Logo Search packages:      
Sourcecode: tcptrack version File versions  Download package

Guesser.h

#ifndef GUESSER_H
#define GUESSER_H 1

#include "../config.h"
#ifdef HAVE_HASH_MAP
#include <hash_map>
#elif HAVE_EXT_HASH_MAP
#include <ext/hash_map>
#endif
#include "SocketPair4.h"
#include "util.h"
#include "TCPConnection.h"
#include "IPv4TCPCapture.h"

#ifdef GNU_CXX_NS
using namespace __gnu_cxx;
#endif

class GEqFunc : public unary_function<SocketPair4,bool>
{
public:
      bool operator()( const SocketPair4 &sp1, const SocketPair4 & sp2 )
      {
            if( sp1==sp2 )
                  return true;
            else
                  return false;
      }
};

// TODO: banged out off the top of my head... could be improved.
class GHashFunc : public unary_function<SocketPair4, size_t>
{
public:
      size_t operator()(const SocketPair4 &sp) const
      {
            size_t rv=0;
            if( sp.portB() > 0 )
                  rv = sp.addrA().toStruct().s_addr % sp.portB();
            else
                  rv = sp.addrA().toStruct().s_addr;
            rv >> 4;
            if( sp.portA() > 0 )
                  rv += sp.addrB().toStruct().s_addr % sp.portA();
            else
                  rv += sp.addrB().toStruct().s_addr;
            return rv;
      }
};

typedef hash_map<SocketPair4, IPv4TCPCapture *,GHashFunc, GEqFunc> pktmap;

/* Guesser implements the 'detect connections that started before
 * tcptrack was started' functionality.
 * The Guesser takes TCP packets that don't belong to any known 
 * connection and stores them. As it is fed more stray packets, it may
 * detect a TCP connection on the network.
 */

class Guesser
{
public:
      Guesser();
      ~Guesser();

      // feed Guesser a stray packet. If it results in a connection
      // detected, it will be returned. If no new connections, NULL 
      // is returned.
      TCPConnection * addPacket( IPv4TCPCapture &p );
private:
      // stray packets that we're keeping track of are stored here.
      // indexed by src/dst addrs and ports.
      pktmap hash;
};

#endif

Generated by  Doxygen 1.6.0   Back to index