static struct ethtabent *addethentry(struct ethtab *table,
unsigned int linktype, char *ifname,
char *addr, struct eth_desc *list)
{
struct ethtabent *ptemp;
ptemp = addethnode(table);
if (ptemp == NULL)
return NULL;
ptemp->type = 0;
memcpy(&(ptemp->un.desc.eth_addr), addr, ETH_ALEN);
strcpy(ptemp->un.desc.desc, "");
convmacaddr(addr, ptemp->un.desc.ascaddr);
ptemp->un.desc.linktype = linktype;
struct eth_desc *desc = NULL;
list_for_each_entry(desc, &list->hd_list, hd_list)
if (!strcasecmp(desc->hd_mac, ptemp->un.desc.ascaddr))
strcpy(ptemp->un.desc.desc, desc->hd_desc);
strcpy(ptemp->un.desc.ifname, ifname);
if (strcmp(ptemp->un.desc.desc, "") == 0)
ptemp->un.desc.withdesc = 0;
else
ptemp->un.desc.withdesc = 1;
ptemp->un.desc.printed = 0;
ptemp = addethnode(table);
if (ptemp == NULL)
return NULL;
ptemp->type = 1;
ptemp->un.figs.inpcount = 0;
ptemp->un.figs.outpcount = 0;
ptemp->un.figs.inspanbr = ptemp->un.figs.outspanbr = 0;
ptemp->un.figs.inippcount = ptemp->un.figs.outippcount = 0;
ptemp->un.figs.inbcount = ptemp->un.figs.outbcount = 0;
rate_alloc(&ptemp->un.figs.inrate, 5);
rate_alloc(&ptemp->un.figs.outrate, 5);
table->entcount++;
wmove(table->borderwin, LINES - 3, 1);
wprintw(table->borderwin, " %u entries ", table->entcount);
return ptemp;
}
/*
* The detailed interface statistics function
*/
void detstats(char *iface, time_t facilitytime)
{
int logging = options.logging;
WINDOW *statwin;
PANEL *statpanel;
int pkt_result = 0;
FILE *logfile = NULL;
unsigned int iplen = 0;
struct ifcounts ifcounts;
int ch;
struct timeval tv;
struct timeval start_tv;
struct timeval updtime;
time_t starttime;
time_t now;
time_t statbegin;
time_t startlog;
struct proto_counter span;
struct rate rate;
struct rate rate_in;
struct rate rate_out;
unsigned long peakactivity = 0;
unsigned long peakactivity_in = 0;
unsigned long peakactivity_out = 0;
struct rate pps_rate;
struct rate pps_rate_in;
struct rate pps_rate_out;
unsigned long peakpps = 0;
unsigned long peakpps_in = 0;
unsigned long peakpps_out = 0;
int fd;
if (!dev_up(iface)) {
err_iface_down();
return;
}
LIST_HEAD(promisc);
if (options.promisc) {
promisc_init(&promisc, iface);
promisc_set_list(&promisc);
}
move(LINES - 1, 1);
stdexitkeyhelp();
statwin = newwin(LINES - 2, COLS, 1, 0);
statpanel = new_panel(statwin);
tx_stdwinset(statwin);
wtimeout(statwin, -1);
wattrset(statwin, BOXATTR);
tx_colorwin(statwin);
tx_box(statwin, ACS_VLINE, ACS_HLINE);
wmove(statwin, 0, 1);
wprintw(statwin, " Statistics for %s ", iface);
wattrset(statwin, STDATTR);
update_panels();
doupdate();
memset(&ifcounts, 0, sizeof(struct ifcounts));
if (logging) {
if (strcmp(current_logfile, "") == 0) {
snprintf(current_logfile, 64, "%s-%s.log", DSTATLOG,
iface);
if (!daemonized)
input_logfile(current_logfile, &logging);
}
}
if (logging) {
opentlog(&logfile, current_logfile);
if (logfile == NULL)
logging = 0;
}
if (logging) {
signal(SIGUSR1, rotate_dstat_log);
rotate_flag = 0;
writelog(logging, logfile,
"******** Detailed interface statistics started ********");
}
printdetlabels(statwin);
printdetails(&ifcounts, statwin);
update_panels();
doupdate();
memset(&span, 0, sizeof(span));
rate_alloc(&rate, 5);
rate_alloc(&rate_in, 5);
rate_alloc(&rate_out, 5);
rate_alloc(&pps_rate, 5);
rate_alloc(&pps_rate_in, 5);
rate_alloc(&pps_rate_out, 5);
gettimeofday(&tv, NULL);
start_tv = tv;
updtime = tv;
starttime = startlog = statbegin = tv.tv_sec;
leaveok(statwin, TRUE);
fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
if(fd == -1) {
write_error("Unable to obtain monitoring socket");
goto err;
}
if(dev_bind_ifname(fd, iface) == -1) {
write_error("Unable to bind interface on the socket");
goto err_close;
}
exitloop = 0;
PACKET_INIT(pkt);
/*
* Data-gathering loop
*/
while (!exitloop) {
gettimeofday(&tv, NULL);
now = tv.tv_sec;
if ((now - starttime) >= 1) {
char buf[64];
unsigned long activity, activity_in, activity_out;
unsigned long pps, pps_in, pps_out;
unsigned long msecs;
wattrset(statwin, BOXATTR);
printelapsedtime(statbegin, now, LINES - 3, 1, statwin);
msecs = timeval_diff_msec(&tv, &start_tv);
rate_add_rate(&rate, span.proto_total.pc_bytes, msecs);
activity = rate_get_average(&rate);
rate_add_rate(&rate_in, span.proto_in.pc_bytes, msecs);
activity_in = rate_get_average(&rate_in);
rate_add_rate(&rate_out, span.proto_out.pc_bytes, msecs);
activity_out = rate_get_average(&rate_out);
rate_add_rate(&pps_rate, span.proto_total.pc_packets, msecs);
pps = rate_get_average(&pps_rate);
rate_add_rate(&pps_rate_in, span.proto_in.pc_packets, msecs);
pps_in = rate_get_average(&pps_rate_in);
rate_add_rate(&pps_rate_out, span.proto_out.pc_packets, msecs);
pps_out = rate_get_average(&pps_rate_out);
memset(&span, 0, sizeof(span));
starttime = now;
start_tv = tv;
wattrset(statwin, HIGHATTR);
rate_print(activity, buf, sizeof(buf));
mvwprintw(statwin, 14, 19, "%s", buf);
rate_print_pps(pps, buf, sizeof(buf));
mvwprintw(statwin, 15, 19, "%s", buf);
rate_print(activity_in, buf, sizeof(buf));
mvwprintw(statwin, 17, 19, "%s", buf);
rate_print_pps(pps_in, buf, sizeof(buf));
mvwprintw(statwin, 18, 19, "%s", buf);
rate_print(activity_out, buf, sizeof(buf));
mvwprintw(statwin, 20, 19, "%s", buf);
rate_print_pps(pps_out, buf, sizeof(buf));
mvwprintw(statwin, 21, 19, "%s", buf);
if (activity > peakactivity)
peakactivity = activity;
if (activity_in > peakactivity_in)
peakactivity_in = activity_in;
if (activity_out > peakactivity_out)
peakactivity_out = activity_out;
if (pps > peakpps)
peakpps = pps;
if (pps_in > peakpps_in)
peakpps_in = pps_in;
if (pps_out > peakpps_out)
peakpps_out = pps_out;
}
if (logging) {
check_rotate_flag(&logfile);
if ((now - startlog) >= options.logspan) {
writedstatlog(iface,
peakactivity, peakpps,
peakactivity_in, peakpps_in,
peakactivity_out, peakpps_out,
&ifcounts, time(NULL) - statbegin,
logfile);
startlog = now;
}
}
if (screen_update_needed(&tv, &updtime)) {
printdetails(&ifcounts, statwin);
update_panels();
doupdate();
updtime = tv;
}
if ((facilitytime != 0)
&& (((now - statbegin) / 60) >= facilitytime))
exitloop = 1;
if (packet_get(fd, &pkt, &ch, statwin) == -1) {
write_error("Packet receive failed");
exitloop = 1;
break;
}
switch (ch) {
case ERR:
/* no key ready, do nothing */
break;
case 12:
case 'l':
case 'L':
tx_refresh_screen();
break;
case 'Q':
case 'q':
case 'X':
case 'x':
case 24:
case 27:
exitloop = 1;
break;
}
if (pkt.pkt_len <= 0)
continue;
int outgoing;
pkt_result =
packet_process(&pkt, NULL, NULL, NULL,
MATCH_OPPOSITE_USECONFIG,
options.v6inv4asv6);
if (pkt_result != PACKET_OK
&& pkt_result != MORE_FRAGMENTS)
continue;
outgoing = (pkt.pkt_pkttype == PACKET_OUTGOING);
update_proto_counter(&ifcounts.total, outgoing, pkt.pkt_len);
if (pkt.pkt_pkttype == PACKET_BROADCAST) {
update_pkt_counter(&ifcounts.bcast, pkt.pkt_len);
}
update_proto_counter(&span, outgoing, pkt.pkt_len);
/* account network layer protocol */
switch(pkt.pkt_protocol) {
case ETH_P_IP:
if (pkt_result == CHECKSUM_ERROR) {
update_pkt_counter(&ifcounts.bad, pkt.pkt_len);
