|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object java.lang.Thread isc.sensor.SessionProcessor isc.sensor.TCPSessionProcessor isc.sensor.AppLayerMgrTCP
public class AppLayerMgrTCP
Application Layer Session manager for TCP. Application layer Managers manage the complete lifecycle state of each applcation session for a register application layer parser.
Nested Class Summary | |
---|---|
protected class |
AppLayerMgrTCP.Parser
Table entry to hold each parser class and it's instantiated object. |
Nested classes/interfaces inherited from class java.lang.Thread |
---|
java.lang.Thread.State, java.lang.Thread.UncaughtExceptionHandler |
Field Summary | |
---|---|
protected static java.lang.String |
APP_QSIZE
Property to set the initial size of the Vector workqueue. |
protected java.util.Vector |
appWorkQueue
work queue to hold incoming packet events |
protected java.util.Hashtable |
flagslist
Hold the list of registered tcp flags to recieve events |
protected boolean |
haveParsers
flag to determine if any parser are specified to be loaded |
protected static org.apache.log4j.Logger |
log
log4j |
protected java.util.Vector |
parserTable
Hold the list of active parsers that are loaded at runtime |
protected java.util.Hashtable |
portEventTable
Hold the list of registered Ports to recieve events |
protected static java.lang.String |
PROP_SESSION_OUTPUT
Property to turn on/off TCP Session Processor output |
protected java.lang.Boolean |
SessProcWriteSession
flag to manipulate the underlying session processor to print/not print its sessions |
protected static java.lang.String |
TCP_APP_PARSERS
Property to retrieve list of TCP parser classes to load at runtime |
Fields inherited from class isc.sensor.TCPSessionProcessor |
---|
PROP_DBSIZE, PROP_SESHASH_SIZE, PROP_WORKQ_SIZE, svcnams, svcnums |
Fields inherited from class isc.sensor.SessionProcessor |
---|
currentPacketTime, dbh, finish, packetDB, PROP_OUTPUTWRITERCLASS, props, sessions, sesTimer, sesWorkQueue, workItem, writeSession |
Fields inherited from class java.lang.Thread |
---|
MAX_PRIORITY, MIN_PRIORITY, NORM_PRIORITY |
Constructor Summary | |
---|---|
AppLayerMgrTCP()
Create a new TCP Application layer manager |
Method Summary | |
---|---|
void |
addPacket(TCPBean bean,
TCPPacket packet)
Add this packet to the work queue if and only if we have a registration for it's event (Port/Flag, etc) |
protected void |
flush(SessionBean sbean)
Notification that this inflight session has ended. |
protected void |
init()
initialize tables and hashes |
boolean |
initializeParsers()
Load, instantiate and create threads for each parser specified in config file |
void |
linkSessionChild(java.lang.String parent,
java.lang.String child)
TODO to be completed. |
protected void |
processPacketEvent()
Process packet work queue. |
void |
registerDynamicPacketReciver(java.lang.String key,
PacketMask pmKey,
int pmMask,
short[] tcpflags,
int delivery_option,
java.lang.Object obj)
TODO This method is not implemented yet. |
void |
registerPortPacketReciever(int[] port,
short[] tcpflags,
java.lang.Object obj)
Registration for standard TCP/UDP parsers, based upon a fix port(s) model. |
void |
removeDynamicPacketRecieveEvent(java.lang.String key)
TODO This method is not implemented yet |
void |
run()
Main thread run loop. |
void |
setFinish()
Inform this mgr/thread to finish its work, the server is being shutdown. |
Methods inherited from class isc.sensor.TCPSessionProcessor |
---|
addPacket, init, insertBeanDB, processWorkItem |
Methods inherited from class isc.sensor.SessionProcessor |
---|
addCompletedSession, close, finished, getActiveSessions, getSessionPackets, notifyProc, open, updatePacketClock, waitProc |
Methods inherited from class java.lang.Thread |
---|
activeCount, checkAccess, countStackFrames, currentThread, destroy, dumpStack, enumerate, getAllStackTraces, getContextClassLoader, getDefaultUncaughtExceptionHandler, getId, getName, getPriority, getStackTrace, getState, getThreadGroup, getUncaughtExceptionHandler, holdsLock, interrupt, interrupted, isAlive, isDaemon, isInterrupted, join, join, join, resume, setContextClassLoader, setDaemon, setDefaultUncaughtExceptionHandler, setName, setPriority, setUncaughtExceptionHandler, sleep, sleep, start, stop, stop, suspend, toString, yield |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
protected static final java.lang.String TCP_APP_PARSERS
protected static final java.lang.String APP_QSIZE
protected static java.lang.String PROP_SESSION_OUTPUT
protected static org.apache.log4j.Logger log
protected volatile java.util.Vector appWorkQueue
protected volatile java.util.Hashtable portEventTable
protected volatile java.util.Hashtable flagslist
protected volatile java.util.Vector parserTable
protected boolean haveParsers
protected java.lang.Boolean SessProcWriteSession
Constructor Detail |
---|
public AppLayerMgrTCP()
Method Detail |
---|
public void run()
run
in interface java.lang.Runnable
run
in class SessionProcessor
protected void init()
public boolean initializeParsers()
public void registerPortPacketReciever(int[] port, short[] tcpflags, java.lang.Object obj)
AppLayerMgrIF
registerPortPacketReciever
in interface AppLayerMgrIF
port
- array of ports this parser will analyzetcpflags
- For TCP parsers, specify the tcp packet flags the parser is interested in data packets
usually come on (ACK,PSH) 24 or (ACK) 16 in base 10. For UDP parsers, this param is not used.obj
- the parser object that is calling this routinepublic void registerDynamicPacketReciver(java.lang.String key, PacketMask pmKey, int pmMask, short[] tcpflags, int delivery_option, java.lang.Object obj)
AppLayerMgrIF
registerDynamicPacketReciver
in interface AppLayerMgrIF
pmKey
- unusedpmMask
- unusedtcpflags
- unuseddelivery_option
- unusedobj
- unusedpublic void removeDynamicPacketRecieveEvent(java.lang.String key)
AppLayerMgrIF
removeDynamicPacketRecieveEvent
in interface AppLayerMgrIF
key
- unusedpublic void linkSessionChild(java.lang.String parent, java.lang.String child)
parent
- child
- public void addPacket(TCPBean bean, TCPPacket packet)
bean
- The processed TCP header informationpacket
- The Raw TCP packetprotected void processPacketEvent()
protected void flush(SessionBean sbean)
flush
in class TCPSessionProcessor
sbean
- The detailed information on the session that has been completedpublic void setFinish()
setFinish
in class SessionProcessor
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |