File: flow_stat.c

package info (click to toggle)
snort 2.3.3-11
  • links: PTS
  • area: main
  • in suites: etch, etch-m68k
  • size: 22,512 kB
  • ctags: 11,344
  • sloc: ansic: 70,967; sh: 4,848; makefile: 748; perl: 478; sql: 212
file content (129 lines) | stat: -rw-r--r-- 2,888 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
 
/* $Id: flow_stat.c,v 1.3 2004/01/13 22:54:47 jh8 Exp $ */

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#include <string.h>

#include "flow.h"
#include "flow_cache.h"
#include "flow_stat.h"
#include "flow_packet.h"

/** 
 * Reinitialize the flowstats
 * 
 * @param fsp flowstat pointer
 * 
 * @return 0 on success, else failure
 */
int flowstat_clear(FLOWSTATS *fsp)
{
    if(fsp == NULL)
    {
        return 1;
    }

    memset(fsp, 0, sizeof(FLOWSTATS));
    
    return 0;
}

int flowstat_print(FLOWSTATS *fsp)
{
    if(!fsp)
    {
        return 1;
    }
         
    flow_printf("fsp: %p fp: %u lp: %u bs: %u br: %u ps: %u pr: %u flags: %u ft: %x lt: %x ac: %u",
                fsp,
                (unsigned int) fsp->first_packet,
                (unsigned int) fsp->last_packet,
                fsp->bytes_sent,
                fsp->bytes_recv,
                fsp->packets_sent,
                fsp->packets_recv,
                fsp->flow_flags,
                fsp->first_talker,
                fsp->last_talker,
                fsp->alerts_seen);
    return 0;
}

int flowstat_increment(FLOWSTATS *fsp, int direction, time_t cur, u_int32_t bytes)
{
    switch(direction)
    {
    case FROM_INITIATOR:
        fsp->bytes_sent += bytes;
        fsp->packets_sent++;

        if(fsp->first_talker == 0)
        {
            fsp->first_talker = FROM_INITIATOR;
            fsp->first_packet = cur;
        }
        else
        {
            /* not a typo - only update once */
            fsp->last_talker = FROM_INITIATOR;
        }        
        break;
    case FROM_RESPONDER:
        fsp->bytes_recv += bytes;
        fsp->packets_recv++;
        fsp->last_talker = FROM_RESPONDER;
        break;
    default:
        flow_printf("flowstat_increment: unable to handle\n");
        return -1;
    }

    
    fsp->last_packet = cur;            
        
    return 0;
}

/** 
* The callback for the flowstats processor
* 
* @param position where in the flow module this is being called from
* @param flow the flow that the stats are kept for
* @param direction the direction of the flow
* @param cur the current time
* @param p the current packet (may be NULL)
* 
* @return TBD
*/
int flowstat_callback(FLOW_POSITION position, FLOW *flowp, int direction,
                      time_t cur, FLOWPACKET *p)
{
    int dsize;

    switch(position)
    {
    case FLOW_SHUTDOWN:
        /* 
           flow_printf("flow:");
           flowkey_print(&flowp->key);
           flowstat_print(&flowp->stats);
           flow_printf("\n");
        */
        break;
    case FLOW_NEW:
    case FLOW_ADDITIONAL:
        if(p)
        {
            dsize = GetIPv4Len(p);            
            flowstat_increment(&flowp->stats, direction, cur, dsize);
        }
    default:                        
    case FLOW_FIRST_BIDIRECTIONAL:
        break;
    }

    return 0;
}