Context Navigation

← Previous Change
Next Change →

dataFlowSet.c

Timestamp:

12/21/10 16:01:36 (12 years ago)

Author:

andreu

Message:

DoS detection - detection in core (todo: email notification with renetcolSEC module)

Files:

: 1 modified

trunk/src/dataFlowSet.c (modified) (8 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/src/dataFlowSet.c

r127	r144
58	58	int j = 0;
59	59	int pos = 0;
	60	int jdos = 0;
	61	int posdos = 0;
60	62	unsigned char buffer1;
61	63	unsigned char buffer2[2];
…	…
75	77	#endif
76	78	struct AggCache agCache;
	79	struct DoSCache dosCache;
77	80	int bool = 0; /* in IPV4 Agg mode enabled, we need to now if it's an IPv4 */
78	81	int isIPv6 = 0;
…	…
330	333	agCache.bytes = ((unsigned long)&buffer4);
331	334	if (
332		((unsigned long)((((RuleDefPtr)((myPtrs->rulesAddressPtr+pos)))->value->stor.lvalue) + ( (((RuleDefPtr)((myPtrs->rulesAddressPtr+pos)))->value->stor.lvalue)*10/100))
	335	((unsigned long)((((RuleDefPtr)((myPtrs->rulesAddressPtr+pos)))->value->stor.lvalue) + ( (((RuleDefPtr)((myPtrs->rulesAddressPtr+pos)))->value->stor.lvalue)/5))
333	336	>= (((unsigned long)&buffer4)))
334	337	&&
335		( (unsigned long)((((RuleDefPtr)((myPtrs->rulesAddressPtr+pos)))->value->stor.lvalue) - ( (((RuleDefPtr)((myPtrs->rulesAddressPtr+pos)))->value->stor.lvalue)*10/100))
	338	( (unsigned long)((((RuleDefPtr)((myPtrs->rulesAddressPtr+pos)))->value->stor.lvalue) - ( (((RuleDefPtr)((myPtrs->rulesAddressPtr+pos)))->value->stor.lvalue)/5))
336	339	<= (((unsigned long)&buffer4)) )
337	340	)
…	…
339	342	((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->check = 1;
340	343	}
341		}
	344	}
342	345	#if defined(IPV4AGGIDR) \|\| defined(IPV4AGGIDSNMP)
343	346	if (pftmp->fieldType==10){
…	…
369	372	}
370	373	#endif
	374	if (pftmp->fieldType==1){
	375	dosCache.bytes = ((unsigned long)&buffer4);
	376	dosCache.sampling = *myPtrs->currentRouterPtr->sampled;
	377	}
	378	if (pftmp->fieldType==2){
	379	dosCache.pkts = ((unsigned long)&buffer4);
	380	}
371	381	break;
372	382	case 16:
…	…
633	643	}
634	644	#endif
	645	if (pftmp->fieldType==1){
	646	dosCache.bytes = ((unsigned long)&buffer4);
	647	dosCache.sampling = *myPtrs->currentRouterPtr->sampled;
	648	}
	649	if (pftmp->fieldType==2){
	650	dosCache.pkts = ((unsigned long)&buffer4);
	651	}
635	652	break;
636	653	case 16:
…	…
1426	1443	}
1427	1444	isMplsFlow = 0;
	1445
	1446	/* DoS DETECTION */
	1447	if ( ( dosCache.packets*dosCache.sampling > MAX_PKTS_DOS )
	1448	&& ((dosCache.packets)/(dosCache.bytes) < RATIO_DOS ) ) {
	1449	jdos = 0;
	1450	posdos = 69*MAX_RULES_PER_FIELD+jdos;
	1451	while ( ((RuleDefPtr)(*(myPtrs->rulesAddressPtr+jdos))) != NULL ) {
	1452	((RuleDefPtr)(*(myPtrs->rulesAddressPtr+posdos)))->check = 1;
	1453	jdos++;
	1454	}
	1455	}
	1456
1428	1457	/*
1429	1458	*
…	…
1465	1494	&tmp->sourceId,
1466	1495	sizeof(unsigned long)
1467		),
1468		&tmp->templateFlowSetId,
1469		sizeof(tmp->templateFlowSetId)
1470		),
1471		myPtrs->ptr_buffer+secondOffset,
	1496	),
	1497	&tmp->templateFlowSetId,
	1498	sizeof(tmp->templateFlowSetId)
	1499	),
	1500	myPtrs->ptr_buffer+secondOffset,
1472	1501	flow_size
1473	1502	);

Context Navigation

Changeset 144 for trunk/src/dataFlowSet.c

Legend:

trunk/src/dataFlowSet.c

Download in other formats: