wieerwill/aegis-dos-protection
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update 0.0.2

Browse Source
This commit is contained in:
Robert Jeutter 2021-10-24 12:51:25 +02:00
parent d80e285bb4
commit c2c321eb9b
30 changed files with 1689 additions and 1333 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION
View File

@ -1 +1 @@
0.0.1
0.0.2

204
include/Configurator.hpp
View File

@ -1,3 +1,14 @@
/**
* @file Configurator.hpp
* @author Johannes
* @brief
* @version 0.1
* @date 2021-06-16
*
* @copyright Copyright (c) 2021
*
*/
#pragma once
#include <boost/log/trivial.hpp>
@ -10,98 +21,111 @@
using json = nlohmann::json;
class Configurator{
public:
/**
* @brief Checks if attribute exists in either the normal or the default config file
*
* @param att_name Name of attribute that is searched for
* @return true when attribute was found
* @return false when attribute wasn't found
*/
bool entry_exists(const std::string att_name);
class Configurator {
public:
/**
* @brief The Configurator is implemented as a singleton. This method
* returns a poiter to the Configurator object
*
* @return Configurator* poiter to singleton Configurator
*/
static Configurator* instance();
//-----------------------------------------------------------------------------------
//------------------------------- Get-Methods ---------------------------------------
//-----------------------------------------------------------------------------------
/**
* @brief Reads config and default config from json files
*
* @param path Path to standard config (which can be modified by the user)
* @param default_path Path to deafult config (default:
* "../default_config.json")
*/
void read_config(std::string path,
std::string default_path = "../default_config.json");
/**
* @brief Get value from config as string object
*
* @param att_name Name of attribute that is searched for
* @param default_value When set to true the method searches in the default config (default: false)
* @return std::string value
*/
std::string get_config_as_string(const std::string& att_name,
bool default_value = false);
/**
* @brief Get value from config as unsigned integer
*
* @param att_name Name of attribute that is searched for
* @param default_value When set to true the method searches in the default config (default: false)
* @return std::string value
*/
unsigned int get_config_as_unsigned_int(const std::string& att_name,
bool default_value = false);
/**
* @brief Get value from config as boolean
*
* @param att_name Name of attribute that is searched for
* @param default_value When set to true the method searches in the default config (default: false)
* @return std::string value
*/
bool get_config_as_bool(const std::string& att_name,
//-----------------------------------------------------------------------------------
//-----------------------------------------------------------------------------------
/**
* @brief Checks if attribute exists in either the normal or the default
* config file
*
* @param att_name Name of attribute that is searched for
* @return true when attribute was found
* @return false when attribute wasn't found
*/
bool entry_exists(const std::string att_name);
//-----------------------------------------------------------------------------------
//------------------------------- Get-Methods
//---------------------------------------
//-----------------------------------------------------------------------------------
/**
* @brief Get value from config as string object
*
* @param att_name Name of attribute that is searched for
* @param default_value When set to true the method searches in the default
* config (default: false)
* @return std::string value
*/
std::string get_config_as_string(const std::string& att_name,
bool default_value = false);
/**
* @brief Get value from config as unsigned integer
*
* @param att_name Name of attribute that is searched for
* @param default_value When set to true the method searches in the default
* config (default: false)
* @return std::string value
*/
unsigned int get_config_as_unsigned_int(const std::string& att_name,
bool default_value = false);
/**
* @brief Get value from config as boolean
*
* @param att_name Name of attribute that is searched for
* @param default_value When set to true the method searches in the default
* config (default: false)
* @return std::string value
*/
bool get_config_as_bool(const std::string& att_name,
bool default_value = false);
/**
* @brief Get value from config as float
*
* @param att_name Name of attribute that is searched for
* @param default_value When set to true the method searches in the default
* config (default: false)
* @return std::string value
*/
float get_config_as_float(const std::string& att_name,
bool default_value = false);
/**
* @brief Get value from config as double
*
* @param att_name Name of attribute that is searched for
* @param default_value When set to true the method searches in the default
* config (default: false)
* @return std::string value
*/
double get_config_as_double(const std::string& att_name,
bool default_value = false);
/**
* @brief Get value from config as float
*
* @param att_name Name of attribute that is searched for
* @param default_value When set to true the method searches in the default config (default: false)
* @return std::string value
*/
float get_config_as_float(const std::string& att_name,
bool default_value = false);
/**
* @brief Get value from config as double
*
* @param att_name Name of attribute that is searched for
* @param default_value When set to true the method searches in the default config (default: false)
* @return std::string value
*/
double get_config_as_double(const std::string& att_name,
bool default_value = false);
/**
* @brief Reads config and default config from json files
*
* @param path Path to standard config (which can be modified by the user)
* @param default_path Path to default config (default: "../default_config.json")
*/
void read_config(std::string path,
std::string default_path = "../default_config.json");
/**
* @brief The Configurator is implemented as a singleton. This method returns a poiter to the Configurator object
*
* @return Configurator* poiter to singleton Configurator
*/
static Configurator* instance();
private:
json _config; ///< standard config (can be modified by the user)
json _default_config; ///< default config
template <typename T> T get_value_from_config(const std::string& att_name, bool default_value);
static Configurator* _instance; ///< singleton Configurator
Configurator();
Configurator(const Configurator&);
~Configurator();
class CGuard{
public:
~CGuard(){
if( NULL != Configurator::_instance ){
delete Configurator::_instance;
Configurator::_instance = nullptr;
}
}
};
private:
json _config; ///< standard config (can be modified by the user)
json _default_config; ///< default config
static Configurator* _instance; ///< singleton Configurator
Configurator();
Configurator(const Configurator&);
~Configurator();
class CGuard {
public:
~CGuard() {
if (NULL != Configurator::_instance) {
delete Configurator::_instance;
Configurator::_instance = nullptr;
}
}
};
template <typename T>
T get_value_from_config(const std::string& att_name, bool default_value);
};

11
include/DebugHelper.hpp
View File

@ -1,3 +1,14 @@
/**
* @file DebugHelper.hpp
* @author Tobias
* @brief
* @version 0.1
* @date 2021-07-12
*
* @copyright Copyright (c) 2021
*
*/
#pragma once
#include <iostream>

24
include/Definitions.h Normal file
View File

@ -0,0 +1,24 @@
#pragma once
#define RX_RING_SIZE 1024
#define TX_RING_SIZE 1024
// only needed for mempool creation. was replaced.
// NUM_MBUF_POOL_ELEMENTS is used instead
//#define NUM_MBUFS 8191
// Argument "n" in rte_pktmbuf_pool_create
#define NUM_MBUF_POOL_ELEMENTS 32767
#define BURST_SIZE 32
#define RSS_HASH_KEY_LENGTH 40
// used in initializer
#define NUM_NON_WORKER_THREADS 2
// used in PacketContainer.
// predefined size of array of mbuf-arrays
#define NUM_MBUF_ARRS 5000
#define TCP_RX_WINDOW 16384

17
include/Definitions.hpp
View File

@ -1,3 +1,14 @@
/**
* @file Definitions.h
* @author Jakob
* @brief
* @version 0.1
* @date 2021-07-12
*
* @copyright Copyright (c) 2021
*
*/
#pragma once
#define RX_RING_SIZE 1024
@ -10,8 +21,7 @@
// Argument "n" in rte_pktmbuf_pool_create
#define NUM_MBUF_POOL_ELEMENTS 32767
#define BURST_SIZE 64
// #define MBUF_ARR_SIZE 2 * BURST_SIZE
#define BURST_SIZE 32
#define RSS_HASH_KEY_LENGTH 40
@ -31,4 +41,7 @@
#define LOG_END "\e[0m"
// ATTACKE
//#define SINGLE_ITERATION
//#define LOG_PKTS_SENT
//#define SEND_ONCE
//#define SEND_PKTS_EVERY_NTH_ITERATION 1000

18
include/Initializer.hpp
View File

@ -1,4 +1,13 @@
#pragma once
/**
* @file Initializer.hpp
* @author Robert
* @brief
* @version 0.1
* @date 2021-07-12
*
* @copyright Copyright (c) 2021
*
*/
#include <rte_ethdev.h>
#include <rte_mempool.h>
@ -14,7 +23,6 @@ class Initializer {
*
* @param[in] argc
* @param[in] argv
* @param[out] mbuf_pool
* @param[out] nb_worker_threads
*/
rte_mempool* init_dpdk(int argc, char** argv, uint16_t& nb_worker_threads);
@ -30,10 +38,13 @@ class Initializer {
* Setting up TX/RX queues per ethernet port. Then starting the device and
* printing MAC address
*
* @param port_conf
* @param port set port identifier to use
* @param mbuf_pool set mempool of dpdk to use
* @param[in] nb_worker_threads number of worker threads
* @return 0 or error code
*
* \todo describe port_conf
*/
void init_port(rte_eth_conf port_conf, uint16_t port,
struct rte_mempool* mbuf_pool, uint16_t nb_worker_threads);
@ -41,7 +52,10 @@ class Initializer {
/**
* @brief initializes number of threads
*
* @param nb_non_worker_threads
* @param[out] nb_worker_threads
*
* \todo nb_non_worker_threads description
*/
void init_number_threads(uint16_t nb_non_worker_threads,
uint16_t& nb_worker_threads);

314
include/Inspection.hpp Normal file
View File

@ -0,0 +1,314 @@
/**
* @file Inspection.hpp
* @author Robert
* @brief the Inspection get packets polled by the PacketContainer and evaluates
* each packets legitimation. Invalid packets will be dropped while valid
* packets are forwarded to the Treatment.
* @version 0.5
* @date 2021-06-14
*
* @copyright Copyright (c) 2021
*
*/
#pragma once
#include "Configurator.hpp"
#include "PacketDissection/PacketContainer.hpp"
#include <rte_cycles.h>
#include <stdint.h>
/**
* @brief the Inspection evaluates PacketContainers and forwards valid packets
* while illegimite packets are destroyed
*
*/
class Inspection {
public:
/**
* @brief Construct a new Inspection object with default arguments from
* configuration file
*
*/
inline Inspection()
: _UDP_flood_weight(
Configurator::instance()->get_config_as_unsigned_int(
"UDP_flood_weight")),
_TCP_flood_weight(
Configurator::instance()->get_config_as_unsigned_int(
"TCP_flood_weight")),
_ICMP_flood_weight(
Configurator::instance()->get_config_as_unsigned_int(
"ICMP_flood_weight")),
_SYNFIN_weight(Configurator::instance()->get_config_as_unsigned_int(
"SYNFIN_weight")),
_SMALLWINDOW_weight(
Configurator::instance()->get_config_as_unsigned_int(
"SMALLWINDOW_weight")),
_threshold_UDP(Configurator::instance()->get_config_as_unsigned_int(
"threshold_UDP")),
_threshold_TCP(Configurator::instance()->get_config_as_unsigned_int(
"threshold_TCP")),
_threshold_ICMP(Configurator::instance()->get_config_as_unsigned_int(
"threshold_ICMP")),
_current_threshold_UDP(
Configurator::instance()->get_config_as_unsigned_int(
"threshold_UDP")),
_current_threshold_TCP(
Configurator::instance()->get_config_as_unsigned_int(
"threshold_TCP")),
_current_threshold_ICMP(
Configurator::instance()->get_config_as_unsigned_int(
"threshold_ICMP")),
_min_window_size(Configurator::instance()->get_config_as_unsigned_int(
"min_window_size")),
_attack_level(0), _packetrate_UDP(0), _packetrate_TCP(0),
_packetrate_ICMP(0), _clock_frequence(rte_get_tsc_hz()) {}
/**
* @brief update the current stats and send them to global statistic
*
* @param udp_packets
* @param tcp_packets
* @param icmp_packets
* @param UDP_Floods
* @param TCP_Floods
* @param ICMP_Floods
* @param SYN_FINs
* @param Small_Windows
* @param duration
*/
inline void update_stats(uint16_t udp_packets, uint16_t tcp_packets,
uint16_t icmp_packets, uint16_t UDP_Floods,
uint16_t TCP_Floods, uint16_t ICMP_Floods,
uint16_t SYN_FINs, uint16_t Small_Windows,
uint64_t duration) {
duration = duration > 1 ? duration : 1;
duration = duration * _clock_frequence;
// calculate new packetrate based on relative duration
_packetrate_UDP = udp_packets / duration;
_packetrate_TCP = tcp_packets / duration;
_packetrate_ICMP = icmp_packets / duration;
// calculate attack level based on diverent counted attacks and their
// weight on ddos
/// \todo (can) adapting weights to most occuring attacks
_attack_level =
UDP_Floods * _UDP_flood_weight + TCP_Floods * _TCP_flood_weight +
ICMP_Floods * _ICMP_flood_weight + SYN_FINs * _SYNFIN_weight +
Small_Windows * _SMALLWINDOW_weight;
// calculate new threshold
_current_threshold_UDP = _threshold_UDP - (1 / _threshold_UDP) *
_attack_level *
_attack_level;
_current_threshold_TCP = _threshold_TCP - (1 / _threshold_TCP) *
_attack_level *
_attack_level;
_current_threshold_ICMP = _threshold_ICMP - (1 / _threshold_ICMP) *
_attack_level *
_attack_level;
/// \todo send to global statistic
/* Stats update_statistics(
attacks = UDP_Floods + TCP_Floods + ICMP_Floods + SYN_FINs +
Small_Windows;
// bytes
// dropped
packets = udp_packets + tcp_packets + icmp_packets;
work_time = duration;
*/
}
/**
* @brief get packet container reference and run analysis on each packet
* included in the PacketContainer
*
* @param pkt_container PacketContainer with certain amount of packets
*
* \startuml
* title analyzePacket(PacketContainer)
* start
* :create temporary counters;
* :initiate packetIndex at 0;
* while(PacketContainer size > current packetIndex)
* :extract PacketInfo from PacketContainer at packetIndex;
* if (is UDP Protocoll) then (yes)
* :increase UDP counter;
* if(UDP Threshold met) then (yes)
* #FF0000:detected UDP Flood;
* :increase attack counter;
* :drop packet;
* else (no)
* endif
* elseif (is TCP Protocoll) then (yes)
* :increase TCP counter;
* if(TCP Threshold met) then (yes)
* #FF0000:detected TCP Flood;
* :increase attack counter;
* :drop packet;
* else (no)
* endif
* if(WindowSize too small) then (yes)
* #FF0000:detected Small/Zero Window;
* :increase attack counter;
* :drop packet;
* else (no)
* endif
* if(Flag Pattern forbidden) then (yes)
* #FF0000:detected SYN-FIN(-ACK);
* :increase attack counter;
* :drop packet;
* else (no)
* endif
* elseif (is ICMP Protocoll) then (yes)
* :increase ICMP counter;
* if(ICMP Threshold met) then (yes)
* #FF0000:detected ICMP Flood;
* :increase attack counter;
* :drop packet;
* else (no)
* endif
* else (no protocoll of interest)
* endif
* :increase packetIndex;
* endwhile
* :update local threshold with temporary counters;
* :send temporary counters to global statistic;
* end
* \enduml
*/
inline void analyze_container(PacketContainer* pkt_container) {
uint16_t temp_udp_packets = 0;
uint16_t temp_tcp_packets = 0;
uint16_t temp_icmp_packets = 0;
uint16_t temp_attack_UDP_Flood = 0;
uint16_t temp_attack_TCP_Flood = 0;
uint16_t temp_attack_ICMP_Flood = 0;
uint16_t temp_attack_SYN_FIN = 0;
uint16_t temp_attack_Small_Window = 0;
uint64_t startTime = rte_get_tsc_cycles();
for (int index = 0;
index < pkt_container->get_number_of_polled_packets(); ++index) {
PacketInfo* packetInfo = pkt_container->get_packet_at_index(index);
if (packetInfo != nullptr) {
switch (packetInfo->get_type()) {
case IPv4UDP: {
++temp_udp_packets;
if (temp_udp_packets > _current_threshold_UDP) {
// alt: if(_current_threshold_UDP > temp_udp_packets) {
++temp_attack_UDP_Flood;
// UDP Flood
/// \todo (can) create patchmap and allow last recent
/// established connections to connect further matching
/// srcIp & dstIp
pkt_container->drop_packet(index);
break;
}
// forward packet
break;
}
case IPv4TCP: {
PacketInfoIpv4Tcp* TCP4packetInfo =
static_cast<PacketInfoIpv4Tcp*>(packetInfo);
++temp_tcp_packets;
if (temp_tcp_packets > _current_threshold_TCP) {
// TCP Flood
/// \todo (can) create patchmap and allow last recent
/// established connections to connect further matching
/// srcIp & dstIp
++temp_attack_TCP_Flood;
pkt_container->drop_packet(index);
break;
}
if (TCP4packetInfo->get_window_size() < _min_window_size) {
// Zero/Small Window
++temp_attack_Small_Window;
pkt_container->drop_packet(index);
break;
}
if ((uint8_t(TCP4packetInfo->get_flags()) & 0b00000011) ==
0b00000011) {
// flags in reverse format
// FIN,SYN,RST,PSH,ACK,URG,ECE,CWR SYN-FIN/SYN-FIN-ACK
++temp_attack_SYN_FIN;
pkt_container->drop_packet(index);
break;
}
// forward packet
break;
}
case IPv4ICMP: {
++temp_icmp_packets;
if (temp_icmp_packets > _current_threshold_ICMP) {
// ICMP Flood
++temp_attack_ICMP_Flood;
pkt_container->drop_packet(index);
break;
}
// forward packet
break;
}
default: { // not identifyable or not of interest
// forward packet
break;
}
}
}
}
uint64_t endTime = rte_get_tsc_cycles();
update_stats(temp_udp_packets, temp_tcp_packets, temp_icmp_packets,
temp_attack_UDP_Flood, temp_attack_TCP_Flood,
temp_attack_ICMP_Flood, temp_attack_SYN_FIN,
temp_attack_Small_Window, (uint64_t)endTime - startTime);
return;
}
uint16_t get_UDP_packet_rate() { return _packetrate_UDP; };
uint16_t get_TCP_packet_rate() { return _packetrate_TCP; };
uint16_t get_ICMP_packet_rate() { return _packetrate_ICMP; };
uint16_t get_UDP_threshold() { return _current_threshold_UDP; };
uint16_t get_TCP_threshold() { return _current_threshold_TCP; };
uint16_t get_ICMP_threshold() { return _current_threshold_ICMP; };
uint16_t get_attack_level() { return _attack_level; };
private:
/// weight of UDP Flood attacks
uint8_t _UDP_flood_weight;
/// weight of TCP Flood attacks
uint8_t _TCP_flood_weight;
/// weight of ICMP Flood attacks
uint8_t _ICMP_flood_weight;
/// weight of SYN-FIN and SYN_FIN_ACK attacks
uint8_t _SYNFIN_weight;
/// weight of Zero/Small Window attacks
uint8_t _SMALLWINDOW_weight;
/// absolute threshold of udp packets
uint16_t _threshold_UDP;
/// absolute threshold of tcp packets
uint16_t _threshold_TCP;
/// absolute threshold of icmp packets
uint16_t _threshold_ICMP;
/// current threshold of udp packets
uint16_t _current_threshold_UDP;
/// current threshold of tcp packets
uint16_t _current_threshold_TCP;
/// current threshold of icmp packets
uint16_t _current_threshold_ICMP;
/// min window size for no-small-window
uint16_t _min_window_size;
/// current attack level
uint16_t _attack_level;
/// current packetrate of udp packets
uint64_t _packetrate_UDP;
/// current packetrate of tcp packets
uint64_t _packetrate_TCP;
/// current packetrate of icmp packets
uint64_t _packetrate_ICMP;
/// TSC frequency for this lcore
uint64_t _clock_frequence;
};

44
include/PacketDissection/PacketContainer.hpp
View File

@ -1,3 +1,14 @@
/**
* @file PacketContainer.hpp
* @author Jakob, Tobias
* @brief
* @version 0.1
* @date 2021-06-26
*
* @copyright Copyright (c) 2021
*
*/
#pragma once
#include <rte_ethdev.h>
@ -12,6 +23,8 @@
#include "PacketDissection/PacketInfo.hpp"
#include "PacketDissection/PacketInfoCreator.hpp"
class PacketInfoIpv4Tcp;
#define ERROR_STR_INDEX_OUT_OF_BOUNDS \
"index is out of bounds of PacketContainer. The highest possible index " \
"can be accessed by get_total_number_of_packets()."
@ -71,10 +84,10 @@ class PacketContainer {
inline PacketContainer(struct rte_mempool* mbuf_pool,
uint16_t entrance_port, uint16_t exit_port,
uint16_t rx_queue_number, uint16_t tx_queue_number)
: _mempool(mbuf_pool), _entrance_port(entrance_port),
_exit_port(exit_port), _nb_pkts_polled(0), _nb_pkts_total(0),
_nb_pkts_dropped(0), _nb_pkt_arrays(1),
_rx_queue_number(rx_queue_number), _tx_queue_number(tx_queue_number) {
: _mempool(mbuf_pool), _rx_queue_number(rx_queue_number), _tx_queue_number(tx_queue_number),
_entrance_port(entrance_port), _exit_port(exit_port), _nb_pkts_polled(0),
_nb_pkts_total(0), _nb_pkt_arrays(1), _nb_pkts_dropped(0)
{
for (int i = 0; i < NUM_MBUF_ARRS; ++i) {
_nb_mbufs_in_mbuf_arr[i] = 0;
@ -263,9 +276,12 @@ class PacketContainer {
* be adopted. These are set as
* parameter of the function call.
*
* @param[in] pkt_container packet container pointer to the packet to be
* added
* @param[in] pkt_container packet container pointer to the packet to be added
* @param pkt_info
* @return index of the newly added packet
* \todo warning: parameter 'pkt_info' is not documented
* \todo pkt_container remove description?
*/
inline int add_packet(PacketInfo* pkt_info) {
int i, j;
@ -452,7 +468,7 @@ class PacketContainer {
* will be given to the send_packets_to_port method of the
* NetworkPacketHandler.
*/
inline void reorder_mbuf_arrays() {
void reorder_mbuf_arrays() {
if (likely(_nb_pkts_total > 0)) {
for (int i = 0; i < _nb_pkt_arrays; ++i) {
@ -486,8 +502,7 @@ class PacketContainer {
* @param[out] i
* @param[out] j
*/
inline void calculate_array_coordinates_from_index(int index, int& i,
int& j) {
void calculate_array_coordinates_from_index(int index, int& i, int& j) {
i = (index - (index % BURST_SIZE)) / BURST_SIZE;
j = index % BURST_SIZE;
}
@ -503,8 +518,7 @@ class PacketContainer {
* @param[in] j second dimension index
* @param[out] index
*/
inline void calculate_index_from_array_coordinates(int i, int j,
int& index) {
void calculate_index_from_array_coordinates(int i, int j, int& index) {
index = i * BURST_SIZE + j;
}
@ -512,8 +526,8 @@ class PacketContainer {
* @brief Set the _state of the container to EMPTY
* and assign variables to 0.
*/
inline void empty_container() {
int nb_pkts_remaining = _nb_pkts_total;
void empty_container() {
//int nb_pkts_remaining = _nb_pkts_total;
for (int i = 0; i < _nb_pkt_arrays; ++i) {
int len = _nb_mbufs_in_mbuf_arr[i];
@ -542,7 +556,7 @@ class PacketContainer {
* corresponding index in PacketInfo Array
*
*/
inline void extract_header_info() {
void extract_header_info() {
for (int i = 0; i < _nb_pkts_polled; ++i) {
_pkt_info_arrs[0][i] =
fill_info(_mbuf_arrs[0][i], _pkt_info_arrs[0][i]);
@ -556,7 +570,7 @@ class PacketContainer {
* for which a PacketInfo should be created
* @param[out] pkt_inf newly created PacketInfo
*/
inline PacketInfo* fill_info(rte_mbuf* mbuf, PacketInfo* pkt_inf) {
PacketInfo* fill_info(rte_mbuf* mbuf, PacketInfo* pkt_inf) {
pkt_inf = PacketInfoCreator::create_pkt_info(mbuf);
return pkt_inf;
}

8
include/PacketDissection/PacketInfo.hpp
View File

@ -26,10 +26,10 @@ enum PacketType {
class PacketInfo {
public:
inline PacketInfo() : _type(NONE), _mbuf(nullptr), _eth_hdr(nullptr) {}
inline PacketInfo() : _type(NONE), _eth_hdr(nullptr), _mbuf(nullptr) {}
inline PacketInfo(rte_mbuf* const mbuf, rte_ether_hdr* const eth_hdr)
: _type(NONE), _mbuf(mbuf), _eth_hdr(eth_hdr) {}
: _type(NONE), _eth_hdr(eth_hdr), _mbuf(mbuf) {}
inline ~PacketInfo() {
//_mbuf = nullptr;
@ -66,10 +66,10 @@ class PacketInfo {
protected:
inline PacketInfo(PacketType const type, rte_mbuf* const mbuf,
rte_ether_hdr* const eth_hdr)
: _type(type), _mbuf(mbuf), _eth_hdr(eth_hdr) {}
: _type(type), _eth_hdr(eth_hdr), _mbuf(mbuf) {}
inline PacketInfo(PacketType const type, rte_mbuf* const mbuf)
: _type(type), _mbuf(mbuf), _eth_hdr(nullptr) {}
: _type(type), _eth_hdr(nullptr), _mbuf(mbuf) {}
PacketType const _type;
rte_ether_hdr* const _eth_hdr;

26
include/PacketDissection/PacketInfoCreator.hpp
View File

@ -4,12 +4,11 @@
* @brief
* @date 2021-06-16
*/
#pragma once
#include <rte_ether.h>
#include <boost/log/trivial.hpp>
#include "Definitions.hpp"
#include "PacketDissection/PacketInfo.hpp"
#include "PacketDissection/PacketInfoIpv4.hpp"
@ -31,7 +30,7 @@ class PacketInfoCreator {
*/
inline static PacketInfo* create_pkt_info(rte_mbuf* mbuf) {
struct rte_ether_hdr* eth_hdr;
eth_hdr = rte_pktmbuf_mtod(mbuf, struct rte_ether_hdr*);
eth_hdr = rte_pktmbuf_mtod(mbuf, rte_ether_hdr*);
uint16_t offset = (uint16_t)sizeof(struct rte_ether_hdr);
/// from here on we know the l3 type
@ -266,25 +265,4 @@ class PacketInfoCreator {
break;
}
}
inline static bool is_ipv4_tcp(rte_mbuf* mbuf) {
struct rte_ether_hdr* eth_hdr;
eth_hdr = rte_pktmbuf_mtod(mbuf, struct rte_ether_hdr*);
if (rte_be_to_cpu_16(eth_hdr->ether_type) == ETHER_TYPE_IPv4) {
uint16_t offset = (uint16_t)sizeof(struct rte_ether_hdr);
struct rte_ipv4_hdr* ip4_hdr;
ip4_hdr =
rte_pktmbuf_mtod_offset(mbuf, struct rte_ipv4_hdr*, offset);
uint8_t protocol_id = ip4_hdr->next_proto_id;
if (protocol_id == 6) { // TCP
return true;
} else {
return false;
}
} else {
return false;
}
}
};

2
include/PacketDissection/PacketInfoIpv4.hpp
View File

@ -13,8 +13,8 @@
#include <rte_ip.h>
#include <rte_mbuf.h>
#include "Definitions.hpp"
#include "PacketDissection/PacketInfo.hpp"
#include "Definitions.hpp"
#define IP_HDR_LEN 20
#define VERSION_AND_IP_HDR_LEN 0b01000101

26
include/PacketDissection/PacketInfoIpv4Tcp.hpp
View File

@ -13,37 +13,26 @@
#include <rte_byteorder.h>
#include <rte_tcp.h>
#include "DebugHelper.hpp"
#include "Definitions.hpp"
#include "PacketDissection/PacketInfoIpv4.hpp"
#include "PacketDissection/PacketProtTcp.hpp"
#include "DebugHelper.hpp"
#include "Definitions.hpp"
class PacketInfoIpv4Tcp : public PacketInfoIpv4 {
public:
inline PacketInfoIpv4Tcp();
inline PacketInfoIpv4Tcp(rte_mbuf* mbuf)
: PacketInfoIpv4(
IPv4TCP, mbuf, rte_pktmbuf_mtod(mbuf, struct rte_ether_hdr*),
rte_pktmbuf_mtod_offset(mbuf, struct rte_ipv4_hdr*,
(uint16_t)sizeof(struct rte_ether_hdr)))
, _tcp_hdr(rte_pktmbuf_mtod_offset(
mbuf, struct rte_tcp_hdr*,
(sizeof(struct rte_ether_hdr) + sizeof(struct rte_ipv4_hdr)))) {}
inline PacketInfoIpv4Tcp(rte_mbuf* mbuf, rte_ether_hdr* eth_hdr,
rte_ipv4_hdr* ip_hdr, rte_tcp_hdr* l4_hdr)
: PacketInfoIpv4(IPv4TCP, mbuf, eth_hdr, ip_hdr)
, _tcp_hdr(l4_hdr) {}
: PacketInfoIpv4(IPv4TCP, mbuf, eth_hdr, ip_hdr), _tcp_hdr(l4_hdr) {}
inline PacketInfoIpv4Tcp(rte_mbuf* mbuf, rte_ipv4_hdr* ip_hdr,
rte_tcp_hdr* l4_hdr)
: PacketInfoIpv4(IPv4TCP, mbuf, ip_hdr)
, _tcp_hdr(l4_hdr) {}
: PacketInfoIpv4(IPv4TCP, mbuf, ip_hdr), _tcp_hdr(l4_hdr) {}
inline ~PacketInfoIpv4Tcp() {
// PacketInfoIpv4::~PacketInfoIpv4();
// _tcp_hdr = nullptr;
_tcp_hdr = nullptr;
}
/**
@ -88,7 +77,7 @@ class PacketInfoIpv4Tcp : public PacketInfoIpv4 {
* @return uint8_t
*/
inline uint8_t get_flags() {
const char desc[] = "mbuf";
//const char desc[] = "mbuf";
return PacketProtTcp::get_flags(
_tcp_hdr); // these are FIN to CWR flag, but
// i am not shure in which order
@ -185,6 +174,7 @@ class PacketInfoIpv4Tcp : public PacketInfoIpv4 {
rte_ether_addr src_mac, rte_ether_addr dst_mac, uint32_t src_ip,
uint32_t dst_ip, uint16_t src_port, uint16_t dst_port, uint32_t seq_num,
uint32_t ack_num, uint8_t flags, uint16_t tcp_window) {
// const char desc[] = "mbuf";
// let PacketInfo handle ethernet filling
@ -214,6 +204,7 @@ class PacketInfoIpv4Tcp : public PacketInfoIpv4 {
}
inline void prepare_offloading_checksums() {
rte_mbuf* mbuf = get_mbuf();
mbuf->ol_flags = PKT_TX_IPV4 | PKT_TX_IP_CKSUM | PKT_TX_TCP_CKSUM;
mbuf->l4_len = sizeof(struct rte_tcp_hdr);
@ -228,4 +219,5 @@ class PacketInfoIpv4Tcp : public PacketInfoIpv4 {
private:
rte_tcp_hdr* _tcp_hdr;
};

2
include/PacketDissection/PacketInfoIpv4Udp.hpp
View File

@ -1,6 +1,6 @@
/**
* @file PacketInfoIpv4Udp.hpp
* @author @Tobias
* @author Tobias
* @brief class to provide packets IPv4 and UDP header information
* @date 2021-06-08
*

13
include/PacketDissection/PacketProtTcp.hpp
View File

@ -25,7 +25,9 @@ class PacketProtTcp {
/**
* @brief Set packets TCP sequence number
*
* @param tcp_hdr
* @param seq_num
* \todo describe param tcp_hdr
*/
inline static void set_seq_num(rte_tcp_hdr* tcp_hdr, uint32_t seq_num) {
tcp_hdr->sent_seq = rte_cpu_to_be_32(seq_num);
@ -34,7 +36,9 @@ class PacketProtTcp {
/**
* @brief Set packets TCP acknowledgment number
*
* @param tcp_hdr
* @param ack_num
* \todo describe param tcp_hdr
*/
inline static void set_ack_num(rte_tcp_hdr* tcp_hdr, uint32_t ack_num) {
tcp_hdr->recv_ack = rte_cpu_to_be_32(ack_num);
@ -43,7 +47,10 @@ class PacketProtTcp {
/**
* @brief Get packets TCP destination port
*
* @param tcp_hdr
* @return uint16_t
*
* \todo describe param tcp_hdr
*/
inline static uint16_t get_dst_port(rte_tcp_hdr* tcp_hdr) {
return rte_be_to_cpu_16(tcp_hdr->dst_port);
@ -52,7 +59,9 @@ class PacketProtTcp {
/**
* @brief Get packets TCP source port
*
* @param tcp_hdr
* @return uint16_t
* \todo describe param tcp_hdr
*/
inline static uint16_t get_src_port(rte_tcp_hdr* tcp_hdr) {
return rte_be_to_cpu_16(tcp_hdr->src_port);
@ -61,7 +70,9 @@ class PacketProtTcp {
/**
* @brief Get packets TCP flags
* MSB is CWR flag, LSB is FIN flag, NS flag not included
* @param tcp_hdr
* @return uint8_t
* \todo describe param tcp_hdr
*/
inline static uint8_t get_flags(rte_tcp_hdr* tcp_hdr) {
return tcp_hdr->tcp_flags; // these are FIN to CWR flag, but i am not
@ -165,6 +176,8 @@ class PacketProtTcp {
* If this PacketInfo has a _mbuf and this _mbuf is empty,
* then all IP and TCP header information is filled in.
* This function doesn't create a new mbuf.
* @param tcp_hdr
* @param mbuf
* @param src_ip IP address packet originally originated from
* @param dst_ip IP address packet is going to be send to
* @param src_port TCP port packet originally was send from

11
include/RandomNumberGenerator.hpp
View File

@ -1,3 +1,14 @@
/**
* @file RandomNumberGenerator.hpp
* @author Jakob, Tim
* @brief
* @version 0.1
* @date 2021-07-12
*
* @copyright Copyright (c) 2021
*
*/
#pragma once
#include <cstdlib>

119
include/Threads/AttackThread.hpp
View File

@ -1,14 +1,24 @@
/**
* @file AttackThread.hpp
* @author Jakob
* @brief
* @version 0.1
* @date 2021-07-12
*
* @copyright Copyright (c) 2021
*
*/
#pragma once
#include <rte_ether.h>
#include "PacketDissection/PacketContainerLean.hpp"
#include "PacketDissection/PacketContainer.hpp"
#include "PacketDissection/PacketInfo.hpp"
#include "PacketDissection/PacketInfoIpv4Tcp.hpp"
#include "RandomNumberGenerator.hpp"
#include "Threads/ForwardingThread.hpp"
class AttackThread : public Thread {
class AttackThread : public ForwardingThread {
private:
inline void run() {
std::cout << "\nRunning on lcore " << rte_lcore_id()
@ -16,7 +26,6 @@ class AttackThread : public Thread {
<< std::endl;
while (likely(_quit == false)) {
// have skip iterate field in config and skip for nb of packets
iterate();
#ifdef SINGLE_ITERATION
_quit = false;
@ -50,15 +59,16 @@ class AttackThread : public Thread {
uint64_t _data_rate_per_cycle;
uint64_t _delta_cycles_mean;
uint64_t _total_nb_pkts_to_dave;
uint64_t _total_nb_pkts_from_dave;
uint64_t _total_nb_pkts_to_alice;
uint64_t _total_nb_atk_pkts;
uint64_t _total_nb_pkts_to_alcie;
uint64_t _total_data_volume_to_alice;
uint64_t _total_nb_pkts_from_alice;
uint64_t _total_data_volume_from_alice;
// ============ needed for special define options
int _iterations;
uint _call_send_pkts_every_nth_iteration;
bool _send;
// ============ not needed
@ -80,12 +90,6 @@ class AttackThread : public Thread {
* variables.
*
* @param[in] pkt_size
* @param[in] cycles
* @param[in] delta_cycles
* @param[in] cycles_old
* @param[in] data_volume
* @param[in] data_rate_per_cycle
* @param[out] nb_attack_packets
*/
inline void calculate_nb_attack_packets(int pkt_size) {
@ -126,7 +130,7 @@ class AttackThread : public Thread {
*/
inline uint32_t calculate_ipv4_address(uint8_t byte1, uint8_t byte2,
uint8_t byte3, uint8_t byte4) {
return byte1 * 2 ^ 24 + byte2 * 2 ^ 16 + byte3 * 2 ^ 8 + byte4;
return (byte1 * 2 ^ 24) + (byte2 * 2 ^ 16) + (byte3 * 2 ^ 8) + byte4;
}
/**
@ -140,7 +144,7 @@ class AttackThread : public Thread {
rte_mbuf* m_copy;
for (int i = 0; i < nb_pkts; ++i) {
for (u_int32_t i = 0; i < nb_pkts; ++i) {
m_copy = rte_pktmbuf_copy(_mbuf_origin, mempool, 0, UINT32_MAX);
if (unlikely(m_copy == nullptr)) {
@ -173,7 +177,7 @@ class AttackThread : public Thread {
rte_mbuf* m_copy;
for (int i = 0; i < nb_pkts; ++i) {
for (uint32_t i = 0; i < nb_pkts; ++i) {
m_copy = rte_pktmbuf_copy(_mbuf_origin, mempool, 0, UINT32_MAX);
if (unlikely(m_copy == nullptr)) {
@ -217,30 +221,20 @@ class AttackThread : public Thread {
}
public:
bool _do_attack;
inline AttackThread(PacketContainerLean* pkt_container_to_dave,
PacketContainerLean* pkt_container_to_alice,
inline AttackThread(PacketContainerLean* pkt_container_to_inside,
PacketContainerLean* pkt_container_to_outside,
unsigned int nb_worker_threads)
: Thread(), _nb_worker_threads(nb_worker_threads), _iterations(0),
_call_send_pkts_every_nth_iteration(0),
_pkt_container_to_dave(pkt_container_to_dave),
_pkt_container_to_alice(pkt_container_to_alice), _nb_pkts_to_dave(0),
_nb_pkts_to_alice(0), _total_nb_pkts_to_dave(0),
_total_nb_pkts_from_dave(0), _total_nb_pkts_to_alice(0),
_total_data_volume_to_alice(0), _total_nb_pkts_from_alice(0),
_total_data_volume_from_alice(0), _pkt_type(NONE), _cycles(0),
_delta_cycles(0), _data_volume(0), _nb_attack_packets(0),
_hz(rte_get_tsc_hz()), _delta_cycles_mean(0), _n(1),
: ForwardingThread(pkt_container_to_inside, pkt_container_to_outside),
_pkt_container_to_dave(pkt_container_to_inside),
_pkt_container_to_alice(pkt_container_to_outside),
_nb_worker_threads(nb_worker_threads),
_bob_mac({.addr_bytes = {60, 253, 254, 163, 231, 48}}),
_src_mac({.addr_bytes = {60, 253, 254, 163, 231, 88}}),
_bob_ip(167772162), _alice_ip(167772161), _tcp_flags(0),
_mbuf_origin(nullptr), _do_attack(false) {
// ===== calculate stuff regarding clock calculation ===== //
/*
_bob_ip(167772162), _alice_ip(167772161), _nb_attack_packets(0),
_delta_cycles_mean(0), _iterations(0), _send(true),
_nb_pkts_to_dave(0), _nb_pkts_to_alice(0), _pkt_type(NONE),
_cycles(0), _delta_cycles(0), _data_volume(0), _hz(rte_get_tsc_hz()),
_n(1) {
_data_rate =
int((std::stoi(Configurator::instance()->get_config_as_string(
"attack_rate")) *
@ -255,7 +249,6 @@ class AttackThread : public Thread {
}
_cycles_old = rte_get_tsc_cycles();
*/
// ===== read and set attack type =====//
@ -286,14 +279,10 @@ class AttackThread : public Thread {
// =====set number of attack packets =====//
_nb_attack_packets =
Configurator::instance()->get_config_as_unsigned_int(
"number_of_attack_packets_per_thread_per_send_call");
std::stoi(Configurator::instance()->get_config_as_string(
"number_of_attack_packets_per_thread_per_iteration"));
_call_send_pkts_every_nth_iteration =
Configurator::instance()->get_config_as_unsigned_int(
"call_send_pkts_every_nth_iteration");
LOG_INFO << "number_of_attack_packets_per_thread_per_send_call : "
LOG_INFO << "number_of_attack_packets_per_thread_per_iteration : "
<< _nb_attack_packets << LOG_END;
//===== create origin attack packet=====//
@ -336,8 +325,6 @@ class AttackThread : public Thread {
delete pkt_info_origin;
pkt_info_origin = nullptr;
}
// =====attack rate
}
inline ~AttackThread() { rte_pktmbuf_free(_mbuf_origin); }
@ -354,7 +341,6 @@ class AttackThread : public Thread {
// ===== ALICE <--[MALLORY]-- DAVE/BOB ===== //
_pkt_container_to_alice->poll_mbufs(_nb_pkts_to_alice);
_total_nb_pkts_from_dave += _nb_pkts_to_alice;
// continue if no packets are received
if (likely(_nb_pkts_to_alice > 0)) {
@ -372,7 +358,7 @@ class AttackThread : public Thread {
_total_data_volume_to_alice += rte_pktmbuf_pkt_len(mbuf);
}
}
_total_nb_pkts_to_alice += _pkt_container_to_alice->send_mbufs();
_total_nb_pkts_to_alcie += _pkt_container_to_alice->send_mbufs();
}
// ===== ALICE --[MALLORY]--> DAVE/BOB ===== //
@ -384,11 +370,13 @@ class AttackThread : public Thread {
_pkt_container_to_dave->get_mbuf_at_index(i));
}
if (unlikely(_iterations == _call_send_pkts_every_nth_iteration)) {
#ifdef SEND_PKTS_EVERY_NTH_ITERATION
if (_iterations == SEND_PKTS_EVERY_NTH_ITERATION) {
_iterations = 0;
#endif
// create attack packets
if (likely(_do_attack)) {
if (likely(_send == true)) {
if (_attack_type == SYN_FLOOD || _attack_type == SYN_FIN ||
_attack_type == SYN_FIN_ACK) {
create_attack_packet_burst_tcp(_nb_attack_packets,
@ -396,34 +384,29 @@ class AttackThread : public Thread {
} else if (_attack_type == UDP_FLOOD) {
create_attack_packet_burst_udp(_nb_attack_packets);
}
} else{
_total_nb_pkts_to_dave = 0;
_total_nb_pkts_from_dave = 0;
_total_nb_pkts_to_alice = 0;
_total_data_volume_to_alice = 0;
_total_nb_pkts_from_alice = 0;
_total_data_volume_from_alice = 0;
}
#ifdef SEND_PKTS_EVERY_NTH_ITERATION
}
++_iterations;
#endif
_total_nb_pkts_to_dave = _total_nb_pkts_to_dave +
_pkt_container_to_dave->send_mbufs();
_total_nb_atk_pkts = _total_nb_atk_pkts +
_pkt_container_to_dave->send_mbufs() -
_nb_pkts_to_dave;
#ifdef SEND_ONCE
_send = false;
#endif
// calculate_cycles();
}
inline uint64_t get_total_nb_pkts_to_dave() {
return _total_nb_pkts_to_dave;
}
inline uint64_t get_total_nb_pkts_from_dave() {
return _total_nb_pkts_from_dave;
}
inline uint64_t get_total_nb_atk_pkts() { return _total_nb_atk_pkts; }
inline uint64_t get_total_nb_pkts_to_alice() {
return _total_nb_pkts_to_alice;
return _total_nb_pkts_to_alcie;
}
inline uint64_t get_total_data_volume_to_alice() {

40
include/Threads/DefenseThread.hpp
View File

@ -1,24 +1,26 @@
/**
* @file DefenseThread.hpp
* @author Jakob
* @brief
* @version 0.1
* @date 2021-07-12
*
* @copyright Copyright (c) 2021
*
*/
#pragma once
#include "PacketDissection/PacketContainer.hpp"
#include "Inspection.hpp"
#include "Treatment/Treatment.hpp"
#include "Threads/StatisticsThread.hpp"
#include "Threads/ForwardingThread.hpp"
class DefenseThread : public Thread {
class DefenseThread : public ForwardingThread {
public:
DefenseThread(MbufContainerReceiving* mbuf_container_from_inside,
MbufContainerReceiving* mbuf_container_from_outside,
MbufContainerTransmitting* mbuf_container_to_inside,
MbufContainerTransmitting* mbuf_container_to_outside);
~DefenseThread() { delete _treatment; }
void start_treat() { _do_treat = true; }
void stop_treat() { _do_treat = false; }
bool _do_treat;
DefenseThread(PacketContainer* pkt_container_to_inside,
PacketContainer* pkt_container_to_outside,
StatisticsThread* stat_thread);
/**
* @brief Wrapper for the run-method
@ -34,13 +36,9 @@ class DefenseThread : public Thread {
static int s_run(void* thread_obj);
private:
Treatment* _treatment;
MbufContainerReceiving* _mbuf_container_from_outside;
MbufContainerReceiving* _mbuf_container_from_inside;
MbufContainerTransmitting* _mbuf_container_to_outside;
MbufContainerTransmitting* _mbuf_container_to_inside;
Inspection _inspection;
Treatment _treatment;
StatisticsThread* _statistics_thread;
/**
* @brief Run thread
*

12
include/Threads/ForwardingThread.hpp
View File

@ -1,3 +1,14 @@
/**
* @file ForwardingThread.hpp
* @author Jakob
* @brief
* @version 0.1
* @date 2021-07-12
*
* @copyright Copyright (c) 2021
*
*/
#pragma once
#include "PacketDissection/PacketContainer.hpp"
@ -31,7 +42,6 @@ class ForwardingThread : public Thread {
*/
PacketContainer* _pkt_container_to_inside;
PacketContainerLean* _pkt_container_to_inside_lean;
// PacketContainerLean* _pkt_container_from_outside_lean;
/**
* @brief in AttackThread: to alice

51
include/Threads/StatisticsThread.hpp
View File

@ -1,11 +1,28 @@
/**
* @file StatisticsThread.hpp
* @author Jakob
* @brief
* @version 0.1
* @date 2021-07-12
*
* @copyright Copyright (c) 2021
*
*/
#pragma once
#include <rte_ring_core.h>
#include <rte_ring_elem.h>
#include <cstdint>
#include <cstdio>
#include <iostream>
#include <ostream>
#include <rte_errno.h>
#include <rte_lcore.h>
#include <rte_ring.h>
//#include <rte_ring_core.h>
//#include <rte_ring_elem.h>
#include <string>
#include "Threads/Thread.hpp"
#include "Definitions.hpp"
struct Stats {
uint64_t attacks;
@ -13,11 +30,12 @@ struct Stats {
uint64_t dropped;
uint64_t packets;
uint64_t work_time;
uint64_t syn_level;
Stats* operator+=(const Stats* new_stats);
Stats& operator+=(const Stats& new_stats);
void reset_stats();
};
// all current stats which can be displayed
struct StatsMonitor {
double attacks_per_second;
double attacks_percent;
@ -25,19 +43,32 @@ struct StatsMonitor {
double dropped_per_second;
double dropped_percent;
double packets_per_second;
double proc_speed; // process speed
double process_speed;
double total_time;
};
class StatisticsThread : public Thread {
public:
StatisticsThread();
static int s_run(void* thread_vptr);
void enqueue_statistics(int& id, Stats* new_stats);
void update_statistics(Stats* new_stats);
void enqueue_statistics(const unsigned int& id, Stats* new_stats);
void update_statistics_monitor();
void print_stats_monitor();
private:
void run();
static rte_ring* _s_queue[16];
static Stats* _s_stats;
static rte_ring* _s_queue[16]; // todo : dynamic
Stats* _s_stats;
StatsMonitor* _s_stats_monitor;
uint64_t timer_get_seconds();
void timer_reset();
// timer variables
uint64_t cycles_old = 0;
uint64_t cycles = 0;
uint64_t seconds = 0;
uint64_t delta_t = 0;
uint64_t hz;
};

11
include/Threads/Thread.hpp
View File

@ -1,3 +1,14 @@
/**
* @file Thread.hpp
* @author Jakob
* @brief
* @version 0.1
* @date 2021-07-12
*
* @copyright Copyright (c) 2021
*
*/
#pragma once
#include <stdint.h>

1123
include/Treatment/Treatment.hpp
View File

File diff suppressed because it is too large Load Diff

44
include/Treatment/rand.h Normal file
View File

@ -0,0 +1,44 @@
#pragma once
/**
* @file rand.h
* @author Felix, Fabienne
* @brief This header includes only one method which returns a random 64bit
* unsigned integer
* @version 0.1
* @date 2021-07-06
*
* @copyright Copyright (c) 2021
*
*/
/**
* @brief Rand itself provides a method to get a random number. This number is
* used in Treatment as cookie_secret
*
*/
class Rand {
public:
/**
* @brief Get a random 64bit unsigned integer
*
* @return u_int64_t
*/
static u_int64_t get_random_64bit_value() {
u_int64_t random64BitNumber = 0;
u_int64_t value1 = (uint16_t)std::rand();
value1 = (value1 << 48);
random64BitNumber |= value1;
u_int64_t value2 = (uint16_t)rand();
value2 = (value2 << 32);
random64BitNumber |= value2;
u_int64_t value3 = (uint16_t)rand();
random64BitNumber |= value3;
return random64BitNumber;
}
};

293
source/Attacker/main.cpp
View File

@ -1,27 +1,16 @@
#include <chrono>
#include <fstream>
#include <iostream>
#include <signal.h>
#include "Cli.hpp"
#include "ConfigurationManagement/Configurator.hpp"
#include "Configurator.hpp"
#include "Initializer.hpp"
#include "PacketDissection/PacketContainer.hpp"
#include "Threads/AttackThread.hpp"
int main(int argc, char** argv);
void handle_quit(int signum);
void terminate(AttackThread** thread_arr, uint16_t nb_worker_threads);
bool quit = false;
std::chrono::time_point<std::chrono::system_clock> start, end;
uint64_t nb_pkts_to_dave = 0;
uint64_t nb_pkts_from_dave = 0;
uint64_t nb_atk_pkts = 0;
uint64_t nb_pkts_to_alice = 0;
uint64_t nb_pkts_from_alice = 0;
uint64_t data_volume_to_alice = 0;
uint64_t data_volume_from_alice = 0;
int pkt_type_used = 0;
int main(int argc, char** argv) {
@ -29,7 +18,7 @@ int main(int argc, char** argv) {
// Register signal and signal handler
signal(SIGINT, handle_quit);
Configurator::instance()->read_config("../test/config_attacker.json");
Configurator::instance()->read_config("../test/Attacker_config.json");
Initializer* init = new Initializer();
unsigned int lcore_id;
@ -60,189 +49,64 @@ int main(int argc, char** argv) {
lcore_id = rte_lcore_id();
// run every thread except the last one
for (int i = 0; i < nb_worker_threads; ++i) {
for (int i = 0; i < nb_worker_threads - 1; ++i) {
lcore_id = rte_get_next_lcore(lcore_id, true, true);
rte_eal_remote_launch(
static_cast<lcore_function_t*>(AttackThread::s_run), thread_arr[i],
lcore_id);
}
// start measuring time running
std::chrono::time_point<std::chrono::system_clock> start, end;
start = std::chrono::system_clock::now();
std::cout << "\nRunning. [Ctrl+C to quit]\n" << std::endl;
// ===== RUN =====//
std::cout << "\nRunning on lcore " << rte_lcore_id()
<< ". [Ctrl+C to quit]\n"
<< std::endl;
// ===================START CLI ====================//
while (quit == false) {
thread_arr[nb_worker_threads - 1]->iterate();
#ifdef SINGLE_ITERATION
quit = true;
#endif
}
std::string input = "";
const std::string NAME = "syntflut";
const char* PATH_ATTACKING_FILE = "/home/guru/is_attacking/attacking";
// ===== TERMINATE ===== //
std::cout << "\nterminating..." << std::endl;
enum State { RUNNING, IDLE };
State state = IDLE;
for (int i = 0; i < nb_worker_threads - 1; ++i) {
#ifndef SINGLE_ITERATION
thread_arr[i]->quit();
#endif
}
// stop measuring time running
end = std::chrono::system_clock::now();
// calculate total number of attack packets
uint64_t nb_atk_pkts = 0;
uint64_t nb_pkts_to_alice = 0;
uint64_t nb_pkts_from_alice = 0;
uint64_t data_volume_to_alice = 0;
uint64_t data_volume_from_alice = 0;
int pkt_type_used = 0;
while (input != "exit") {
std::cout << NAME << "> ";
std::cin >> input;
std::cout << std::endl;
if (input == "start") {
if (state == IDLE) {
for (int i = 0; i < nb_worker_threads; ++i) {
thread_arr[i]->_do_attack = true;
}
// start measuring time running
start = std::chrono::system_clock::now();
// Start GUI
std::ofstream outfile(PATH_ATTACKING_FILE);
outfile.close();
// ===== RUN =====//
state = RUNNING;
} else { // state == RUNNING
std::cout << "Cannot start if program is already running."
<< std::endl;
}
} else if (input == "stop") {
if (state == IDLE) {
std::cout << "Cannot stop if program is not running."
<< std::endl;
} else { // state == RUNNING
// Stop GUI
std::remove(PATH_ATTACKING_FILE);
end = std::chrono::system_clock::now();
nb_pkts_to_dave = 0;
nb_pkts_from_dave = 0;
nb_pkts_to_alice = 0;
nb_pkts_from_alice = 0;
data_volume_to_alice = 0;
data_volume_from_alice = 0;
pkt_type_used = 0;
for (int i = 0; i < nb_worker_threads; ++i) {
// rescue Informations
nb_pkts_to_dave +=
thread_arr[i]->get_total_nb_pkts_to_dave();
nb_pkts_from_dave +=
thread_arr[i]->get_total_nb_pkts_from_dave();
nb_pkts_to_alice +=
thread_arr[i]->get_total_nb_pkts_to_alice();
nb_pkts_from_alice +=
thread_arr[i]->get_total_nb_pkts_from_alice();
data_volume_to_alice +=
thread_arr[i]->get_total_data_volume_to_alice();
data_volume_from_alice +=
thread_arr[i]->get_total_data_volume_from_alice();
pkt_type_used += thread_arr[i]->get_atk_pkt_type();
thread_arr[i]->_do_attack = false;
}
// print attack statistics
std::chrono::duration<double> elapsed_seconds = end - start;
std::cout << "\nduration of attack:\t\t\t\t"
<< elapsed_seconds.count() << " seconds" << std::endl;
int pkt_size = -1;
if (pkt_type_used > 1) { // TCP:tcp + ip + ether
pkt_size = 20 + 20 + 14;
} else { // UDP: udp + ip + ether
pkt_size = 8 + 20 + 14;
}
nb_atk_pkts = nb_pkts_to_dave - nb_pkts_from_alice;
std::cout << "attack packets sent:\t\t\t\t" << nb_atk_pkts
<< std::endl;
std::cout << "data volume sent (without L1 header):\t\t"
<< nb_atk_pkts * pkt_size / 1048576 << " MByte"
<< std::endl;
std::cout << "data volume sent (with L1 header):\t\t"
<< nb_atk_pkts * 84 / 1048576 << " MByte"
<< std::endl;
std::cout << "average attack rate (without L1 header):\t"
<< nb_atk_pkts * pkt_size / elapsed_seconds.count() /
1048576 * 8
<< " Mbps" << std::endl;
std::cout << "average attack rate (with L1 header):\t\t"
<< nb_atk_pkts * 84 / elapsed_seconds.count() /
1048576 * 8
<< " Mbps" << std::endl;
std::cout << "average attack packet rate:\t\t\t"
<< nb_atk_pkts / elapsed_seconds.count() / 1000
<< " Kpps" << std::endl;
std::cout << "\nnumber packets sent from alice:\t\t\t"
<< nb_pkts_from_alice << std::endl;
std::cout << "number packets recieved by alice:\t\t"
<< nb_pkts_to_alice << std::endl;
std::cout << "average data rate sent from alice:\t\t"
<< data_volume_from_alice / elapsed_seconds.count() /
1024 * 8
<< " Kbps" << std::endl;
std::cout << "average data rate recieved by alice:\t\t"
<< data_volume_to_alice / elapsed_seconds.count() /
1024 * 8
<< " Kbps" << std::endl
<< std::endl;
/*
std::cout << "\nstats for testing:" << std::endl;
std::cout << "number packets sent from dave:\t\t\t"
<< nb_pkts_from_dave << std::endl;
std::cout << "number packets recieved by dave:\t\t\t"
<< nb_pkts_to_dave << std::endl;
std::cout << "attack time:\t\t\t\t\t\t\t\t"
<< elapsed_seconds.count() <<"s" << std::endl;
*/
state = IDLE;
}
} else if (input == "exit") {
// Stop GUI
if (state == RUNNING) {
std::remove(PATH_ATTACKING_FILE);
}
} else if (input == "help" || input == "h") {
std::cout << "start\tstart " << NAME << std::endl
<< "stop\tstop " << NAME << std::endl
<< "help, h\tprint commands " << std::endl
<< "exit\texit " << NAME << std::endl
<< std::endl;
} else {
std::cout << "Command unknown. Try 'h' or 'help'." << std::endl;
//wait for threads to end
for (int i = 0; i < nb_worker_threads - 1; ++i) {
while (thread_arr[i]->is_running()) {
// wait
}
}
// ====================END CLI ====================//
// ===== TERMINATE ===== //
terminate(thread_arr, nb_worker_threads);
// destruct objects on heap
for (int i = 0; i < nb_worker_threads; ++i) {
// rescue Informations
nb_atk_pkts += thread_arr[i]->get_total_nb_atk_pkts();
nb_pkts_to_alice += thread_arr[i]->get_total_nb_pkts_to_alice();
nb_pkts_from_alice += thread_arr[i]->get_total_nb_pkts_from_alice();
data_volume_to_alice += thread_arr[i]->get_total_data_volume_to_alice();
data_volume_from_alice +=
thread_arr[i]->get_total_data_volume_from_alice();
pkt_type_used += thread_arr[i]->get_atk_pkt_type();
delete thread_arr[i];
thread_arr[i] = nullptr;
@ -254,6 +118,52 @@ int main(int argc, char** argv) {
pkt_containers_to_alice[i] = nullptr;
}
// print attack statistics
std::chrono::duration<double> elapsed_seconds = end - start;
std::cout << "\nduration of attack:\t\t\t\t" << elapsed_seconds.count()
<< " seconds" << std::endl;
int pkt_size = -1;
if (pkt_type_used > 1) { // TCP:tcp + ip + ether
pkt_size = 20 + 20 + 14;
} else { // UDP: udp + ip + ether
pkt_size = 8 + 20 + 14;
}
std::cout << "attack packets sent:\t\t\t\t" << nb_atk_pkts << std::endl;
std::cout << "data volume sent (without L1 header):\t\t"
<< nb_atk_pkts * pkt_size / 1073741824 << " GByte" << std::endl;
std::cout << "data volume sent (with L1 header):\t\t"
<< nb_atk_pkts * 84 / 1073741824 << " GByte" << std::endl;
std::cout << "average attack rate (without L1 header):\t"
<< nb_atk_pkts * pkt_size / elapsed_seconds.count() / 1073741824 *
8
<< " Gbps" << std::endl;
std::cout << "average attack rate (with L1 header):\t\t"
<< nb_atk_pkts * 84 / elapsed_seconds.count() / 1073741824 * 8
<< " Gbps" << std::endl;
std::cout << "average attack packet rate:\t\t\t"
<< nb_atk_pkts / elapsed_seconds.count() / 1000000 << " Mpps"
<< std::endl;
std::cout << "\nnumber packets sent from alice:\t\t\t" << nb_pkts_from_alice
<< std::endl;
std::cout << "number packets recieved by alice:\t\t" << nb_pkts_to_alice
<< std::endl;
std::cout << "average data rate sent from alice:\t\t"
<< data_volume_from_alice / elapsed_seconds.count() / 1024 * 8
<< " Kbps" << std::endl;
std::cout << "average data rate recieved by alice:\t\t"
<< data_volume_to_alice / elapsed_seconds.count() / 1024 * 8
<< " Kbps" << std::endl
<< std::endl;
delete init;
init = nullptr;
@ -264,23 +174,4 @@ int main(int argc, char** argv) {
// YOU ARE TERMINATED
}
void handle_quit(int signum) {
// do nothing
}
void terminate(AttackThread** thread_arr, uint16_t nb_worker_threads) {
std::cout << "\nterminating..." << std::endl;
for (int i = 0; i < nb_worker_threads - 1; ++i) {
#ifndef SINGLE_ITERATION
thread_arr[i]->quit();
#endif
}
//wait for threads to end
for (int i = 0; i < nb_worker_threads - 1; ++i) {
while (thread_arr[i]->is_running()) {
// wait
}
}
}
void handle_quit(int signum) { quit = true; }

81
source/Configurator.cpp
View File

@ -2,88 +2,99 @@
#include <boost/log/trivial.hpp>
#include <boost/log/utility/setup/common_attributes.hpp>
//-------------------------------------------------------------------------------
//------------------------- Constructor/ Destructor -----------------------------
//-------------------------------------------------------------------------------
//------------------------------------------------------------------------------
//------------------------- Constructor/ Destructor ----------------------------
//------------------------------------------------------------------------------
Configurator::Configurator(){}
Configurator::Configurator() {}
Configurator* Configurator::_instance = nullptr;
Configurator* Configurator::instance(){ // Speicherbereinigung
Configurator* Configurator::instance() { // Speicherbereinigung
static CGuard g;
if (!_instance){
_instance = new Configurator ();
if (!_instance) {
_instance = new Configurator();
}
return _instance;
}
Configurator::~Configurator(){}
Configurator::~Configurator() {}
//-------------------------------------------------------------------------------
//-------------------------------- Read Config ----------------------------------
//-------------------------------------------------------------------------------
//------------------------------------------------------------------------------
//-------------------------------- Read Config ---------------------------------
//------------------------------------------------------------------------------
void Configurator::read_config(std::string path,
std::string default_path){
void Configurator::read_config(std::string path, std::string default_path) {
// Read Standard Config
std::ifstream config_file(path);
if(config_file.is_open()){
if (config_file.is_open()) {
config_file >> _config;
LOG_INFO << "Config loaded Succesfully" << LOG_END;
}
else {
} else {
LOG_INFO << "No Config-File found at " + path << LOG_END;
throw std::runtime_error("No Config-File found at " + path);
}
// Read Default Config
std::ifstream default_config_file(default_path);
if(default_config_file.is_open()){
if (default_config_file.is_open()) {
default_config_file >> _default_config;
LOG_INFO << "Default Config loaded Succesfully" << LOG_END;
}
else {
LOG_ERROR << "No Config-File found at default path " + default_path << LOG_END;
throw std::runtime_error("No Config-File found at deafult path " + default_path);
} else {
LOG_ERROR << "No Config-File found at default path " + default_path
<< LOG_END;
throw std::runtime_error("No Config-File found at deafult path " +
default_path);
}
}
//-------------------------------------------------------------------------------
//-------------------------------- Get-Methods ----------------------------------
//-------------------------------------------------------------------------------
//------------------------------------------------------------------------------
//-------------------------------- Get-Methods ---------------------------------
//------------------------------------------------------------------------------
bool Configurator::entry_exists(const std::string att_name) {
bool in_default_config = _default_config.find(att_name) != _default_config.end();
bool in_default_config =
_default_config.find(att_name) != _default_config.end();
bool in_standard_config = _config.find(att_name) != _config.end();
return in_default_config || in_standard_config;
}
std::string Configurator::get_config_as_string(const std::string& att_name, bool default_value) {
return Configurator::get_value_from_config<std::string>(att_name, default_value);
std::string Configurator::get_config_as_string(const std::string& att_name,
bool default_value) {
return Configurator::get_value_from_config<std::string>(att_name,
default_value);
}
unsigned int Configurator::get_config_as_unsigned_int(const std::string& att_name, bool default_value) {
unsigned int
Configurator::get_config_as_unsigned_int(const std::string& att_name,
bool default_value) {
return Configurator::get_value_from_config<int>(att_name, default_value);
}
bool Configurator::get_config_as_bool(const std::string& att_name, bool default_value) {
bool Configurator::get_config_as_bool(const std::string& att_name,
bool default_value) {
return Configurator::get_value_from_config<bool>(att_name, default_value);
}
float Configurator::get_config_as_float(const std::string& att_name, bool default_value) {
float Configurator::get_config_as_float(const std::string& att_name,
bool default_value) {
return Configurator::get_value_from_config<float>(att_name, default_value);
}
double Configurator::get_config_as_double(const std::string& att_name, bool default_value) {
double Configurator::get_config_as_double(const std::string& att_name,
bool default_value) {
return Configurator::get_value_from_config<double>(att_name, default_value);
}
template <typename T>
T Configurator::get_value_from_config(const std::string& att_name, bool default_value) {
bool search_in_default_config = !(_config.find(att_name) != _config.end()) || default_value;
if (!search_in_default_config) { return _config[att_name]; }
T Configurator::get_value_from_config(const std::string& att_name,
bool default_value) {
bool search_in_default_config =
!(_config.find(att_name) != _config.end()) || default_value;
if (!search_in_default_config) {
return _config[att_name];
}
return _default_config[att_name];
}
//TODO Mehrdimensionale Attribute suchen
// TODO Mehrdimensionale Attribute suchen

2
source/DebugHelper.cpp
View File

@ -57,7 +57,7 @@ void DebugHelper::hex_dump_raw(const void *addr, int len) {
unsigned char res[2 * len + 1];
res[2 * len] = '\0';
for(unsigned int i = 0; i < len; i++) {
for(int i = 0; i < len; i++) {
printf((char *)res + i * 2, "%02X", pc[i]);
}
printf ("%s\n", res);

