void addtoclosedlist(struct tcptable *table, struct tcptableent *entry,
int *nomem)
{
struct closedlist *ctemp;
ctemp = malloc(sizeof(struct closedlist));
if (ctemp == NULL) {
printnomem();
*nomem = 1;
return;
}
/*
* Point to closed entries
*/
ctemp->closedentry = entry;
ctemp->pair = entry->oth_connection;
entry->inclosed = entry->oth_connection->inclosed = 1;
/*
* Add node to closed entry list.
*/
if (table->closedtail != NULL)
table->closedtail->next_entry = ctemp;
table->closedtail = ctemp;
table->closedtail->next_entry = NULL;
if (table->closedentries == NULL)
table->closedentries = ctemp;
}
struct othptabent *add_othp_entry(struct othptable *table,
struct tcptable *tcptab,
unsigned long saddr, unsigned long daddr,
int is_ip, int protocol,
unsigned short linkproto, char *packet,
char *packet2, unsigned int br,
char *ifname, int *rev_lookup, int rvnfd,
unsigned int tm, int logging,
FILE * logfile, int servnames,
int fragment, int *nomem)
{
struct othptabent *new_entry;
struct othptabent *temp;
struct in_addr isaddr, idaddr;
new_entry = malloc(sizeof(struct othptabent));
if (new_entry == NULL) {
printnomem();
*nomem = 1;
return NULL;
}
bzero(new_entry, sizeof(struct othptabent));
new_entry->is_ip = is_ip;
new_entry->fragment = fragment;
if ((table->mac) || (!is_ip)) {
if ((linkproto == LINK_ETHERNET) || (linkproto == LINK_PLIP)) {
convmacaddr(((struct ethhdr *) packet)->h_source,
new_entry->smacaddr);
convmacaddr(((struct ethhdr *) packet)->h_dest,
new_entry->dmacaddr);
} else if (linkproto == LINK_FDDI) {
convmacaddr(((struct fddihdr *) packet)->saddr,
new_entry->smacaddr);
convmacaddr(((struct fddihdr *) packet)->daddr,
new_entry->dmacaddr);
} else if (linkproto == LINK_TR) {
convmacaddr(((struct trh_hdr *) packet)->saddr,
new_entry->smacaddr);
convmacaddr(((struct trh_hdr *) packet)->daddr,
new_entry->dmacaddr);
}
}
if (is_ip) {
new_entry->saddr = isaddr.s_addr = saddr;
new_entry->daddr = idaddr.s_addr = daddr;
revname(rev_lookup, &isaddr, new_entry->s_fqdn, rvnfd);
revname(rev_lookup, &idaddr, new_entry->d_fqdn, rvnfd);
if (!fragment) {
if (protocol == IPPROTO_ICMP) {
new_entry->un.icmp.type =
((struct icmphdr *) packet2)->type;
new_entry->un.icmp.code =
((struct icmphdr *) packet2)->code;
} else if (protocol == IPPROTO_UDP) {
servlook(servnames, ((struct udphdr *) packet2)->source,
IPPROTO_UDP, new_entry->un.udp.s_sname, 10);
servlook(servnames, ((struct udphdr *) packet2)->dest,
IPPROTO_UDP, new_entry->un.udp.d_sname, 10);
} else if (protocol == IPPROTO_OSPFIGP) {
new_entry->un.ospf.type =
((struct ospfhdr *) packet2)->ospf_type;
new_entry->un.ospf.area =
ntohl(((struct ospfhdr *) packet2)->ospf_areaid.
