TCP_Endpoint Class Reference

#include <TCP_Endpoint.h>

Inheritance diagram for TCP_Endpoint:

[legend]Collaboration diagram for TCP_Endpoint:

[legend]List of all members.

Public Member Functions
	TCP_Endpoint (TCP_Connection *conn, int is_orig)
	~TCP_Endpoint ()
void	SetPeer (TCP_Endpoint *p)
void	SetState (EndpointState new_state)
int	Size () const
int	IsActive () const
double	StartTime () const
double	LastTime () const
uint32	StartSeq () const
uint32	LastSeq () const
uint32	AckSeq () const
TCP_Connection *	Conn () const
int	HasContents () const
int	IsOrig () const
int	HasDoneSomething () const
void	AddContentsProcessor (TCP_Contents *contents_processor)
TCP_EndpointAnalyzer *	Analyzer ()
void	AddAnalyzer (TCP_EndpointAnalyzer *a)
int	DataPending () const
int	HasUndeliveredData () const
void	MatchUndeliveredData ()
void	CheckEOF ()
int	ValidChecksum (const struct tcphdr *tp, int len) const
int	DataSent (double t, int seq, int len, const u_char *data, const IP_Hdr *ip, const struct tcphdr *tp)
void	AckReceived (int seq)
void	SetContentsFile (BroFile *f)
bool	Serialize (Serializer *s) const
Static Public Member Functions
TCP_Endpoint *	Unserialize (Serializer *ser)
Public Attributes
EndpointState	state
EndpointState	prev_state
TCP_Endpoint *	peer
TCP_Contents *	contents_processor
TCP_EndpointAnalyzer *	analyzer
TCP_Connection *	conn
BroFile *	contents_file
uint32	checksum_base
double	start_time
double	last_time
uint32	start_seq
uint32	last_seq
uint32	ack_seq
const uint32 *	src_addr
const uint32 *	dst_addr
uint32	window
int	window_scale
uint32	window_ack_seq
uint32	window_seq
int	contents_start_seq
int	FIN_seq
int	SYN_cnt
int	FIN_cnt
int	RST_cnt
int	did_close
Protected Member Functions
	TCP_Endpoint ()

---

Constructor & Destructor Documentation

TCP_Endpoint::TCP_Endpoint (  TCP_Connection *  conn, int  is_orig )

Definition at line 32 of file TCP_Endpoint.cc. References ack_seq, checksum_base, contents_file, contents_start_seq, did_close, FIN_cnt, last_seq, ones_complement_checksum(), Connection::OrigAddr(), prev_state, Connection::RespAddr(), RST_cnt, start_seq, SYN_cnt, TCP_INACTIVE, window, window_ack_seq, window_scale, and window_seq. { contents_processor = 0; prev_state = state = TCP_INACTIVE; peer = 0; start_time = last_time = 0.0; start_seq = last_seq = ack_seq = 0; window = 0; window_scale = 0; window_seq = window_ack_seq = 0; contents_start_seq = 0; SYN_cnt = FIN_cnt = RST_cnt = 0; did_close = 0; analyzer = 0; contents_file = 0; conn = arg_conn; src_addr = is_orig ? conn->RespAddr() : conn->OrigAddr(); dst_addr = is_orig ? conn->OrigAddr() : conn->RespAddr(); #ifdef BROv6 checksum_base = ones_complement_checksum((void*) src_addr, 16, 0); checksum_base = ones_complement_checksum((void*) dst_addr, 16, checksum_base); #else checksum_base = ones_complement_checksum((void*) src_addr, 4, 0); checksum_base = ones_complement_checksum((void*) dst_addr, 4, checksum_base); #endif // Note, for IPv6, strictly speaking this field is 32 bits // rather than 16 bits. But because the upper bits are all zero, // we get the same checksum either way. The same applies to // later when we add in the data length in ValidChecksum(). checksum_base += htons(IPPROTO_TCP); }

TCP_Endpoint::~TCP_Endpoint (   )

Definition at line 66 of file TCP_Endpoint.cc. { delete contents_processor; // No need to delete analyzers, that's done when our TCP_Connection // is deleted (really, Done()). }

TCP_Endpoint::TCP_Endpoint (   )  [inline, protected]

Definition at line 112 of file TCP_Endpoint.h. {}

---

Member Function Documentation

void TCP_Endpoint::AckReceived (  int  seq  )

