diff options
| author | yangwei <[email protected]> | 2023-08-04 20:58:43 +0800 |
|---|---|---|
| committer | yangwei <[email protected]> | 2023-08-04 20:58:43 +0800 |
| commit | caf538bd503a37965a525623357d869e7451cdfc (patch) | |
| tree | 89f379fe5acf9d0d6595e7da48fc5d4a1edf8909 /src | |
| parent | 8efcbf4ab132d8bae84c5e2cf5c7b58f1da33fb0 (diff) | |
✨ feat(tcp flow stat): 增加c2s和s2c syn计数
Diffstat (limited to 'src')
| -rw-r--r-- | src/dealpkt/deal_tcp.c | 65 | ||||
| -rw-r--r-- | src/dealpkt/plug_support.c | 27 |
2 files changed, 56 insertions, 36 deletions
diff --git a/src/dealpkt/deal_tcp.c b/src/dealpkt/deal_tcp.c index 3baedbc..d21d810 100644 --- a/src/dealpkt/deal_tcp.c +++ b/src/dealpkt/deal_tcp.c @@ -820,6 +820,7 @@ static struct streamindex *tcp_add_new_stream_bysyn(struct streamindex *pindex, if(0 == resetflag){ if(DIR_C2S == pstream->curdir){ + pdetail_pr->flow_stat->C2S_syn_pkt++; pdetail_pr->flow_stat->C2S_all_pkt++; pdetail_pr->flow_stat->C2S_all_byte += datalen; pdetail_pr->flow_stat->C2S_all_byte_raw += MAX(raw_pkt->raw_pkt_len-raw_pkt->overlay_layer_bytes,0); @@ -828,6 +829,7 @@ static struct streamindex *tcp_add_new_stream_bysyn(struct streamindex *pindex, pdetail_pr->flow_stat->C2S_ip_fragment_pkt++; } }else{ + pdetail_pr->flow_stat->S2C_syn_pkt++; pdetail_pr->flow_stat->S2C_all_pkt++; pdetail_pr->flow_stat->S2C_all_byte += datalen; pdetail_pr->flow_stat->S2C_all_byte_raw += MAX(raw_pkt->raw_pkt_len-raw_pkt->overlay_layer_bytes,0); @@ -838,6 +840,7 @@ static struct streamindex *tcp_add_new_stream_bysyn(struct streamindex *pindex, } }else{ if(DIR_C2S == pstream->curdir){ + pdetail_pr->flow_stat->C2S_syn_pkt = 1; pdetail_pr->flow_stat->C2S_all_pkt = 1; pdetail_pr->flow_stat->C2S_all_byte = datalen; pdetail_pr->flow_stat->C2S_all_byte_raw = MAX(raw_pkt->raw_pkt_len-raw_pkt->overlay_layer_bytes,0); @@ -850,6 +853,7 @@ static struct streamindex *tcp_add_new_stream_bysyn(struct streamindex *pindex, pdetail_pr->flow_stat->C2S_ip_fragment_pkt=0; } }else{ + pdetail_pr->flow_stat->S2C_syn_pkt = 1; pdetail_pr->flow_stat->S2C_all_pkt = 1; pdetail_pr->flow_stat->S2C_all_byte = datalen; pdetail_pr->flow_stat->S2C_all_byte_raw = MAX(raw_pkt->raw_pkt_len-raw_pkt->overlay_layer_bytes,0); @@ -2484,9 +2488,17 @@ static int tcp_deal_data_stream(struct streamindex *pindex,const void *this_iphd if (th_flags & TH_SYN) { //syn�ش� add by lqy 20100808 -#if 0 - if(thisseq+1 == rcv->first_data_seq) return PASS; -#else + if (pdetail_pr->flow_stat) + { + if (pstream->curdir == DIR_C2S) + { + pdetail_pr->flow_stat->C2S_syn_pkt++; + } + else + { + pdetail_pr->flow_stat->S2C_syn_pkt++; + } + } if((datalen>0) || ((UINT32)thisseq+1 == rcv->first_data_seq) || ((UINT32)thisseq==rcv->first_data_seq)) { pstream->addr.pkttype = PKT_TYPE_TCPRETRANS; @@ -2513,7 +2525,6 @@ static int tcp_deal_data_stream(struct streamindex *pindex,const void *this_iphd return PASS; } } -#endif //adjust by lqy 20150107 //if(thisseq==rcv->first_data_seq) return PASS; //add by lqy 20110507 syn�����ݵ���Ϊ�ǹ������� @@ -2648,6 +2659,20 @@ static int tcp_deal_nouse_stream(struct