s_addr);
strcpy(new_entry->un.ospf.routerid,
inet_ntoa(((struct ospfhdr *)
packet2)->ospf_routerid));
}
}
} else {
new_entry->linkproto = linkproto;
if (protocol == ETH_P_ARP) {
new_entry->un.arp.opcode = ((struct arp_hdr *) packet2)->ar_op;
memcpy(&(new_entry->un.arp.src_ip_address),
&(((struct arp_hdr *) packet2)->ar_sip), 4);
memcpy(&(new_entry->un.arp.dest_ip_address),
&(((struct arp_hdr *) packet2)->ar_tip), 4);
} else if (protocol == ETH_P_RARP) {
new_entry->un.rarp.opcode = ((struct arphdr *) packet2)->ar_op;
memcpy(&(new_entry->un.rarp.src_mac_address),
&(((struct arp_hdr *) packet2)->ar_sha), 6);
memcpy(&(new_entry->un.rarp.dest_mac_address),
&(((struct arp_hdr *) packet2)->ar_tha), 6);
}
}
new_entry->protocol = protocol;
strcpy(new_entry->iface, ifname);
new_entry->pkt_length = br;
if (table->head == NULL) {
new_entry->prev_entry = NULL;
table->head = new_entry;
table->firstvisible = new_entry;
}
/*
* Max number of entries in the lower window is 512. Upon reaching
* this figure, oldest entries are thrown out.
*/
if (table->count == 512) {
if (table->firstvisible == table->head) {
wscrl(table->othpwin, 1);
printothpentry(table, table->lastvisible->next_entry,
table->oimaxy - 1, logging, logfile);
table->firstvisible = table->firstvisible->next_entry;
table->lastvisible = table->lastvisible->next_entry;
}
temp = table->head;
table->head = table->head->next_entry;
table->head->prev_entry = NULL;
free(temp);
} else
table->count++;
if (table->tail != NULL) {
new_entry->prev_entry = table->tail;
table->tail->next_entry = new_entry;
}
table->tail = new_entry;
new_entry->next_entry = NULL;
table->lastpos++;
new_entry->index = table->lastpos;
if (table->count <= table->oimaxy) {
table->lastvisible = new_entry;
printothpentry(table, new_entry, table->count - 1, logging,
logfile);
} else if (table->lastvisible == table->tail->prev_entry) {
wscrl(table->othpwin, 1);
table->firstvisible = table->firstvisible->next_entry;
table->lastvisible = table->tail;
printothpentry(table, new_entry, table->oimaxy - 1, logging,
logfile);
}
return new_entry;
}
struct tcptableent *addentry(struct tcptable *table,
unsigned long int saddr,
unsigned long int daddr,
unsigned int sport, unsigned int dport,
int protocol,
char *ifname, int *rev_lookup,
int rvnfd, int servnames, int *nomem)
{
struct tcptableent *new_entry;
struct closedlist *ctemp;
/*
* Allocate and attach a new node if no closed entries found
*/
if (table->closedentries == NULL) {
new_entry = malloc(sizeof(struct tcptableent));
if (new_entry != NULL)
new_entry->oth_connection = malloc(sizeof(struct tcptableent));
if ((new_entry->oth_connection == NULL) || (new_entry == NULL)) {
printnomem();
*nomem = 1;
return NULL;
}
new_entry->oth_connection->oth_connection = new_entry;
if (table->head == NULL) {
new_entry->prev_entry = NULL;
table->head = new_entry;
table->firstvisible = new_entry;
}
if (table->tail != NULL) {
table->tail->next_entry = new_entry;
new_entry->prev_entry = table->tail;
}
table->lastpos++;
new_entry->index = table->lastpos;
table->lastpos++;
new_entry->oth_connection->index = table->lastpos;
table->tail = new_entry->oth_connection;
new_entry->next_entry = new_entry->oth_connection;
new_entry->next_entry->prev_entry = new_entry;
new_entry->next_entry->next_entry = NULL;
if (new_entry->oth_connection->index <=
table->firstvisible->index + (table->imaxy - 1))
table->lastvisible = new_entry->oth_connection;
else if (new_entry->index <=
table->firstvisible->index + (table->imaxy - 1))
table->lastvisible = new_entry;
new_entry->reused = new_entry->oth_connection->reused = 0;
table->count++;
print_tcp_num_entries(table);
} else {
/*
* If we reach this point, we're allocating off the list of closed
* entries. In this case, we take the top entry, let the new_entry
* variable point to whatever the top is pointing to. The new_entry's
* oth_connection also points to the reused entry's oth_connection
*/
new_entry = table->closedentries->closedentry;
new_entry->oth_connection = table->closedentries->pair;
ctemp = table->closedentries;
table->closedentries = table->closedentries->next_entry;
free(ctemp);
/*
* Mark the closed list's tail as NULL if we use the last entry
* in the list to prevent a dangling reference.
