itrafmon.c

一个网络流量分析的完整的程序

/***

itrafmon.c - the IP traffic monitor module
Written by Gerard Paul Java
Copyright (c) Gerard Paul Java 1997, 1998

This software is open source; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed WITHOUT ANY WARRANTY; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License in the included COPYING file for
details.

***/

#include <sys/time.h>
#include <sys/wait.h>
#include <errno.h>
#include <signal.h>
#include <ctype.h>
#include <winops.h>
#include <labels.h>
#include "options.h"
#include "tcptable.h"
#include "othptab.h"
#include "fltdefs.h"
#include "utfilter.h"
#include "fltselect.h"
#include "isdntab.h"
#include "packet.h"
#include "ifaces.h"
#include "promisc.h"
#include "deskman.h"
#include "error.h"
#include "attrs.h"
#include "log.h"
#include "revname.h"
#include "rvnamed.h"
#include "dirs.h"
#include "timer.h"
#include "ipfrag.h"
#include "instances.h"
#include "logvars.h"
#include "bar.h"

#define SCROLLUP 0
#define SCROLLDOWN 1

extern int exitloop;
extern int daemonized;

void writetcplog(int logging, FILE * fd, struct tcptableent *entry,
		 unsigned int pktlen, int mac, char *message);
void write_tcp_unclosed(int logging, FILE * fd, struct tcptable *table);

void rotate_ipmon_log()
{
    rotate_flag = 1;
    strcpy(target_logname, current_logfile);
    signal(SIGUSR1, rotate_ipmon_log);
}

/* Hot key indicators for the bottom line */

void ipmonhelp()
{
    move(LINES - 1, 1);
    tx_printkeyhelp("Up/Dn/PgUp/PgDn", "-scroll  ", stdscr, HIGHATTR, STATUSBARATTR);
    move(LINES - 1, 43);
    tx_printkeyhelp("W", "-chg actv win  ", stdscr, HIGHATTR, STATUSBARATTR);
    tx_printkeyhelp("S", "-sort TCP  ", stdscr, HIGHATTR, STATUSBARATTR);
    stdexitkeyhelp();
};

void uniq_help(int what)
{
    move(LINES - 1, 25);
    if (!what)
	tx_printkeyhelp("M", "-more TCP info   ", stdscr, HIGHATTR, STATUSBARATTR);
    else
	tx_printkeyhelp("Lft/Rt", "-vtcl scrl  ", stdscr, HIGHATTR, STATUSBARATTR);
}

/* Mark general packet count indicators */

void prepare_statwin(WINDOW * win)
{
    wattrset(win, IPSTATLABELATTR);
    wmove(win, 0, 1);
    wprintw(win, "Pkts captured (all interfaces):");
    mvwaddch(win, 0, 45 * COLS / 80, ACS_VLINE);
}

void markactive(int curwin, WINDOW * tw, WINDOW * ow)
{
    WINDOW *win1;
    WINDOW *win2;
    int x1, y1, x2, y2;

    if (!curwin) {
	win1 = tw;
	win2 = ow;
    } else {
	win1 = ow;
	win2 = tw;
    }

    getmaxyx(win1, y1, x1);
    getmaxyx(win2, y2, x2);

    wmove(win1, --y1, COLS - 10);
    wattrset(win1, ACTIVEATTR);
    wprintw(win1, " Active ");
    wattrset(win1, BOXATTR);
    wmove(win2, --y2, COLS - 10);
    whline(win2, ACS_HLINE, 8);
}

void show_stats(WINDOW * win, unsigned long long total)
{
    wattrset(win, IPSTATATTR);
    wmove(win, 0, 35 * COLS / 80);
    printlargenum(total, win);
}


/* 
 * Scrolling and paging routines for the upper (TCP) window
 */

void scrollupperwin(struct tcptable *table, int direction,
		    unsigned long *idx, int mode)
{
    char sp_buf[10];
    sprintf(sp_buf, "%%%dc", COLS - 2);
    wattrset(table->tcpscreen, STDATTR);
    if (direction == SCROLLUP) {
	if (table->lastvisible != table->tail) {
	    wscrl(table->tcpscreen, 1);
	    table->lastvisible = table->lastvisible->next_entry;
	    table->firstvisible = table->firstvisible->next_entry;
	    (*idx)++;
	    wmove(table->tcpscreen, table->imaxy - 1, 0);
	    scrollok(table->tcpscreen, 0);
	    wprintw(table->tcpscreen, sp_buf, ' ');
	    scrollok(table->tcpscreen, 1);
	    printentry(table, table->lastvisible, *idx, mode);
	}
    } else {
	if (table->firstvisible != table->head) {
	    wscrl(table->tcpscreen, -1);
	    table->firstvisible = table->firstvisible->prev_entry;
	    table->lastvisible = table->lastvisible->prev_entry;
	    (*idx)--;
	    wmove(table->tcpscreen, 0, 0);
	    wprintw(table->tcpscreen, sp_buf, ' ');
	    printentry(table, table->firstvisible, *idx, mode);
	}
    }
}