Definition at line 208 of file TCP_Endpoint.cc. References TCP_Contents::AckReceived(). Referenced by TCP_Connection::NextPacket(). { if ( contents_processor ) contents_processor->AckReceived(seq); }

uint32 TCP_Endpoint::AckSeq (   )  const [inline]

Definition at line 54 of file TCP_Endpoint.h. References ack_seq, and uint32. Referenced by TCP_Contents::DataSent(), SteppingStoneEndpoint::DataSent(), InterConnEndpoint::DataSent(), BackDoorEndpoint::DataSent(), and SSL_ProxyEndpoint::Deliver(). { return ack_seq; }

void TCP_Endpoint::AddAnalyzer (  TCP_EndpointAnalyzer *  a  )

Definition at line 82 of file TCP_Endpoint.cc. References TCP_EndpointAnalyzer::AddAnalyzer(). { a->AddAnalyzer(analyzer); analyzer = a; }

void TCP_Endpoint::AddContentsProcessor (  TCP_Contents *  contents_processor  )

Definition at line 74 of file TCP_Endpoint.cc. References contents_file, and TCP_Contents::SetContentsFile(). Referenced by TelnetConn::BuildEndpoints(), TCP_ConnectionContents::BuildEndpoints(), SSL_ConnectionProxy::BuildEndpoints(), SSH_Conn::BuildEndpoints(), RloginConn::BuildEndpoints(), PortmapperConn::BuildEndpoints(), TCP_NetbiosSSN::BuildEndpoints(), IdentConn::BuildEndpoints(), GnutellaConn::BuildEndpoints(), FTP_Conn::BuildEndpoints(), FingerConn::BuildEndpoints(), TCP_DNS::BuildEndpoints(), DCE_RPC_Conn::BuildEndpoints(), and TCP_Contents::TCP_Contents(). { contents_processor = arg_contents_processor; if ( contents_file ) contents_processor->SetContentsFile(contents_file); }

TCP_EndpointAnalyzer* TCP_Endpoint::Analyzer (   )  [inline]

Definition at line 66 of file TCP_Endpoint.h. Referenced by TCP_Connection::HasAnalyzers(). { return analyzer; }

void TCP_Endpoint::CheckEOF (   )

Definition at line 110 of file TCP_Endpoint.cc. References TCP_Contents::CheckEOF(). { if ( contents_processor ) contents_processor->CheckEOF(); }

TCP_Connection* TCP_Endpoint::Conn (   )  const [inline]

Definition at line 56 of file TCP_Endpoint.h. Referenced by TCP_EndpointAnalyzer::Conn(), TCP_Contents::Conn(), and TCP_Contents_DCE_RPC::ParseHeader(). { return conn; }

int TCP_Endpoint::DataPending (   )  const

Definition at line 88 of file TCP_Endpoint.cc. References TCP_Contents::DataPending(). Referenced by TCP_Connection::DataPending(). { if ( contents_processor ) return contents_processor->DataPending(); else return 0; }

int TCP_Endpoint::DataSent (  double  t, int  seq, int  len, const u_char *  data, const IP_Hdr *  ip, const struct tcphdr *  tp )

Definition at line 173 of file TCP_Endpoint.cc. References contents_file, contents_start_seq, TCP_EndpointAnalyzer::DataSent(), TCP_Contents::DataSent(), internal_error(), IsOrig(), Connection::Match(), TCP_EndpointAnalyzer::NextAnalyzer(), rule_matcher, and BroFile::Seek(). { int status = 0; if ( contents_processor ) status = contents_processor->DataSent(t, seq, len, data); for ( TCP_EndpointAnalyzer* a = analyzer; a; a = a->NextAnalyzer() ) status = a->DataSent(t, seq, len, data, ip, tp) || status; if ( contents_file && ! contents_processor && seq + len > contents_start_seq ) { int under_seq = contents_start_seq - seq; if ( under_seq > 0 ) { seq += under_seq; data += under_seq; len -= under_seq; } FILE* f = contents_file->Seek(seq - contents_start_seq); if ( fwrite(data, 1, len, f) < unsigned(len) ) // ### this should really generate an event internal_error("contents write failed"); } if ( rule_matcher && ! contents_processor ) conn->Match(Rule::PAYLOAD, data, len, false, false, IsOrig()); return status; }

int TCP_Endpoint::HasContents (   )  const [inline]

Definition at line 58 of file TCP_Endpoint.h. Referenced by TCP_Reassembler::BlockInserted(). { return contents_processor != 0; }

int TCP_Endpoint::HasDoneSomething (   )  const [inline]

Definition at line 62 of file TCP_Endpoint.h. Referenced by TCP_Reassembler::Overlap(). { return last_time != 0.0; }

int TCP_Endpoint::HasUndeliveredData (   )  const

Definition at line 96 of file TCP_Endpoint.cc. References TCP_Contents::HasUndeliveredData(). Referenced by TCP_Contents::DataPending(). { if ( contents_processor ) return contents_processor->HasUndeliveredData(); else return 0; }

int TCP_Endpoint::IsActive (   )  const [inline]

Definition at line 47 of file TCP_Endpoint.h. References did_close, and TCP_INACTIVE. Referenced by TCP_Connection::IsReuse(). { return state != TCP_INACTIVE && ! did_close; }

int TCP_Endpoint::IsOrig (   )  const [inline]

Definition at line 272 of file TCP.h. References TCP_Connection::Orig(). Referenced by BackDoorEndpoint::CheckForFTP(), BackDoorEndpoint::CheckForNapster(), BackDoorEndpoint::CheckForRlogin(), BackDoorEndpoint::CheckForRootBackdoor(), DataSent(), TCP_Contents::IsOrig(), and SteppingStoneEndpoint::SteppingStoneEndpoint(). { return conn->Orig() == this; }

uint32 TCP_Endpoint::LastSeq (   )  const [inline]

Definition at line 53 of file TCP_Endpoint.h. References last_seq, and uint32. Referenced by TCP_Contents::CheckEOF(), TCP_ContentLine::CheckNUL(), and TCP_Contents::DataPending(). { return last_seq; }

double TCP_Endpoint::LastTime (   )  const [inline]

Definition at line 50 of file TCP_Endpoint.h. { return last_time; }

void TCP_Endpoint::MatchUndeliveredData (   )

Definition at line 104 of file TCP_Endpoint.cc. References TCP_Contents::MatchUndeliveredData(). Referenced by TCP_Connection::Done(). { if ( contents_processor ) contents_processor->MatchUndeliveredData(); }

bool TCP_Endpoint::Serialize (  Serializer *  s  )  const

Definition at line 228 of file TCP_Endpoint.cc. References SerialObj::Serialize(). { SerialInfo serial; return SerialObj::Serialize(s, &serial, true); }

void TCP_Endpoint::SetContentsFile (  BroFile *  f  )

Definition at line 214 of file TCP_Endpoint.cc. References contents_file, contents_start_seq, last_seq, TCP_Contents::SetContentsFile(), and start_seq. Referenced by TCP_Connection::SetContentsFile(). { contents_file = f; contents_start_seq = last_seq - start_seq; if ( contents_start_seq == 0 ) contents_start_seq = 1; // skip SYN if ( contents_processor ) contents_processor->SetContentsFile(contents_file); }

void TCP_Endpoint::SetPeer (  TCP_Endpoint *  p  )  [inline]

Definition at line 43 of file TCP_Endpoint.h. Referenced by TCP_Connection::Init(). { peer = p; }

void TCP_Endpoint::SetState (  EndpointState  new_state  )

Definition at line 131 of file TCP_Endpoint.cc. References prev_state. Referenced by TCP_Connection::NextPacket(). { if ( new_state != state ) { prev_state = state; state = new_state; } }

int TCP_Endpoint::Size (   )  const

Definition at line 140 of file TCP_Endpoint.cc. References ack_seq, FIN_cnt, last_seq, seq_delta(), and start_seq. Referenced by TCP_Connection::Describe(), PortmapperConn::Done(), and TCP_Connection::UpdateEndpointVal(). { int size; if ( seq_delta(last_seq, ack_seq) > 0 || ack_seq == start_seq + 1 ) // Either last_seq corresponds to more data sent than we've // seen ack'd, or we haven't seen any data ack'd (in which // case we should trust last_seq anyway). This last test // matters for the case in which the connection has // transferred > 2 GB of data, in which case we will find // seq_delta(last_seq, ack_seq) < 0 even if ack_seq // corresponds to no data transferred. size = last_seq - start_seq; else // It could be that ack_seq > last_seq, if we've seen an // ack for the connection (say in a FIN) without seeing // the corresponding data. size = ack_seq - start_seq; // Don't include SYN octet in sequence space. For partial connections // (no SYN seen), we're still careful to adjust start_seq as though // there was an initial SYN octet, because if we don't then the // packet reassembly code gets confused. if ( size != 0 ) --size; if ( FIN_cnt > 0 && size != 0 ) --size; // don't include FIN octet. return size; }

uint32 TCP_Endpoint::StartSeq (   )  const [inline]

