Skip to content

Commit

Permalink
Top 10 ports - Adjust parser
Browse files Browse the repository at this point in the history
  • Loading branch information
Zadamsa committed Dec 2, 2024
1 parent 1f2fc98 commit abd2f62
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 4 deletions.
16 changes: 16 additions & 0 deletions include/ipfixprobe/parser-stats.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,9 @@

#pragma once

#include "../../input/countminsketch.hpp"
#include <cstdint>
#include <array>

namespace ipxp {

Expand All @@ -46,6 +48,20 @@ struct ParserStats {

uint64_t seen_packets;
uint64_t unknown_packets;

CountMinSketch<uint16_t, 2> top_ports{
{std::hash<uint16_t>{},
[](uint16_t port) {
constexpr size_t prime1 = 54059UL;
constexpr size_t prime2 = 76963UL;
constexpr size_t prime3 = 86969UL;
size_t res = 37;
res = (res * prime1) ^ ((port >> 8) * prime2);
res = (res * prime1) ^ (static_cast<uint8_t>(port) * prime2);
return res % prime3;
},
}
};
};

} // namespace ipxp
15 changes: 15 additions & 0 deletions input/input.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,10 @@
*/

#include <ipfixprobe/input.hpp>
#include <iterator>
#include <string>
#include <sstream>
#include <numeric>

namespace ipxp {

Expand Down Expand Up @@ -52,6 +56,17 @@ static telemetry::Content get_parser_stats_content(const ParserStats& parserStat
dict["seen_packets"] = parserStats.seen_packets;
dict["unknown_packets"] = parserStats.unknown_packets;

const auto& [ports, size] = parserStats.top_ports.get_top_events();
if (size == 0) {
dict["top_10_ports"] = "";
} else {
std::string top_ports = std::to_string(ports[0].event) + ": " + std::to_string(ports[0].frequency);
dict["top_10_ports"] = std::accumulate(ports.begin() + 1, ports.begin() + size, top_ports,
[](std::string& acc, const auto& portFrequency) {
return acc + ", " + std::to_string(portFrequency.event) + ": " + std::to_string(portFrequency.frequency);
});
}

return dict;
}

Expand Down
18 changes: 14 additions & 4 deletions input/parser.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,10 @@
#include "headers.hpp"
#include <ipfixprobe/packet.hpp>

#include <iterator>
#include <string>
#include <sstream>

namespace ipxp {

//#define DEBUG_PARSER
Expand Down Expand Up @@ -454,7 +458,7 @@ inline uint16_t parse_ipv6_hdr(const u_char *data_ptr, uint16_t data_len, Packet
* \param [out] pkt Pointer to Packet structure where parsed fields will be stored.
* \return Size of header in bytes.
*/
inline uint16_t parse_tcp_hdr(const u_char *data_ptr, uint16_t data_len, Packet *pkt)
inline uint16_t parse_tcp_hdr(ParserStats& stats, const u_char *data_ptr, uint16_t data_len, Packet *pkt)
{
struct tcphdr *tcp = (struct tcphdr *) data_ptr;
if (sizeof(struct tcphdr) > data_len) {
Expand All @@ -469,6 +473,9 @@ inline uint16_t parse_tcp_hdr(const u_char *data_ptr, uint16_t data_len, Packet
pkt->tcp_flags = (uint8_t) *(data_ptr + 13) & 0xFF;
pkt->tcp_window = ntohs(tcp->window);

stats.top_ports.insert(pkt->src_port);
stats.top_ports.insert(pkt->dst_port);

DEBUG_MSG("TCP header:\n");
DEBUG_MSG("\tSrc port:\t%u\n", ntohs(tcp->source));
DEBUG_MSG("\tDest port:\t%u\n", ntohs(tcp->dest));
Expand Down Expand Up @@ -529,7 +536,7 @@ inline uint16_t parse_tcp_hdr(const u_char *data_ptr, uint16_t data_len, Packet
* \param [out] pkt Pointer to Packet structure where parsed fields will be stored.
* \return Size of header in bytes.
*/
inline uint16_t parse_udp_hdr(const u_char *data_ptr, uint16_t data_len, Packet *pkt)
inline uint16_t parse_udp_hdr(ParserStats& stats, const u_char *data_ptr, uint16_t data_len, Packet *pkt)
{
struct udphdr *udp = (struct udphdr *) data_ptr;
if (sizeof(struct udphdr) > data_len) {
Expand All @@ -539,6 +546,9 @@ inline uint16_t parse_udp_hdr(const u_char *data_ptr, uint16_t data_len, Packet
pkt->src_port = ntohs(udp->source);
pkt->dst_port = ntohs(udp->dest);

stats.top_ports.insert(pkt->src_port);
stats.top_ports.insert(pkt->dst_port);

DEBUG_MSG("UDP header:\n");
DEBUG_MSG("\tSrc port:\t%u\n", ntohs(udp->source));
DEBUG_MSG("\tDest port:\t%u\n", ntohs(udp->dest));
Expand Down Expand Up @@ -727,10 +737,10 @@ void parse_packet(parser_opt_t *opt, ParserStats& stats, struct timeval ts, cons

l4_hdr_offset = data_offset;
if (pkt->ip_proto == IPPROTO_TCP) {
data_offset += parse_tcp_hdr(data + data_offset, caplen - data_offset, pkt);
data_offset += parse_tcp_hdr(stats, data + data_offset, caplen - data_offset, pkt);
stats.tcp_packets++;
} else if (pkt->ip_proto == IPPROTO_UDP) {
data_offset += parse_udp_hdr(data + data_offset, caplen - data_offset, pkt);
data_offset += parse_udp_hdr(stats, data + data_offset, caplen - data_offset, pkt);
stats.udp_packets++;
}
} catch (const char *err) {
Expand Down

0 comments on commit abd2f62

Please sign in to comment.