void pageupperwin(struct tcptable *table, int direction,
		  unsigned long *idx, int mode)
{
    int i = 1;

    wattrset(table->tcpscreen, STDATTR);
    if (direction == SCROLLUP) {
	while ((i <= table->imaxy - 3)
	       && (table->lastvisible != table->tail)) {
	    i++;
	    table->firstvisible = table->firstvisible->next_entry;
	    table->lastvisible = table->lastvisible->next_entry;
	    (*idx)++;
	}
    } else {
	while ((i <= table->imaxy - 3)
	       && (table->firstvisible != table->head)) {
	    i++;
	    table->firstvisible = table->firstvisible->prev_entry;
	    table->lastvisible = table->lastvisible->prev_entry;
	    (*idx)--;
	}
    }
}

/*
 * Scrolling and paging routines for the lower (non-TCP) window.
 */

void scrolllowerwin(struct othptable *table, int direction)
{
    if (direction == SCROLLUP) {
	if (table->lastvisible != table->tail) {
	    wscrl(table->othpwin, 1);
	    table->lastvisible = table->lastvisible->next_entry;
	    table->firstvisible = table->firstvisible->next_entry;

	    if (table->htstat == HIND) {	/* Head indicator on? */
		wmove(table->borderwin, table->obmaxy - 1, 1);
		whline(table->borderwin, ACS_HLINE, 8);
		table->htstat = NOHTIND;
	    }
	    printothpentry(table, table->lastvisible, table->oimaxy - 1, 
	    		   0, (FILE *) NULL);
	}
    } else {
	if (table->firstvisible != table->head) {
	    wscrl(table->othpwin, -1);
	    table->firstvisible = table->firstvisible->prev_entry;
	    table->lastvisible = table->lastvisible->prev_entry;

	    if (table->htstat == TIND) {	/* Tail indicator on? */
		wmove(table->borderwin, table->obmaxy - 1, 1);
		whline(table->borderwin, ACS_HLINE, 8);
		table->htstat = NOHTIND;
	    }
	    printothpentry(table, table->firstvisible, 0,
			   0, (FILE *) NULL);
	}
    }
}

void pagelowerwin(struct othptable *table, int direction)
{
    int i = 1;

    if (direction == SCROLLUP) {
	while ((i <= table->oimaxy - 2)
	       && (table->lastvisible != table->tail)) {
	    i++;
	    table->firstvisible = table->firstvisible->next_entry;
	    table->lastvisible = table->lastvisible->next_entry;

	    if (table->htstat == HIND) {	/* Head indicator on? */
		wmove(table->borderwin, table->obmaxy - 1, 1);
		whline(table->borderwin, ACS_HLINE, 8);
		table->htstat = NOHTIND;
	    }
	}
    } else {
	while ((i <= table->oimaxy - 2)
	       && (table->firstvisible != table->head)) {
	    i++;
	    table->firstvisible = table->firstvisible->prev_entry;
	    table->lastvisible = table->lastvisible->prev_entry;

	    if (table->htstat == TIND) {	/* Tail indicator on? */
		wmove(table->borderwin, table->obmaxy - 1, 1);
		whline(table->borderwin, ACS_HLINE, 8);
		table->htstat = NOHTIND;
	    }
	}
    }
}

