcppkt.ethernetlayer.ether_type == TRACE_ETHERTYPE_IPV6 )
m_totalip6++;
if(!trace_get_direction (pkt))
{
m_totaldownlink+=tcppkt.getDataLen();
tcppkt.Downlink = true;
}else
{
m_totaluplink+=tcppkt.getDataLen();
tcppkt.Downlink = false;
}
layerSeven.processPkt(pkt, tcppkt);
//m_pkt.push_back(tcppkt);
// Add session logic
}
int main(int argc, char *argv[]) {
int psize = 0;
int error = 0;
int count = 0;
int level = 0;
int expected = 100;
libtrace_t *trace;
libtrace_out_t *outtrace;
libtrace_packet_t *packet;
trace = trace_create(lookup_uri("pcap"));
iferr(trace);
outtrace = trace_create_output(lookup_out_uri("pcap"));
iferrout(outtrace);
level=0;
trace_config_output(outtrace,TRACE_OPTION_OUTPUT_COMPRESS,&level);
iferrout(outtrace);
trace_start(trace);
iferr(trace);
trace_start_output(outtrace);
iferrout(outtrace);
packet=trace_create_packet();
for (;;) {
if ((psize = trace_read_packet(trace, packet)) <0) {
error = 1;
break;
}
if (psize == 0) {
error = 0;
break;
}
count ++;
/* Force promotion */
if (trace_get_source_port(packet)==80) {
trace_set_direction(packet,TRACE_DIR_OUTGOING);
assert(trace_get_direction(packet)==TRACE_DIR_OUTGOING);
assert(trace_get_source_port(packet)==80);
}
else {
trace_set_direction(packet,TRACE_DIR_INCOMING);
assert(trace_get_direction(packet)==TRACE_DIR_INCOMING);
}
/* And then force demotion */
trace_write_packet(outtrace,packet);
iferrout(outtrace);
if (count>100)
break;
}
trace_destroy_packet(packet);
if (error == 0) {
if (count != expected) {
printf("failure: %d packets expected, %d seen\n",expected,count);
error = 1;
}
} else {
iferr(trace);
}
trace_destroy(trace);
trace_destroy_output(outtrace);
return error;
}
void synopt_per_packet(struct libtrace_packet_t *packet)
{
struct libtrace_tcp *tcp = trace_get_tcp(packet);
unsigned char *opt_ptr;
libtrace_direction_t dir = trace_get_direction(packet);
int len;
unsigned char type, optlen, *data;
struct tcp_opts opts_seen = {false, false, false, false, false, false};
if(!tcp)
return;
if (!tcp->syn)
return;
if (dir != TRACE_DIR_INCOMING && dir != TRACE_DIR_OUTGOING)
dir = TRACE_DIR_OTHER;
len = tcp->doff * 4 - sizeof(libtrace_tcp_t);
if(len == 0)
return;
opt_ptr = (unsigned char *)tcp + sizeof (libtrace_tcp_t);
while(trace_get_next_option(&opt_ptr,&len,&type,&optlen,&data)){
/* I don't think we need to count NO-OPs */
if (type == 1)
continue;
switch(type) {
case 2:
opts_seen.mss = true;
break;
case 3:
opts_seen.winscale = true;
break;
case 4:
opts_seen.sack = true;
break;
case 5:
opts_seen.sack = true;
break;
case 8:
opts_seen.ts = true;
break;
case 11:
case 12:
case 13:
opts_seen.ttcp = true;
break;
default:
opts_seen.other = true;
}
}
if (tcp->ack) {
total_synacks ++;
classify_packet(opts_seen, &synack_counts);
} else {
total_syns ++;
classify_packet(opts_seen, &syn_counts);
}
}
int main(int argc, char *argv[]) {
struct libtrace_t *input = NULL;
struct libtrace_out_t *in_write = NULL;
struct libtrace_out_t *out_write = NULL;
libtrace_err_t trace_err;
struct libtrace_packet_t *packet = trace_create_packet();
if (argc < 3) {
usage(argv[0]);
return 1;
}
input = trace_create(argv[1]);
if (trace_is_err(input)) {
trace_err = trace_get_err(input);
printf("Problem reading input trace: %s\n", trace_err.problem);
return 1;
}
if (trace_start(input)==-1) {
trace_perror(input,"Unable to start trace: %s",argv[1]);
return 1;
}
while(1) {
if (trace_read_packet(input, packet) < 1)
break;
switch(trace_get_direction(packet)) {
case TRACE_DIR_INCOMING:
if (!out_write) {
out_write = create_output(argv[3]);
if (!out_write)
return 1;
}
if (trace_write_packet(out_write, packet)==-1){
trace_perror_output(in_write,"write");
return 1;
}
break;
case TRACE_DIR_OUTGOING:
if (!in_write) {
in_write = create_output(argv[2]);
if (!in_write)
return 1;
}
if (trace_write_packet(in_write, packet)==-1) {
trace_perror_output(in_write,"write");
return 1;
}
break;
default:
ignored++;
}
}
if (out_write)
trace_destroy_output(out_write);
if (in_write)
trace_destroy_output(in_write);
trace_destroy(input);
trace_destroy_packet(packet);
if (ignored)
fprintf(stderr,"warning: Ignored %" PRIu64 " packets with unknown directions\n",
ignored);
return 0;
}
/*
* Updates the RTT estimates given a new packet belonging to the flow.
