Main Page   Data Structures   File List   Data Fields   Globals  

hashtable.c File Reference

Implements a hashtable with quadratic probing. More...

#include "common.h"
#include "hashtable.h"

Go to the source code of this file.

Functions

hashtablecreateHashtable (unsigned int size)
 Create a hashtable of specified size.

int makeEntry (hashtable *ht, u_char *raw, clock_t time)
 Add a new raw packet to the hashtable (inserts new entry into HT).

int performID (hashtable *ht, u_char *raw, clock_t time)
 Performs comparison to see if a forwarded packet matches a received packet.

void print (hashtable *ht)
 Prints current contents of hashtable.

void dump_packet (u_char *packet)
 Prints the contents of a raw packet in human readable form.

void hex_dump_packet (u_char *packet)
 Prints the hex contents of a raw packet.


Detailed Description

Implements a hashtable with quadratic probing.

 Author: Anand Patwardhan
 email: anand.patwardhan@umbc.edu
 Date : 30 April 2004

 Implements a hashtable with quadratic probing, TCP sequence nos.
 are used as keys for hashing packets, the hashtable itself does
 not contain the raw packets, but pointer to raw packets.
 TCP sequence nos. were chosen to be the keys since we intend to
 perform intrusion detection on forwarded packets amongst other
 things. If the HT is full, no more packets can be watched, this
 however can be controlled by using an appropriate timeout period
 for the timer which will flush packets deeming them to be dropped
 after the timeout.
 
 The functions makeEntry and PerformID are the HT equivalent of
 insert and remove.

 The size for the hashtable should be a sufficiently large prime
 no. to minimize collisions and reducing the chances of overflow

 Descriptions of each of the functions can be found in hashtable.h.


 The SNOOP program is an intrusion detection mechanism to detect local
 intrusions in a Mobile Ad Hoc Network.

  Copyright(C) 2005 University of Maryland, Baltimore County (UMBC) 
  E-mail: anand.patwardhan@umbc.edu

  eBiquity Research Group
  University of Maryland, Baltimore County
  1000 Hilltop Circle, Baltimore, MD 21250, USA.

  http://research.ebiquity.org

  This program is free software; you can redistribute it and/or
  modify it under the terms of the GNU General Public License
  as published by the Free Software Foundation; either version 2
  of the License, or (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.

  

Definition in file hashtable.c.


Function Documentation

hashtable* createHashtable unsigned int    size
 

Create a hashtable of specified size.

Parameters:
size  Size of the hashtable
Returns:
address of allocated HT

Definition at line 63 of file hashtable.c.

References hashtable::count, ht_bucket::packet, hashtable::size, ht_bucket::state, hashtable::table, and ht_bucket::timestamp.

void dump_packet u_char *    packet
 

Prints the contents of a raw packet in human readable form.

Parameters:
packet  The raw packet to be printed

Definition at line 257 of file hashtable.c.

Referenced by print().

void hex_dump_packet u_char *    packet
 

Prints the hex contents of a raw packet.

Parameters:
packet  The raw packet to be printed in hexadecimal format

Definition at line 280 of file hashtable.c.

int makeEntry hashtable   ht,
u_char *    raw,
clock_t    time
 

Add a new raw packet to the hashtable (inserts new entry into HT).

Uses quadratic probing to make the new entry, uses TCP sequence number. Involves parsing the TCP header to get the sequence no. Thus currently only TCP packets can be watched, though any valid sized packet could still be entered, but not recommended. In the case of TCP packets, seq. nos. are ideal candidates for keys in the HT, especially when searching the HT to match an identical packet.

Parameters:
ht  Hashtable to make entry in
raw  Raw packet
time  Timestamp when packet was received

Definition at line 174 of file hashtable.c.

References hashtable::count, ht_bucket::packet, ht_bucket::state, hashtable::table, and ht_bucket::timestamp.

Referenced by handle_IPv6().

int performID hashtable   ht,
u_char *    raw,
clock_t    time
 

Performs comparison to see if a forwarded packet matches a received packet.

In the comparison, the hop limit field is ignored. The hop limit should be expected to decrease by one, if not, should be considered as a malicious modification, though not currently done in this code.

Parameters:
ht  Specifies the hashtable
raw  The raw packet contents
time  The time when this packet was received

Definition at line 205 of file hashtable.c.

References hashtable::count, ht_bucket::packet, ht_bucket::state, hashtable::table, and ht_bucket::timestamp.

Referenced by handle_IPv6().

void print hashtable   ht
 

Prints current contents of hashtable.

For debugging purposes, prints current contents of HT

Parameters:
ht  Hashtable to print

Definition at line 237 of file hashtable.c.

References dump_packet(), ht_bucket::packet, hashtable::size, ht_bucket::state, hashtable::table, and ht_bucket::timestamp.


Generated on Wed Mar 23 11:08:02 2005 for Snoop IDS by doxygen1.2.18