static void IncrementCounter(Item **list, char *name)
{
if (!IsItemIn(*list, name))
{
AppendItem(list, name, "");
}
IncrementItemListCounter(*list, name);
}
static void SetNetworkEntropyClasses(const char *service, const char *direction, const Item *list)
{
const Item *ip;
Item *addresses = NULL;
double entropy;
for (ip = list; ip != NULL; ip = ip->next)
{
if (strlen(ip->name) > 0)
{
char local[CF_BUFSIZE];
char remote[CF_BUFSIZE];
char vbuff[CF_BUFSIZE];
char *sp;
if (strncmp(ip->name, "tcp", 3) == 0)
{
sscanf(ip->name, "%*s %*s %*s %s %s", local, remote); /* linux-like */
}
else
{
sscanf(ip->name, "%s %s", local, remote); /* solaris-like */
}
strncpy(vbuff, remote, CF_BUFSIZE - 1);
vbuff[CF_BUFSIZE-1] = '\0';
for (sp = vbuff + strlen(vbuff) - 1; isdigit((int) *sp) && (sp > vbuff); sp--)
{
}
*sp = '\0';
if (!IsItemIn(addresses, vbuff))
{
AppendItem(&addresses, vbuff, "");
}
IncrementItemListCounter(addresses, vbuff);
}
}
entropy = MonEntropyCalculate(addresses);
MonEntropyClassesSet(service, direction, entropy);
DeleteItemList(addresses);
}
static void ShowState(char *type)
{
struct stat statbuf;
char buffer[CF_BUFSIZE], vbuff[CF_BUFSIZE], assemble[CF_BUFSIZE];
Item *addresses = NULL, *saddresses = NULL, *ip;
int i = 0, tot = 0, min_signal_diversity = 1, conns = 1;
int maxlen = 0, count;
double *dist = NULL, S = 0.0;
char *offset = NULL;
FILE *fp;
CfDebug("ShowState(%s)\n", type);
snprintf(buffer, CF_BUFSIZE - 1, "%s/state/cf_%s", CFWORKDIR, type);
if (cfstat(buffer, &statbuf) == 0)
{
if ((fp = fopen(buffer, "r")) == NULL)
{
CfOut(cf_inform, "fopen", "Could not open state memory %s\n", buffer);
return;
}
while (!feof(fp))
{
char local[CF_BUFSIZE], remote[CF_BUFSIZE];
buffer[0] = local[0] = remote[0] = '\0';
memset(vbuff, 0, CF_BUFSIZE);
fgets(buffer, CF_BUFSIZE, fp);
if (strlen(buffer) > 0)
{
CfOut(cf_verbose, "", "(%2d) %s", conns, buffer);
if (IsSocketType(type))
{
if (strncmp(type, "incoming", 8) == 0 || strncmp(type, "outgoing", 8) == 0)
{
if (strncmp(buffer, "tcp", 3) == 0)
{
sscanf(buffer, "%*s %*s %*s %s %s", local, remote); /* linux-like */
}
else
{
sscanf(buffer, "%s %s", local, remote); /* solaris-like */
}
strncpy(vbuff, remote, CF_BUFSIZE - 1);
DePort(vbuff);
}
}
else if (IsTCPType(type))
{
count = 1;
sscanf(buffer, "%d %[^\n]", &count, remote);
AppendItem(&addresses, remote, "");
SetItemListCounter(addresses, remote, count);
conns += count;
continue;
}
else
{
/* If we get here this is a process thing */
if (offset == NULL)
{
if ((offset = strstr(buffer, "CMD")))
{
}
else if ((offset = strstr(buffer, "COMMAND")))
{
}
if (offset == NULL)
{
continue;
}
}
strncpy(vbuff, offset, CF_BUFSIZE - 1);
Chop(vbuff);
}
if (!IsItemIn(addresses, vbuff))
{
conns++;
AppendItem(&addresses, vbuff, "");
IncrementItemListCounter(addresses, vbuff);
}
else
{
conns++;
IncrementItemListCounter(addresses, vbuff);
}
}
}
fclose(fp);
conns--;
CfOut(cf_error, "", "\n");
CfOut(cf_error, "", "R: The peak measured state was q = %d:\n", conns);
if (IsSocketType(type) || IsTCPType(type))
{
for (ip = addresses; ip != NULL; ip = ip->next)
{
tot += ip->counter;
buffer[0] = '\0';
sscanf(ip->name, "%s", buffer);
if (!IsIPV4Address(buffer) && !IsIPV6Address(buffer))
{
CfOut(cf_verbose, "", "Rejecting address %s\n", ip->name);
continue;
}
CfOut(cf_error, "", "R: DNS key: %s = %s (%d/%d)\n", buffer, IPString2Hostname(buffer), ip->counter,
conns);
if (strlen(ip->name) > maxlen)
{
maxlen = strlen(ip->name);
}
}
if (addresses != NULL)
{
printf("R: -\n");
}
}
else
{
for (ip = addresses; ip != NULL; ip = ip->next)
{
tot += ip->counter;
}
}
addresses = SortItemListCounters(addresses);
saddresses = addresses;
for (ip = saddresses; ip != NULL; ip = ip->next)
{
int s;
if (maxlen > 17) /* ipv6 */
{
snprintf(assemble, CF_BUFSIZE, "Frequency: %-40s|", ip->name);
}
else
{
snprintf(assemble, CF_BUFSIZE, "Frequency: %-17s|", ip->name);
}
for (s = 0; (s < ip->counter) && (s < 50); s++)
{
if (s < 48)
{
strcat(assemble, "*");
}
else
{
strcat(assemble, "+");
}
}
CfOut(cf_error, "", "R: %s \t(%d/%d)\n", assemble, ip->counter, conns);
}
dist = xmalloc((tot + 1) * sizeof(double));
if (conns > min_signal_diversity)
{
for (i = 0, ip = addresses; ip != NULL; i++, ip = ip->next)
{
dist[i] = ((double) (ip->counter)) / ((double) tot);
S -= dist[i] * log(dist[i]);
}
CfOut(cf_error, "", "R: Variability/entropy of addresses = %.1f %%\n", S / log((double) tot) * 100.0);
CfOut(cf_error, "", "R: (Entropy = 0 for single source, 100 for flatly distributed source)\n -\n");
}
CfOut(cf_error, "", "\n");
CfOut(cf_error, "", "R: State of %s peaked at %s\n", type, cf_ctime(&statbuf.st_mtime));
}
else
{
CfOut(cf_inform, "", "R: State parameter %s is not known or recorded\n", type);
}
DeleteItemList(addresses);
if (dist)
{
free((char *) dist);
}
}