TCP: Conversations Statistics loyalty to connections initiators
Conversations Statistics suggested the connection initiator was Address A because of an address/port comparison, when the packet list says it was Address B. This behavior is changed then the conversations statistics now suggest the real initiator. Exporting data from these statistics allow a loyal re-processing. Closes #16919.
This commit is contained in:
parent
ceb1db49d6
commit
ba28616ff5
|
@ -580,31 +580,8 @@ add_conversation_table_data_with_conv_id(
|
||||||
ct_dissector_info_t *ct_info,
|
ct_dissector_info_t *ct_info,
|
||||||
endpoint_type etype)
|
endpoint_type etype)
|
||||||
{
|
{
|
||||||
const address *addr1, *addr2;
|
|
||||||
guint32 port1, port2;
|
|
||||||
conv_item_t *conv_item = NULL;
|
conv_item_t *conv_item = NULL;
|
||||||
|
gboolean is_fwd_direction = FALSE; /* direction of any conversation found */
|
||||||
if (src_port > dst_port) {
|
|
||||||
addr1 = src;
|
|
||||||
addr2 = dst;
|
|
||||||
port1 = src_port;
|
|
||||||
port2 = dst_port;
|
|
||||||
} else if (src_port < dst_port) {
|
|
||||||
addr2 = src;
|
|
||||||
addr1 = dst;
|
|
||||||
port2 = src_port;
|
|
||||||
port1 = dst_port;
|
|
||||||
} else if (cmp_address(src, dst) < 0) {
|
|
||||||
addr1 = src;
|
|
||||||
addr2 = dst;
|
|
||||||
port1 = src_port;
|
|
||||||
port2 = dst_port;
|
|
||||||
} else {
|
|
||||||
addr2 = src;
|
|
||||||
addr1 = dst;
|
|
||||||
port2 = src_port;
|
|
||||||
port1 = dst_port;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* if we don't have any entries at all yet */
|
/* if we don't have any entries at all yet */
|
||||||
if (ch->conv_array == NULL) {
|
if (ch->conv_array == NULL) {
|
||||||
|
@ -615,19 +592,32 @@ add_conversation_table_data_with_conv_id(
|
||||||
g_free, /* key_destroy_func */
|
g_free, /* key_destroy_func */
|
||||||
NULL); /* value_destroy_func */
|
NULL); /* value_destroy_func */
|
||||||
|
|
||||||
} else {
|
} else { /* try to find it among the existing known conversations */
|
||||||
/* try to find it among the existing known conversations */
|
/* first, check in the fwd conversations */
|
||||||
conv_key_t existing_key;
|
conv_key_t existing_key;
|
||||||
gpointer conversation_idx_hash_val;
|
gpointer conversation_idx_hash_val;
|
||||||
|
|
||||||
existing_key.addr1 = *addr1;
|
existing_key.addr1 = *src;
|
||||||
existing_key.addr2 = *addr2;
|
existing_key.addr2 = *dst;
|
||||||
existing_key.port1 = port1;
|
existing_key.port1 = src_port;
|
||||||
existing_key.port2 = port2;
|
existing_key.port2 = dst_port;
|
||||||
existing_key.conv_id = conv_id;
|
existing_key.conv_id = conv_id;
|
||||||
if (g_hash_table_lookup_extended(ch->hashtable, &existing_key, NULL, &conversation_idx_hash_val)) {
|
if (g_hash_table_lookup_extended(ch->hashtable, &existing_key, NULL, &conversation_idx_hash_val)) {
|
||||||
conv_item = &g_array_index(ch->conv_array, conv_item_t, GPOINTER_TO_UINT(conversation_idx_hash_val));
|
conv_item = &g_array_index(ch->conv_array, conv_item_t, GPOINTER_TO_UINT(conversation_idx_hash_val));
|
||||||
}
|
}
|
||||||
|
if (conv_item == NULL) {
|
||||||
|
/* then, check in the rev conversations if not found in 'fwd' */
|
||||||
|
existing_key.addr1 = *dst;
|
||||||
|
existing_key.addr2 = *src;
|
||||||
|
existing_key.port1 = dst_port;
|
||||||
|
existing_key.port2 = src_port;
|
||||||
|
if (g_hash_table_lookup_extended(ch->hashtable, &existing_key, NULL, &conversation_idx_hash_val)) {