Definition at line 52 of file TCP_Endpoint.h. References start_seq, and uint32. Referenced by TCP_Contents::CheckEOF(), TCP_ContentLine::CheckNUL(), TCP_Contents::DataPending(), TCP_Contents::DataSent(), SteppingStoneEndpoint::DataSent(), InterConnEndpoint::DataSent(), BackDoorEndpoint::DataSent(), and SSL_ProxyEndpoint::Deliver(). { return start_seq; }

double TCP_Endpoint::StartTime (   )  const [inline]

Definition at line 49 of file TCP_Endpoint.h. { return start_time; }

TCP_Endpoint * TCP_Endpoint::Unserialize (  Serializer *  ser  )  [static]

Definition at line 234 of file TCP_Endpoint.cc. References SER_TCP_ENDPOINT, and SerialObj::Unserialize(). { return (TCP_Endpoint*) SerialObj::Unserialize(s, SER_TCP_ENDPOINT, true); }

int TCP_Endpoint::ValidChecksum (  const struct tcphdr *  tp, int  len )  const

Definition at line 116 of file TCP_Endpoint.cc. References checksum_base, ones_complement_checksum(), tcphdr::th_off, and uint32. { uint32 sum = checksum_base; int tcp_len = tp->th_off * 4 + len; if ( len % 2 == 1 ) // Add in pad byte. sum += htons(((const u_char*) tp)[tcp_len - 1] << 8); sum += htons((unsigned short) tcp_len); // fill out pseudo header sum = ones_complement_checksum((void*) tp, tcp_len, sum); return sum == 0xffff; }

---

Member Data Documentation

uint32 TCP_Endpoint::ack_seq

Definition at line 99 of file TCP_Endpoint.h. Referenced by AckSeq(), TCP_Connection::NextPacket(), Size(), and TCP_Endpoint().

TCP_EndpointAnalyzer* TCP_Endpoint::analyzer

Definition at line 93 of file TCP_Endpoint.h.

uint32 TCP_Endpoint::checksum_base

Definition at line 96 of file TCP_Endpoint.h. Referenced by TCP_Endpoint(), and ValidChecksum().

TCP_Connection* TCP_Endpoint::conn

Definition at line 94 of file TCP_Endpoint.h. Referenced by SSL_RecordBuilder::addSegment(), SSL_Interpreter::analyzeCertificate(), SSL_RecordBuilder::analyzeSSLRecordFormat(), SSL_RecordBuilder::computeExpectedSize(), SSL_ProxyEndpoint::Deliver(), SSL_ProxyEndpoint::DoDeliver(), and X509_Cert::sslCertificateEvent().

BroFile* TCP_Endpoint::contents_file

Definition at line 95 of file TCP_Endpoint.h. Referenced by AddContentsProcessor(), DataSent(), SetContentsFile(), and TCP_Endpoint().

TCP_Contents* TCP_Endpoint::contents_processor

Definition at line 92 of file TCP_Endpoint.h.

int TCP_Endpoint::contents_start_seq

Definition at line 106 of file TCP_Endpoint.h. Referenced by DataSent(), SetContentsFile(), and TCP_Endpoint().

int TCP_Endpoint::did_close

Definition at line 109 of file TCP_Endpoint.h. Referenced by TCP_Connection::BothClosed(), TCP_Connection::ConnectionClosed(), TCP_Connection::Describe(), TCP_Connection::ExpireTimer(), IsActive(), TCP_Connection::IsClosed(), TCP_Connection::NextPacket(), TCP_Connection::PartialCloseTimer(), and TCP_Endpoint().

const uint32* TCP_Endpoint::dst_addr

Definition at line 101 of file TCP_Endpoint.h. Referenced by SSL_Interpreter::analyzeCertificate(), and SSH_Conn::NewLine().

int TCP_Endpoint::FIN_cnt

Definition at line 108 of file TCP_Endpoint.h. Referenced by TCP_Contents::AckReceived(), TCP_Contents::CheckEOF(), Size(), TCP_Endpoint(), TCP_Connection::TraceRewriterEOF(), and TCP_Reassembler::Undelivered().

int TCP_Endpoint::FIN_seq

Definition at line 107 of file TCP_Endpoint.h. Referenced by TCP_Contents::AckReceived(), and TCP_Reassembler::Undelivered().

uint32 TCP_Endpoint::last_seq

Definition at line 99 of file TCP_Endpoint.h. Referenced by LastSeq(), TCP_Connection::NextPacket(), TCP_Connection::OrigSeq(), TCP_Connection::RespSeq(), SetContentsFile(), Size(), and TCP_Endpoint().

double TCP_Endpoint::last_time

Definition at line 98 of file TCP_Endpoint.h.

TCP_Endpoint* TCP_Endpoint::peer

Definition at line 91 of file TCP_Endpoint.h. Referenced by TCP_Contents::AckReceived(), TCP_Reassembler::BlockInserted(), TCP_Contents::DataPending(), TCP_ContentLine::Deliver(), SSL_ProxyEndpoint::Deliver(), TCP_Connection::EndpointEOF(), and TCP_Reassembler::Overlap().

EndpointState TCP_Endpoint::prev_state

Definition at line 90 of file TCP_Endpoint.h. Referenced by PortmapperConn::Done(), IdentConn::Done(), FTP_Conn::Done(), FingerConn::Done(), IdentConn::NewLine(), TCP_Connection::NextPacket(), SetState(), and TCP_Endpoint().

int TCP_Endpoint::RST_cnt

Definition at line 108 of file TCP_Endpoint.h. Referenced by TCP_Endpoint(), and TCP_Reassembler::Undelivered().

const uint32* TCP_Endpoint::src_addr

Definition at line 100 of file TCP_Endpoint.h. Referenced by TCP_Contents::TCP_Contents().

uint32 TCP_Endpoint::start_seq

Definition at line 99 of file TCP_Endpoint.h. Referenced by TCP_Connection::IsReuse(), TCP_Connection::NextPacket(), SetContentsFile(), Size(), StartSeq(), TCP_Endpoint(), and TCP_Reassembler::Undelivered().

double TCP_Endpoint::start_time

Definition at line 98 of file TCP_Endpoint.h.

EndpointState TCP_Endpoint::state

Definition at line 90 of file TCP_Endpoint.h. Referenced by TCP_Contents::AckReceived(), TCP_Connection::AttemptTimer(), TCP_Contents::CheckEOF(), TCP_ContentLine::CheckNUL(), TCP_Connection::ConnectionClosed(), TCP_Contents::DataPending(), InterConnEndpoint::DataSent(), BackDoorEndpoint::DataSent(), TCP_ContentLine::Deliver(), SSL_ProxyEndpoint::Deliver(), RloginEndpoint::DoDeliver(), PortmapperConn::Done(), IdentConn::Done(), FTP_Conn::Done(), FingerConn::Done(), TCP_Connection::ExpireTimer(), is_established(), TCP_Connection::IsReuse(), LoginConn::NewLine(), IdentConn::NewLine(), TCP_RewriterEndpoint::NextPacket(), TCP_Connection::NextPacket(), TCP_Connection::PartialCloseTimer(), and TCP_Connection::UpdateEndpointVal().

int TCP_Endpoint::SYN_cnt

Definition at line 108 of file TCP_Endpoint.h. Referenced by TCP_Endpoint().

uint32 TCP_Endpoint::window

Definition at line 102 of file TCP_Endpoint.h. Referenced by TCP_Endpoint().

uint32 TCP_Endpoint::window_ack_seq

Definition at line 104 of file TCP_Endpoint.h. Referenced by TCP_Connection::NextPacket(), and TCP_Endpoint().

int TCP_Endpoint::window_scale

Definition at line 103 of file TCP_Endpoint.h. Referenced by TCP_Connection::NextPacket(), and TCP_Endpoint().

uint32 TCP_Endpoint::window_seq

Definition at line 105 of file TCP_Endpoint.h. Referenced by TCP_Connection::NextPacket(), and TCP_Endpoint().

---

The documentation for this class was generated from the following files:

• TCP_Endpoint.h
• TCP.h
• TCP_Endpoint.cc

---