nprobe.i

该软件根据网络数据生成NetFlow记录。NetFlow可用于网络规划、负载均衡、安全监控等

  return _tcp_tot_client_pkts(self) - self->tcp.client.tot_e_pkts;
}
	

/* Return total packets transferred from the server on a connection */
unsigned int tot_server_pkts()
{
  /* excludes retmts */
  return _tcp_tot_server_pkts(self);
}
	

/* Return total packets transferred from the server on a connection */
unsigned int tot_server_dpkts()
{
  /* excludes retmts */
  return _tcp_tot_server_pkts(self) - self->tcp.server.tot_e_pkts;
}


/* Return total pkts transferred on a connection (duplex) */
unsigned int tot_pkts()
{
  return _tcp_tot_pkts(self);
}

/* Return client/server low/high seq/ack */

unsigned int slowack()
{
  return self->tcp.server.firstack;
}

unsigned int shighack()
{
  return self->tcp.server.lastack;
}
unsigned int slowseq()
{
  return self->tcp.server.firstseq;
}

unsigned int shighseq()
{
  return self->tcp.server.solidseq;
}

unsigned int clowack()
{
  return self->tcp.client.firstack;
}

unsigned int chighack()
{
  return self->tcp.client.lastack;
}
unsigned int clowseq()
{
  return self->tcp.client.firstseq;
}

unsigned int chighseq()
{
  return self->tcp.client.solidseq;
}

int no_rtmts_or_gaps()
{
  struct tcp_simplex_flow *c = &self->tcp.client;
  struct tcp_simplex_flow *s = &self->tcp.server;

  return ((c->duplicate_pkts == 0L) 
	  && (c->ooo_pkts == 0L) 
	  && (c->gap_pkts == 0L) 
	  && (s->duplicate_pkts == 0L) 
	  && (s->ooo_pkts == 0L) 
	  && (s->gap_pkts == 0L));
}

int c_rtmts()
{
  struct tcp_simplex_flow *c = &self->tcp.client;

  return (int)(c->ooo_bytes | c->duplicate_bytes);
  //return (int)c->duplicate_pkts;
}

int s_rtmts()
{
  struct tcp_simplex_flow *s = &self->tcp.server;

  //return (int)(s->ooo_pkts | s->duplicate_pkts);
  return (int)(s->ooo_bytes | s->duplicate_bytes);
}

int n_c_ooo_pkts()
{
  return self->tcp.client.ooo_pkts;
}

int n_s_ooo_pkts()
{
  return self->tcp.server.ooo_pkts;
}

int n_c_dup_pkts()
{
  return self->tcp.client.duplicate_pkts;
}

int n_s_dup_pkts()
{
  return self->tcp.server.duplicate_pkts;
}

int n_c_gap_pkts()
{
  return self->tcp.client.gap_pkts;
}

int n_s_gap_pkts()
{
  return self->tcp.server.gap_pkts;
}

int has_delay()
{
  int hd = 0;
  
  if (self->tcp.client.state & TSP_DUP_SYN) hd = 1; //dup SYN
  if (self->tcp.client.duplicate_pkts) hd = 1; //rtmts
  if (!(self->tcp.server.state & TSP_SYN)) hd = 1; //not connected
  if (_tcp_tot_client_pkts(self) - self->tcp.client.tot_e_pkts == 0 
      || _tcp_tot_server_pkts(self) - self->tcp.server.tot_e_pkts == 0) hd = 1; //no req or resp

  return hd;
}

  


}; /* End addmethods tcp_conn */

/*****************************************************************************/

/*
 * Class tcp_hdrs - carries a block of dumped pkt headers 
 */

%addmethods tcp_hdrs {

/* Constructor */
tcp_hdrs(int prealloc_bufs)
{
  struct tcp_hdrs *hp;	
  if ((hp = (struct tcp_hdrs *)malloc(sizeof(struct tcp_hdrs))) 
      == NULL)
    wr_error("tcp_hdrs: malloc");

  if (prealloc_bufs)
    _tcp_alloc_hdrbuffs(hp, MAX_TCP_DUMPHDRS_HELD);

  return hp;
}

/* Destructor */
~tcp_hdrs()
{
  if (self->hdrs != NULL)
    {
      //printf("Freeing tcp_hdrs At %#x\n", self->hdrs);
      free(self->hdrs);
    }

  free(self);
}

/* Populate from dump file */
void get_hdrs(struct np_file *file)
{
  _read_tcp_hdrs(file, self, TRANS_ALLOC_ON_FLY);
}

