capture/unified_packet_attr_8h_source.html

#pragma once


#include <vector>

#include <queue>

#include <unordered_map>

#include <functional>

#include <sstream>

#include "TcpLayer.h"

#include <UdpLayer.h>

#include <IcmpLayer.h>

#include "IPv4Layer.h"

#include "PayloadLayer.h"

#include "PacketUtils.h"

#include "SystemUtils.h"

#include <ctime>

#include <fstream>

#include <curl/curl.h>

#include <clickhouse/client.h>


#define MAX_QUEUE_LENGTH 20000


using namespace clickhouse;


class unifiedPacketAttr

{

public:

    // 流标识和基本信息

    uint32_t hash_val;

    uint32_t packet_len;

    uint32_t tv_sec;

    uint32_t tv_nsec;

    std::string src_ip;

    std::string dst_ip;


    // IPv4层属性

    uint8_t ttl;

    uint8_t tos;

    uint16_t id;

    uint16_t offset;

    uint16_t len_ip;

    bool ip_version;

    uint8_t protocol_ip;


    // 传输层通用属性

    uint8_t protocol;

    uint16_t len_load;

    uint16_t src_port;

    uint16_t dst_port;

    uint32_t ack_num;

    uint32_t seq_num;


    // TCP专用属性

    uint16_t flag;

    uint16_t window;


    // UDP专用属性

    uint16_t len_udp;


    // ICMP专用属性

    uint8_t icmp_type;

    uint8_t icmp_code;


    unifiedPacketAttr(pcpp::Packet *packet);


    ~unifiedPacketAttr(){};

};


unifiedPacketAttr::unifiedPacketAttr(pcpp::Packet *packet)

{

    // 根据一个包的五元组，计算流ID

    hash_val = pcpp::hash5Tuple(packet);


    // 获取包长度 int->uint32_t

    packet_len = static_cast<uint32_t>(packet->getRawPacket()->getRawDataLen());


    // 获取时间戳

    timespec timestamp = packet->getRawPacket()->getPacketTimeStamp();

    tv_sec = timestamp.tv_sec;

    tv_nsec = timestamp.tv_nsec;


    pcpp::IPv4Layer* ipv4layer = packet->getLayerOfType<pcpp::IPv4Layer>();


    // 获取包的五元组，存起来便于检索

    src_ip = ipv4layer->getSrcIPAddress().toString();

    dst_ip = ipv4layer->getDstIPAddress().toString();


    // 获取IPv4层属性

    pcpp::iphdr* ipv4hdr = ipv4layer->getIPv4Header();

    tos    = ipv4hdr->typeOfService;

    id     = ipv4hdr->ipId;

    offset = ipv4hdr->fragmentOffset;

    len_ip = ipv4hdr->totalLength;

    ttl    = ipv4hdr->timeToLive;

    protocol_ip = ipv4hdr->protocol;


    // 判断IP版本

    if(ipv4hdr->ipVersion==4)

    {

        ip_version = 0;

    }

    else if(ipv4hdr->ipVersion==6)

    {

        ip_version = 1; // 其实传入已经判断过了

    }


    // 根据传输层协议类型解析相应属性

    if (packet->isPacketOfType(pcpp::TCP))

    {

        protocol = 0; // TCP协议

        pcpp::TcpLayer *tcpLayer = packet->getLayerOfType<pcpp::TcpLayer>();

        pcpp::tcphdr *tcpHeader = tcpLayer->getTcpHeader();


        // 获取端口信息

        src_port = packet->getLayerOfType<pcpp::TcpLayer>()->getSrcPort();

        dst_port = packet->getLayerOfType<pcpp::TcpLayer>()->getDstPort();


        // 组装TCP标志位

        flag = 0x00;

        flag = (tcpHeader->finFlag << 7) | (tcpHeader->synFlag << 6) | (tcpHeader->rstFlag << 5) |

               (tcpHeader->pshFlag << 4) | (tcpHeader->ackFlag << 3) | (tcpHeader->urgFlag << 2) |

               (tcpHeader->eceFlag << 1) | (tcpHeader->cwrFlag << 0);


        // 获取TCP序列号和确认号

        seq_num = tcpHeader->sequenceNumber;

        ack_num = tcpHeader->ackNumber;


        // 获取负载长度和窗口大小

        len_load = tcpLayer->getLayerPayloadSize();

        window = tcpHeader->windowSize;

    }

    else if (packet->isPacketOfType(pcpp::UDP))

    {

        protocol = 1; // UDP协议


        // 获取端口信息

        src_port = packet->getLayerOfType<pcpp::UdpLayer>()->getSrcPort();

        dst_port = packet->getLayerOfType<pcpp::UdpLayer>()->getDstPort();


        pcpp::UdpLayer *udpLayer = packet->getLayerOfType<pcpp::UdpLayer>();

        pcpp::udphdr *udpHeader = udpLayer->getUdpHeader();


        // 获取UDP长度和负载长度

        len_udp = udpHeader->length;

        len_load = udpLayer->getLayerPayloadSize();

    }

    else if (packet->isPacketOfType(pcpp::ICMP))

    {

        protocol = 2; // ICMP协议

        // ICMP没有端口概念，端口字段不设置


        pcpp::IcmpLayer *icmpLayer = packet->getLayerOfType<pcpp::IcmpLayer>();

        pcpp::icmphdr *icmpHeader = icmpLayer->getIcmpHeader();


        // 获取ICMP类型和代码

        icmp_code = icmpHeader->code;

        icmp_type = icmpHeader->type;

    }

}


unifiedPacketAttr::len_load
uint16_t len_load
负载长度
Definition unifiedPacketAttr.h:67

unifiedPacketAttr::protocol
uint8_t protocol
传输层协议类型：TCP=0, UDP=1, ICMP=2
Definition unifiedPacketAttr.h:66

unifiedPacketAttr::len_ip
uint16_t len_ip
IP段总长度
Definition unifiedPacketAttr.h:61

unifiedPacketAttr::icmp_type
uint8_t icmp_type
ICMP类型
Definition unifiedPacketAttr.h:81

unifiedPacketAttr::ack_num
uint32_t ack_num
确认号（UDP无此字段）
Definition unifiedPacketAttr.h:70

unifiedPacketAttr::ip_version
bool ip_version
IP版本号，0:IPv4, 1:IPv6.
Definition unifiedPacketAttr.h:62

unifiedPacketAttr::src_port
uint16_t src_port
源端口（ICMP无此字段）
Definition unifiedPacketAttr.h:68

unifiedPacketAttr::protocol_ip
uint8_t protocol_ip
IP协议类型字段
Definition unifiedPacketAttr.h:63

unifiedPacketAttr::icmp_code
uint8_t icmp_code
ICMP代码
Definition unifiedPacketAttr.h:82

unifiedPacketAttr::tv_sec
uint32_t tv_sec
时间戳（秒）
Definition unifiedPacketAttr.h:51

unifiedPacketAttr::unifiedPacketAttr
unifiedPacketAttr(pcpp::Packet *packet)
构造函数
Definition unifiedPacketAttr.h:106

unifiedPacketAttr::dst_port
uint16_t dst_port
目的端口（ICMP无此字段）
Definition unifiedPacketAttr.h:69

unifiedPacketAttr::packet_len
uint32_t packet_len
包长度
Definition unifiedPacketAttr.h:50

unifiedPacketAttr::tos
uint8_t tos
服务类型（Type of Service）
Definition unifiedPacketAttr.h:58

unifiedPacketAttr::ttl
uint8_t ttl
生存时间（Time To Live）
Definition unifiedPacketAttr.h:57

unifiedPacketAttr::len_udp
uint16_t len_udp
UDP长度字段
Definition unifiedPacketAttr.h:78

unifiedPacketAttr::flag
uint16_t flag
TCP标志位
Definition unifiedPacketAttr.h:74

unifiedPacketAttr::dst_ip
std::string dst_ip
目的IP地址
Definition unifiedPacketAttr.h:54

unifiedPacketAttr::window
uint16_t window
TCP窗口大小
Definition unifiedPacketAttr.h:75

unifiedPacketAttr::src_ip
std::string src_ip
源IP地址
Definition unifiedPacketAttr.h:53

unifiedPacketAttr::tv_nsec
uint32_t tv_nsec
时间戳（纳秒）
Definition unifiedPacketAttr.h:52

unifiedPacketAttr::seq_num
uint32_t seq_num
序列号（UDP无此字段）
Definition unifiedPacketAttr.h:71

unifiedPacketAttr::id
uint16_t id
IP标识字段
Definition unifiedPacketAttr.h:59

unifiedPacketAttr::hash_val
uint32_t hash_val
五元组计算的流ID
Definition unifiedPacketAttr.h:49

unifiedPacketAttr::offset
uint16_t offset
片偏移字段
Definition unifiedPacketAttr.h:60

unifiedPacketAttr::~unifiedPacketAttr
~unifiedPacketAttr()
析构函数
Definition unifiedPacketAttr.h:95