tcptable.c

一个网络流量分析的完整的程序

    target_row = (tableentry->index) - screen_idx;

    wmove(table->tcpscreen, target_row, 1);
    wprintw(table->tcpscreen, "%44c", ' ');
}

/*
 * Display a TCP connection line.  Returns immediately if the entry is
 * not visible in the window.
 */

void printentry(struct tcptable *table, struct tcptableent *tableentry,
		unsigned int screen_idx, int mode)
{
    char stat[7] = "";
    unsigned int target_row;
    char sp_buf[MSGSTRING_MAX];
    int normalattr;
    int highattr;
    
    /*
     * Set appropriate attributes for this entry
     */
     
    if (table->barptr == tableentry) {
        normalattr = BARSTDATTR;
        highattr = BARHIGHATTR;
    } else {
        normalattr = STDATTR;
        highattr = HIGHATTR;
    }
    
    if ((tableentry->index < screen_idx) ||
	(tableentry->index > screen_idx + (table->imaxy - 1)))
	return;

    target_row = (tableentry->index) - screen_idx;

    /* clear the data if it's a reused entry */

    wattrset(table->tcpscreen, PTRATTR);
    wmove(table->tcpscreen, target_row, 2);
    if (tableentry->reused) {
	scrollok(table->tcpscreen, 0);
	sprintf(sp_buf, "%%%dc", COLS - 4);
	wprintw(table->tcpscreen, sp_buf, ' ');
	scrollok(table->tcpscreen, 1);
	tableentry->reused = 0;
	wmove(table->tcpscreen, target_row, 1);
    }
    /* print half of connection indicator bracket */

    wmove(table->tcpscreen, target_row, 0);
    waddch(table->tcpscreen, tableentry->half_bracket);

    /* proceed with the actual entry */

    wattrset(table->tcpscreen, normalattr);
    sprintf(sp_buf, "%%%dc", COLS - 5);
    mvwprintw(table->tcpscreen, target_row, 2, sp_buf, ' ');
    
    sprintf(sp_buf, "%%.%ds:%%.%ds", 32 * COLS / 80, 10);

    wmove(table->tcpscreen, target_row, 1);
    wprintw(table->tcpscreen, sp_buf, tableentry->s_fqdn,
	    tableentry->s_sname);

    wattrset(table->tcpscreen, highattr);

    /* 
     * Print packet and byte counts or window size and packet size, depending
     * on the value of mode.
     */

    switch(mode) {
    case 0:
	wmove(table->tcpscreen, target_row, 47 * COLS / 80 - 2);
	if (tableentry->partial)
	    wprintw(table->tcpscreen, ">");
	else
	    wprintw(table->tcpscreen, "=");
	wprintw(table->tcpscreen, "%8u  ", tableentry->pcount);
	wmove(table->tcpscreen, target_row, 59 * COLS / 80 - 4);
	wprintw(table->tcpscreen, "%9u  ", tableentry->bcount);
        break;
    case 1:
        wmove(table->tcpscreen, target_row, 50 * COLS / 80);
        if (tableentry->smacaddr[0] == '\0')
            wprintw(table->tcpscreen, "    N/A    ");
        else
            wprintw(table->tcpscreen, "%s", tableentry->smacaddr);
        break;
    case 2:
	wmove(table->tcpscreen, target_row, 45 * COLS / 80 + 3);
	wprintw(table->tcpscreen, "%5u  ", tableentry->psize);
	wmove(table->tcpscreen, target_row, 56 * COLS / 80 - 1);
	wprintw(table->tcpscreen, "%9u  ", tableentry->win);
    }

    wattrset(table->tcpscreen, normalattr);

    if (tableentry->finsent == 1)
	strcpy(stat, "DONE  ");
    else if (tableentry->finsent == 2)
	strcpy(stat, "CLOSED");
    else if (tableentry->stat & FLAG_RST)
	strcpy(stat, "RESET ");
    else {
	if (tableentry->stat & FLAG_SYN)
	    strcat(stat, "S");
	else
	    strcat(stat, "-");

	if (tableentry->stat & FLAG_PSH)
	    strcat(stat, "P");
	else
	    strcat(stat, "-");

	if (tableentry->stat & FLAG_ACK)
	    strcat(stat, "A");
	else
	    strcat(stat, "-");

	if (tableentry->stat & FLAG_URG)
	    strcat(stat, "U");
	else
	    strcat(stat, "-");

	strcat(stat, " ");
    }

    wmove(table->tcpscreen, target_row, 65 * COLS / 80);
    wprintw(table->tcpscreen, "%s", stat);
    wmove(table->tcpscreen, target_row, 72 * COLS / 80);
    wprintw(table->tcpscreen, "%s", tableentry->ifname);
}

/*
 * Redraw the TCP window
 */

void refreshtcpwin(struct tcptable *table, unsigned int idx, int mode)
{
    struct tcptableent *ptmp;

    setlabels(table->borderwin, mode);
    wattrset(table->tcpscreen, STDATTR);
    tx_colorwin(table->tcpscreen);
    ptmp = table->firstvisible;

    while ((ptmp != NULL) && (ptmp->prev_entry != table->lastvisible)) {
	printentry(table, ptmp, idx, mode);
	ptmp = ptmp->next_entry;
    }

    wmove(table->borderwin, table->bmaxy - 1, 1);

    print_tcp_num_entries(table);

    update_panels();
    doupdate();
}

void destroy_closed_entries(struct tcptable *table)
{
    struct closedlist *closedtemp;
    struct closedlist *closedtemp_next;

    if (table->closedentries != NULL) {
	closedtemp = table->closedentries;
	closedtemp_next = table->closedentries->next_entry;

	while (closedtemp != NULL) {
	    free(closedtemp);
	    closedtemp = closedtemp_next;
	    if (closedtemp_next != NULL)
		closedtemp_next = closedtemp_next->next_entry;
	}

	table->closedentries = NULL;
	table->closedtail = NULL;
    }
}

/*
 * Kill the entire TCP table
 */
void destroytcptable(struct tcptable *table)
{
    struct tcptableent *ctemp;
    struct tcptableent *c_next_entry;
    struct tcp_hashentry *hashtemp;
    struct tcp_hashentry *hashtemp_next;

    unsigned int i;

