Exemplo n.º 1
0
static struct ethtabent *addethentry(struct ethtab *table,
				     unsigned int linktype, char *ifname,
				     char *addr, struct eth_desc *list)
{
	struct ethtabent *ptemp;

	ptemp = addethnode(table);

	if (ptemp == NULL)
		return NULL;

	ptemp->type = 0;
	memcpy(&(ptemp->un.desc.eth_addr), addr, ETH_ALEN);
	strcpy(ptemp->un.desc.desc, "");

	convmacaddr(addr, ptemp->un.desc.ascaddr);

	ptemp->un.desc.linktype = linktype;
	struct eth_desc *desc = NULL;

	list_for_each_entry(desc, &list->hd_list, hd_list)
		if (!strcasecmp(desc->hd_mac, ptemp->un.desc.ascaddr))
			strcpy(ptemp->un.desc.desc, desc->hd_desc);

	strcpy(ptemp->un.desc.ifname, ifname);

	if (strcmp(ptemp->un.desc.desc, "") == 0)
		ptemp->un.desc.withdesc = 0;
	else
		ptemp->un.desc.withdesc = 1;

	ptemp->un.desc.printed = 0;

	ptemp = addethnode(table);

	if (ptemp == NULL)
		return NULL;

	ptemp->type = 1;
	ptemp->un.figs.inpcount = 0;
	ptemp->un.figs.outpcount = 0;
	ptemp->un.figs.inspanbr = ptemp->un.figs.outspanbr = 0;
	ptemp->un.figs.inippcount = ptemp->un.figs.outippcount = 0;
	ptemp->un.figs.inbcount = ptemp->un.figs.outbcount = 0;
	rate_alloc(&ptemp->un.figs.inrate, 5);
	rate_alloc(&ptemp->un.figs.outrate, 5);

	table->entcount++;

	wmove(table->borderwin, LINES - 3, 1);
	wprintw(table->borderwin, " %u entries ", table->entcount);

	return ptemp;
}
Exemplo n.º 2
0
/*
 * The detailed interface statistics function
 */
void detstats(char *iface, time_t facilitytime)
{
	int logging = options.logging;

	WINDOW *statwin;
	PANEL *statpanel;

	int pkt_result = 0;

	FILE *logfile = NULL;

	unsigned int iplen = 0;

	struct ifcounts ifcounts;

	int ch;

	struct timeval tv;
	struct timeval start_tv;
	struct timeval updtime;
	time_t starttime;
	time_t now;
	time_t statbegin;
	time_t startlog;

	struct proto_counter span;

	struct rate rate;
	struct rate rate_in;
	struct rate rate_out;
	unsigned long peakactivity = 0;
	unsigned long peakactivity_in = 0;
	unsigned long peakactivity_out = 0;

	struct rate pps_rate;
	struct rate pps_rate_in;
	struct rate pps_rate_out;
	unsigned long peakpps = 0;
	unsigned long peakpps_in = 0;
	unsigned long peakpps_out = 0;

	int fd;

	if (!dev_up(iface)) {
		err_iface_down();
		return;
	}

	LIST_HEAD(promisc);
	if (options.promisc) {
		promisc_init(&promisc, iface);
		promisc_set_list(&promisc);
	}

	move(LINES - 1, 1);
	stdexitkeyhelp();
	statwin = newwin(LINES - 2, COLS, 1, 0);
	statpanel = new_panel(statwin);
	tx_stdwinset(statwin);
	wtimeout(statwin, -1);
	wattrset(statwin, BOXATTR);
	tx_colorwin(statwin);
	tx_box(statwin, ACS_VLINE, ACS_HLINE);
	wmove(statwin, 0, 1);
	wprintw(statwin, " Statistics for %s ", iface);
	wattrset(statwin, STDATTR);
	update_panels();
	doupdate();

	memset(&ifcounts, 0, sizeof(struct ifcounts));

	if (logging) {
		if (strcmp(current_logfile, "") == 0) {
			snprintf(current_logfile, 64, "%s-%s.log", DSTATLOG,
				 iface);

			if (!daemonized)
				input_logfile(current_logfile, &logging);
		}
	}

	if (logging) {
		opentlog(&logfile, current_logfile);

		if (logfile == NULL)
			logging = 0;
	}
	if (logging) {
		signal(SIGUSR1, rotate_dstat_log);

		rotate_flag = 0;
		writelog(logging, logfile,
			 "******** Detailed interface statistics started ********");
	}

	printdetlabels(statwin);
	printdetails(&ifcounts, statwin);
	update_panels();
	doupdate();

	memset(&span, 0, sizeof(span));
	rate_alloc(&rate, 5);
	rate_alloc(&rate_in, 5);
	rate_alloc(&rate_out, 5);

	rate_alloc(&pps_rate, 5);
	rate_alloc(&pps_rate_in, 5);
	rate_alloc(&pps_rate_out, 5);

	gettimeofday(&tv, NULL);
	start_tv = tv;
	updtime = tv;
	starttime = startlog = statbegin = tv.tv_sec;

	leaveok(statwin, TRUE);

	fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
	if(fd == -1) {
		write_error("Unable to obtain monitoring socket");
		goto err;
	}
	if(dev_bind_ifname(fd, iface) == -1) {
		write_error("Unable to bind interface on the socket");
		goto err_close;
	}

	exitloop = 0;

	PACKET_INIT(pkt);

	/*
	 * Data-gathering loop
	 */

	while (!exitloop) {
		gettimeofday(&tv, NULL);
		now = tv.tv_sec;

		if ((now - starttime) >= 1) {
			char buf[64];
			unsigned long activity, activity_in, activity_out;
			unsigned long pps, pps_in, pps_out;
			unsigned long msecs;

			wattrset(statwin, BOXATTR);
			printelapsedtime(statbegin, now, LINES - 3, 1, statwin);

			msecs = timeval_diff_msec(&tv, &start_tv);

			rate_add_rate(&rate, span.proto_total.pc_bytes, msecs);
			activity = rate_get_average(&rate);
			rate_add_rate(&rate_in, span.proto_in.pc_bytes, msecs);
			activity_in = rate_get_average(&rate_in);
			rate_add_rate(&rate_out, span.proto_out.pc_bytes, msecs);
			activity_out = rate_get_average(&rate_out);

			rate_add_rate(&pps_rate, span.proto_total.pc_packets, msecs);
			pps = rate_get_average(&pps_rate);
			rate_add_rate(&pps_rate_in, span.proto_in.pc_packets, msecs);
			pps_in = rate_get_average(&pps_rate_in);
			rate_add_rate(&pps_rate_out, span.proto_out.pc_packets, msecs);
			pps_out = rate_get_average(&pps_rate_out);

			memset(&span, 0, sizeof(span));
			starttime = now;
			start_tv = tv;

			wattrset(statwin, HIGHATTR);
			rate_print(activity, buf, sizeof(buf));
			mvwprintw(statwin, 14, 19, "%s", buf);
			rate_print_pps(pps, buf, sizeof(buf));
			mvwprintw(statwin, 15, 19, "%s", buf);
			rate_print(activity_in, buf, sizeof(buf));
			mvwprintw(statwin, 17, 19, "%s", buf);
			rate_print_pps(pps_in, buf, sizeof(buf));
			mvwprintw(statwin, 18, 19, "%s", buf);
			rate_print(activity_out, buf, sizeof(buf));
			mvwprintw(statwin, 20, 19, "%s", buf);
			rate_print_pps(pps_out, buf, sizeof(buf));
			mvwprintw(statwin, 21, 19, "%s", buf);

			if (activity > peakactivity)
				peakactivity = activity;

			if (activity_in > peakactivity_in)
				peakactivity_in = activity_in;

			if (activity_out > peakactivity_out)
				peakactivity_out = activity_out;

			if (pps > peakpps)
				peakpps = pps;

			if (pps_in > peakpps_in)
				peakpps_in = pps_in;

			if (pps_out > peakpps_out)
				peakpps_out = pps_out;
		}
		if (logging) {
			check_rotate_flag(&logfile);
			if ((now - startlog) >= options.logspan) {
				writedstatlog(iface,
					      peakactivity, peakpps,
					      peakactivity_in, peakpps_in,
					      peakactivity_out, peakpps_out,
					      &ifcounts, time(NULL) - statbegin,
					      logfile);

				startlog = now;
			}
		}

		if (screen_update_needed(&tv, &updtime)) {
			printdetails(&ifcounts, statwin);
			update_panels();
			doupdate();

			updtime = tv;
		}

		if ((facilitytime != 0)
		    && (((now - statbegin) / 60) >= facilitytime))
			exitloop = 1;

		if (packet_get(fd, &pkt, &ch, statwin) == -1) {
			write_error("Packet receive failed");
			exitloop = 1;
			break;
		}

		switch (ch) {
		case ERR:
			/* no key ready, do nothing */
			break;
		case 12:
		case 'l':
		case 'L':
			tx_refresh_screen();
			break;

		case 'Q':
		case 'q':
		case 'X':
		case 'x':
		case 24:
		case 27:
			exitloop = 1;
			break;
		}
		if (pkt.pkt_len <= 0)
			continue;

		int outgoing;

		pkt_result =
			packet_process(&pkt, NULL, NULL, NULL,
				       MATCH_OPPOSITE_USECONFIG,
				       options.v6inv4asv6);

		if (pkt_result != PACKET_OK
		    && pkt_result != MORE_FRAGMENTS)
			continue;

		outgoing = (pkt.pkt_pkttype == PACKET_OUTGOING);
		update_proto_counter(&ifcounts.total, outgoing, pkt.pkt_len);
		if (pkt.pkt_pkttype == PACKET_BROADCAST) {
			update_pkt_counter(&ifcounts.bcast, pkt.pkt_len);
		}

		update_proto_counter(&span, outgoing, pkt.pkt_len);

