OpenDPI Integration
Usage of include file
Only a single header file from the include directory must be included:
#include "ipq_api.h"
All other header files from the include directory must not be included.
Initialization
OpenDPI uses just one global structure which stores all settings and temporary variables for the packet processing. It can be defined with:
opendpi只用了一个全局结构,为数据包处理存储所有的配置和临时变量,定义如下:
static struct ipoque_detection_module_struct *ipoque_struct = NULL;
OpenDPI is designed to use custom optimized allocation and free function. This example uses two simple malloc and free wrappers for both functions.
opendpi定义了可定制的优化分配和释放函数,这两个函数是malloc和free函数的封装:
static void *malloc_wrapper(unsigned long size)
{
return malloc(size);
}
static void free_wrapper(void *freeable)
{
free(freeable);
}
As different systems have different timestamp resolutions, OpenDPI works with resolutions ranging from one second to one millisecond. The recommended resolution is 1ms or 10ms.
不同的系统都有不同的时间戳,opendpi强烈推荐使用1ms或者是10ms……
The OpenDPI initialization requires the timestamp resolution as a parameter. The value is the timer resolution per second. A millisecond resolution is used in this example. The value is:
opendpi的初始化需要时间戳作为一个参数,……
static u32 ipq_tick_resolution = 1000; // use millisecond resolution in OpenDPI
OpenDPI is initialized by two calls. The first call will allocate and initialize the global OpenDPI structure with the given data:
opendpi由两个函数调用来初始化,第一个是初始化opendpi的全局结构ipoque_struct:
ipoque_struct = ipoque_init_detection_module(ipq_tick_resolution, malloc_wrapper, NULL);
The last parameter is for debugging only and must be set to NULL. The initialization is the only place where a memory allocation takes place. For performance and stability reasons, OpenDPI does not use any memory allocations during packet processing.
最后一个参数是为了debug而且必须设置为NULL。初始化必须在一个内存分配时进行,出于性能和稳定性方面,在包处理期间opendpi不会进行任何的内存分配。
The second call will activate a number of protocols for detection. For this call, a bitmask is required. Each bit is used to activate (1) or deactivate (0) one protocol. To define a bitmask, use:
第二个是激活为数据检测激活协议,对于这个函数调用,需要一个位掩码,每个位是用来激活(1)或停用(0)一个协议。下面是掩码的定义:
IPOQUE_PROTOCOL_BITMASK all;
The bitmask must be set to activate all protocols:
掩码设置为激活所有的协议
IPOQUE_BITMASK_SET_ALL(all);
This bitmask enables all protocols with the call:
掩码使用所有的协议
ipoque_set_protocol_detection_bitmask2(ipoque_struct, &all);
packet processing(数据包处理)
static unsigned int packet_processing(const uint64_t time, const struct iphdr *iph, uint16_t ipsize, uint16_t rawsize)
对包处理和和包分类的四个输入参数的通用描述,四个参数是必需的;第一个数据类型是初始化的内存块,第二个类型是包本身,第三个类型是一个状态数据包连接的内存缓冲区,第四个类似内存缓存区来保存每个用户的状态。
packet information(包信息)
opendpi要访问数据包,所需要的组件:
IP 头指针;
从IP头开始要访问的数据包的长度;
包的时间戳;
The accessible length is needed to avoid invalid reads when the detection would rely on the IP total length information, which could be wrong.
(可访问的数据长度要避免无效的读取当检测依赖IP总长度的信息是)
unsigned char *packet; // pointer to the packet at Layer 3 (IP)
unsigned short int packet_length; /* number of bytes which can be accessed from the packet pointer */
unsigned int timestamp; // arrival timestamp of the packet
Connection information (连接信息)
The state of every TCP and UDP flow is maintained along with internal values. 状态缓冲区的所占的内存大小是固定的而且取决于已经编译的协议数目。
在下面的代码范例中,变量“flow”将被用于连接跟踪(connection tracking)
void *flow; /* pointer to the final state machine of the connection (指向最终的连接状态机)*/
/*The required size is the return value of a builtin function in OpenDPI: (所需要的大小是在opendpi中一个已经建立的函数的返回值)*/
unsigned int ipoque_detection_get_sizeof_ipoque_flow_struct(void);
对于tcp/udp流量这个指针是不能为空的,对于其他的流量(例如连接跟踪
不可能的流量),可以为空。
Subscriber information (用户信息)
为每个用户维护一个类似的状态缓冲区。在大多数情况下,一个用户的内部IP地址是确定的。在这种情况下,为每一个内部IP地址的内存缓冲区必须得到维护。
OpenDPI设计工作在不同的网络情况。用户可有两种不同的情况映射;
1,在接入网关的情况下,每一个数据包属于一个用户。用户可以是数据包发送者或者是接受者,在这种情况下,源地址或者目的地址用户是可知的。
2,在nonaccess 网关的情况下,每个数据包可能属于两个用户,出现这种情况时,一个用户是发送者而另一个用户是接受者,两个用户都可以到达opendpi。
在下面的代码示例中,变量“src”和“dst”将被用户发送或者接收的用户。
void *src; // pointer to the final state machine of the sender subscriber
void *dst; // pointer to the final state machine of the dest subscriber
要求每个元素的大小是在OpenDPI内建函数的返回值:
unsigned int ipoque_detection_get_sizeof_ipoque_id_struct(void);
在接入网关的情况下,只需要 一个用户,要么“SRC”或“DST”为NULL。
Packet Processing Integration Example
数据包处理是对给定的6个参数(包,packet_length,时间戳,流量,src和数据包处理完成DST)和初始化全局变量ipoque_struct的处理:
The packet processing is done with the 6 given parameters (packet, packet_length, timestamp, flow, src and dst) and the initialized global ipoque_struct:
unsigned int protocol;
protocol = ipoque_detection_process_packet(ipoque_struct, flow, packet, packet_length, timestamp, src, dst);
所需的协议是来自头文件中的协议列表'include/ipq_protocols_osdpi.h'.
作为一个例子,返回的协议,可以打印到控制台有:
static const char *protocol_long_str[] = { IPOQUE_PROTOCOL_LONG_STRING };
printf(“Packet has protocol: %s\n”, protocol_long_str[protocol]);
Termination
OpenDPI is terminated by a single call, which frees the memory of the detection structure:
ipoque_exit_detection_module(ipoque_struct, free_wrapper);
