void HandleFlowOnPacketReceived(SharpPcap.PosixTimeval timeval,
TcpPacket tcp,
TcpConnection connection,
TcpFlow flow)
{
AddPacket(tcp);
}
/// <summary>
/// Pass a packet to an existing connection if one is present
/// or
/// Create a new connection, notify the OnConnectionFound delegate and
/// pass the packet to this new connection
/// </summary>
/// <param name="timeval">
/// A <see cref="PosixTimeval"/>
/// </param>
/// <param name="tcp">
/// A <see cref="TcpPacket"/>
/// </param>
public void ProcessPacket(PosixTimeval timeval, TcpPacket tcp)
{
TcpFlow foundFlow = null;
TcpConnection foundConnection = null;
// attempt to find the connection and flow that
// this packet belongs to
foreach (var c in Connections)
{
foundFlow = c.IsMatch(tcp);
if (foundFlow != null)
{
foundConnection = c;
break;
}
}
TcpConnection connectionToUse;
TcpFlow flowToUse;
if (foundConnection == null)
{
log.Debug("foundConnection == null");
if (tcp.Reset)
{
log.Debug("creating new connection, RST flag is set");
}
else
{
log.Debug("creating new connection, RST flag is not set");
}
// create a new connection
connectionToUse = new TcpConnection(tcp);
connectionToUse.OnConnectionClosed += HandleConnectionToUseOnConnectionClosed;
connectionToUse.Timeout = ConnectionTimeout;
// figure out which flow matches this tcp packet
flowToUse = connectionToUse.FindFlow(tcp);
// send notification that a new connection was found
OnConnectionFound(connectionToUse);
Connections.Add(connectionToUse);
}
else
{
// use the flows that we found
connectionToUse = foundConnection;
flowToUse = foundFlow;
}
// pass the packet to the appropriate connection
connectionToUse.HandlePacket(timeval, tcp, flowToUse);
// pass the packet to the appropriate flow
flowToUse.HandlePacket(timeval, tcp, connectionToUse);
}
/// <summary>
/// Find a flow, if one exists, from a tcp packet, or null
/// </summary>
/// <param name="tcp">
/// A <see cref="TcpPacket"/>
/// </param>
/// <returns>
/// A <see cref="TcpFlow"/>
/// </returns>
public TcpFlow FindFlow(TcpPacket tcp)
{
TcpFlow foundFlow = null;
foreach (var flow in Flows)
{
if (flow.Matches(tcp))
{
foundFlow = flow;
break;
}
}
return(foundFlow);
}
internal void HandlePacket(PosixTimeval timeval, TcpPacket tcp, TcpFlow flow)
{
log.DebugFormat("timeval {0}, tcp {1}, flow {2}",
timeval,
tcp,
flow);
LastPacketReceived = DateTime.Now;
// reset the timer
closeTimer.Interval = Timeout.TotalMilliseconds;
switch (ConnectionState)
{
case ConnectionStates.Open:
if (tcp.Finished && tcp.Acknowledgment)
{
ConnectionState = ConnectionStates.WaitingForSecondFinAck;
}
break;
case ConnectionStates.WaitingForSecondFinAck:
if (tcp.Finished && tcp.Acknowledgment)
{
ConnectionState = ConnectionStates.WaitingForFinalAck;
}
break;
case ConnectionStates.WaitingForFinalAck:
if (tcp.Acknowledgment)
{
ConnectionState = ConnectionStates.Closed;
// report connection closure
if (OnConnectionClosed != null)
{
OnConnectionClosed(timeval, this, tcp, CloseType.FlowsClosed);
}
}
break;
}
if (OnPacketReceived != null)
{
OnPacketReceived(timeval, this, flow, tcp);
}
}
/// <summary>
/// Create a TcpStreamGenerator given a flow
/// </summary>
/// <param name="f">
/// A <see cref="TcpFlow"/>
/// </param>
/// <param name="timeout">
/// A <see cref="TimeSpan"/>
/// </param>
/// <param name="sizeLimitInBytes">
/// A <see cref="System.Nullable<System.Int64>"/>
/// </param>
public TcpStreamGenerator(TcpFlow f,
TimeSpan timeout,
long?sizeLimitInBytes)
{
this.flow = f;
this.flow.OnPacketReceived += HandleFlowOnPacketReceived;
this.timeout = timeout;
this.sizeLimitInBytes = sizeLimitInBytes;
packets = new LinkedList <PacketDotNet.TcpPacket>();
tcpStream = new TcpStream();
condition = TcpStreamGenerator.CallbackCondition.NextInSequence;
waiting_for_start_seq = true;
LastContinuousSequence = 0;
last_overall_seq = 0;
// use now as our last packet received time to avoid
// timing this monitor out immediately
last_continuous_packet_received = DateTime.Now;
}
/// <summary>
/// Create a tcp
/// </summary>
/// <param name="tcp">
/// A <see cref="TcpPacket"/>
/// </param>
public TcpConnection(TcpPacket tcp)
{
ConnectionState = ConnectionStates.Open;
closeTimer = new System.Timers.Timer();
closeTimer.Interval = Timeout.TotalMilliseconds;
closeTimer.Elapsed += HandleCloseTimerElapsed;
Flows = new List <TcpFlow>();
var ip = tcp.ParentPacket as IPPacket;
var flowA = new TcpFlow(ip.SourceAddress, tcp.SourcePort);
Flows.Add(flowA);
var flowB = new TcpFlow(ip.DestinationAddress, tcp.DestinationPort);
Flows.Add(flowB);
// start the close timer
closeTimer.Enabled = true;
}