/* Populate from dump file = buf pre_allocated */
void get_hdrs_p(struct np_file *file)
{
  _read_tcp_hdrs(file, self, TRANS_PREALLOC);
}

/* Return absolute time tag */
struct ulonglong *get_hdrs_abstm()
{
  return (struct ulonglong *)&self->atm;
}

/* Return number of headers held */
int get_nhdrs_held()
{
  return self->nheld;
}


/*
 * Get tcp_dumphdr fields from the hdrs buffer for given index
 */

int get_rtm(int indx)
{
  return (int)self->hdrs[indx].rtm;
}

int get_seq(int indx)
{
  return (int)self->hdrs[indx].seq_u32;
}

int get_ack(int indx)
{
  return (int)self->hdrs[indx].ack_u32;
}

int get_win_len(int indx)
{
  struct tcp_dumphdr *hdr = &self->hdrs[indx];
  return (((int)hdr->window) << 16) + (int)hdr->len;
}
  

int get_flags_way(int indx)
{
  struct tcp_dumphdr *hdr = &self->hdrs[indx];
  return (((int)hdr->flags) << 8) + (int)hdr->way;
}



}; /* End addmethods tcp_hdrs */

/*****************************************************************************/

/*
 * Class tcp_dumphdr - a dumped tcp pkt headers 
 */

%addmethods tcp_dumphdr {

/* Constructor */
tcp_dumphdr()
{
  struct tcp_dumphdr *dp;	
  if ((dp = (struct tcp_dumphdr *)malloc(sizeof(struct tcp_dumphdr))) 
      == NULL)
    wr_error("tcp_dumphdr: malloc");
  //_rec_malloc(dp);

  return dp;
}

/* Destructor */
~tcp_dumphdr()
{
  //fprintf(stderr, "Freeing tcp_dumphdr at %#x\n", self);
  //if (_rec_free(self, "tcp_dumphdr"))
  free(self);
}

/* Populate from tcp_hdrs type */
void get_hdr(struct tcp_hdrs *hdrs, int indx)
{
  struct tcp_dumphdr *hdr = &hdrs->hdrs[indx];

  self->rtm = hdr->rtm;
  self->seq_u32 = hdr->seq_u32;
  self->ack_u32 = hdr->ack_u32;
  self->window = hdr->window;
  self->len = hdr->len;
  self->flags = hdr->flags;
  self->way = hdr->way;
}

/* Populate from connrec type */
void get_hdr_clo(struct tcp_conn *conn, int indx)
{
  struct tcp_dumphdr *hdr = &conn->hdrs.hdrs[indx];

  self->rtm = hdr->rtm;
  self->seq_u32 = hdr->seq_u32;
  self->ack_u32 = hdr->ack_u32;
  self->window = hdr->window;
  self->len = hdr->len;
  self->flags = hdr->flags;
  self->way = hdr->way;
}

void hdr_printself(struct ulonglong *base_tm)
{
  print_hdr_rec(stdout, self, (us_clock_t *)base_tm);
}

void hdr_printself_rel()
{
  print_hdr_rec(stdout, self, NULL);
}

}; /* End addmethods tcp_dumphdr */

/*****************************************************************************/

/*
 * Class http_trans - represents an HTTP transaction (possibly chained)
 * Contains class http_trans_inner 
 */