continue;
}
iplen = ntohs(pkt.iphdr->tot_len);
update_proto_counter(&ifcounts.ipv4, outgoing, iplen);
break;
case ETH_P_IPV6:
iplen = ntohs(pkt.ip6_hdr->ip6_plen) + 40;
update_proto_counter(&ifcounts.ipv6, outgoing, iplen);
break;
default:
update_proto_counter(&ifcounts.nonip, outgoing, iplen);
continue;
}
__u8 ip_protocol = pkt_ip_protocol(&pkt);
/* account transport layer protocol */
switch (ip_protocol) {
case IPPROTO_TCP:
update_proto_counter(&ifcounts.tcp, outgoing, iplen);
break;
case IPPROTO_UDP:
update_proto_counter(&ifcounts.udp, outgoing, iplen);
break;
case IPPROTO_ICMP:
case IPPROTO_ICMPV6:
update_proto_counter(&ifcounts.icmp, outgoing, iplen);
break;
default:
update_proto_counter(&ifcounts.other, outgoing, iplen);
break;
}
}
err_close:
close(fd);
err:
rate_destroy(&pps_rate_out);
rate_destroy(&pps_rate_in);
rate_destroy(&pps_rate);
rate_destroy(&rate_out);
rate_destroy(&rate_in);
rate_destroy(&rate);
if (options.promisc) {
promisc_restore_list(&promisc);
promisc_destroy(&promisc);
}
if (logging) {
signal(SIGUSR1, SIG_DFL);
writedstatlog(iface,
peakactivity, peakpps, peakactivity_in,
peakpps_in, peakactivity_out, peakpps_out,
&ifcounts, time(NULL) - statbegin,
logfile);
writelog(logging, logfile,
"******** Detailed interface statistics stopped ********");
fclose(logfile);
}
del_panel(statpanel);
delwin(statwin);
strcpy(current_logfile, "");
pkt_cleanup();
update_panels();
doupdate();
}
struct tcptableent *addentry(struct tcptable *table,
struct sockaddr_storage *saddr,
struct sockaddr_storage *daddr,
int protocol, char *ifname,
int *rev_lookup, int rvnfd)
{
struct tcptableent *new_entry;
struct closedlist *ctemp;
/*
* Allocate and attach a new node if no closed entries found
*/
if (table->closedentries == NULL) {
new_entry = xmalloc(sizeof(struct tcptableent));
new_entry->oth_connection = xmalloc(sizeof(struct tcptableent));
new_entry->oth_connection->oth_connection = new_entry;
if (table->head == NULL) {
new_entry->prev_entry = NULL;
table->head = new_entry;
table->firstvisible = new_entry;
}
if (table->tail != NULL) {
table->tail->next_entry = new_entry;
new_entry->prev_entry = table->tail;
}
table->lastpos++;
new_entry->index = table->lastpos;
table->lastpos++;
new_entry->oth_connection->index = table->lastpos;
table->tail = new_entry->oth_connection;
new_entry->next_entry = new_entry->oth_connection;
new_entry->next_entry->prev_entry = new_entry;
new_entry->next_entry->next_entry = NULL;
if (new_entry->oth_connection->index <=
table->firstvisible->index + (table->imaxy - 1))
table->lastvisible = new_entry->oth_connection;
else if (new_entry->index <=
table->firstvisible->index + (table->imaxy - 1))
table->lastvisible = new_entry;
new_entry->reused = new_entry->oth_connection->reused = 0;
table->count++;
rate_alloc(&new_entry->rate, 5);
rate_alloc(&new_entry->oth_connection->rate, 5);
print_tcp_num_entries(table);
} else {
/*
* If we reach this point, we're allocating off the list of closed
* entries. In this case, we take the top entry, let the new_entry
* variable point to whatever the top is pointing to. The new_entry's
* oth_connection also points to the reused entry's oth_connection
*/
new_entry = table->closedentries->closedentry;
new_entry->oth_connection = table->closedentries->pair;
ctemp = table->closedentries;
table->closedentries = table->closedentries->next_entry;
free(ctemp);
/*
* Mark the closed list's tail as NULL if we use the last entry
* in the list to prevent a dangling reference.
