nprobe.i

该软件根据网络数据生成NetFlow记录。NetFlow可用于网络规划、负载均衡、安全监控等

int find_next_period_record()
{
  int type;

  while (1)
    {
      type = _next_rec(self, REC_OTHER_ALL);
      if (type == REC_PERIOD_REPORT
	  || type ==  REC_WIRE_PERIOD_REPORT 
	  || type == -1)
	return type;
      else 
	_advance(self);
    }
}
      
/*
 * Read a tcp connection open record - return the conn_id 
 */
int read_tcp_conn_open()
{
  struct tcp_open conn;

  _read_tcp_open(self, &conn);

  return conn.conn_id;
}


/*
 * Copy record at offset off to file fd renumbering as n - return new offset
 */
int copy_rec(long int off, int fd, int n)
{
  return _copy_rec(self, off, fd, n);
}

/*
 * Close new rep file by appending pseudo counters based on this one's
 */

void write_pseudocounters(int fd, int reci)
{
  _write_pseudocounters(fd, reci, &self->counters);
}
  
	
}; /* End addmethods np_file */

/****************************************************************************/

/*
 * Class tcp_open - record representing TCP connection open
 *
 * - no specific constructor/destructor required
 */

%addmethods tcp_open { 

/* Constructor */
tcp_open()
{
	struct tcp_open *tof;	
	if ((tof = (struct tcp_open *)malloc(sizeof(struct tcp_open))) == NULL)
	 	wr_error("tcp_open: malloc");
	return tof;
}
	
/*Destructor */
~tcp_open() 
{
  free(self);
}

/* populate the record */
void get_open_rec(struct np_file *file)
{
  _read_tcp_open(file, self);
  return;
}

/* quick accessor for conn_id */
int get_conn_id()
{
  return self->conn_id;
}

/* return the client address for the connection */
unsigned int shost()
{
  return self->flow.srcaddr;
}

/* return the server address for the connection */
unsigned int dhost()
{
  return self->flow.dstaddr;
}

/* Return source port */
unsigned short sport()
{
  return ntohs(self->flow.srcport);
}

/* Return dest port */
unsigned short dport()
{
  return ntohs(self->flow.dstport);
}


/* return the connection open time (first pkt seen) */

struct ulonglong *open()
{
  return (ulonglong *)&self->flow.first_arr_tm;
}


}; /* End addmethods tcp_open */

/****************************************************************************/


/*
 * Class tcp_conn - represents a TCP connection carrying HTTP traffic
 * - corresponds to an Nprobe dump file tcp connection record.
 * Comprises classes tcp (data about TCP connection) and http_conn (data about 
 *  HTTP transactions carried and chain of those transactions).
 */

%addmethods tcp_conn { 

/* Constructor */
tcp_conn()
{
	struct tcp_conn *tpf;	
	if ((tpf = (struct tcp_conn *)malloc(sizeof(struct tcp_conn))) == NULL)
	 	wr_error("tcp_conn: malloc");
	tpf->flow_inner.serv_type = TCP_SERV_OTHER;
	tpf->hdrs.hdrs = NULL;
	return tpf;
}
	
/*Destructor */
~tcp_conn() 
{
  //printf("Freeing tcp_conn at %#x\n", self);
  
  _dealloc_tcp_conn(self);
}

/*
 * Pre-allocate a transaction chain 
 */
void http_alloc_trans()
{
  _http_alloc_trans(self, MAX_NTRANS, PROVIDE_IMGBUFS);
  return;
}

/* Free the trans chain */
void free_http_trans_chain()
{
	assert(self->flow_inner.serv_type == TCP_SERV_HTTP);
	if (self->su.http.trans != NULL)
		_http_dealloc_trans(self);
}

/*
 * Pre-allocate a hdr buff 
 */
void tcp_alloc_hdrbuffs()
{
  _tcp_alloc_hdrbuffs(&self->hdrs, MAX_TCP_DUMPHDRS_HELD);
  return;
}

/*
 * Get current TCP connection record from file including transaction chain
 * - _next_rec already called and record identified as TCP  
 */
void get_conn_and_trans(struct np_file *file)
{
  _read_tcp_conn(file, self, TRANS_PREALLOC, GET_TRANS);
  return;
}

/*
 * Get current TCP connection record from file excluding transaction chain
 * - _next_rec already called and record identified as TCP  
 */
void get_conn(struct np_file *file)
{
  _read_tcp_conn(file, self, TRANS_ALLOC_ON_FLY, NO_TRANS);
  self->indx = file->indx -1;
  return;
}

void get_conn_p(struct np_file *file)
{
  _read_tcp_conn(file, self, TRANS_PREALLOC, NO_TRANS);
  self->indx = file->indx -1;
  return;
}

/*
 * Get only the connection data, advance over any service data
 */
void get_conn_and_advance(struct np_file *file)
{
  _read_tcp_conn(file, self, TRANS_ALLOC_ON_FLY, NO_TRANS);
  self->indx = file->indx -1;
  _advance(file);
  return;
}