%addmethods http_trans {

  /* Constructor */

http_trans()
{
  struct http_trans *htt;
  if ((htt = (struct http_trans *)malloc(sizeof(struct http_trans))) 
      == NULL)
    wr_error("http_trans: malloc");
  htt->links.buf = NULL;
  
  return htt;
}
	
/*Destructor */
~http_trans() 
{
  //printf("Freeing http_trans at %#x\n", self);
  if (self->links.buf != NULL && !self->hold_links)
    {
      //printf("Freeing links buf at %#x\n", self->links.buf);
      free(self->links.buf);
    }
  //  if (self->links.buf != NULL)
  //  free(self->links.buf);
  
  free(self);
}

/* Allocate a set of link buffers */
void http_links_buf_alloc()
{
  self->links.buf 
    = _links_buf_alloc(LINKS_MAX_BUFS*LINKS_BUFSZ);
}


/* Read data from file - MUST follow call to read TCP/HTTP connection record */
void http_gettrans(struct np_file *file, struct tcp_conn *tconnp)
{
	int client_seen = tconnp->flow_inner.state & TCP_CLIENT_SEEN;
  	int server_seen = tconnp->flow_inner.state & TCP_SERVER_SEEN;
	if (tconnp->flow_inner.serv_type == TCP_SERV_HTTP)
		_http_read_trans(self, file, client_seen, server_seen, tconnp->su.http.addit_trans_fields, TRANS_ALLOC_ON_FLY);
	else
		wr_error("http_gettrans: not HTTP connection");
}


/* Read data from file - MUST follow call to read TCP/HTTP connection record */
void http_gettrans_p(struct np_file *file, struct tcp_conn *tconnp)
{
	int client_seen = tconnp->flow_inner.state & TCP_CLIENT_SEEN;
  	int server_seen = tconnp->flow_inner.state & TCP_SERVER_SEEN;
	if (tconnp->flow_inner.serv_type == TCP_SERV_HTTP)
		_http_read_trans(self, file, client_seen, server_seen, tconnp->su.http.addit_trans_fields, TRANS_PREALLOC);
	else
		wr_error("http_gettrans: not HTTP connection");
}

/* Return requested object name */
char *getreq()
{
  if (self->inner.cinf.reqlen)
    return self->req;
  else
    return null_string;
}

/* Return object referrer object name */
char *getref()
{
  if (self->inner.cinf.reflen)
    return self->ref;
  else 
    return NULL;
}

/* Return object host name */
char *gethost()
{
  if (self->inner.cinf.hostlen)
    return self->host;
  else 
    return NULL;
}

/* Return transaction request seen time */
unsigned int http_reqstart_us()
{
  return self->inner.cinf.reqstart_us;
}

/* Return transaction request end time */
unsigned int http_reqend_us()
{
  return self->inner.cinf.reqend_us;
}

/* Return transaction first reply packet time */
unsigned int http_repstart_us()
{
  return self->inner.sinf.repstart_us;
}

/* Return transaction first body packet time */
unsigned int http_bodystart_us()
{
  return self->inner.first_sdata_pkt_us;
}

/* Return transaction last reply packet time */
unsigned int http_repend_us()
{
  return self->inner.sinf.repend_us;
}

/* Return server received body length */
unsigned int http_r_objlen()
{
  return self->inner.hserver.recd_len;
}

/* Return server http header length */
unsigned int http_r_hdrlen()
{
  return self->inner.rep_hdr_len;
}

/* Return server received body type */
unsigned short http_rep_objtype()
{
  return self->inner.hserver.content_type;
}

/* Return any client request body type */
unsigned short http_req_objtype()
{
  return self->inner.hclient.content_type;
}

/* Return number of in_line image URLs */
int http_n_imgurls()
{
  assert (self->inner.hserver.content_type == CT_TEXT_HTML);
  return _http_get_nurls(self->links.buf, self->links.totchars);
}

/* Return number of distinct in_line image URLs */
int http_ndist_imgurls()
{
  assert (self->inner.hserver.content_type == CT_TEXT_HTML);
  return _http_get_ndist_urls(self->links.buf, self->links.totchars);
}

/* Return number of link URLs */
int http_n_linkurls()
{
  assert (self->inner.hserver.content_type == CT_TEXT_HTML);
  return _http_get_nurls(self->links.buf, self->links.totchars);
}

/* Return number of distinct link URLs */
int http_ndist_linkurls()
{
  assert (self->inner.hserver.content_type == CT_TEXT_HTML);
  return _http_get_ndist_urls(self->links.buf, self->links.totchars);
}