*/
void rtt_handshake_update (void *data, struct libtrace_packet_t *packet) {
struct rtt_handshake_record_t *record = (struct rtt_handshake_record_t *) data;
struct libtrace_tcp *tcp;
double time;
int direction;
// If a session has been established then skip all calculations.
if (!record->established) {
if ((tcp = trace_get_tcp (packet)) == NULL)
return;
time = trace_get_seconds (packet);
direction = trace_get_direction (packet);
// Check that the direction is ok
if(!(direction==0 || direction==1))
return;
// Check if the packet is a SYN, a SYN/ACK or an ACK
if (tcp->syn) {
if (tcp->ack) {
// If the SYN/ACK is a retransmit, then we must not
// update the rtt to the origin of the SYN/ACK but
// only to the destination.
if (direction == 0) { //outbound, so incoming syn
if(record->rtt_in < 0.0) { // Do not update if rtt already set
record->rtt_in += time;
}
record->rtt_out = -time;
} else {
if(record->rtt_out < 0.0) {
record->rtt_out += time;
}
record->rtt_in = -time;
}
} else {
if(direction == 0) {
record->rtt_out = -time;
} else {
record->rtt_in = -time;
}
}
} else if (tcp->ack) {
// ack - syn_ack gives the time for the other direction
if (direction == 0) { //outbound, so incoming syn_ack
record->rtt_in += time;
} else {
record->rtt_out += time;
}
record->established = 1;
}
}
}
static void per_packet(libtrace_packet_t *packet, tcp_session_t *session)
{
int dir;
double ts, rttsample;
if (session == NULL) {
return; // was not a tcp packet
}
ts = trace_get_seconds(packet);
dir = trace_get_direction(packet);
if (!(dir==OUT || dir==IN))
return;
if (last_report_ts == 0) {
last_report_ts = ts;
}
// time interval based reporting
while (packet_interval != UINT32_MAX &&
last_report_ts+packet_interval<ts &&
(report_periods == UINT64_MAX || reported < report_periods)) {
last_report_ts+=packet_interval;
if (report_rel_time) {
print_report(packet_interval);
} else {
print_report(last_report_ts);
}
}
// did this packet create a new sample ?
if (ts == rtt_n_sequence_last_sample_ts(session->data[0]) &&
dir == rtt_n_sequence_last_sample_dir(session->data[0]))
{
// update RTT stats if we got a valid sample
rttsample = rtt_n_sequence_last_sample_value(session->data[0]);
if (rttsample > 0) {
rttsample = rttsample * 1000.0; // in ms
reports[dir].count += 1;
reports[dir].sum += rttsample;
reports[dir].ssq += (rttsample*rttsample);
if (reports[dir].min < 0 || rttsample < reports[dir].min)
reports[dir].min = rttsample;
if (reports[dir].max < 0 || rttsample > reports[dir].max)
reports[dir].max = rttsample;
}
}
if (packet_count != UINT64_MAX &&
(reports[OUT].count+reports[IN].count) > 0 &&
(reports[OUT].count+reports[IN].count)%packet_count == 0 &&
(report_periods == UINT64_MAX || reported < report_periods)) {
if (report_rel_time) {
print_report(ts-last_report_ts);
} else {
print_report(ts);
}
last_report_ts = ts;
}
last_packet_ts = ts;
}