55
source/Initializer.cpp
View File

@ -4,7 +4,7 @@
#include <stdexcept>
#include "ConfigurationManagement/Configurator.hpp"
#include "Configurator.hpp"
#include "Definitions.hpp"
#include "Initializer.hpp"
@ -20,14 +20,18 @@ rte_mempool* Initializer::init_dpdk(int argc, char** argv,
};
rte_eth_conf port_conf = {
.rxmode = {.mq_mode = ETH_MQ_RX_RSS,
.max_rx_pkt_len = RTE_ETHER_MAX_LEN,
.offloads = DEV_RX_OFFLOAD_CHECKSUM},
.rxmode =
{
.mq_mode = ETH_MQ_RX_RSS,
.max_rx_pkt_len = RTE_ETHER_MAX_LEN,
.offloads =
DEV_RX_OFFLOAD_CHECKSUM
},
.txmode =
{
.offloads =
(DEV_TX_OFFLOAD_IPV4_CKSUM | DEV_TX_OFFLOAD_UDP_CKSUM |
DEV_TX_OFFLOAD_TCP_CKSUM),
DEV_TX_OFFLOAD_TCP_CKSUM),
},
.rx_adv_conf = {.rss_conf =
{
@ -53,7 +57,7 @@ rte_mempool* Initializer::init_dpdk_attacker(int argc, char** argv,
{
.offloads =
(DEV_TX_OFFLOAD_IPV4_CKSUM | DEV_TX_OFFLOAD_UDP_CKSUM |
DEV_TX_OFFLOAD_TCP_CKSUM),
DEV_TX_OFFLOAD_TCP_CKSUM),
},
};
@ -66,7 +70,7 @@ rte_mempool* Initializer::init_dpdk_template(uint16_t nb_non_worker_threads,
uint16_t& nb_worker_threads) {
int ret;
unsigned int nb_ports;
uint16_t portid;
uint16_t portid; //< init portid
struct rte_mempool* mbuf_pool;
// initialize eal
@ -100,21 +104,22 @@ rte_mempool* Initializer::init_dpdk_template(uint16_t nb_non_worker_threads,
cache_size -= 1;
}
mbuf_pool =
rte_pktmbuf_pool_create("MBUF_POOL", NUM_MBUF_POOL_ELEMENTS, cache_size,
0, RTE_MBUF_DEFAULT_BUF_SIZE, rte_socket_id());
mbuf_pool = rte_pktmbuf_pool_create(
"MBUF_POOL", NUM_MBUF_POOL_ELEMENTS, 0 /*cache_size*/, 0,
RTE_MBUF_DEFAULT_BUF_SIZE, rte_socket_id());
if (mbuf_pool == nullptr) {
rte_exit(EXIT_FAILURE, "Cannot create mbuf pool\n");
}
// Initialize all ports.
try {
RTE_ETH_FOREACH_DEV(portid) {
RTE_ETH_FOREACH_DEV(portid) {
try {
init_port(port_conf, portid, mbuf_pool, nb_worker_threads);
}
catch (std::exception& e) {
rte_exit(EXIT_FAILURE, "Cannot init port %" PRIu16 "\n", portid);
}
} catch (std::exception& e) {
rte_exit(EXIT_FAILURE, "Cannot init port %" PRIu16 "\n", portid);
}
return mbuf_pool;
@ -150,23 +155,17 @@ void Initializer::init_port(rte_eth_conf port_conf, uint16_t port,
// |= is not allowed operator. negation of DEV_TX_OFFL...
port_conf.txmode.offloads |= DEV_TX_OFFLOAD_MBUF_FAST_FREE;
// test if checksum offloading is possible
if (((dev_info.tx_offload_capa & DEV_TX_OFFLOAD_TCP_CKSUM) ==
DEV_TX_OFFLOAD_TCP_CKSUM) &&
((dev_info.tx_offload_capa & DEV_TX_OFFLOAD_IPV4_CKSUM) ==
DEV_TX_OFFLOAD_IPV4_CKSUM)) {
std::cout << "ethernet device is checksum offloading capable"
<< std::endl;
if (((dev_info.tx_offload_capa & DEV_TX_OFFLOAD_TCP_CKSUM) == DEV_TX_OFFLOAD_TCP_CKSUM) &&
((dev_info.tx_offload_capa & DEV_TX_OFFLOAD_IPV4_CKSUM) == DEV_TX_OFFLOAD_IPV4_CKSUM) ){
std::cout << "ethernet device is checksum offloading capabel" << std::endl;
} else {
std::cout << "ethernet device is not checksum offloading capable"
<< std::endl;
std::cout << "ethernet device is not checksum offloading capabel" << std::endl;
}
if (((dev_info.tx_queue_offload_capa & DEV_TX_OFFLOAD_IPV4_CKSUM) ==
DEV_TX_OFFLOAD_IPV4_CKSUM) &&
((dev_info.tx_queue_offload_capa & DEV_TX_OFFLOAD_TCP_CKSUM) ==
DEV_TX_OFFLOAD_TCP_CKSUM)) {
std::cout << "queue is checksum offloading capable" << std::endl;
if (((dev_info.tx_queue_offload_capa & DEV_TX_OFFLOAD_IPV4_CKSUM) == DEV_TX_OFFLOAD_IPV4_CKSUM) &&
((dev_info.tx_queue_offload_capa & DEV_TX_OFFLOAD_TCP_CKSUM) == DEV_TX_OFFLOAD_TCP_CKSUM)) {
std::cout << "queue is checksum offloading capabel" << std::endl;
} else {
std::cout << "queue is not checksum offloading capable" << std::endl;
std::cout << "queue is not checksum offloading capabel" << std::endl;
}
// Configure the Ethernet device.

134
source/Threads/DefenseThread.cpp
View File

@ -1,28 +1,20 @@
#include <iostream>
#include <rte_cycles.h>
#include <rte_lcore.h>
#include <rte_mbuf.h>
#include "Definitions.hpp"
#include "Threads/DefenseThread.hpp"
#include "Threads/StatisticsThread.hpp"
// ===== PUBLIC ===== //
DefenseThread::DefenseThread(
MbufContainerReceiving* mbuf_container_from_inside,
MbufContainerReceiving* mbuf_container_from_outside,
MbufContainerTransmitting* mbuf_container_to_inside,
MbufContainerTransmitting* mbuf_container_to_outside)
: Thread()
, _mbuf_container_from_inside(mbuf_container_from_inside)
, _mbuf_container_from_outside(mbuf_container_from_outside)
, _mbuf_container_to_inside(mbuf_container_to_inside)
, _mbuf_container_to_outside(mbuf_container_to_outside)
, _do_treat(false) {
_treatment =
new Treatment(_mbuf_container_to_outside, _mbuf_container_to_inside, 0);
}
DefenseThread::DefenseThread(PacketContainer* pkt_container_to_inside,
PacketContainer* pkt_container_to_outside,
StatisticsThread* stat_thread)
: ForwardingThread(pkt_container_to_inside, pkt_container_to_outside),
_treatment(pkt_container_to_inside, pkt_container_to_outside),
_statistics_thread(stat_thread) {}
int DefenseThread::s_run(void* thread_vptr) {
DefenseThread* thread = static_cast<DefenseThread*>(thread_vptr);
@ -33,94 +25,54 @@ int DefenseThread::s_run(void* thread_vptr) {
// ===== PRIVATE ===== //
void DefenseThread::run() {
/*
LOG_INFO << "\nRunning on lcore " << rte_lcore_id() << ". [Ctrl+C to quit]"
<< LOG_END;
*/
uint16_t nb_pkts_to_inside;
uint16_t nb_pkts_to_outside;
BOOST_LOG_TRIVIAL(info)
<< "\nRunning on lcore " << rte_lcore_id() << ". [Ctrl+C to quit]\n";
// stats for StatisticThread_testing
Stats* thread_statistics = new Stats();
thread_statistics->attacks = rte_lcore_id();
thread_statistics->bytes = rte_lcore_id();
thread_statistics->dropped = rte_lcore_id();
thread_statistics->packets = rte_lcore_id();
thread_statistics->work_time = rte_lcore_id();
// Run until the application is quit or killed.
while (likely(_quit == false)) {
_statistics_thread->enqueue_statistics(rte_lcore_id(),
thread_statistics);
// std::cout << _do_treat << std::endl;
// ===== ALICE --[DAVE]--> BOB ===== //
// continue if no packets are received
int mbufs_from_inside = _mbuf_container_from_inside->poll_mbufs();
/* if (mbufs_from_inside != 0) {
BOOST_LOG_TRIVIAL(info)
<< "Number of packets received from inside: "
<< mbufs_from_inside;
} */
bool keep = true;
for (int i = 0; i < mbufs_from_inside; ++i) {
rte_mbuf* mbuf = _mbuf_container_from_inside->get_mbuf_at_index(i);
_pkt_container_to_inside->poll_packets(nb_pkts_to_inside);
if (likely(nb_pkts_to_inside > 0)) {
if (PacketInfoCreator::is_ipv4_tcp(mbuf) == true &&
_do_treat == true) {
PacketInfoIpv4Tcp* pkt_info = new PacketInfoIpv4Tcp(mbuf);
keep = _treatment->treat_packets_to_outside(pkt_info);
if (keep == false) {
// delete PacketInfo
delete pkt_info;
}
} else {
// fwd
// std::cout << _do_treat;
_mbuf_container_to_outside->add_mbuf(mbuf);
}
/// TODO: implement pipeline
_treatment.treat_packets_to_inside();
_pkt_container_to_inside->send_packets();
_pkt_container_to_outside->send_packets();
}
_mbuf_container_to_inside->send_mbufs();
_mbuf_container_to_outside->send_mbufs();
// _mbuf_container_to_inside->send_mbufs();
// _mbuf_container_to_outside->send_mbufs();
// for mbuf in pktsFromOutside
// pktInfoCreator::determinePacketType without creating a pktinfo
// create packetInfo with obtained type
// if tcp: treat
// else: fwd
// destroy pktInfo
// Pakete von innen, auch die selbsterzeugten bevorzugen
// ===== ALICE <--[DAVE]-- BOB ===== //
// continue if no packets are received
_pkt_container_to_outside->poll_packets(nb_pkts_to_outside);
if (likely(nb_pkts_to_outside > 0)) {
int mbufs_from_outside = _mbuf_container_from_outside->poll_mbufs();
/* if (mbufs_from_outside != 0) {
BOOST_LOG_TRIVIAL(info)
<< "Number of packets received from outside: "
<< mbufs_from_outside;
} */
for (int i = 0; i < mbufs_from_outside; ++i) {
rte_mbuf* mbuf = _mbuf_container_from_outside->get_mbuf_at_index(i);
if (PacketInfoCreator::is_ipv4_tcp(mbuf) == true &&
_do_treat == true) {
PacketInfoIpv4Tcp* pkt_info = new PacketInfoIpv4Tcp(mbuf);
keep = _treatment->treat_packets_to_inside(
static_cast<PacketInfoIpv4Tcp*>(pkt_info));
if (keep == false) {
// delete PacketInfo
delete pkt_info;
}
} else {
// std::cout << _do_treat;
_mbuf_container_to_inside->add_mbuf(mbuf);
}
/// TODO: implement pipeline
_treatment.treat_packets_to_outside();
_pkt_container_to_inside->send_packets();
_pkt_container_to_outside->send_packets();
}
/* if (_mbuf_container_to_inside->get_number_of_mbufs() > 0) {
BOOST_LOG_TRIVIAL(info)
<< "Number of packets sent to inside: "
<< _mbuf_container_to_inside->get_number_of_mbufs();
}
if (_mbuf_container_to_outside->get_number_of_mbufs() > 0) {
BOOST_LOG_TRIVIAL(info)
<< "Number of packets sent to outside: "
<< _mbuf_container_to_outside->get_number_of_mbufs();
} */
_mbuf_container_to_inside->send_mbufs();
_mbuf_container_to_outside->send_mbufs();
if (likely(nb_pkts_to_inside != 0 || nb_pkts_to_outside != 0)) {
BOOST_LOG_TRIVIAL(info)
<< "pkts_to_inside = " << nb_pkts_to_inside
<< "\tpkts_to_outside = " << nb_pkts_to_outside << "\n";
}
}
_running = false;