/* return user-agent, server, via */
char *get_uagent()
{
  /* assert(self->inner.hclient.status & TRANS_VAL); */
  if (self->inner.cinf.uagentlen)
    return self->uagent;
  else
    return NULL;
}

/* return user-agent, server, via */
char *get_server()
{
  /* assert(self->inner.hserver.status & TRANS_VAL); */
  if (self->inner.sinf.serverlen)
    return self->server;
  else
    return NULL;
}

/* return user-agent, server, via */
char *get_svia()
{
  assert(self->inner.hserver.status & TRANS_VAL);
  if (self->inner.sinf.vialen)
    return self->svia;
  else
    return NULL;
}
char *get_cvia()
{
  assert(self->inner.hclient.status & TRANS_VAL);
  if (self->inner.cinf.vialen)
    return self->cvia;
  else
    return NULL;
}

PyObject *sfinger()
{
  fingerprint_t *f = &self->inner.sinf.finger;
  return Py_BuildValue("iii", f->hi, f->lo, f->tot);
}


/* Print out data */
void printself(struct tcp_conn *tconnp)
{
  print_trans(stdout, self, -1, 
	      tconnp->flow_inner.state & TCP_CLIENT_SEEN, 
	      tconnp->flow_inner.state & TCP_SERVER_SEEN,
	      tconnp->su.http.addit_trans_fields,
	      tconnp->flow_inner.first_arr_tm);
}

void printself_tofile(int indx, struct tcp_conn *tconnp, char *path, 
		      char *mode)
{
  FILE *file;
  if ((file = fopen(path, mode)) == NULL)
    wr_error("trans_printself_tofile(): open");
  print_trans(file, self, indx, 
	      tconnp->flow_inner.state & TCP_CLIENT_SEEN, 
	      tconnp->flow_inner.state & TCP_SERVER_SEEN,
	      tconnp->su.http.addit_trans_fields,
	      tconnp->flow_inner.first_arr_tm);
  if (fclose(file) != 0)
    wr_error("trans_printself_tofile(): close");
}

/* Return client side status */
int http_cli_status()
{
  return self->inner.hclient.status;
}

/* Return server side status */
int http_serv_status()
{
  return self->inner.hserver.status;
}

/* Return 1 if server transaction is valid */
int http_serv_isvalid()
{
  return self->inner.hserver.status & TRANS_VAL;
}

/* Return 1 if client transaction is valid */
int http_cli_isvalid()
{
  return self->inner.hclient.status & TRANS_VAL;
}

/* Return 1 if server transaction is a dummy */
int http_serv_isdummytrans()
{
  return self->inner.hserver.status & (TRANS_DUMMY_UNSYNCH | TRANS_DUMMY_ERR);
}

/* Return 1 if client transaction is a dummy */
int http_cli_isdummytrans()
{
  return self->inner.hclient.status & (TRANS_DUMMY_UNSYNCH | TRANS_DUMMY_ERR);
}

/* Return error number if server transaction resulted in error, else 0 */
int http_serv_iserr()
{
    return self->inner.hserver.error;
}

/* Return error number if client transaction resulted in error, else 0 */
int http_cli_iserr()
{
  return self->inner.hclient.error;
}

/* Return 1 if server transaction not good - no more in chain will be either */
int http_serv_nogood()
{
  return (self->inner.hserver.status & 
	  (TRANS_DUMMY_UNSYNCH | TRANS_DUMMY_ERR | TRANS_ERR))
    || !(self->inner.hserver.status & TRANS_VAL);
}

/* Return 1 if client transaction not good - no more in chain will be either */
int http_cli_nogood()
{
  return (self->inner.hclient.status & 
	  (TRANS_DUMMY_UNSYNCH | TRANS_DUMMY_ERR | TRANS_ERR))
    || !(self->inner.hclient.status & TRANS_VAL);
}
    

/* Return 1 if client side of transaction complete */
int http_cli_comp()
{
	return !(self->inner.hclient.status & TRANS_INCOMPLETE);
}