/*
 * Pop up sorting key window
 */

void show_tcpsort_win(WINDOW ** win, PANEL ** panel)
{
    *win = newwin(9, 35, (LINES - 8) / 2, COLS - 40);
    *panel = new_panel(*win);

    wattrset(*win, DLGBOXATTR);
    tx_colorwin(*win);
    box(*win, ACS_VLINE, ACS_HLINE);
    wattrset(*win, DLGTEXTATTR);
    mvwprintw(*win, 2, 2, "Select sort criterion");
    wmove(*win, 4, 2);
    tx_printkeyhelp("P", " - sort by packet count", *win, DLGHIGHATTR, DLGTEXTATTR);
    wmove(*win, 5, 2);
    tx_printkeyhelp("B", " - sort by byte count", *win, DLGHIGHATTR, DLGTEXTATTR);
    wmove(*win, 6, 2);
    tx_printkeyhelp("Any other key", " - cancel sort", *win, DLGHIGHATTR, DLGTEXTATTR);
    update_panels();
    doupdate();
}

/*
 * Routine to swap two TCP entries.  p1 and p2 are pointers to TCP entries,
 * but p1 must be ahead of p2.  It's a linked list thing.
 */
void swap_tcp_entries(struct tcptable *table,
		      struct tcptableent *p1, struct tcptableent *p2)
{
    struct tcptableent *p2nextsaved;
    struct tcptableent *p1prevsaved;
    unsigned int tmp;

    if (p1 == p2)
	return;

    tmp = p1->index;
    p1->index = p2->index;
    p2->index = tmp;

    p1->next_entry->index = p1->index + 1;
    p2->next_entry->index = p2->index + 1;

    if (p1->prev_entry != NULL)
	p1->prev_entry->next_entry = p2;
    else
	table->head = p2;

    if (p2->next_entry->next_entry != NULL)
	p2->next_entry->next_entry->prev_entry = p1->next_entry;
    else
	table->tail = p1->next_entry;

    p2nextsaved = p2->next_entry->next_entry;
    p1prevsaved = p1->prev_entry;

    if (p1->next_entry->next_entry == p2) {	/* swapping adjacent entries */
	p2->next_entry->next_entry = p1;
	p1->prev_entry = p2->next_entry;
    } else {
	p2->next_entry->next_entry = p1->next_entry->next_entry;
	p1->prev_entry = p2->prev_entry;
	p2->prev_entry->next_entry = p1;
	p1->next_entry->next_entry->prev_entry = p2->next_entry;
    }

    p2->prev_entry = p1prevsaved;
    p1->next_entry->next_entry = p2nextsaved;
}

unsigned long long qt_getkey(struct tcptableent *entry, int ch)
{
    if (ch == 'B')
        return (max(entry->bcount, entry->oth_connection->bcount));
        
    return (max(entry->pcount, entry->oth_connection->pcount));
}

struct tcptableent *qt_partition(struct tcptable *table,
                                 struct tcptableent **low,
                                 struct tcptableent **high,
                                 int ch, struct OPTIONS *opts,
                                 int logging,
                                 FILE *logfile, int *nomem)
{
    struct tcptableent *pivot = *low;
    
    struct tcptableent *left = *low;
    struct tcptableent *right = *high;
    struct tcptableent *ptmp;
    
    unsigned long long pivot_value;
    
    time_t now;
    
    pivot_value = qt_getkey(pivot, ch);
    
    now = time(NULL);
    
    while (left->index < right->index) {
        while ((qt_getkey(left, ch) >= pivot_value)
               && (left->next_entry->next_entry != NULL)) {
            
            /*
             * Might as well check out timed out entries here too.
             */   
            if ((opts->timeout > 0) && ((now - left->lastupdate) / 60 > opts->timeout) &&
               (!(left->inclosed))) {
                left->timedout = left->oth_connection->timedout = 1;
                addtoclosedlist(table, left, nomem);
                
                if (logging)
                    write_timeout_log(logging, logfile, left, opts);
            }
            
            left = left->next_entry->next_entry;
        }
                    
        while (qt_getkey(right, ch) < pivot_value) {
            /*
             * Might as well check out timed out entries here too.
             */   
            if ((opts->timeout > 0) && ((now - right->lastupdate) / 60 > opts->timeout) &&
               (!(right->inclosed))) {
                right->timedout = right->oth_connection->timedout = 1;
                addtoclosedlist(table, right, nomem);
                
                if (logging)
                    write_timeout_log(logging, logfile, right, opts);
            }
            right = right->prev_entry->prev_entry;
        }
        
        if (left->index < right->index) {
            swap_tcp_entries(table, left, right);
            
            if (*low == left)
                *low = right;
                
            if (*high == right)
                *high = left;
                
	    ptmp = left;
	    left = right;
	    right = ptmp;
	}
    }
    swap_tcp_entries(table, pivot, right);	    
    
    if (*low == pivot)