Beispiel #1
0
 public object Clone()
 {
     Flow result = new Flow();
       result.Source = new IPEndPoint(Source.Address, Source.Port);
       result.Destination = new IPEndPoint(Destination.Address, Destination.Port);
       result.Protocol = Protocol;
       return result;
 }
Beispiel #2
0
        public void Execute()
        {
            Packet packet;
              EthernetHeader eth;
              IPHeader ip;

              Flow key = new Flow();
              FlowStats stats;

              try {
            //BinaryReader log = new BinaryReader(new FileStream(@"c:\users\gavin\desktop\20081006.dat", FileMode.Open, FileAccess.Read));
            while (!terminated) {
              try {
            /*packet = new Packet();
            packet.Time = log.ReadInt64();
            packet.Length = log.ReadInt32();
            packet.Data = log.ReadBytes(log.ReadInt32());*/
            packet = pcap.Next();
              } catch (Exception e) {
            packet = null;
            throw;
              }
              if (packet != null) {
            if (dump != null) {
              dump.Write(packet.Time);
              dump.Write(packet.Length);
              int i = Math.Min(packet.Data.Length, 64);
              dump.Write(i);
              dump.Write(packet.Data, 0, i);
              dump.Flush();
            }

            eth = new EthernetHeader(packet.Data);

            if (eth.Protocol == (int)EthernetProtocol.IP) {
              ip = new IPHeader(eth);
              if (ip.Protocol == IPProtocol.Tcp) {
                TcpHeader tcp = new TcpHeader(ip);
                key = new Flow(ip, tcp);

                stats = tracker.Resolve(key, packet.Time);

                stats.Last = packet.Time;
                stats.Packets++;
                // Bytes at IP, including IP header
                stats.Bytes += ip.Length;

                #region debugging
                /*
              // TODO: Verify sorted order of queue - should be right now
              FlowStats check = queue.Head;
              while (check != null) {
                if (check.Next != null) Debug.Assert(check.Last >= check.Next.Last);
                check = check.Next;
              }
              */
                #endregion
              } else if (ip.Protocol == IPProtocol.Udp) {
                try {
                  UdpHeader udp = new UdpHeader(ip);
                  key = new Flow(ip, udp);

                  stats = tracker.Resolve(key, packet.Time);

                  stats.Last = packet.Time;
                  stats.Packets++;
                  // Bytes at IP, including IP header
                  stats.Bytes += ip.Length;
                } catch (IndexOutOfRangeException e) {
                  using (StreamWriter errorLog = new StreamWriter(Path.Combine(LogFolder, "error.log"), true)) {
                    errorLog.WriteLine(DateTime.Now);
                    errorLog.WriteLine(e.Message);
                    errorLog.WriteLine(e.StackTrace);
                    errorLog.WriteLine();
                  }

                  if (dump != null) {
                    dump.Write(packet.Time);
                    dump.Write(packet.Length);
                    dump.Write(packet.Data.Length);
                    dump.Write(packet.Data, 0, packet.Data.Length);
                    dump.Flush();
                  }
                } catch (Exception ex) {

                }
              } else if (ip.Protocol == IPProtocol.Icmp) {
                // TODO: Deal with ICMP
              } else if (ip.Protocol == IPProtocol.Gre) {
                // TODO: Deal with GRE
              }
            } else {
              // TODO: deal with non-IP
            }

            #region Age flows
            /**/
            while (tracker.Count > 0 && tracker.Tail.Last < packet.Time - ExpiryInterval) {
              stats = tracker.Tail;
              Dump(stats);
              tracker.Remove(stats);
            }
            writer.Flush();
            /**/
            #endregion
              }
              packets++;
            }
              } catch (EndOfStreamException e) {
            // TODO: nothing
              } catch (Exception e) {
            //debug.WriteLine("ERROR: " + e.Message);
            //debug.Flush();
            throw e;
              }
        }
Beispiel #3
0
        public FlowStats Resolve(Flow key, long packetTime)
        {
            FlowStats stats;
              if ((queue.Count > 0) && queue.Head.Key.Equals(key)) {
            stats = queue.Head;
              } else {
            stats = flows.ContainsKey(key) ? flows[key] : null;

            if (stats == null) {
              stats = new FlowStats(key);
              stats.First = packetTime;
              flows.Add(key, stats);
            } else if (queue.Count > 0) {
              queue.Remove(stats);
            }
            queue.Add(stats);
              }
              return stats;
        }
Beispiel #4
0
 public FlowStats(Flow key)
 {
     this.Key = key;
 }