andreabont/Project-Riddle
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

MOD Pursuer

Browse source
This commit is contained in:
Andrea Bontempi 2012-06-17 16:12:38 +02:00
commit 0ab4a83521
5 changed files with 121 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Breeder.cpp
View file

@ -58,7 +58,7 @@ int main ( int argc, char **argv ) {
list<std::string> regularexpressions;
if ( vm.count ( "http" ) ) {
regularexpressions.push_front ( "HTTP.*" );
regularexpressions.push_front ( ".*HTTP.*" );
}
if ( regularexpressions.empty() ) {
@ -78,7 +78,7 @@ int main ( int argc, char **argv ) {
a_flux = libDump::decodeHexText ( flow->getFirstCharStream() );
b_flux = libDump::decodeHexText ( flow->getSecondCharStream() );
boost::regex regexp ( ".*" ); // TODO
boost::regex regexp ( ".*HTTP.*" ); // TODO
if ( boost::regex_match ( a_flux, regexp ) || boost::regex_match ( b_flux, regexp ) ) {
cout << flow->exportFlow() << endl;

2
CMakeLists.txt
View file

@ -18,7 +18,7 @@ add_executable(riddle ${RIDDLE_SRCS})
add_executable(pursuer ${PURSUER_SRCS})
add_executable(breeder ${BREEDER_SRCS})
set(BOOST_LIBS program_options system regex)
set(BOOST_LIBS program_options system regex thread)
find_package(Boost COMPONENTS ${BOOST_LIBS} REQUIRED)
find_library(LIBPCAP pcap)

104
Pursuer.cpp
View file

@ -33,6 +33,9 @@
#include <string>
#include <boost/asio.hpp>
#include <boost/program_options.hpp>
#include <boost/thread.hpp>
#include <boost/date_time.hpp>
#include <sys/time.h>
#include "./libraries/libCigarette.h"
#include "./commons/classMacAddress.h"
#include "./commons/classPacket.h"
@ -43,6 +46,56 @@ using namespace boost;
using namespace boost::program_options;
using namespace libNetwork;
boost::mutex mymutex;
bool thread_alive;
/** Hello, my job is clean up and finalize the flows */
void dustman ( std::list<stream*> packet_stream ) {
static boost::posix_time::seconds delay ( 1 );
static int maxBufferLength = 512; // byte
static int maxFlowLength = 2*1024*1024; // byte
static unsigned int maxTime = 20; // second
while ( 1 ) {
boost::mutex::scoped_lock mylock ( mymutex, boost::defer_lock ); // defer_lock makes it initially unlocked
mylock.lock();
cerr << "take lock" << endl;
for ( list<stream*>::iterator element = packet_stream.begin(); element != packet_stream.end(); element++ ) {
if ( ! ( *element )->firstFIN() && ( *element )->getFirstBufferLength() > maxBufferLength ) {
( *element )->flushFirstBuffer();
}
if ( ! ( *element )->secondFIN() && ( *element )->getSecondBufferLength() > maxBufferLength ) {
( *element )->flushSecondBuffer();
}
if ( ( ( *element )->firstFIN() && ( *element )->secondFIN() ) || ( *element )->getFlowLength() > maxFlowLength || time ( NULL ) > ( *element )->getTimeEpoch() + maxTime ) {
( *element )->flushFirstBuffer();
( *element )->flushSecondBuffer();
writeout ( ( *element ), false );
packet_stream.erase ( element );
}
}
mylock.unlock();
if ( !thread_alive ) {
return;
}
boost::this_thread::sleep ( delay );
}
}
int main ( int argc, char **argv ) {
options_description desc ( "Pursuer - Network TCP Follower" );
desc.add_options()
@ -61,6 +114,12 @@ int main ( int argc, char **argv ) {
std::list<stream*> packet_stream;
thread_alive == true;
boost::thread workerThread ( dustman, packet_stream );
workerThread.join();
string r_packet;
while ( 1 ) {
@ -78,6 +137,9 @@ int main ( int argc, char **argv ) {
TCPv4packet *pkg_tcpv4 = dynamic_cast<TCPv4packet*> ( pkg );
boost::mutex::scoped_lock mylock ( mymutex, boost::defer_lock ); // defer_lock makes it initially unlocked
mylock.lock();
if ( pkg_tcpv4->isSYN() && !pkg_tcpv4->isACK() ) {
@ -95,14 +157,6 @@ int main ( int argc, char **argv ) {
if ( pkg_tcpv4->isSYN() ) {
( *it )->factory ( pkg_tcpv4 );
} else if ( pkg_tcpv4->isRST() || pkg_tcpv4->isFIN() ) {
( *it )->flushFirstBuffer();
( *it )->flushSecondBuffer();
writeout ( ( *it ), vm.count ( "tofile" ) );
packet_stream.remove ( *it );
break;
} else {
( *it )->addPacket ( pkg_tcpv4 );
}
@ -113,34 +167,14 @@ int main ( int argc, char **argv ) {
}
}
}
// Regole di pulizia.
for ( list<stream*>::iterator it2 = packet_stream.begin(); it2 != packet_stream.end(); it2++ ) {
if ( ( *it2 )->getFlowLength() > ( 100*1024*1024 ) || ( *it2 )->getTimeEpoch() > pkg->getEpoch() + ( 10*60 ) ) {
writeout ( ( *it2 ), vm.count ( "tofile" ) );
packet_stream.erase ( it2 );
break;
} else if ( ( *it2 )->getBufferLength() > 1024 ) {
( *it2 )->flushFirstBuffer();
( *it2 )->flushSecondBuffer();
mylock.unlock();
}
}
} catch ( packet::Overflow ) {
thread_alive == false;
std::cerr<<"Overflow! :-P"<<std::endl;
return EXIT_FAILURE;
}
@ -148,9 +182,18 @@ int main ( int argc, char **argv ) {
// Esporto fussi non terminati prima dell'uscita.
// Non usare il for, non va d'accordo con gli erase.
thread_alive == false;
boost::mutex::scoped_lock lastlock ( mymutex, boost::defer_lock ); // defer_lock makes it initially unlocked
lastlock.lock();
while ( !packet_stream.empty() ) {
list<stream*>::iterator it3 = packet_stream.begin();
( *it3 )->flushFirstBuffer();
( *it3 )->flushSecondBuffer();
writeout ( ( *it3 ), vm.count ( "tofile" ) );
packet_stream.erase ( it3 );
@ -159,3 +202,4 @@ int main ( int argc, char **argv ) {
return EXIT_SUCCESS;
}

