void HandleFlowOnPacketReceived(SharpPcap.PosixTimeval timeval, TcpPacket tcp, TcpConnection connection, TcpFlow flow) { AddPacket(tcp); }
/// <summary> /// Pass a packet to an existing connection if one is present /// or /// Create a new connection, notify the OnConnectionFound delegate and /// pass the packet to this new connection /// </summary> /// <param name="timeval"> /// A <see cref="PosixTimeval"/> /// </param> /// <param name="tcp"> /// A <see cref="TcpPacket"/> /// </param> public void ProcessPacket(PosixTimeval timeval, TcpPacket tcp) { TcpFlow foundFlow = null; TcpConnection foundConnection = null; // attempt to find the connection and flow that // this packet belongs to foreach (var c in Connections) { foundFlow = c.IsMatch(tcp); if (foundFlow != null) { foundConnection = c; break; } } TcpConnection connectionToUse; TcpFlow flowToUse; if (foundConnection == null) { log.Debug("foundConnection == null"); if (tcp.Reset) { log.Debug("creating new connection, RST flag is set"); } else { log.Debug("creating new connection, RST flag is not set"); } // create a new connection connectionToUse = new TcpConnection(tcp); connectionToUse.OnConnectionClosed += HandleConnectionToUseOnConnectionClosed; connectionToUse.Timeout = ConnectionTimeout; // figure out which flow matches this tcp packet flowToUse = connectionToUse.FindFlow(tcp); // send notification that a new connection was found OnConnectionFound(connectionToUse); Connections.Add(connectionToUse); } else { // use the flows that we found connectionToUse = foundConnection; flowToUse = foundFlow; } // pass the packet to the appropriate connection connectionToUse.HandlePacket(timeval, tcp, flowToUse); // pass the packet to the appropriate flow flowToUse.HandlePacket(timeval, tcp, connectionToUse); }
/// <summary> /// Find a flow, if one exists, from a tcp packet, or null /// </summary> /// <param name="tcp"> /// A <see cref="TcpPacket"/> /// </param> /// <returns> /// A <see cref="TcpFlow"/> /// </returns> public TcpFlow FindFlow(TcpPacket tcp) { TcpFlow foundFlow = null; foreach (var flow in Flows) { if (flow.Matches(tcp)) { foundFlow = flow; break; } } return(foundFlow); }
internal void HandlePacket(PosixTimeval timeval, TcpPacket tcp, TcpFlow flow) { log.DebugFormat("timeval {0}, tcp {1}, flow {2}", timeval, tcp, flow); LastPacketReceived = DateTime.Now; // reset the timer closeTimer.Interval = Timeout.TotalMilliseconds; switch (ConnectionState) { case ConnectionStates.Open: if (tcp.Finished && tcp.Acknowledgment) { ConnectionState = ConnectionStates.WaitingForSecondFinAck; } break; case ConnectionStates.WaitingForSecondFinAck: if (tcp.Finished && tcp.Acknowledgment) { ConnectionState = ConnectionStates.WaitingForFinalAck; } break; case ConnectionStates.WaitingForFinalAck: if (tcp.Acknowledgment) { ConnectionState = ConnectionStates.Closed; // report connection closure if (OnConnectionClosed != null) { OnConnectionClosed(timeval, this, tcp, CloseType.FlowsClosed); } } break; } if (OnPacketReceived != null) { OnPacketReceived(timeval, this, flow, tcp); } }
/// <summary> /// Create a TcpStreamGenerator given a flow /// </summary> /// <param name="f"> /// A <see cref="TcpFlow"/> /// </param> /// <param name="timeout"> /// A <see cref="TimeSpan"/> /// </param> /// <param name="sizeLimitInBytes"> /// A <see cref="System.Nullable<System.Int64>"/> /// </param> public TcpStreamGenerator(TcpFlow f, TimeSpan timeout, long?sizeLimitInBytes) { this.flow = f; this.flow.OnPacketReceived += HandleFlowOnPacketReceived; this.timeout = timeout; this.sizeLimitInBytes = sizeLimitInBytes; packets = new LinkedList <PacketDotNet.TcpPacket>(); tcpStream = new TcpStream(); condition = TcpStreamGenerator.CallbackCondition.NextInSequence; waiting_for_start_seq = true; LastContinuousSequence = 0; last_overall_seq = 0; // use now as our last packet received time to avoid // timing this monitor out immediately last_continuous_packet_received = DateTime.Now; }
/// <summary> /// Create a tcp /// </summary> /// <param name="tcp"> /// A <see cref="TcpPacket"/> /// </param> public TcpConnection(TcpPacket tcp) { ConnectionState = ConnectionStates.Open; closeTimer = new System.Timers.Timer(); closeTimer.Interval = Timeout.TotalMilliseconds; closeTimer.Elapsed += HandleCloseTimerElapsed; Flows = new List <TcpFlow>(); var ip = tcp.ParentPacket as IPPacket; var flowA = new TcpFlow(ip.SourceAddress, tcp.SourcePort); Flows.Add(flowA); var flowB = new TcpFlow(ip.DestinationAddress, tcp.DestinationPort); Flows.Add(flowB); // start the close timer closeTimer.Enabled = true; }