Skip to content

Commit fde3a5f

Browse files
ZadamsaDamir Zainullin
Zadamsa
authored and
Damir Zainullin
committed
Top ports - update parser
1 parent c99b15a commit fde3a5f

File tree

2 files changed

+11
-4
lines changed

2 files changed

+11
-4
lines changed

src/plugins/input/CMakeLists.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
add_subdirectory(raw)
2+
add_subdirectory(parser)
23

34
if (ENABLE_INPUT_PCAP)
45
add_subdirectory(pcap)

src/plugins/input/parser/parser.cpp

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -465,7 +465,7 @@ inline uint16_t parse_ipv6_hdr(const u_char* data_ptr, uint16_t data_len, Packet
465465
* \param [out] pkt Pointer to Packet structure where parsed fields will be stored.
466466
* \return Size of header in bytes.
467467
*/
468-
inline uint16_t parse_tcp_hdr(const u_char* data_ptr, uint16_t data_len, Packet* pkt)
468+
inline uint16_t parse_tcp_hdr(const u_char* data_ptr, uint16_t data_len, Packet* pkt, ParserStats& stats)
469469
{
470470
struct tcphdr* tcp = (struct tcphdr*) data_ptr;
471471
if (sizeof(struct tcphdr) > data_len) {
@@ -479,6 +479,9 @@ inline uint16_t parse_tcp_hdr(const u_char* data_ptr, uint16_t data_len, Packet*
479479
pkt->tcp_flags = (uint8_t) *(data_ptr + 13) & 0xFF;
480480
pkt->tcp_window = ntohs(tcp->window);
481481

482+
stats.top_ports.increment_tcp_frequency(pkt->src_port);
483+
stats.top_ports.increment_tcp_frequency(pkt->dst_port);
484+
482485
DEBUG_MSG("TCP header:\n");
483486
DEBUG_MSG("\tSrc port:\t%u\n", ntohs(tcp->source));
484487
DEBUG_MSG("\tDest port:\t%u\n", ntohs(tcp->dest));
@@ -544,7 +547,7 @@ inline uint16_t parse_tcp_hdr(const u_char* data_ptr, uint16_t data_len, Packet*
544547
* \param [out] pkt Pointer to Packet structure where parsed fields will be stored.
545548
* \return Size of header in bytes.
546549
*/
547-
inline uint16_t parse_udp_hdr(const u_char* data_ptr, uint16_t data_len, Packet* pkt)
550+
inline uint16_t parse_udp_hdr(const u_char* data_ptr, uint16_t data_len, Packet* pkt, ParserStats& stats)
548551
{
549552
struct udphdr* udp = (struct udphdr*) data_ptr;
550553
if (sizeof(struct udphdr) > data_len) {
@@ -554,6 +557,9 @@ inline uint16_t parse_udp_hdr(const u_char* data_ptr, uint16_t data_len, Packet*
554557
pkt->src_port = ntohs(udp->source);
555558
pkt->dst_port = ntohs(udp->dest);
556559

560+
stats.top_ports.increment_udp_frequency(pkt->src_port);
561+
stats.top_ports.increment_udp_frequency(pkt->dst_port);
562+
557563
DEBUG_MSG("UDP header:\n");
558564
DEBUG_MSG("\tSrc port:\t%u\n", ntohs(udp->source));
559565
DEBUG_MSG("\tDest port:\t%u\n", ntohs(udp->dest));
@@ -749,10 +755,10 @@ void parse_packet(
749755

750756
l4_hdr_offset = data_offset;
751757
if (pkt->ip_proto == IPPROTO_TCP) {
752-
data_offset += parse_tcp_hdr(data + data_offset, caplen - data_offset, pkt);
758+
data_offset += parse_tcp_hdr(data + data_offset, caplen - data_offset, pkt, stats);
753759
stats.tcp_packets++;
754760
} else if (pkt->ip_proto == IPPROTO_UDP) {
755-
data_offset += parse_udp_hdr(data + data_offset, caplen - data_offset, pkt);
761+
data_offset += parse_udp_hdr(data + data_offset, caplen - data_offset, pkt, stats);
756762
stats.udp_packets++;
757763
}
758764
} catch (const char* err) {

0 commit comments

Comments
 (0)