		/* account network layer protocol */
		switch(pkt.pkt_protocol) {
		case ETH_P_IP:
			if (pkt_result == CHECKSUM_ERROR) {
				update_pkt_counter(&ifcounts.bad, pkt.pkt_len);
				continue;
			}

			iplen = ntohs(pkt.iphdr->tot_len);

			update_proto_counter(&ifcounts.ipv4, outgoing, iplen);
			break;
		case ETH_P_IPV6:
			iplen = ntohs(pkt.ip6_hdr->ip6_plen) + 40;

			update_proto_counter(&ifcounts.ipv6, outgoing, iplen);
			break;
		default:
			update_proto_counter(&ifcounts.nonip, outgoing, iplen);
			continue;
		}

		__u8 ip_protocol = pkt_ip_protocol(&pkt);

		/* account transport layer protocol */
		switch (ip_protocol) {
		case IPPROTO_TCP:
			update_proto_counter(&ifcounts.tcp, outgoing, iplen);
			break;
		case IPPROTO_UDP:
			update_proto_counter(&ifcounts.udp, outgoing, iplen);
			break;
		case IPPROTO_ICMP:
		case IPPROTO_ICMPV6:
			update_proto_counter(&ifcounts.icmp, outgoing, iplen);
			break;
		default:
			update_proto_counter(&ifcounts.other, outgoing, iplen);
			break;
		}
	}

err_close:
	close(fd);

err:
	rate_destroy(&pps_rate_out);
	rate_destroy(&pps_rate_in);
	rate_destroy(&pps_rate);

	rate_destroy(&rate_out);
	rate_destroy(&rate_in);
	rate_destroy(&rate);

	if (options.promisc) {
		promisc_restore_list(&promisc);
		promisc_destroy(&promisc);
	}

	if (logging) {
		signal(SIGUSR1, SIG_DFL);
		writedstatlog(iface,
			      peakactivity, peakpps, peakactivity_in,
			      peakpps_in, peakactivity_out, peakpps_out,
			      &ifcounts, time(NULL) - statbegin,
			      logfile);
		writelog(logging, logfile,
			 "******** Detailed interface statistics stopped ********");
		fclose(logfile);
	}

	del_panel(statpanel);
	delwin(statwin);
	strcpy(current_logfile, "");
	pkt_cleanup();
	update_panels();
	doupdate();
}
Exemplo n.º 3
0
struct tcptableent *addentry(struct tcptable *table,
			     struct sockaddr_storage *saddr,
			     struct sockaddr_storage *daddr,
			     int protocol, char *ifname,
			     int *rev_lookup, int rvnfd)
{
	struct tcptableent *new_entry;
	struct closedlist *ctemp;

	/*
	 * Allocate and attach a new node if no closed entries found
	 */

	if (table->closedentries == NULL) {
		new_entry = xmalloc(sizeof(struct tcptableent));
		new_entry->oth_connection = xmalloc(sizeof(struct tcptableent));

		new_entry->oth_connection->oth_connection = new_entry;

		if (table->head == NULL) {
			new_entry->prev_entry = NULL;
			table->head = new_entry;

			table->firstvisible = new_entry;
		}
		if (table->tail != NULL) {
			table->tail->next_entry = new_entry;
			new_entry->prev_entry = table->tail;
		}
		table->lastpos++;
		new_entry->index = table->lastpos;
		table->lastpos++;
		new_entry->oth_connection->index = table->lastpos;

		table->tail = new_entry->oth_connection;
		new_entry->next_entry = new_entry->oth_connection;
		new_entry->next_entry->prev_entry = new_entry;
		new_entry->next_entry->next_entry = NULL;


		if (new_entry->oth_connection->index <=
		    table->firstvisible->index + (table->imaxy - 1))
			table->lastvisible = new_entry->oth_connection;
		else if (new_entry->index <=
			 table->firstvisible->index + (table->imaxy - 1))
			table->lastvisible = new_entry;

		new_entry->reused = new_entry->oth_connection->reused = 0;
		table->count++;

		rate_alloc(&new_entry->rate, 5);
		rate_alloc(&new_entry->oth_connection->rate, 5);

		print_tcp_num_entries(table);
	} else {
		/*
		 * If we reach this point, we're allocating off the list of closed
		 * entries.  In this case, we take the top entry, let the new_entry
		 * variable point to whatever the top is pointing to.  The new_entry's
		 * oth_connection also points to the reused entry's oth_connection
		 */

		new_entry = table->closedentries->closedentry;
		new_entry->oth_connection = table->closedentries->pair;

		ctemp = table->closedentries;
		table->closedentries = table->closedentries->next_entry;
		free(ctemp);