|
||||||
|
conv_item = &g_array_index(ch->conv_array, conv_item_t, GPOINTER_TO_UINT(conversation_idx_hash_val));
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
/* a conversation was found in this same fwd direction */
|
||||||
|
is_fwd_direction = TRUE;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* if we still don't know what conversation this is it has to be a new one
|
/* if we still don't know what conversation this is it has to be a new one
|
||||||
|
@ -637,12 +627,12 @@ add_conversation_table_data_with_conv_id(
|
||||||
conv_item_t new_conv_item;
|
conv_item_t new_conv_item;
|
||||||
unsigned int conversation_idx;
|
unsigned int conversation_idx;
|
||||||
|
|
||||||
copy_address(&new_conv_item.src_address, addr1);
|
copy_address(&new_conv_item.src_address, src);
|
||||||
copy_address(&new_conv_item.dst_address, addr2);
|
copy_address(&new_conv_item.dst_address, dst);
|
||||||
new_conv_item.dissector_info = ct_info;
|
new_conv_item.dissector_info = ct_info;
|
||||||
new_conv_item.etype = etype;
|
new_conv_item.etype = etype;
|
||||||
new_conv_item.src_port = port1;
|
new_conv_item.src_port = src_port;
|
||||||
new_conv_item.dst_port = port2;
|
new_conv_item.dst_port = dst_port;
|
||||||
new_conv_item.conv_id = conv_id;
|
new_conv_item.conv_id = conv_id;
|
||||||
new_conv_item.rx_frames = 0;
|
new_conv_item.rx_frames = 0;
|
||||||
new_conv_item.tx_frames = 0;
|
new_conv_item.tx_frames = 0;
|
||||||
|
@ -666,19 +656,26 @@ add_conversation_table_data_with_conv_id(
|
||||||
new_key = g_new(conv_key_t, 1);
|
new_key = g_new(conv_key_t, 1);
|
||||||
set_address(&new_key->addr1, conv_item->src_address.type, conv_item->src_address.len, conv_item->src_address.data);
|
set_address(&new_key->addr1, conv_item->src_address.type, conv_item->src_address.len, conv_item->src_address.data);
|
||||||
set_address(&new_key->addr2, conv_item->dst_address.type, conv_item->dst_address.len, conv_item->dst_address.data);
|
set_address(&new_key->addr2, conv_item->dst_address.type, conv_item->dst_address.len, conv_item->dst_address.data);
|
||||||
new_key->port1 = port1;
|
new_key->port1 = src_port;
|
||||||
new_key->port2 = port2;
|
new_key->port2 = dst_port;
|
||||||
new_key->conv_id = conv_id;
|
new_key->conv_id = conv_id;
|
||||||
g_hash_table_insert(ch->hashtable, new_key, GUINT_TO_POINTER(conversation_idx));
|
g_hash_table_insert(ch->hashtable, new_key, GUINT_TO_POINTER(conversation_idx));
|
||||||
}
|
|
||||||
|
|
||||||
/* update the conversation struct */
|
/* update the conversation struct */
|
||||||
if ( (!cmp_address(src, addr1)) && (!cmp_address(dst, addr2)) && (src_port==port1) && (dst_port==port2) ) {
|
|
||||||
conv_item->tx_frames += num_frames;
|
conv_item->tx_frames += num_frames;
|
||||||
conv_item->tx_bytes += num_bytes;
|
conv_item->tx_bytes += num_bytes;
|
||||||
} else {
|
} else {
|
||||||
conv_item->rx_frames += num_frames;
|
/*
|
||||||
conv_item->rx_bytes += num_bytes;
|
* update an existing conversation
|
||||||
|
* update the conversation struct
|
||||||
|
*/
|
||||||
|
if (is_fwd_direction) {
|
||||||
|
conv_item->tx_frames += num_frames;
|
||||||
|
conv_item->tx_bytes += num_bytes;
|
||||||
|
} else {
|
||||||
|
conv_item->rx_frames += num_frames;
|
||||||
|
conv_item->rx_bytes += num_bytes;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ts) {
|
if (ts) {
|
||||||
|
|
Loading…
Reference in New Issue