/*
 * Get only the connection data, advance over any service data
 */
void get_conn_and_advance_p(struct np_file *file)
{
  _read_tcp_conn(file, self, TRANS_PREALLOC, NO_TRANS);
  self->indx = file->indx -1;
  _advance(file);
  return;
}

/* Get next HTTP data from file into connection object (including transaction chain) */
int get_http_conn_and_trans(struct np_file *file)
{
  int rec_type = _next_rec(file, REC_TCP_HTTP);
  if (rec_type == -1)
    {
      return -1;
    }
  else
    {
      assert(rec_type == REC_TCP_HTTP);
      _read_tcp_conn(file, self, TRANS_ALLOC_ON_FLY, GET_TRANS);
      assert(self->flow_inner.serv_type == TCP_SERV_HTTP);
      self->indx = file->indx -1;
      return rec_type;
    }
}

/* Get indexed HTTP data from file into connection object (including transaction chain) */
void get_http_conn_and_trans_indxd(struct np_file *file, unsigned int recno)
{
	_seek_rec(file, recno);
	_read_tcp_conn(file, self, TRANS_ALLOC_ON_FLY, GET_TRANS);
	assert(self->flow_inner.serv_type == TCP_SERV_HTTP);
}

/* Get next HTTP data from file - excluding transaction chain */
int get_http_conn(struct np_file *file)
{
  int rec_type = _next_rec(file, REC_TCP_HTTP);
  if (rec_type == -1)
    {
      return -1;
    }
  else
    {
      assert(rec_type == REC_TCP_HTTP);
      _read_tcp_conn(file, self, TRANS_ALLOC_ON_FLY, NO_TRANS);
      assert(self->flow_inner.serv_type == TCP_SERV_HTTP);
      self->indx = file->indx -1;
      return rec_type;
    }
}

/* Get indexed HTTP data from file - excluding transaction chain */
void getconn_indxd(struct np_file *file, unsigned int recno)
{
	_seek_rec(file, recno);
	_read_tcp_conn(file, self, TRANS_ALLOC_ON_FLY, NO_TRANS);
	assert(self->flow_inner.serv_type == TCP_SERV_HTTP);
}

/* Given an HTTP connection record build a connected transaction chain */
void get_trans_chain(struct np_file *file)
{
	if (self->flow_inner.serv_type != TCP_SERV_HTTP)
		wr_error("get_trans_chain: not HTTP connection");
	_http_get_transchain(file, self);
}

/* ascii printout of tcp-conn */
void printself(int print_hdrs)
{
	report_tcp_conn(stdout, self, self->indx, print_hdrs);
}

/* ascii printout of tcp-conn */
void printself_tofile(char *path, int print_hdrs)
{
  FILE *file;
  if ((file = fopen(path, "w")) == NULL)
    wr_error("tconn_printself_tofile(): open");
  report_tcp_conn(file, self, self->indx, print_hdrs);
  if (fclose(file) != 0)
    wr_error("tconn_printself_tofile(): close");
}

/* quick accessor for conn_id */
int get_conn_id()
{
  return self->hdrs.conn_id;
}

/* quick accessor for hdrs.nheld */
int get_nhdrs_held()
{
  return self->hdrs.nheld;
}

/* quick accessor for hdrs base time */
struct ulonglong * get_hdrs_abstm()
{
  return (struct ulonglong *)&self->hdrs.atm;
}

/* populate a tcp_dumphdr type given an index into hdrs buffer*/
void get_hdr(tcp_dumphdr_t *hp, int indx)
{
  tcp_dumphdr_t *hdr = &self->hdrs.hdrs[indx];

  hp->rtm = hdr->rtm;
  hp->seq_u32 = hdr->seq_u32;
  hp->ack_u32 = hdr->ack_u32;
  hp->window = hdr->window;
  hp->len = hdr->len;
  hp->flags = hdr->flags;
  hp->way = hdr->way;
}

/*
 * Get tcp_dumphdr fields from the hdrs buffer for given index
 */

int get_rtm(int indx)
{
  return (int)self->hdrs.hdrs[indx].rtm;
}

int get_seq(int indx)
{
  return (int)self->hdrs.hdrs[indx].seq_u32;
}

int get_ack(int indx)
{
  return (int)self->hdrs.hdrs[indx].ack_u32;
}

int get_win_len(int indx)
{
  struct tcp_dumphdr *hdr = &self->hdrs.hdrs[indx];
  return (((int)hdr->window) << 16) + (int)hdr->len;
}
  

int get_flags_way(int indx)
{
  struct tcp_dumphdr *hdr = &self->hdrs.hdrs[indx];
  return (((int)hdr->flags) << 8) + (int)hdr->way;
}
  

/* quick accessor for No. transactions */
unsigned short http_ntrans()
{
	assert(self->flow_inner.serv_type == TCP_SERV_HTTP);
	return self->su.http.meta.ntrans;
}

