Hello,

I am looking for a container in which I could store TCP segments sorted by TCP connection ID (quint32 srcIP, quint16 srcPort, quint32 dstIP, quint16 dstPort), and by sequence number. TCP segments would be added individually to container, but deleted would be every TCP segement from TCP connection in which FIN segment appear.
What container would be the best for that?

How about you share your thoughts on how you might approach it?

I thought about QHash<TCPConnectionID, QMap<quint32, TCPSegment*> >, but I did not want to impose my idea, because someone with fresh approach to the problem could suggest something simpler and better. QMap key would be Sequence Number of TCP segment.

I ask because some people expect answers, sometimes for school homework, with no intellectual effort on their part. You clearly thought about it.

That seems like a reasonable approach for many connections (overkill for two or three) if you only ever search on a complete TCPConnectionID, which I assume is a simple struct of address/port pairs, and are careful not to accidentally insert null entries in the map (using the operator[]). If you know something about the traffic you are monitoring, like 99.9% of connections send less than 10 segments, then the inner map may be a simple QVector<TCPSegment*>.

If you need to be able to find all connections to with a particular source address/port, or just using port x, this structure will not be useful because of the hashing function.

But I have a problem with mentioned container- every time I insert segment to inner QMap I have to copy whole inner QMap from outer QHash, insert segment to it and insert whole QMap to QHash. Is it possible to insert TCPSegment without copying inner table?

TCPConnectionID connectionID(srcIP,srcPort,dstIP,dstPort);
QMap<quint32, TCPSegment*> tcpSegmentMap = tcpConnectionHash.value(connectionID);
tcpSegmentMap.insertMulti(segment.sequenceNumber() ,new TCPSegment(...));
tcpConnectionHash.insert(connectionID,tcpSegmentMa p);

If you use tcpConnectionHash[key] you get a non-const reference to the map, so:


QHash<TCPConnectionID, QMap<quint32, TCPSegment*> > cache;
TCPConnectionID connectionID(1,2,3,4);
quint32 fakeSegNo = 123;
TCPSegment *fakeSeg = 0;
cache[connectionID].insert(fakeSegNo, fakeSeg);

Do not use operator[] if you just want to check if a key exists.

Are you using insertMulti() because you are expecting more than one segment for a given segment number on a single connection?

If there is no data in segment (but there is a TCP header) and it is not SYN or FIN segment, sequence number of next segment is not incremented. So yes, I expect at present multiple segments with the same sequence number. I will have to consider this.

Thank you for help.