private readonly TimeSpan _udpSessionAliveTimeout; // = 600; //s
public UDPFlowTracker(L4Conversation l4Conversation, FlowStore flowStore, TimeSpan udpSessionAliveTimeout, DaRFlowDirection flowDirection)
{
this.L4Conversation = l4Conversation;
this.FlowStore = flowStore;
this._udpSessionAliveTimeout = udpSessionAliveTimeout;
this.UDPFlowReassembler = new UDPFlowReassembler(this.L4Conversation, this.FlowStore, flowDirection, this._udpSessionAliveTimeout);
}
public UDPFlowReassembler(L4Conversation l4Conversation, FlowStore flowStore, DaRFlowDirection flowDirection, TimeSpan udpSessionAliveTimeout)
{
this.L4Conversation = l4Conversation;
this.FlowStore = flowStore;
this.FlowDirection = flowDirection;
this.UdpSessionAliveTimeout = udpSessionAliveTimeout;
}
public TCPFlowReassembler(L4Conversation l4Conversation, FlowStore flowStore, TimeSpan tcpSessionAliveTimeout, long tcpSessionMaxDataLooseOnTCPLoop)
{
this.L4Conversation = l4Conversation;
this.FlowStore = flowStore;
this.TCPSessionAliveTimeout = tcpSessionAliveTimeout;
this.TCPSessionMaxDataLooseOnTCPLoop = tcpSessionMaxDataLooseOnTCPLoop;
}
private static readonly TimeSpan UDPSessionAliveTimeout = new TimeSpan(0, 0, 0, 600); //s
public UDPTracker(IFlowStoreFactory flowStoreFactory, L4Conversation l4Conversation)
{
this.L4Conversation = l4Conversation;
this.FlowStore = flowStoreFactory.Create(l4Conversation, UDPSessionAliveTimeout);
this.UpFlowUDPFlowTracker = new UDPFlowTracker(this.L4Conversation, this.FlowStore, UDPSessionAliveTimeout, DaRFlowDirection.up);
this.DownFlowUDPFlowTracker = new UDPFlowTracker(this.L4Conversation, this.FlowStore, UDPSessionAliveTimeout, DaRFlowDirection.down);
}
private readonly Int32 _tcpSessionMaxDataLooseOnTCPLoop = 3800; //B
public TCPTracker(IFlowStoreFactory flowStoreFactory, L4Conversation l4Conversation)
{
this.L4Conversation = l4Conversation;
this.FlowStore = flowStoreFactory.Create(l4Conversation, TCPSessionAliveTimeout);
this.UpFlowTCPFlowTracker = new TCPFlowTracker(this.L4Conversation, this.FlowStore, TCPSessionAliveTimeout, this._tcpSessionMaxDataLooseOnTCPLoop, DaRFlowDirection.up);
this.DownFlowTCPFlowTracker = new TCPFlowTracker(this.L4Conversation, this.FlowStore, TCPSessionAliveTimeout, this._tcpSessionMaxDataLooseOnTCPLoop, DaRFlowDirection.down);
}
private readonly TimeSpan _tcpSessionAliveTimeout; // = 600; //s
public TCPFlowTracker(
L4Conversation l4Conversation,
FlowStore flowStore,
TimeSpan tcpSessionAliveTimeout,
int tcpSessionMaxDataLooseOnTCPLoop,
DaRFlowDirection flowDirection)
{
this.FlowStore = flowStore;
this.FlowDirection = flowDirection;
this.L4Conversation = l4Conversation;
this._tcpSessionAliveTimeout = tcpSessionAliveTimeout;
this.TCPFlowReassembler = new TCPFlowReassembler(this.L4Conversation, this.FlowStore, this._tcpSessionAliveTimeout, tcpSessionMaxDataLooseOnTCPLoop);
}
public String RunRecognition(L4Conversation conversation)
{
this._conversation = conversation;
if (!this.SetPacketBaseType())
{
return(null);
}
this._completedProtocolModelsQueue.Clear();
this.frameQueue.Clear();
this._sessionHandler = new SessionHandler(this.config.MaxSimultaneousSessions, this.config); //1000 parallel sessions is a good value
this._sessionHandler.SessionProtocolModelCompleted += this.sessionHandler_SessionProtocolModelCompleted;
this._backgroundFileLoader = new Task(this.backgroundFileLoader_DoWork);
this._backgroundFrameToSessionAdder = new Task(this.backgroundFrameToSessionAdder_DoWork);
this._backgroundFileLoader.Start();
this._backgroundFrameToSessionAdder.Start();
this._backgroundFileLoader.Wait();
this._backgroundFrameToSessionAdder.Wait();
var sessions = this._sessionHandler.GetSessionsWithoutCompletedProtocolModels();
// Debug.Assert(sessions.Count() == 1);
var protocols =
sessions.Select(session => this.GetBestProtocolMatch(session.ApplicationProtocolModel, this._protocolModels)).Where(protocol => protocol != null).ToList();
protocols.AddRange(
this._completedProtocolModelsQueue.Select(session => session.Value != null? this.GetBestProtocolMatch(session.Value, this._protocolModels) : null)
.Where(protocol => protocol != null));
if (protocols.Any())
{
if (protocols.Count != 1)
{
Debug.Write("Recognized more conversations tags> ");
foreach (var proto in protocols)
{
Debug.Write(proto + " ");
}
Debug.WriteLine("");
}
return(protocols.First().ToString());
}
return(null);
}
public FlowStore(IL7ConversationFactory l7ConversationFactory, IApplicationRecognizer applicationRecognizer, L4Conversation l4Conversation, TimeSpan flowMatchingTimeSpan)
{
this.L7ConversationFactory = l7ConversationFactory;
this.ApplicationRecognizer = applicationRecognizer;
this.L4Conversation = l4Conversation;
this.FlowMatchingTimeSpan = flowMatchingTimeSpan;
}