    /*
     * Destroy main TCP table
     */

    if (table->head != NULL) {
	ctemp = table->head;
	c_next_entry = table->head->next_entry;

	while (ctemp != NULL) {
	    free(ctemp);
	    ctemp = c_next_entry;

	    if (c_next_entry != NULL)
		c_next_entry = c_next_entry->next_entry;
	}
    }
    /*
     * Destroy list of closed entries
     */

    destroy_closed_entries(table);

    /*
     * Destroy hash table
     */

    for (i = 0; i <= ENTRIES_IN_HASH_TABLE - 1; i++) {
	if (table->hash_table[i] != NULL) {
	    hashtemp = table->hash_table[i];
	    hashtemp_next = table->hash_table[i]->next_entry;

	    while (hashtemp != NULL) {
		free(hashtemp);
		hashtemp = hashtemp_next;

		if (hashtemp_next != NULL)
		    hashtemp_next = hashtemp_next->next_entry;
	    }
	}
    }
}

/*
 * Kill an entry from the TCP table
 */

void destroy_tcp_entry(struct tcptable *table, struct tcptableent *ptmp)
{
    if (ptmp->prev_entry != NULL)
	ptmp->prev_entry->next_entry = ptmp->next_entry;
    else
	table->head = ptmp->next_entry;

    if (ptmp->next_entry != NULL)
	ptmp->next_entry->prev_entry = ptmp->prev_entry;
    else
	table->tail = ptmp->prev_entry;

    free(ptmp);

    if (table->head == NULL) {
	table->firstvisible = NULL;
	table->lastvisible = NULL;
    }
}

/*
 * Kill all closed entries from the table, and clear the list of closed
 * entries.
 */

void flushclosedentries(struct tcptable *table,
			unsigned long *screen_idx,
			int logging, FILE * logfile, struct OPTIONS *opts)
{
    struct tcptableent *ptmp = table->head;
    struct tcptableent *ctmp = NULL;
    unsigned long idx = 1;
    time_t now;
    time_t lastupdated = 0;

    while (ptmp != NULL) {
	now = time(NULL);
	lastupdated = (now - ptmp->lastupdate) / 60;

	if ((ptmp->inclosed) || (lastupdated > opts->timeout)) {
	    ctmp = ptmp;
	    /*
	     * Mark and flush timed out TCP entries.
	     */
	    if (lastupdated > opts->timeout) {
		if ((!(ptmp->timedout)) && (!(ptmp->inclosed))) {
		    write_timeout_log(logging, logfile, ptmp, opts);
		    ptmp->timedout = ptmp->oth_connection->timedout = 1;
		}
	    }

	    /*
	     * Advance to next entry and destroy target entry.
	     */
	    ptmp = ptmp->next_entry;
	    
	    /*
	     * If the targeted entry is highlighted, and the next entry is
	     * not NULL (we're still in the list) we move the bar pointer to
	     * the next entry otherwise we move it to the previous entry.
	     */
	    if (ptmp != NULL) {
	        if (table->barptr == ctmp) {
	            table->barptr = ptmp;
	        }
	    } else {
	        if (table->barptr == ctmp) {
	            table->barptr = table->barptr->prev_entry;
	        }
	    }
	    
	    /*
	     * Do the dirty deed
	     */ 
	    del_tcp_hash_node(table, ctmp);
	    destroy_tcp_entry(table, ctmp);
	    
	    /*
	     * Adjust screen index if the deleted entry was "above"
	     * the screen.
	     */
	    if (idx < *screen_idx)
	        (*screen_idx)--;
	} else {
	    /*
	     * Set the first visible pointer once the index matches
	     * the screen index.
	     */
	    if (idx == *screen_idx)
		table->firstvisible = ptmp;

            /*
             * Keep setting the last visible pointer until the scan
             * index "leaves" the screen
             */
	    if (idx <= (*screen_idx) + (table->imaxy - 1))
		table->lastvisible = ptmp;
	    
	    ptmp->index = idx;
	    idx++;
	    ptmp = ptmp->next_entry;
	}
    }

    table->lastpos = idx - 1;
    table->count = table->lastpos / 2;
    destroy_closed_entries(table);

    /*
     * Shift entries down if the deletion causes the last entry to
     * occupy anywhere other than the last line of the TCP display
     * window.
     */

    if (table->head != NULL) {
	/*
	 * Point screen index to the last table entry if the tail entry is
	 * "above" the screen index.  Set the firstvisible pointer to that
	 * as well.
	 */
	if (table->tail->index < *screen_idx) {
	    *screen_idx = table->tail->index;
	    table->firstvisible = table->tail;
	}

	/*
	 * Move the screen index and firstvisible entry up until the tail
	 * hits the bottom of the window (tail is at screen index plus
	 * screen length minus 1) or the firstvisible pointer hits the
	 * head of the table.  The highlight bar should "go along" with
	 * the shifting.
	 */
	while ((table->tail->index < *screen_idx + table->imaxy - 1) &&
	       (table->firstvisible->prev_entry != NULL)) {
	    table->firstvisible = table->firstvisible->prev_entry;
	    (*screen_idx)--;
	}
	
	/*
	 * Set the bar position index once everything's done.
	 */
        table->baridx = table->barptr->index - *screen_idx + 1;
    }
}