		/*
		 * Mark the closed list's tail as NULL if we use the last entry
		 * in the list to prevent a dangling reference.
		 */

		if (table->closedentries == NULL)
			table->closedtail = NULL;

		new_entry->reused = new_entry->oth_connection->reused = 1;

		/*
		 * Delete the old hash entries for this reallocated node;
		 */

		del_tcp_hash_node(table, new_entry);
		del_tcp_hash_node(table, new_entry->oth_connection);
	}

	/*
	 * Fill in address fields with raw IP addresses
	 */

	sockaddr_copy(&new_entry->saddr, saddr);
	sockaddr_copy(&new_entry->oth_connection->daddr, saddr);
	sockaddr_copy(&new_entry->daddr, daddr);
	sockaddr_copy(&new_entry->oth_connection->saddr, daddr);
	new_entry->protocol = protocol;

	/*
	 * Initialize count fields
	 */

	new_entry->pcount = new_entry->bcount = 0;
	new_entry->win = new_entry->psize = 0;
	new_entry->timedout = new_entry->oth_connection->timedout = 0;
	new_entry->oth_connection->pcount = new_entry->oth_connection->bcount =
	    0;
	new_entry->oth_connection->win = new_entry->oth_connection->psize = 0;

	/*
	 * Store interface name
	 */

	strcpy(new_entry->ifname, ifname);
	strcpy(new_entry->oth_connection->ifname, ifname);

	/*
	 * Zero out MAC address fields
	 */

	memset(new_entry->smacaddr, 0, sizeof(new_entry->smacaddr));
	memset(new_entry->oth_connection->smacaddr, 0, sizeof(new_entry->oth_connection->smacaddr));

	new_entry->stat = new_entry->oth_connection->stat = 0;

	new_entry->s_fstat =
	    revname(rev_lookup, &new_entry->saddr,
		    new_entry->s_fqdn, sizeof(new_entry->s_fqdn), rvnfd);

	new_entry->d_fstat =
	    revname(rev_lookup, &new_entry->daddr,
		    new_entry->d_fqdn, sizeof(new_entry->d_fqdn), rvnfd);

	/* set port service names (where applicable) */
	servlook(sockaddr_get_port(saddr), IPPROTO_TCP, new_entry->s_sname, 10);
	servlook(sockaddr_get_port(daddr), IPPROTO_TCP, new_entry->d_sname, 10);

	strcpy(new_entry->oth_connection->s_sname, new_entry->d_sname);
	strcpy(new_entry->oth_connection->d_sname, new_entry->s_sname);

	strcpy(new_entry->oth_connection->d_fqdn, new_entry->s_fqdn);
	strcpy(new_entry->oth_connection->s_fqdn, new_entry->d_fqdn);
	new_entry->oth_connection->s_fstat = new_entry->d_fstat;
	new_entry->oth_connection->d_fstat = new_entry->s_fstat;

	if (new_entry->index < new_entry->oth_connection->index) {
		new_entry->half_bracket = ACS_ULCORNER;
		new_entry->oth_connection->half_bracket = ACS_LLCORNER;
	} else {
		new_entry->half_bracket = ACS_LLCORNER;
		new_entry->oth_connection->half_bracket = ACS_ULCORNER;
	}

	new_entry->inclosed = new_entry->oth_connection->inclosed = 0;
	new_entry->finack = new_entry->oth_connection->finack = 0;
	new_entry->finsent = new_entry->oth_connection->finsent = 0;
	new_entry->partial = new_entry->oth_connection->partial = 0;
	new_entry->spanbr = new_entry->oth_connection->spanbr = 0;
	new_entry->conn_starttime = new_entry->oth_connection->conn_starttime =
	    time(NULL);

	rate_init(&new_entry->rate);
	rate_init(&new_entry->oth_connection->rate);

	/*
	 * Mark flow rate start time and byte counter for flow computation
	 * if the highlight bar is on either flow of the new connection.
	 */
	if (table->barptr == new_entry) {
		new_entry->starttime = time(NULL);
		new_entry->spanbr = 0;
	} else if (table->barptr == new_entry->oth_connection) {
		new_entry->oth_connection->starttime = time(NULL);
		new_entry->oth_connection->spanbr = 0;
	}

	/*
	 * Add entries to hash table
	 */

	add_tcp_hash_entry(table, new_entry);
	add_tcp_hash_entry(table, new_entry->oth_connection);

	return new_entry;
}