#include "flow_ip_tracker.h"
-#include "framework/data_bus.h"
#include "log/messages.h"
#include "protocols/packet.h"
SfIp ipB;
};
-class FlowIPDataHandler : public DataHandler
-{
-public:
- FlowIPDataHandler(FlowIPTracker& t) : tracker(t)
- { DataBus::subscribe_default(FLOW_STATE_EVENT, this); }
-
- virtual void handle(DataEvent&, Flow* flow) override
- {
- FlowState state = SFS_STATE_MAX;
-
- if ( flow->pkt_type == PktType::UDP )
- state = SFS_STATE_UDP_CREATED;
-
- if ( flow->pkt_type == PktType::TCP )
- {
- if ( flow->get_session_flags() & SSNFLAG_COUNTED_ESTABLISH )
- state = SFS_STATE_TCP_ESTABLISHED;
-
- if ( flow->get_session_flags() & SSNFLAG_COUNTED_CLOSED )
- state = SFS_STATE_TCP_CLOSED;
- }
-
- if ( state == SFS_STATE_MAX )
- return;
-
- tracker.update_state(&flow->client_ip, &flow->server_ip, state);
- }
-
-private:
- FlowIPTracker& tracker;
-};
-
FlowStateValue* FlowIPTracker::find_stats(const SfIp* src_addr, const SfIp* dst_addr,
int* swapped)
{
FlowIPTracker::FlowIPTracker(PerfConfig* perf) : PerfTracker(perf, TRACKER_NAME)
{
- handler = new FlowIPDataHandler(*this);
-
formatter->register_section("flow_ip");
formatter->register_field("ip_a", ip_a);
formatter->register_field("ip_b", ip_b);
FlowIPTracker::~FlowIPTracker()
{
- DataBus::unsubscribe_default(FLOW_STATE_EVENT, handler);
- delete handler;
-
if ( ip_map )
xhash_delete(ip_map);
}
// class stuff
//-------------------------------------------------------------------------
-class PerfIdleHandler;
-class PerfRotateHandler;
+class FlowIPDataHandler;
class PerfMonitor : public Inspector
{
public:
void tterm() override;
void rotate();
+
+ FlowIPTracker* get_flow_ip();
+
private:
PerfConfig& config;
- PerfIdleHandler* idle_handler = nullptr;
- PerfRotateHandler* rotate_handler = nullptr;
+ FlowIPTracker* flow_ip_tracker = nullptr;
+ FlowIPDataHandler* flow_ip_handler = nullptr;
+
+ void disable_tracker(size_t);
};
class PerfIdleHandler : public DataHandler
PerfMonitor& perf_monitor;
};
-PerfMonitor::PerfMonitor(PerfMonModule* mod) : config(mod->get_config())
+class FlowIPDataHandler : public DataHandler
{
- idle_handler = new PerfIdleHandler(*this);
- rotate_handler = new PerfRotateHandler(*this);
-}
+public:
+ FlowIPDataHandler(PerfMonitor& p) : perf_monitor(p)
+ { DataBus::subscribe_default(FLOW_STATE_EVENT, this); }
+
+ virtual void handle(DataEvent&, Flow* flow) override
+ {
+ FlowState state = SFS_STATE_MAX;
+
+ if ( flow->pkt_type == PktType::UDP )
+ state = SFS_STATE_UDP_CREATED;
+
+ if ( flow->pkt_type == PktType::TCP )
+ {
+ if ( flow->get_session_flags() & SSNFLAG_COUNTED_ESTABLISH )
+ state = SFS_STATE_TCP_ESTABLISHED;
+
+ if ( flow->get_session_flags() & SSNFLAG_COUNTED_CLOSED )
+ state = SFS_STATE_TCP_CLOSED;
+ }
+
+ if ( state == SFS_STATE_MAX )
+ return;
+
+ FlowIPTracker* tracker = perf_monitor.get_flow_ip();
+ tracker->update_state(&flow->client_ip, &flow->server_ip, state);
+ }
+
+private:
+ PerfMonitor& perf_monitor;
+};
+
+PerfMonitor::PerfMonitor(PerfMonModule* mod) : config(mod->get_config())
+{ }
void PerfMonitor::show(SnortConfig*)
{
}
}
-static void disable_tracker(size_t i)
+void PerfMonitor::disable_tracker(size_t i)
{
WarningMessage("Disabling %s\n", (*trackers)[i]->get_name().c_str());
auto tracker = trackers->at(i);
+
+ if ( tracker == flow_ip_tracker )
+ {
+ DataBus::unsubscribe_default(FLOW_STATE_EVENT, flow_ip_handler);
+ flow_ip_tracker = nullptr;
+ }
+
(*trackers)[i] = (*trackers)[trackers->size() - 1];
trackers->pop_back();
delete tracker;
bool PerfMonitor::configure(SnortConfig*)
{
- idle_handler = new PerfIdleHandler(*this);
- rotate_handler = new PerfRotateHandler(*this);
+ // DataBus deletes these when it destructs
+ new PerfIdleHandler(*this);
+ new PerfRotateHandler(*this);
+
+ if ( config.perf_flags & PERF_FLOWIP )
+ flow_ip_handler = new FlowIPDataHandler(*this);
return config.resolve();
}
trackers->push_back(new FlowTracker(&config));
if (config.perf_flags & PERF_FLOWIP)
- trackers->push_back(new FlowIPTracker(&config));
+ {
+ flow_ip_tracker = new FlowIPTracker(&config);
+ trackers->push_back(flow_ip_tracker);
+ }
if (config.perf_flags & PERF_CPU )
trackers->push_back(new CPUTracker(&config));
return false;
}
+FlowIPTracker* PerfMonitor::get_flow_ip()
+{ return flow_ip_tracker; }
+
//-------------------------------------------------------------------------
// api stuff
//-------------------------------------------------------------------------
projects / thirdparty / snort3.git / commitdiff
