othptab.c

一个网络流量分析的完整的程序

/***

othptab.c - non-TCP protocol display module
Written by Gerard Paul Java
Copyright (c) Gerard Paul Java 1997, 1998

This software is open source; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed WITHOUT ANY WARRANTY; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License in the included COPYING file for
details.

***/

#include <asm/types.h>
#include <linux/if_ether.h>
#include <linux/if_tr.h>
#include <linux/if_fddi.h>
#include <winops.h>
#include "arphdr.h"
#include "options.h"
#include "tcptable.h"
#include "othptab.h"
#include "deskman.h"
#include "attrs.h"
#include "log.h"
#include "revname.h"
#include "rvnamed.h"
#include "links.h"

#define MSGSTRING_MAX	240
#define SHORTSTRING_MAX	40

void convmacaddr(char *addr, char *result);	/* external; from hostmon.c */
void writeothplog(int logging, FILE * fd, char *protname,
		  char *description, char *additional, int is_ip,
		  int withmac, struct othptabent *entry);

void init_othp_table(struct othptable *table, int mac)
{
    unsigned int winht;
    unsigned int wintop;
    unsigned int obmaxx;

    winht = LINES - (LINES * 0.6) - 2;
    wintop = (LINES * 0.6) + 1;

    table->count = 0;
    table->lastpos = 0;
    table->strindex = 0;
    table->htstat = NOHTIND;
    table->head = table->tail = NULL;
    table->firstvisible = table->lastvisible = NULL;
    table->borderwin = newwin(winht, COLS, wintop, 0);
    table->borderpanel = new_panel(table->borderwin);
    wattrset(table->borderwin, BOXATTR);
    box(table->borderwin, ACS_VLINE, ACS_HLINE);

    table->head = table->tail = NULL;
    table->othpwin = newwin(winht - 2, COLS - 2, wintop + 1, 1);
    table->othppanel = new_panel(table->othpwin);
    wattrset(table->othpwin, STDATTR);
    tx_colorwin(table->othpwin);
    update_panels();
    doupdate();

    tx_stdwinset(table->othpwin);
    getmaxyx(table->borderwin, table->obmaxy, obmaxx);
    table->oimaxy = table->obmaxy - 2;
    
    table->mac = mac;
}

void process_dest_unreach(struct tcptable *table, char *packet,
			  char *ifname, int *nomem)
{
    struct iphdr *ip;
    struct tcphdr *tcp;
    struct tcptableent *tcpentry;

    ip = (struct iphdr *) (packet + 8);

    if (ip->protocol != IPPROTO_TCP)
	return;

    tcp = (struct tcphdr *) (packet + 8 + (ip->ihl * 4));

    /* 
     * We really won't be making use of nomem here.  Timeout checking
     * won't be performed either, so we just pass NULL as the pointer
     * to the configuration structure.  in_table() will recognize this
     * and set its internal timeout variable to 0.
     */

    tcpentry = in_table(table, ip->saddr, ip->daddr,
			ntohs(tcp->source), ntohs(tcp->dest), ifname,
			0, NULL, nomem, NULL);

    if (tcpentry != NULL) {
	tcpentry->stat = tcpentry->oth_connection->stat = FLAG_RST;
	addtoclosedlist(table, tcpentry, nomem);
    }
}

struct othptabent *add_othp_entry(struct othptable *table,
				  struct tcptable *tcptab,
				  unsigned long saddr, unsigned long daddr,
				  int is_ip, int protocol,
				  unsigned short linkproto, char *packet,
				  char *packet2, unsigned int br,
				  char *ifname, int *rev_lookup, int rvnfd,
				  unsigned int tm, int logging,
				  FILE * logfile, int servnames,
				  int fragment, int *nomem)
{
    struct othptabent *new_entry;
    struct othptabent *temp;
    struct in_addr isaddr, idaddr;

    new_entry = malloc(sizeof(struct othptabent));

    if (new_entry == NULL) {
	printnomem();
	*nomem = 1;
	return NULL;
    }
    bzero(new_entry, sizeof(struct othptabent));

    new_entry->is_ip = is_ip;
    new_entry->fragment = fragment;

    if ((table->mac) || (!is_ip)) {
	if ((linkproto == LINK_ETHERNET) || (linkproto == LINK_PLIP)) {
	    convmacaddr(((struct ethhdr *) packet)->h_source,
			new_entry->smacaddr);
	    convmacaddr(((struct ethhdr *) packet)->h_dest,
			new_entry->dmacaddr);
	} else if (linkproto == LINK_FDDI) {
	    convmacaddr(((struct fddihdr *) packet)->saddr,
			new_entry->smacaddr);
	    convmacaddr(((struct fddihdr *) packet)->daddr,
			new_entry->dmacaddr);
        } else if (linkproto == LINK_TR) {
            convmacaddr(((struct trh_hdr *) packet)->saddr,
                        new_entry->smacaddr);
	    convmacaddr(((struct trh_hdr *) packet)->daddr,
			new_entry->dmacaddr);
	}
    }
        
    if (is_ip) {
	new_entry->saddr = isaddr.s_addr = saddr;
	new_entry->daddr = idaddr.s_addr = daddr;

	revname(rev_lookup, &isaddr, new_entry->s_fqdn, rvnfd);
	revname(rev_lookup, &idaddr, new_entry->d_fqdn, rvnfd);

