-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathflow.h
91 lines (85 loc) · 2.53 KB
/
flow.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
/**
* ===================================================================================
*
* ISA Project - Implementation of NetFlow exporer
* @author Tadeas Kachyna <[email protected]>
* @date 14.11.2022
* @file flow.h
*
* @brief Implementation of NetFlow protocol which is used to monitor
* network flow for understanding network patterns and protocol distribution
*
* ====================================================================================
*/
#include <iostream>
#include <getopt.h>
#include <pcap/pcap.h>
#include <net/ethernet.h>
#include <map>
#include <netinet/ip_icmp.h>
#include <netinet/ip.h>
#include <netinet/in.h>
#define __FAVOR_BSD
#include <netinet/udp.h>
#define __FAVOR_BSD
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <tuple>
#include "arguments.h"
#include "client.h"
/**
* @struct flowInfo
* @brief a struct to hold info about flows
*
* @var networkIPSrcAddr network byte order IP source address
* @var networkIPDstAddr network byte order IP destination address
* @var firstPacketTime firstPacketTime occurence of the packet in the flow
* @var lastPacketTime lastPacketTime occurence of the packet in the flow
* @var numOfPackets number of packets in the flow
* @var length of the flow in bytes
* @var tos type of service
* @var tcp_flags cumulative OR of TCP flags
* @var prot protocol number
*/
typedef struct flowInfo {
uint32_t networkIPSrcAddr;
uint32_t networkIPDstAddr;
timeval ts;
long long firstPacketTime = 0;
long long lastPacketTime = 0;
int numOfPackets = 0;
int length = 0;
int tcp_flags = 0;
int label = 1;
} flowInfo;
struct NetFlowV5Packet {
uint16_t version = htons(5);
uint16_t count = htons(1);
uint32_t SysUptime;
uint32_t unix_secs;
uint32_t unix_nsecs;
uint32_t flow_sequence;
uint8_t engine_type = 0;
uint8_t engine_id = 0;
uint16_t sampling_interval = htons(0);
uint32_t srcaddr;
uint32_t destaddr;
uint32_t nexthop = htonl(0);
uint16_t input = htons(0);
uint16_t output = htons(0);
uint32_t dPkts;
uint32_t length;
uint32_t First;
uint32_t Last;
uint16_t srcport;
uint16_t dstport;
uint8_t pad1 = htons(0);
uint8_t tcp_flags = 0;
uint8_t prot;
uint8_t tos;
uint16_t src_as = htons(0);
uint16_t dst_as = htons(0);
uint8_t src_mask = htons(0);
uint8_t dst_mask = htons(0);
uint16_t pad2 = htons(0);
};