150
source/Threads/StatisticsThread.cpp
View File

@ -1,9 +1,58 @@
#include "Threads/StatisticsThread.hpp"
#include <iostream>
//-------------------------------------------------------------------------
//-------------------------- StatisticsThread -----------------------------
//-------------------------------------------------------------------------
StatisticsThread::StatisticsThread() {
std::string name;
unsigned int lcore_id = rte_lcore_id();
for (int i = 0; i < 16; ++i) {
lcore_id = rte_get_next_lcore(lcore_id, true, true);
name = "RTE_RING_THREAD_";
name += i + 1;
const char* c =
name.c_str(); // wrap string to char pointer //TODO: good name
lcore_id = rte_get_next_lcore(lcore_id, true, true);
_s_queue[i] = rte_ring_create(c, 4, rte_lcore_to_socket_id(lcore_id),
RING_F_SP_ENQ | RING_F_SC_DEQ);
// checking for errors in creating rte rings
if (_s_queue[i] == NULL) {
if (rte_errno == E_RTE_NO_CONFIG) {
std::cout << "Error during RTE_RING creation at Ring " << i + 1
<< ", return Value = E_RTE_NO_CONFIG" << std::endl;
}
if (rte_errno == E_RTE_SECONDARY) {
std::cout << "Error during RTE_RING creation at Ring " << i + 1
<< ", return Value = E_RTE_SECONDARY" << std::endl;
}
if (rte_errno == EINVAL) {
std::cout << "Error during RTE_RING creation at Ring " << i + 1
<< ", return Value = EINVAL" << std::endl;
}
if (rte_errno == ENOSPC) {
std::cout << "Error during RTE_RING creation at Ring " << i + 1
<< ", return Value = ENOSPC" << std::endl;
}
if (rte_errno == EEXIST) {
std::cout << "Error during RTE_RING creation at Ring " << i + 1
<< ", return Value = EEXIST" << std::endl;
}
if (rte_errno == ENOMEM) {
std::cout << "Error during RTE_RING creation at Ring " << i + 1
<< ", return Value = ENOMEM" << std::endl;
}
}
} // rte_lcore_to_socket_id
_s_stats_monitor = new StatsMonitor;
_s_stats = new Stats;
_s_stats_monitor->total_time = 0;
}
rte_ring* StatisticsThread::_s_queue[16];
int StatisticsThread::s_run(void* thread_vptr) {
@ -14,42 +63,97 @@ int StatisticsThread::s_run(void* thread_vptr) {
void StatisticsThread::run() {
// Check for new statistics in each rte_ring
while (_quit != false) {
for (rte_ring* ring : _s_queue) {
// Get stats from queue and update them
std::cout << "\n StatisticThread running on lcore " << rte_lcore_id()
<< ". [Ctrl+C to quit]\n"
<< std::endl;
cycles_old = rte_get_tsc_cycles();
while (likely(_quit == false)) {
// Timer -> update_statistics_monitor
if (timer_get_seconds() >=
1) { // every second updating the stats monitor
timer_reset();
update_statistics_monitor();
}
for (struct rte_ring* ring : _s_queue) {
// get stats from each Thread and put them into _s_stats
Stats* out;
rte_ring_dequeue(ring, (void**)&out);
if (rte_ring_dequeue(ring, (void**)&out) ==
0) { // taking existing stats from ring
*_s_stats += *out; // updating _s_stats
if (true) { // \TODO test if empty
update_statistics(out);
/*delete out;
out = nullptr;*/
}
}
}
}
void StatisticsThread::enqueue_statistics(int& id, Stats* new_stats) {
// enqueue statistics
rte_ring* ring = _s_queue[id];
rte_ring_enqueue(ring, new_stats);
void StatisticsThread::enqueue_statistics(const unsigned int& id,
Stats* new_stats) {
// enqueue statistics (checked and working)
rte_ring_enqueue(_s_queue[id], (void*)new_stats);
}
Stats* StatisticsThread::_s_stats;
void StatisticsThread::update_statistics_monitor() {
// called once per second
_s_stats_monitor->attacks_per_second = _s_stats->attacks;
_s_stats_monitor->attacks_percent =
((double)_s_stats->attacks / (double)_s_stats->packets) * 100;
_s_stats_monitor->bytes_per_second = _s_stats->bytes;
_s_stats_monitor->dropped_per_second = _s_stats->dropped;
_s_stats_monitor->attacks_percent =
((double)_s_stats->dropped / (double)_s_stats->packets) * 100;
_s_stats_monitor->packets_per_second = _s_stats->packets;
//_s_stats_monitor->process_speed = ;
++_s_stats_monitor->total_time;
void StatisticsThread::update_statistics(Stats* new_stats) {
//_s_stats += new_stats;
// delete old _s_stats
_s_stats->reset_stats();
}
void StatisticsThread::print_stats_monitor(){
std::cout << "Total runtime = " << _s_stats_monitor->total_time << "s" << std::endl;
std::cout << "Bytes per second = " << _s_stats_monitor->bytes_per_second << std::endl;
std::cout << "Packets per second = " << _s_stats_monitor->packets_per_second << std::endl;
std::cout << "Attacks per Second = " << _s_stats_monitor->attacks_per_second << std::endl;
std::cout << "Attacks in percent = " << _s_stats_monitor->attacks_percent << "%" << std::endl;
std::cout << "Dropped packets per second = " << _s_stats_monitor->dropped_per_second << std::endl;
std::cout << "Dropped packets in percent = " << _s_stats_monitor->dropped_percent << "%" << std::endl;
std::cout << "Prozess speed = " << _s_stats_monitor->process_speed << std::endl;
}
uint64_t StatisticsThread::timer_get_seconds() {
cycles = rte_get_tsc_cycles();
hz = rte_get_tsc_hz();
//calculate
seconds = (cycles - cycles_old) / hz;
return seconds;
}
void StatisticsThread::timer_reset() {
seconds = 0;
cycles_old = cycles;
}
//-------------------------------------------------------------------------
//-------------------------- Stats ----------------------------------------
//------------------------------- Stats -----------------------------------
//-------------------------------------------------------------------------
Stats* Stats::operator+=(const Stats* new_stats) {
this->attacks += new_stats->attacks;
this->bytes += new_stats->bytes;
this->dropped += new_stats->dropped;
this->packets += new_stats->packets;
this->work_time += new_stats->work_time;
this->syn_level += new_stats->syn_level;
return this;
Stats& Stats::operator+=(const Stats& new_stats) {
attacks += new_stats.attacks;
bytes += new_stats.bytes;
dropped += new_stats.dropped;
packets += new_stats.packets;
work_time += new_stats.work_time;
}
void Stats::reset_stats() {
attacks = 0;
bytes = 0;
dropped = 0;
packets = 0;
work_time = 0;
}

156
source/main.cpp
View File

@ -1,12 +1,13 @@
#include <signal.h>
#include "ConfigurationManagement/Configurator.hpp"
#include "Configurator.hpp"
#include "Initializer.hpp"
#include "PacketDissection/PacketContainer.hpp"
#include "Threads/DefenseThread.hpp"
#include "Threads/StatisticsThread.hpp"
int main(int argc, char** argv);
void handle_quit(int signum);
void terminate(DefenseThread** thread_arr, uint16_t nb_worker_threads);
bool quit = false;
@ -20,39 +21,34 @@ int main(int argc, char** argv) {
Initializer* init = new Initializer();
unsigned int lcore_id;
uint16_t inside_port = 1;
uint16_t outside_port = 0;
uint16_t inside_port = 0;
uint16_t outside_port = 1;
uint16_t nb_worker_threads = 0;
struct rte_mempool* mbuf_pool =
init->init_dpdk(argc, argv, nb_worker_threads);
// create thread objects
DefenseThread* thread_arr[nb_worker_threads];
MbufContainerReceiving* pkt_containers_from_outside[nb_worker_threads];
MbufContainerReceiving* pkt_containers_from_inside[nb_worker_threads];
MbufContainerTransmitting* pkt_containers_to_inside[nb_worker_threads];
MbufContainerTransmitting* pkt_containers_to_outside[nb_worker_threads];
StatisticsThread* stat_thread = new StatisticsThread();
DefenseThread* thread_arr[nb_worker_threads];
PacketContainer* pkt_containers_to_outside[nb_worker_threads];
PacketContainer* pkt_containers_to_inside[nb_worker_threads];
for (int i = 0; i < nb_worker_threads; i++) {
pkt_containers_from_outside[i] =
new MbufContainerReceiving(mbuf_pool, outside_port, i);
pkt_containers_from_inside[i] =
new MbufContainerReceiving(mbuf_pool, inside_port, i);
pkt_containers_to_inside[i] =
new MbufContainerTransmitting(mbuf_pool, inside_port, i);
pkt_containers_to_outside[i] =
new MbufContainerTransmitting(mbuf_pool, outside_port, i);
new PacketContainer(mbuf_pool, inside_port, outside_port, i, i);
pkt_containers_to_inside[i] =
new PacketContainer(mbuf_pool, outside_port, inside_port, i, i);
thread_arr[i] = new DefenseThread(
pkt_containers_from_inside[i], pkt_containers_from_outside[i],
pkt_containers_to_inside[i], pkt_containers_to_outside[i]);
thread_arr[i] = new DefenseThread(pkt_containers_to_outside[i],
pkt_containers_to_inside[i], stat_thread);
}
// start each thread on an own lcore
lcore_id = rte_lcore_id();
// start DefenseThreads
// ..start each thread on an own lcore
lcore_id = rte_lcore_id();
for (int i = 0; i < nb_worker_threads; ++i) {
lcore_id = rte_get_next_lcore(lcore_id, true, true);
@ -61,100 +57,41 @@ int main(int argc, char** argv) {
lcore_id);
}
/*
uint64_t hz = rte_get_tsc_hz();
u_int64_t cycles = rte_get_tsc_cycles();
u_int64_t old_cycles = cycles;
while (likely(quit == false)) {
cycles = rte_get_tsc_cycles();
if (cycles - old_cycles > 64 * hz) {
Treatment::s_increment_timestamp();
old_cycles = cycles;
}
}
*/
// ===================START CLI ====================//
std::string input = "";
const std::string NAME = "aegis";
enum State { RUNNING, IDLE };
State state = IDLE;
while (input != "exit") {
std::cout << std::endl;
std::cout << NAME << "> " << std::flush;
std::cin >> input;
std::cout << std::endl;
if (input == "start") {
if (state == IDLE) {
for (int i = 0; i < nb_worker_threads; ++i) {
thread_arr[i]->start_treat();
}
state = RUNNING;
} else { // state == RUNNING
std::cout << "Cannot start if program is already running."
<< std::endl;
}
} else if (input == "stop") {
if (state == IDLE) {
std::cout << "Cannot stop if program is not running."
<< std::endl;
} else { // state == RUNNING
for (int i = 0; i < nb_worker_threads; ++i) {
thread_arr[i]->stop_treat();
}
state = IDLE;
}
} else if (input == "exit") {
// do nothing; while loop stops
} else if (input == "help" || input == "h") {
std::cout << "start\tstart " << NAME << std::endl
<< "stop\tstop " << NAME << std::endl
<< "help, h\tprint commands " << std::endl
<< "exit\texit " << NAME << std::endl
<< std::endl;
} else {
std::cout << "Command unknown. Try 'h' or 'help'." << std::endl;
uint64_t hz = rte_get_tsc_hz();
u_int64_t cycles = rte_get_tsc_cycles();
u_int64_t old_cycles = cycles;
while (likely(quit == false)) {
cycles = rte_get_tsc_cycles();
if (cycles - old_cycles > 64 * hz) {
Treatment::s_increment_timestamp();
old_cycles = cycles;
}
}
// ====================END CLI ====================//
// ===== TERMINATE ===== //
terminate(thread_arr, nb_worker_threads);
std::cout << "\nterminating..." << std::endl;
for (int i = 0; i < nb_worker_threads; ++i) {
thread_arr[i]->quit();
}
stat_thread->quit();
// destruct objects on heap
for (int i = 0; i < nb_worker_threads; ++i) {
delete thread_arr[i];
thread_arr[i] = nullptr;
delete pkt_containers_from_inside[i];
pkt_containers_from_inside[i] = nullptr;
delete pkt_containers_from_outside[i];
pkt_containers_from_outside[i] = nullptr;
delete pkt_containers_to_inside[i];
pkt_containers_to_inside[i] = nullptr;
delete pkt_containers_to_inside[i];
pkt_containers_to_inside[i] = nullptr;
delete pkt_containers_to_outside[i];
pkt_containers_to_outside[i] = nullptr;
}
delete stat_thread;
stat_thread = nullptr;
delete init;
init = nullptr;
@ -166,22 +103,7 @@ int main(int argc, char** argv) {
}
void handle_quit(int signum) {
// do nothing
// quit = true;
//
quit = true;
}
//
void terminate(DefenseThread** thread_arr, uint16_t nb_worker_threads) {
std::cout << "\nterminating..." << std::endl;
for (int i = 0; i < nb_worker_threads; ++i) {
thread_arr[i]->quit();
}
//wait for threads to end
for (int i = 0; i < nb_worker_threads - 1; ++i) {
while (thread_arr[i]->is_running()) {
// wait
}
}
}

9
source/meson.build
View File

@ -1,11 +1,14 @@
# Please keep all alphabetically sorted
sources = [
'source/main.cpp',
'source/Initializer.cpp',
'source/DebugHelper.cpp',
'source/ConfigurationManagement/Configurator.cpp',
'source/Configurator.cpp',
'source/Threads/DefenseThread.cpp',
'source/Cli.cpp',
#'source/Threads/StatisticsThread.cpp',
'source/Threads/StatisticsThread.cpp',
'source/DebugHelper.cpp',
'source/Initializer.cpp',
'source/main.cpp',
]
# Attacker