TCP: Conversations Statistics loyalty to connections initiators
Conversations Statistics suggested the connection initiator was Address A because of an address/port comparison, when the packet list says it was Address B. This behavior is changed then the conversations statistics now suggest the real initiator. Exporting data from these statistics allow a loyal re-processing. Closes #16919.
This commit is contained in:
parent
ceb1db49d6
commit
ba28616ff5
|
@ -580,31 +580,8 @@ add_conversation_table_data_with_conv_id(
|
|||
ct_dissector_info_t *ct_info,
|
||||
endpoint_type etype)
|
||||
{
|
||||
const address *addr1, *addr2;
|
||||
guint32 port1, port2;
|
||||
conv_item_t *conv_item = NULL;
|
||||
|
||||
if (src_port > dst_port) {
|
||||
addr1 = src;
|
||||
addr2 = dst;
|
||||
port1 = src_port;
|
||||
port2 = dst_port;
|
||||
} else if (src_port < dst_port) {
|
||||
addr2 = src;
|
||||
addr1 = dst;
|
||||
port2 = src_port;
|
||||
port1 = dst_port;
|
||||
} else if (cmp_address(src, dst) < 0) {
|
||||
addr1 = src;
|
||||
addr2 = dst;
|
||||
port1 = src_port;
|
||||
port2 = dst_port;
|
||||
} else {
|
||||
addr2 = src;
|
||||
addr1 = dst;
|
||||
port2 = src_port;
|
||||
port1 = dst_port;
|
||||
}
|
||||
gboolean is_fwd_direction = FALSE; /* direction of any conversation found */
|
||||
|
||||
/* if we don't have any entries at all yet */
|
||||
if (ch->conv_array == NULL) {
|
||||
|
@ -615,19 +592,32 @@ add_conversation_table_data_with_conv_id(
|
|||
g_free, /* key_destroy_func */
|
||||
NULL); /* value_destroy_func */
|
||||
|
||||
} else {
|
||||
/* try to find it among the existing known conversations */
|
||||
} else { /* try to find it among the existing known conversations */
|
||||
/* first, check in the fwd conversations */
|
||||
conv_key_t existing_key;
|
||||
gpointer conversation_idx_hash_val;
|
||||
|
||||
existing_key.addr1 = *addr1;
|
||||
existing_key.addr2 = *addr2;
|
||||
existing_key.port1 = port1;
|
||||
existing_key.port2 = port2;
|
||||
existing_key.addr1 = *src;
|
||||
existing_key.addr2 = *dst;
|
||||
existing_key.port1 = src_port;
|
||||
existing_key.port2 = dst_port;
|
||||
existing_key.conv_id = conv_id;
|
||||
if (g_hash_table_lookup_extended(ch->hashtable, &existing_key, NULL, &conversation_idx_hash_val)) {
|
||||
conv_item = &g_array_index(ch->conv_array, conv_item_t, GPOINTER_TO_UINT(conversation_idx_hash_val));
|
||||
}
|
||||
if (conv_item == NULL) {
|
||||
/* then, check in the rev conversations if not found in 'fwd' */
|
||||
existing_key.addr1 = *dst;
|
||||
existing_key.addr2 = *src;
|
||||
existing_key.port1 = dst_port;
|
||||
existing_key.port2 = src_port;
|
||||
if (g_hash_table_lookup_extended(ch->hashtable, &existing_key, NULL, &conversation_idx_hash_val)) {
|
||||
conv_item = &g_array_index(ch->conv_array, conv_item_t, GPOINTER_TO_UINT(conversation_idx_hash_val));
|
||||
}
|
||||
} else {
|
||||
/* a conversation was found in this same fwd direction */
|
||||
is_fwd_direction = TRUE;
|
||||
}
|
||||
}
|
||||
|
||||
/* if we still don't know what conversation this is it has to be a new one
|
||||
|
@ -637,12 +627,12 @@ add_conversation_table_data_with_conv_id(
|
|||
conv_item_t new_conv_item;
|
||||
unsigned int conversation_idx;
|
||||
|
||||
copy_address(&new_conv_item.src_address, addr1);
|
||||
copy_address(&new_conv_item.dst_address, addr2);
|
||||
copy_address(&new_conv_item.src_address, src);
|
||||
copy_address(&new_conv_item.dst_address, dst);
|
||||
new_conv_item.dissector_info = ct_info;
|
||||
new_conv_item.etype = etype;
|
||||
new_conv_item.src_port = port1;
|
||||
new_conv_item.dst_port = port2;
|
||||
new_conv_item.src_port = src_port;
|
||||
new_conv_item.dst_port = dst_port;
|
||||
new_conv_item.conv_id = conv_id;
|
||||
new_conv_item.rx_frames = 0;
|
||||
new_conv_item.tx_frames = 0;
|
||||
|
@ -666,19 +656,26 @@ add_conversation_table_data_with_conv_id(
|
|||
new_key = g_new(conv_key_t, 1);
|
||||
set_address(&new_key->addr1, conv_item->src_address.type, conv_item->src_address.len, conv_item->src_address.data);
|
||||
set_address(&new_key->addr2, conv_item->dst_address.type, conv_item->dst_address.len, conv_item->dst_address.data);
|
||||
new_key->port1 = port1;
|
||||
new_key->port2 = port2;
|
||||
new_key->port1 = src_port;
|
||||
new_key->port2 = dst_port;
|
||||
new_key->conv_id = conv_id;
|
||||
g_hash_table_insert(ch->hashtable, new_key, GUINT_TO_POINTER(conversation_idx));
|
||||
}
|
||||
|
||||
/* update the conversation struct */
|
||||
if ( (!cmp_address(src, addr1)) && (!cmp_address(dst, addr2)) && (src_port==port1) && (dst_port==port2) ) {
|
||||
/* update the conversation struct */
|
||||
conv_item->tx_frames += num_frames;
|
||||
conv_item->tx_bytes += num_bytes;
|
||||
} else {
|
||||
conv_item->rx_frames += num_frames;
|
||||
conv_item->rx_bytes += num_bytes;
|
||||
/*
|
||||
* update an existing conversation
|
||||
* update the conversation struct
|
||||
*/
|
||||
if (is_fwd_direction) {
|
||||
conv_item->tx_frames += num_frames;
|
||||
conv_item->tx_bytes += num_bytes;
|
||||
} else {
|
||||
conv_item->rx_frames += num_frames;
|
||||
conv_item->rx_bytes += num_bytes;
|
||||
}
|
||||
}
|
||||
|
||||
if (ts) {
|
||||
|
|
Loading…
Reference in New Issue