54
commons/classFlow.cpp
View file

@ -51,8 +51,8 @@ bool libNetwork::stream::factory ( libNetwork::TCPv4packet *packet ) {
port[1] = packet->getTargetPort();
sequenceNumber[0] = packet->getSequenceNumber();
sequenceNumber[1] = 0;
flagFirstFIN = false;
flagSecondFIN = false;
fluxFIN[0] = false;
fluxFIN[1] = false;
delete packet;
return true;
@ -81,10 +81,10 @@ void libNetwork::stream::factory ( std::string newflow ) {
timeEpoch = boost::lexical_cast<uint64_t> ( section[0] );
timeMillis = boost::lexical_cast<uint64_t> ( section[1] );
/* macAddress[0] = new libNetwork::mac_address ( section[2] );
macAddress[1] = new libNetwork::mac_address ( section[3] );
ipAddress[0] = ;
ipAddress[1] = ; */
/* macAddress[0] = new libNetwork::mac_address ( section[2] );
macAddress[1] = new libNetwork::mac_address ( section[3] );
ipAddress[0] = ;
ipAddress[1] = ; */
port[0] = boost::lexical_cast<uint16_t> ( section[6] );
port[1] = boost::lexical_cast<uint16_t> ( section[7] );
charStream[0] = section[8];
@ -126,10 +126,19 @@ bool libNetwork::stream::addPacket ( libNetwork::TCPv4packet *newPacket ) {
}
if ( newPacket->getPayLoad().size() != 0 ) { // Salvo il pacchetto solo se ha del payload.
if ( newPacket->getPayLoad().size() != 0 && !fluxFIN[b] ) { // Salvo il pacchetto solo se ha del payload.
packetBuffer[b].push_back ( newPacket );
}
if ( newPacket->isFIN() ) {
fluxFIN[b] = true;
}
if ( newPacket->isRST() ) {
fluxFIN[0] = true;
fluxFIN[1] = true;
}
return true;
}
@ -178,23 +187,32 @@ std::string libNetwork::stream::exportFlow() {
return stdstring.str();;
}
uint64_t libNetwork::stream::getBufferLength() {
uint64_t libNetwork::stream::getFirstBufferLength() {
uint64_t bufferlenght = 0;
for ( int i = 0; i <= 1; i++ ) {
for ( std::list<libNetwork::TCPv4packet*>::iterator it = packetBuffer[0].begin(); it != packetBuffer[0].end(); it++ ) {
for ( std::list<libNetwork::TCPv4packet*>::iterator it = packetBuffer[i].begin(); it != packetBuffer[i].end(); it++ ) {
bufferlenght += ( *it )->getPayloadLength();
}
bufferlenght += ( *it )->getPayloadLength();
}
return bufferlenght;
}
uint64_t libNetwork::stream::getSecondBufferLength() {
uint64_t bufferlenght = 0;
for ( std::list<libNetwork::TCPv4packet*>::iterator it = packetBuffer[1].begin(); it != packetBuffer[1].end(); it++ ) {
bufferlenght += ( *it )->getPayloadLength();
}
}
uint64_t libNetwork::stream::getFlowLength() {
return ( charStream[0].length() + charStream[1].length() ) /2;
}
@ -239,8 +257,12 @@ uint32_t libNetwork::stream::getSecondSN() {
return sequenceNumber[1];
}
bool libNetwork::stream::isFIN() {
return flagFirstFIN && flagSecondFIN;
bool libNetwork::stream::firstFIN() {
return fluxFIN[0];
}
bool libNetwork::stream::secondFIN() {
return fluxFIN[1];
}
std::string libNetwork::stream::getFirstCharStream() {

11
commons/classFlow.h
View file

@ -46,9 +46,6 @@ namespace libNetwork {
uint64_t timeEpoch;
uint32_t timeMillis;
bool flagFirstFIN;
bool flagSecondFIN;
libNetwork::mac_address macAddress[2];
boost::asio::ip::address ipAddress[2];
uint16_t port[2];
@ -57,6 +54,8 @@ namespace libNetwork {
uint32_t sequenceNumber[2];
std::string charStream[2];
bool fluxFIN[2];
void flushBuffer ( int number );
public:
@ -107,13 +106,15 @@ namespace libNetwork {
uint32_t getSecondSN();
/* Ritorna in byte la somma dei payload dei pachetti nel buffer */
uint64_t getBufferLength();
uint64_t getFirstBufferLength();
uint64_t getSecondBufferLength();
/* Ritorna lunghezza in byte dei due flussi in uscita */
uint64_t getFlowLength();
std::string exportFlow();
bool isFIN();
bool firstFIN();
bool secondFIN();
};