streamindex *pindex,const void *this_iph pdetail_pr->link_state=STREAM_LINK_REUSE_BYSYN; tcp_reset_stream(pindex,this_iphdr,this_tcphdr,datalen,raw_pkt); } + else + { + if (pdetail_pr->flow_stat) + { + if (pstream->curdir == DIR_C2S) + { + pdetail_pr->flow_stat->C2S_syn_pkt++; + } + else + { + pdetail_pr->flow_stat->S2C_syn_pkt++; + } + } + } return PASS; } return PASS; @@ -2785,24 +2810,6 @@ static int deal_tcp_stream(struct streamindex *pindex, const void *this_iphdr, s if(this_tcphdr->th_flags & TH_SYN) { - //add by yw to detect synflood attack - //if(g_RunSYNFloodDetect == 1) - if (unlikely(TCP_SYNFLOOD_DETECT_ON & tcp_flood_detect_model)) - { -#if 0 - if( synflood_detector(pstream->threadnum) == ATTACKING) - { - tcp_creatlink_model = TCP_CTEAT_LINK_BYDATA; - return PASS; - } - else -#endif - { - tcp_creatlink_model = TCP_CTEAT_LINK_BYSYN; - } - } - - //end of add by yw to detect synflood attack if(0==(TCP_CTEAT_LINK_BYSYN & tcp_creatlink_model )) return PASS; @@ -2829,7 +2836,6 @@ static int deal_tcp_stream(struct streamindex *pindex, const void *this_iphdr, s } return ret; } -// else if(tcplen>0) else { /* 2017-12-07 lijia add, @@ -2844,19 +2850,6 @@ static int deal_tcp_stream(struct streamindex *pindex, const void *this_iphdr, s return PASS; if(TCP_CTEAT_LINK_BYDATA & tcp_creatlink_model ) { - //add by yw to detect dataflood attack -#if 0 - //if(tcplen < g_DataFloodPacketLen && g_RunDataFloodDetect == 1) - if((tcplen<tcp_dataflood_pktlen) && (1==(TCP_DATAFLOOD_DETECT_ON & tcp_flood_detect_model))) - { - if( dataflood_detector(pstream->threadnum) == ATTACKING) - { - tcp_creatlink_model = TCP_CTEAT_LINK_BYSYN; - return PASS; - } - } -#endif - //end of add by yw to detect dataflood attack pindex_tcp=tcp_add_new_stream_bydata(pindex,this_tcphdr,tcplen,CTREAT_LINK, raw_pkt); if(likely(pindex_tcp != NULL)) diff --git a/src/dealpkt/plug_support.c b/src/dealpkt/plug_support.c index d6d0afa..66aa2ac 100644 --- a/src/dealpkt/plug_support.c +++ b/src/dealpkt/plug_support.c @@ -1693,6 +1693,33 @@ int MESA_get_stream_opt(const struct streaminfo *pstream, enum MESA_stream_opt o }
break;
+ case MSO_STREAM_C2S_SYN_NUM:
+ case MSO_STREAM_S2C_SYN_NUM:
+ if ((STREAM_TYPE_TCP != pstream->type) || pdetail_pr->flow_stat == NULL || *opt_val_len != sizeof(unsigned int))
+ {
+ sapp_runtime_log(RLOG_LV_INFO, "%s,MESA_get_stream_opt() MSO_STREAM_C2S_SYN_NUM error: stream type is not tcp or empyt flow_stat!\n", printaddr(&pstream->addr, pstream->threadnum));
+ ret = -1;
+ break;
+ }
+ unsigned int *syn_cnt = (unsigned int *)opt_val;
+ if (opt == MSO_STREAM_C2S_SYN_NUM)
+ {
+ *syn_cnt = pdetail_pr->flow_stat->C2S_syn_pkt;
+ *opt_val_len = sizeof(*syn_cnt);
+ ret = 0;
+ }
+ else if (opt == MSO_STREAM_S2C_SYN_NUM)
+ {
+ *syn_cnt = pdetail_pr->flow_stat->S2C_syn_pkt;
+ *opt_val_len = sizeof(*syn_cnt);
+ ret = 0;
+ }
+ else
+ {
+ ret = -1;
+ }
+ break;
+
default:
sapp_runtime_log(RLOG_LV_INFO, "%s,MESA_get_stream_opt() error:unsupport MESA_stream_opt type:%d!\n",printaddr(&pstream->addr, pstream->threadnum), (int)opt);
ret = -1;
|