	if (!fragment) {
	    if (protocol == IPPROTO_ICMP) {
		new_entry->un.icmp.type =
		    ((struct icmphdr *) packet2)->type;
		new_entry->un.icmp.code =
		    ((struct icmphdr *) packet2)->code;
	    } else if (protocol == IPPROTO_UDP) {
		servlook(servnames, ((struct udphdr *) packet2)->source,
			 IPPROTO_UDP, new_entry->un.udp.s_sname, 10);
		servlook(servnames, ((struct udphdr *) packet2)->dest,
			 IPPROTO_UDP, new_entry->un.udp.d_sname, 10);
	    } else if (protocol == IPPROTO_OSPFIGP) {
		new_entry->un.ospf.type =
		    ((struct ospfhdr *) packet2)->ospf_type;
		new_entry->un.ospf.area =
		    ntohl(((struct ospfhdr *) packet2)->ospf_areaid.s_addr);
		strcpy(new_entry->un.ospf.routerid,
		       inet_ntoa(
				 ((struct ospfhdr *)
				  packet2)->ospf_routerid));
	    }
	}
    } else {
	new_entry->linkproto = linkproto;

	if (protocol == ETH_P_ARP) {
	    new_entry->un.arp.opcode = ((struct arp_hdr *) packet2)->ar_op;
	    memcpy(&(new_entry->un.arp.src_ip_address),
		   &(((struct arp_hdr *) packet2)->ar_sip), 4);
	    memcpy(&(new_entry->un.arp.dest_ip_address),
		   &(((struct arp_hdr *) packet2)->ar_tip), 4);
	} else if (protocol == ETH_P_RARP) {
	    new_entry->un.rarp.opcode = ((struct arphdr *) packet2)->ar_op;
	    memcpy(&(new_entry->un.rarp.src_mac_address),
		   &(((struct arp_hdr *) packet2)->ar_sha), 6);
	    memcpy(&(new_entry->un.rarp.dest_mac_address),
		   &(((struct arp_hdr *) packet2)->ar_tha), 6);
	}
    }

    new_entry->protocol = protocol;
    strcpy(new_entry->iface, ifname);

    new_entry->pkt_length = br;

    if (table->head == NULL) {
	new_entry->prev_entry = NULL;
	table->head = new_entry;
	table->firstvisible = new_entry;
    }
    /*
     * Max number of entries in the lower window is 512.  Upon reaching
     * this figure, oldest entries are thrown out.
     */

    if (table->count == 512) {
	if (table->firstvisible == table->head) {
	    wscrl(table->othpwin, 1);
	    printothpentry(table, table->lastvisible->next_entry,
			   table->oimaxy - 1, logging, logfile);
	    table->firstvisible = table->firstvisible->next_entry;
	    table->lastvisible = table->lastvisible->next_entry;
	}
	temp = table->head;
	table->head = table->head->next_entry;
	table->head->prev_entry = NULL;
	free(temp);
    } else
	table->count++;

    if (table->tail != NULL) {
	new_entry->prev_entry = table->tail;
	table->tail->next_entry = new_entry;
    }
    table->tail = new_entry;
    new_entry->next_entry = NULL;

    table->lastpos++;
    new_entry->index = table->lastpos;

    if (table->count <= table->oimaxy) {
	table->lastvisible = new_entry;
	printothpentry(table, new_entry, table->count - 1, logging,
		       logfile);
    } else if (table->lastvisible == table->tail->prev_entry) {
	wscrl(table->othpwin, 1);
	table->firstvisible = table->firstvisible->next_entry;
	table->lastvisible = table->tail;
	printothpentry(table, new_entry, table->oimaxy - 1, logging,
		       logfile);
    }
    return new_entry;
}

/*
 * Function to retrieve non-IP packet tags.  No further details are
 * provided beyond the type.
 */

char *packetlookup(unsigned int protocol)
{
    unsigned int i = 0;
    static struct packetstruct packettypes[] = {
	{"DEC MOP dump/load", 0x6001},
	{"DEC MOP remote console", 0x6002},
	{"DEC DECnet Phase IV", 0x6003},
	{"DEC LAT", 0x6004},
	{"DEC DECnet Diagnostics", 0x6005},
	{"DEC DECnet Customer Use", 0x6006},
	{"DEC DECnet SCA", 0x6007},
	{"IPX", 0x8137},
	{NULL, 0x0}
    };


    while ((packettypes[i].packet_name != NULL)
	   && (packettypes[i].protocol != protocol))
	i++;

    return packettypes[i].packet_name;

}

void printothpentry(struct othptable *table, struct othptabent *entry,
		    unsigned int target_row, int logging,
		    FILE * logfile)
{
    char protname[SHORTSTRING_MAX];
    char description[SHORTSTRING_MAX];
    char additional[MSGSTRING_MAX];
    char msgstring[MSGSTRING_MAX];
    char scratchpad[MSGSTRING_MAX];
    char sp_buf[SHORTSTRING_MAX];
    char *startstr;

    char *packet_type;

    struct in_addr saddr;
    char rarp_mac_addr[15];

    unsigned int unknown = 0;

    sprintf(sp_buf, "%%%dc", COLS - 2);

    wmove(table->borderwin, table->obmaxy - 1, 1);
    if ((table->lastvisible == table->tail) && (table->htstat != TIND) &&
	(table->count >= table->oimaxy)) {
	wprintw(table->borderwin, " Bottom ");
	table->htstat = TIND;
    } else if ((table->firstvisible == table->head)
	       && (table->htstat != HIND)) {
	wprintw(table->borderwin, " Top ");
	table->htstat = HIND;
    }
    if (!(entry->is_ip)) {
	wmove(table->othpwin, target_row, 0);