/* quick accessors for various connection times */

struct ulonglong *open()
{
  return (ulonglong *)&self->flow_inner.first_arr_tm;
}

struct ulonglong *close()
{
  return (ulonglong *)&self->flow_inner.last_arr_tm;
}

unsigned int clisyn()
{
  return self->tcp.client.syn_us;
}

/* NB time the client's SYN is ACKed */
unsigned int cliacksyn()
{
  return self->tcp.client.acksyn_us;
}

unsigned int servsyn()
{
  return self->tcp.server.syn_us;
}

/* NB time the server's SYN is ACKed */
unsigned int servacksyn()
{
  return self->tcp.server.acksyn_us;
}

unsigned int clifin()
{
  return self->tcp.client.fin_us;
}

unsigned int servfin()
{
  return self->tcp.server.fin_us;
}

unsigned int clirst()
{
  return self->tcp.client.rst_us;
}

unsigned int servrst()
{
  return self->tcp.server.rst_us;
}

unsigned int clifirstdata()
{
  return self->tcp.client.firstdata_us;
}

unsigned int servfirstdata()
{
  return self->tcp.server.firstdata_us;
}

unsigned int clilastdata()
{
  return self->tcp.client.lastdata_us;
}

unsigned int servlastdata()
{
  return self->tcp.server.lastdata_us;
}

/* quick accessor for src host NBO */
unsigned int shost()
{
  return self->flow_inner.srcaddr;
}

/* quick accessor for dst host NBO */
unsigned int dhost()
{
  return self->flow_inner.dstaddr;
}

/* Return source port */
unsigned short sport()
{
  return ntohs(self->flow_inner.srcport);
}

/* Return dest port */
unsigned short dport()
{
  return ntohs(self->flow_inner.dstport);
}

/* Print out src host */
void print_srchost()
{
	printf("%s", get_hname((char *)self->flow_inner.srcaddr));
}

/* Print out dst host */
void print_dsthost()
{
	printf("%s", get_hname((char *)self->flow_inner.dstaddr));
}

/* Return connection flags */
int get_flags()
{
  return self->flow_inner.state;
}

/* Return client side flags */
int get_cflags()
{
  return self->tcp.client.state;
}

/* Return server side flags */
int get_sflags()
{
  return self->tcp.server.state;
}

/* Return client side mss - this  */
int get_cmss()
{
  return self->tcp.client.mss;
}

/* Return server side mss */
int get_smss()
{
  return self->tcp.server.mss;
}

/* Return true if connection is HTTP */
int is_http()
{
	return (self->flow_inner.serv_type == TCP_SERV_HTTP);
}

/* Return true if connection is known service */
int serv_is_known()
{
	return (self->flow_inner.serv_type != TCP_SERV_OTHER);
}

/* Return 1 if traffic in both directions seen */
int both_seen()
{
	return ((self->flow_inner.state & TCP_CLIENT_SEEN)
		&& (self->flow_inner.state & TCP_SERVER_SEEN));
}

/* Return 1 if traffic from server seen */
int server_seen()
{
	return (self->flow_inner.state & TCP_SERVER_SEEN);
}

/* Return 1 if traffic from client seen */
int client_seen()
{
	return (self->flow_inner.state & TCP_CLIENT_SEEN);
}

/* Return 1 if connection persistent */
int http_persistent()
{
  assert(self->flow_inner.serv_type == TCP_SERV_HTTP);
  return (self->su.http.meta.status & HTTP_WAS_PERSISTENT);
}

/* Return HTTP connection status */
int http_status()
{
  assert(self->flow_inner.serv_type == TCP_SERV_HTTP);
  return self->su.http.meta.status;
}

/* Return HTTP client/server versions */
int http_vers()
{
  assert(self->flow_inner.serv_type == TCP_SERV_HTTP);
  return self->su.http.meta.versions;
}

/* Return HTTP client/server versions as string */
char  *http_vers_str()
{
  assert(self->flow_inner.serv_type == TCP_SERV_HTTP);
  return http_versions_string(self->su.http.meta.versions);
}

/* Return source atm data */
unsigned int src_atmdata()
{
	return self->flow_inner.src_atmdata;
}

/* Return dest atm data */
unsigned int dst_atmdata()
{
	return self->flow_inner.dst_atmdata;
}
	

/* Return total octets transferred from the client on a connection */
unsigned int tot_client_octs()
{
  return _tcp_tot_client_octs(self);
}
	

/* Return total octets transferred  from the server on a connection */
unsigned int tot_server_octs()
{
  return _tcp_tot_server_octs(self);
}
	

/* Return total octets transferred on a connection (duplex) */
unsigned int tot_octs()
{  
  return _tcp_tot_octs(self);
}
	

/* Return total packets transferred from the client on a connection */
unsigned int tot_client_pkts()
{
  /* excludes retmts */
  return _tcp_tot_client_pkts(self);
}
	

/* Return total data packets transferred from the client on a connection */
unsigned int tot_client_dpkts()
{
  /* excludes retmts */