isc.sensor
Class AppLayerMgrTCP

java.lang.Object
  extended by java.lang.Thread
      extended by isc.sensor.SessionProcessor
          extended by isc.sensor.TCPSessionProcessor
              extended by isc.sensor.AppLayerMgrTCP
All Implemented Interfaces:
AppLayerMgrIF, java.lang.Runnable

public class AppLayerMgrTCP
extends TCPSessionProcessor
implements AppLayerMgrIF

Application Layer Session manager for TCP. Application layer Managers manage the complete lifecycle state of each applcation session for a register application layer parser.

Author:
John Casey
Project: DNA_sensor - Aug 12, 2005

Nested Class Summary
protected  class AppLayerMgrTCP.Parser
          Table entry to hold each parser class and it's instantiated object.
 
Nested classes/interfaces inherited from class java.lang.Thread
java.lang.Thread.State, java.lang.Thread.UncaughtExceptionHandler
 
Field Summary
protected static java.lang.String APP_QSIZE
          Property to set the initial size of the Vector workqueue.
protected  java.util.Vector appWorkQueue
          work queue to hold incoming packet events
protected  java.util.Hashtable flagslist
          Hold the list of registered tcp flags to recieve events
protected  boolean haveParsers
          flag to determine if any parser are specified to be loaded
protected static org.apache.log4j.Logger log
          log4j
protected  java.util.Vector parserTable
          Hold the list of active parsers that are loaded at runtime
protected  java.util.Hashtable portEventTable
          Hold the list of registered Ports to recieve events
protected static java.lang.String PROP_SESSION_OUTPUT
          Property to turn on/off TCP Session Processor output
protected  java.lang.Boolean SessProcWriteSession
          flag to manipulate the underlying session processor to print/not print its sessions
protected static java.lang.String TCP_APP_PARSERS
          Property to retrieve list of TCP parser classes to load at runtime
 
Fields inherited from class isc.sensor.TCPSessionProcessor
PROP_DBSIZE, PROP_SESHASH_SIZE, PROP_WORKQ_SIZE, svcnams, svcnums
 
Fields inherited from class isc.sensor.SessionProcessor
currentPacketTime, dbh, finish, packetDB, PROP_OUTPUTWRITERCLASS, props, sessions, sesTimer, sesWorkQueue, workItem, writeSession
 
Fields inherited from class java.lang.Thread
MAX_PRIORITY, MIN_PRIORITY, NORM_PRIORITY
 
Constructor Summary
AppLayerMgrTCP()
          Create a new TCP Application layer manager
 
Method Summary
 void addPacket(TCPBean bean, TCPPacket packet)
          Add this packet to the work queue if and only if we have a registration for it's event (Port/Flag, etc)
protected  void flush(SessionBean sbean)
          Notification that this inflight session has ended.
protected  void init()
          initialize tables and hashes
 boolean initializeParsers()
          Load, instantiate and create threads for each parser specified in config file
 void linkSessionChild(java.lang.String parent, java.lang.String child)
          TODO to be completed.
protected  void processPacketEvent()
          Process packet work queue.
 void registerDynamicPacketReciver(java.lang.String key, PacketMask pmKey, int pmMask, short[] tcpflags, int delivery_option, java.lang.Object obj)
          TODO This method is not implemented yet.
 void registerPortPacketReciever(int[] port, short[] tcpflags, java.lang.Object obj)
          Registration for standard TCP/UDP parsers, based upon a fix port(s) model.
 void removeDynamicPacketRecieveEvent(java.lang.String key)
          TODO This method is not implemented yet
 void run()
          Main thread run loop.
 void setFinish()
          Inform this mgr/thread to finish its work, the server is being shutdown.
 
Methods inherited from class isc.sensor.TCPSessionProcessor
addPacket, init, insertBeanDB, processWorkItem
 
Methods inherited from class isc.sensor.SessionProcessor
addCompletedSession, close, finished, getActiveSessions, getSessionPackets, notifyProc, open, updatePacketClock, waitProc
 
Methods inherited from class java.lang.Thread
activeCount, checkAccess, countStackFrames, currentThread, destroy, dumpStack, enumerate, getAllStackTraces, getContextClassLoader, getDefaultUncaughtExceptionHandler, getId, getName, getPriority, getStackTrace, getState, getThreadGroup, getUncaughtExceptionHandler, holdsLock, interrupt, interrupted, isAlive, isDaemon, isInterrupted, join, join, join, resume, setContextClassLoader, setDaemon, setDefaultUncaughtExceptionHandler, setName, setPriority, setUncaughtExceptionHandler, sleep, sleep, start, stop, stop, suspend, toString, yield
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

TCP_APP_PARSERS

protected static final java.lang.String TCP_APP_PARSERS
Property to retrieve list of TCP parser classes to load at runtime

See Also:
Constant Field Values

APP_QSIZE

protected static final java.lang.String APP_QSIZE
Property to set the initial size of the Vector workqueue. How many packet events to hold in the queue

See Also:
Constant Field Values

PROP_SESSION_OUTPUT

protected static java.lang.String PROP_SESSION_OUTPUT
Property to turn on/off TCP Session Processor output


log

protected static org.apache.log4j.Logger log
log4j


appWorkQueue

protected volatile java.util.Vector appWorkQueue
work queue to hold incoming packet events


portEventTable

protected volatile java.util.Hashtable portEventTable
Hold the list of registered Ports to recieve events


flagslist

protected volatile java.util.Hashtable flagslist
Hold the list of registered tcp flags to recieve events


parserTable

protected volatile java.util.Vector parserTable
Hold the list of active parsers that are loaded at runtime


haveParsers

protected boolean haveParsers
flag to determine if any parser are specified to be loaded


SessProcWriteSession

protected java.lang.Boolean SessProcWriteSession
flag to manipulate the underlying session processor to print/not print its sessions

Constructor Detail

AppLayerMgrTCP

public AppLayerMgrTCP()
Create a new TCP Application layer manager

Method Detail

run

public void run()
Main thread run loop. Also controls the session processor run loop.

Specified by:
run in interface java.lang.Runnable
Overrides:
run in class SessionProcessor

init

protected void init()
initialize tables and hashes


initializeParsers

public boolean initializeParsers()
Load, instantiate and create threads for each parser specified in config file

Returns:
false if no parsers were specified in the config file

registerPortPacketReciever

public void registerPortPacketReciever(int[] port,
                                       short[] tcpflags,
                                       java.lang.Object obj)
Description copied from interface: AppLayerMgrIF
Registration for standard TCP/UDP parsers, based upon a fix port(s) model.

Specified by:
registerPortPacketReciever in interface AppLayerMgrIF
Parameters:
port - array of ports this parser will analyze
tcpflags - For TCP parsers, specify the tcp packet flags the parser is interested in data packets usually come on (ACK,PSH) 24 or (ACK) 16 in base 10. For UDP parsers, this param is not used.
obj - the parser object that is calling this routine

registerDynamicPacketReciver

public void registerDynamicPacketReciver(java.lang.String key,
                                         PacketMask pmKey,
                                         int pmMask,
                                         short[] tcpflags,
                                         int delivery_option,
                                         java.lang.Object obj)
Description copied from interface: AppLayerMgrIF
TODO This method is not implemented yet.

Specified by:
registerDynamicPacketReciver in interface AppLayerMgrIF
pmKey - unused
pmMask - unused
tcpflags - unused
delivery_option - unused
obj - unused

removeDynamicPacketRecieveEvent

public void removeDynamicPacketRecieveEvent(java.lang.String key)
Description copied from interface: AppLayerMgrIF
TODO This method is not implemented yet

Specified by:
removeDynamicPacketRecieveEvent in interface AppLayerMgrIF
Parameters:
key - unused

linkSessionChild

public void linkSessionChild(java.lang.String parent,
                             java.lang.String child)
TODO to be completed. This will allow parsers to assign a parent/child relationships with session flows, for use with dynamic protocols like P2P and VOIP

Parameters:
parent -
child -

addPacket

public void addPacket(TCPBean bean,
                      TCPPacket packet)
Add this packet to the work queue if and only if we have a registration for it's event (Port/Flag, etc)

Parameters:
bean - The processed TCP header information
packet - The Raw TCP packet

processPacketEvent

protected void processPacketEvent()
Process packet work queue. Determin which parser will recieve this event, then send it to them.


flush

protected void flush(SessionBean sbean)
Notification that this inflight session has ended. Pass on this event to the parsers.

Overrides:
flush in class TCPSessionProcessor
Parameters:
sbean - The detailed information on the session that has been completed

setFinish

public void setFinish()
Inform this mgr/thread to finish its work, the server is being shutdown.

Overrides:
setFinish in class SessionProcessor