#include "common.h"
#include "hashtable.h"
Go to the source code of this file.
Functions | |
hashtable * | createHashtable (unsigned int size) |
Create a hashtable of specified size. | |
int | makeEntry (hashtable *ht, u_char *raw, clock_t time) |
Add a new raw packet to the hashtable (inserts new entry into HT). | |
int | performID (hashtable *ht, u_char *raw, clock_t time) |
Performs comparison to see if a forwarded packet matches a received packet. | |
void | print (hashtable *ht) |
Prints current contents of hashtable. | |
void | dump_packet (u_char *packet) |
Prints the contents of a raw packet in human readable form. | |
void | hex_dump_packet (u_char *packet) |
Prints the hex contents of a raw packet. |
Author: Anand Patwardhan email: anand.patwardhan@umbc.edu Date : 30 April 2004 Implements a hashtable with quadratic probing, TCP sequence nos. are used as keys for hashing packets, the hashtable itself does not contain the raw packets, but pointer to raw packets. TCP sequence nos. were chosen to be the keys since we intend to perform intrusion detection on forwarded packets amongst other things. If the HT is full, no more packets can be watched, this however can be controlled by using an appropriate timeout period for the timer which will flush packets deeming them to be dropped after the timeout. The functions makeEntry and PerformID are the HT equivalent of insert and remove. The size for the hashtable should be a sufficiently large prime no. to minimize collisions and reducing the chances of overflow Descriptions of each of the functions can be found in hashtable.h. The SNOOP program is an intrusion detection mechanism to detect local intrusions in a Mobile Ad Hoc Network. Copyright(C) 2005 University of Maryland, Baltimore County (UMBC) E-mail: anand.patwardhan@umbc.edu eBiquity Research Group University of Maryland, Baltimore County 1000 Hilltop Circle, Baltimore, MD 21250, USA. http://research.ebiquity.org This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
Definition in file hashtable.c.
|
Create a hashtable of specified size.
Definition at line 63 of file hashtable.c. References hashtable::count, ht_bucket::packet, hashtable::size, ht_bucket::state, hashtable::table, and ht_bucket::timestamp. |
|
Prints the contents of a raw packet in human readable form.
Definition at line 257 of file hashtable.c. Referenced by print(). |
|
Prints the hex contents of a raw packet.
Definition at line 280 of file hashtable.c. |
|
Add a new raw packet to the hashtable (inserts new entry into HT). Uses quadratic probing to make the new entry, uses TCP sequence number. Involves parsing the TCP header to get the sequence no. Thus currently only TCP packets can be watched, though any valid sized packet could still be entered, but not recommended. In the case of TCP packets, seq. nos. are ideal candidates for keys in the HT, especially when searching the HT to match an identical packet.
Definition at line 174 of file hashtable.c. References hashtable::count, ht_bucket::packet, ht_bucket::state, hashtable::table, and ht_bucket::timestamp. Referenced by handle_IPv6(). |
|
Performs comparison to see if a forwarded packet matches a received packet. In the comparison, the hop limit field is ignored. The hop limit should be expected to decrease by one, if not, should be considered as a malicious modification, though not currently done in this code.
Definition at line 205 of file hashtable.c. References hashtable::count, ht_bucket::packet, ht_bucket::state, hashtable::table, and ht_bucket::timestamp. Referenced by handle_IPv6(). |
|
Prints current contents of hashtable. For debugging purposes, prints current contents of HT
Definition at line 237 of file hashtable.c. References dump_packet(), ht_bucket::packet, hashtable::size, ht_bucket::state, hashtable::table, and ht_bucket::timestamp. |