*/
if (table->closedentries == NULL)
table->closedtail = NULL;
new_entry->reused = new_entry->oth_connection->reused = 1;
/*
* Delete the old hash entries for this reallocated node;
*/
del_tcp_hash_node(table, new_entry);
del_tcp_hash_node(table, new_entry->oth_connection);
}
/*
* Fill in address fields with raw IP addresses
*/
sockaddr_copy(&new_entry->saddr, saddr);
sockaddr_copy(&new_entry->oth_connection->daddr, saddr);
sockaddr_copy(&new_entry->daddr, daddr);
sockaddr_copy(&new_entry->oth_connection->saddr, daddr);
new_entry->protocol = protocol;
/*
* Initialize count fields
*/
new_entry->pcount = new_entry->bcount = 0;
new_entry->win = new_entry->psize = 0;
new_entry->timedout = new_entry->oth_connection->timedout = 0;
new_entry->oth_connection->pcount = new_entry->oth_connection->bcount =
0;
new_entry->oth_connection->win = new_entry->oth_connection->psize = 0;
/*
* Store interface name
*/
strcpy(new_entry->ifname, ifname);
strcpy(new_entry->oth_connection->ifname, ifname);
/*
* Zero out MAC address fields
*/
memset(new_entry->smacaddr, 0, sizeof(new_entry->smacaddr));
memset(new_entry->oth_connection->smacaddr, 0, sizeof(new_entry->oth_connection->smacaddr));
new_entry->stat = new_entry->oth_connection->stat = 0;
new_entry->s_fstat =
revname(rev_lookup, &new_entry->saddr,
new_entry->s_fqdn, sizeof(new_entry->s_fqdn), rvnfd);
new_entry->d_fstat =
revname(rev_lookup, &new_entry->daddr,
new_entry->d_fqdn, sizeof(new_entry->d_fqdn), rvnfd);
/* set port service names (where applicable) */
servlook(sockaddr_get_port(saddr), IPPROTO_TCP, new_entry->s_sname, 10);
servlook(sockaddr_get_port(daddr), IPPROTO_TCP, new_entry->d_sname, 10);
strcpy(new_entry->oth_connection->s_sname, new_entry->d_sname);
strcpy(new_entry->oth_connection->d_sname, new_entry->s_sname);
strcpy(new_entry->oth_connection->d_fqdn, new_entry->s_fqdn);
strcpy(new_entry->oth_connection->s_fqdn, new_entry->d_fqdn);
new_entry->oth_connection->s_fstat = new_entry->d_fstat;
new_entry->oth_connection->d_fstat = new_entry->s_fstat;
if (new_entry->index < new_entry->oth_connection->index) {
new_entry->half_bracket = ACS_ULCORNER;
new_entry->oth_connection->half_bracket = ACS_LLCORNER;
} else {
new_entry->half_bracket = ACS_LLCORNER;
new_entry->oth_connection->half_bracket = ACS_ULCORNER;
}
new_entry->inclosed = new_entry->oth_connection->inclosed = 0;
new_entry->finack = new_entry->oth_connection->finack = 0;
new_entry->finsent = new_entry->oth_connection->finsent = 0;
new_entry->partial = new_entry->oth_connection->partial = 0;
new_entry->spanbr = new_entry->oth_connection->spanbr = 0;
new_entry->conn_starttime = new_entry->oth_connection->conn_starttime =
time(NULL);
rate_init(&new_entry->rate);
rate_init(&new_entry->oth_connection->rate);
/*
* Mark flow rate start time and byte counter for flow computation
* if the highlight bar is on either flow of the new connection.
*/
if (table->barptr == new_entry) {
new_entry->starttime = time(NULL);
new_entry->spanbr = 0;
} else if (table->barptr == new_entry->oth_connection) {
new_entry->oth_connection->starttime = time(NULL);
new_entry->oth_connection->spanbr = 0;
}
/*
* Add entries to hash table
*/
add_tcp_hash_entry(table, new_entry);
add_tcp_hash_entry(table, new_entry->oth_connection);
return new_entry;
}