*/
if (table->closedentries == NULL)
table->closedtail = NULL;
new_entry->reused = new_entry->oth_connection->reused = 1;
/*
* Delete the old hash entries for this reallocated node;
*/
del_tcp_hash_node(table, new_entry);
del_tcp_hash_node(table, new_entry->oth_connection);
}
/*
* Fill in address fields with raw IP addresses
*/
new_entry->saddr.s_addr = new_entry->oth_connection->daddr.s_addr =
saddr;
new_entry->daddr.s_addr = new_entry->oth_connection->saddr.s_addr =
daddr;
new_entry->protocol = protocol;
/*
* Initialize count fields
*/
new_entry->pcount = new_entry->bcount = 0;
new_entry->win = new_entry->psize = 0;
new_entry->timedout = new_entry->oth_connection->timedout = 0;
new_entry->oth_connection->pcount = new_entry->oth_connection->bcount =
0;
new_entry->oth_connection->win = new_entry->oth_connection->psize = 0;
/*
* Store interface name
*/
strcpy(new_entry->ifname, ifname);
strcpy(new_entry->oth_connection->ifname, ifname);
/*
* Zero out MAC address fields
*/
bzero(new_entry->smacaddr, 15);
bzero(new_entry->oth_connection->smacaddr, 15);
/*
* Set raw port numbers
*/
new_entry->sport = new_entry->oth_connection->dport = ntohs(sport);
new_entry->dport = new_entry->oth_connection->sport = ntohs(dport);
new_entry->stat = new_entry->oth_connection->stat = 0;
new_entry->s_fstat = revname(rev_lookup, &(new_entry->saddr),
new_entry->s_fqdn, rvnfd);
new_entry->d_fstat = revname(rev_lookup, &(new_entry->daddr),
new_entry->d_fqdn, rvnfd);
/*
* Set port service names (where applicable)
*/
servlook(servnames, sport, IPPROTO_TCP, new_entry->s_sname, 10);
servlook(servnames, dport, IPPROTO_TCP, new_entry->d_sname, 10);
strcpy(new_entry->oth_connection->s_sname, new_entry->d_sname);
strcpy(new_entry->oth_connection->d_sname, new_entry->s_sname);
strcpy(new_entry->oth_connection->d_fqdn, new_entry->s_fqdn);
strcpy(new_entry->oth_connection->s_fqdn, new_entry->d_fqdn);
new_entry->oth_connection->s_fstat = new_entry->d_fstat;
new_entry->oth_connection->d_fstat = new_entry->s_fstat;
if (new_entry->index < new_entry->oth_connection->index) {
new_entry->half_bracket = ACS_ULCORNER;
new_entry->oth_connection->half_bracket = ACS_LLCORNER;
} else {
new_entry->half_bracket = ACS_LLCORNER;
new_entry->oth_connection->half_bracket = ACS_ULCORNER;
}
new_entry->inclosed = new_entry->oth_connection->inclosed = 0;
new_entry->finack = new_entry->oth_connection->finack = 0;
new_entry->finsent = new_entry->oth_connection->finsent = 0;
new_entry->partial = new_entry->oth_connection->partial = 0;
new_entry->spanbr = new_entry->oth_connection->spanbr = 0;
new_entry->conn_starttime = new_entry->oth_connection->conn_starttime =
time(NULL);
/*
* Mark flow rate start time and byte counter for flow computation
* if the highlight bar is on either flow of the new connection.
*/
if (table->barptr == new_entry) {
new_entry->starttime = time(NULL);
new_entry->spanbr = 0;
} else if (table->barptr == new_entry->oth_connection) {
new_entry->oth_connection->starttime = time(NULL);
new_entry->oth_connection->spanbr = 0;
}
/*
* Add entries to hash table
*/
*nomem = add_tcp_hash_entry(table, new_entry);
*nomem = add_tcp_hash_entry(table, new_entry->oth_connection);
return new_entry;
}
