np_obtree.py

该软件根据网络数据生成NetFlow记录。NetFlow可用于网络规划、负载均衡、安全监控等

###############################################################################
#                                                                             #
#   Copyright 2005 University of Cambridge Computer Laboratory.               #
#                                                                             #
#   This file is part of Nprobe.                                              #
#                                                                             #
#   Nprobe is free software; you can redistribute it and/or modify            #
#   it under the terms of the GNU General Public License as published by      #
#   the Free Software Foundation; either version 2 of the License, or         #
#   (at your option) any later version.                                       #
#                                                                             #
#   Nprobe is distributed in the hope that it will be useful,                 #
#   but WITHOUT ANY WARRANTY; without even the implied warranty of            #
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the             #
#   GNU General Public License for more details.                              #
#                                                                             #
#   You should have received a copy of the GNU General Public License         #
#   along with Nprobe; if not, write to the Free Software                     #
#   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA #
#                                                                             #
###############################################################################


from Tkinter import *
from copy import copy
from string import ascii_letters

from nprobe import DUMMY_VALUE, LR_TS, LR_SCRIPTED, LR_ARCHIVE, LR_INLINE, \
     LR_LINK, LR_UNKNOWN, LR_REL_BASE, LR_END_BASE, LR_REDIRECT, \
     LR_SCRIPT_ARCHIVE, LR_SCRIPTED_LINK, LR_SCRIPTED_INLINE, \
     LR_SCRIPTED_UNKNOWN, LR_REL_SCRIPT_BASE, LR_END_SCRIPT_BASE, \
     LR_REDIRECT_INLINE, LR_REDIRECT_LINK, LR_HAS_URL
from nprobe import intoa_string, http_server_objtype_string, \
     http_client_method_string, http_server_returncode_string, http_errstring
from nprobe import TCP_SERV_SYN, TCP_CLI_SYN, TCP_SERV_HTTP, SERVER, CLIENT, \
     TRANS_VAL, TRANS_DUMMY_UNSYNCH, TRANS_DUMMY_ERR, TRANS_ERR, \
     TRANS_INCOMPLETE, TRANS_FINISHED
from nprobe import TSP_SYN, TSP_DUP_SYN, TSP_FIN, TSP_ACKSYN, TSP_RST, \
     CT_NON_OBJECT, CT_UNKNOWN, CT_UNSYNCH, CT_POST_ERR, CT_OTHER
from nprobe import TCP_CONN_ERROR, TCP_TIMEO, TCP_FORCED_ALT, TCP_QUICK_CLOSE,\
     TCP_RUNEND, \
     TSP_SEQ_TIMEO, TSP_SEQ_TIMEO_FORCED, TSP_SEQ_TIMEO_QL, \
     TSP_SEQ_TIMEO_ACK, TSP_FORCED_ALT, TSP_FORCED_OPEN, TSP_FORCED_CLOSE
from np_WebHost import LR_INLINE_MULTI, LR_REFERRER_INLINE, LR_REFERRER_LINK, \
     LR_FAIL, LR_FOLLOW_ON, DUM
from np_WebHost import EV_NSOP, EV_NSCLO, EV_CONNOP, EV_CONN_CPKT, \
     EV_CONN_CSYN,EV_CONN_SPKT, EV_CONN_SSYN, EV_CONN_CACKSYN, \
     EV_CONN_SACKSYN, EV_REQBEGIN, EV_REQSTART, EV_REQEND, EV_REPSTART, \
     EV_REPEND, EV_REQFINISH, EV_CONN_CFIN, EV_CONN_SFIN, EV_CONN_CRST, \
     EV_CONN_SRST, EV_CONNCLO, EV_DELREPEND
#from np_obnode import TH_SYN, TH_RST, TH_FIN, LinkDict, TreeError
from np_WebHost import TH_SYN, TH_RST, TH_FIN, LinkDict, TreeError
#from np_lookups import np_hostname, cache_lookups
#from np_TCPDisplay import TcpDisplay
from np_longutil import tsDatestring

from np_drawutil import P_AFTER, P_BEFORE
from bsearch import NotInRange

from print_col import inform

##############################################################################
##############################################################################

#
# Gap types
#

GAP_CONNS = 0
GAP_REQS = 1
GAP_TM = 2

G_BEFORE = 0
G_AFTER = 1

##############################################################################
##############################################################################



class ObTree:
	
    def __init__(self, client, lookup=intoa_string, trace=0):

	self.client = client
        self.Class = client.Class
	self.attach_colours()
        self.attach_marktypes_dict()
        self.LinkDict = LinkDict().dict
        self.nslookup = lookup
	self.nwarnings = 0
        client.make_tree(caller=self, trace=trace)
        self.tree_trans = []
        self.tree_conns = []
        self.pktdict = {}
        self.rooturl = None
        #self.xrefs()
	self.start = client.start
        self.abstart = client.abstart
	self.end = client.end
	self.build_tdict()
        self.build_agentsdict()


#############################################################################

    def __str__(self):

        return 'Obtree for %s %s' % (self.client.Class,
                                          self.client.addr_str())


#############################################################################


    def xrefs(self):

        #
        # Provide cross references needed for drawing
        #
        conndict = {}
        for c in self.client.connlist:
            conndict[c.id] = c

        for t in self.client.translist:
            t.TConn = conndict[t.connid]


#############################################################################

    def calc_yinc(self):
        
	mindur = self.client.mindur
	scalef = self.calc_scalef(mindur)
	#min_show_dur = int(self.mingapx/scalef)

	#self.calc_gaps(self.client.eventlist, mindur, min_show_dur)
	self.calc_gaps(self.client.eventlist)


	n = len(self.client.connlist)
	if len(self.client.dummytrans):
	    n += 1

        scaleht = min(len(self.gaps), self.gap_text_steps)*self.gap_text_ysep + self.toplabely
        #print self.draw
        tbb = self.draw.bbox(self.draw.create_text(0, 0, fill='white',
                          anchor=E, text = ' ', font=self.font10))
        scaleht += tbb[3]-tbb[1]+10

	ht = self.screen.dframe_ht - scaleht -self.topmargin - self.bottommargin

	connht = max(self.connht, ht/n)
	self.conncentre = connht/2
	self.connht = connht
        self.scaleht = scaleht
        
##         print 'scaleht %d' % (scaleht)
##         print 'drawht %d' % (ht)


#############################################################################

    def calc_vyinc(self):

	n = len(self.client.connlist)
	if len(self.client.dummytrans):
	    n += 1

	ht = self.screen.dframe_ht - self.screen.tscalecanv_ysz -self.topmargin - self.bottommargin

	connht = max(self.vconnht, ht/n)
	self.vconncentre = connht/2
	self.vconnht = connht

#############################################################################

    def calc_scalef(self, mindur):
	# Set a scale factor so the shortest duration is decently visible
	min_x = float(self.min_x)
	self.draw.scalef = scalef = min_x/mindur

	return scalef

#############################################################################

    def calc_scalef_v(self, maxdur):
	## # Set a scale factor so the shortest timespan is decently visible
## 	min_x = float(self.min_viewx)
## 	self.view.scalef = scalef = min_x/self.mindur

## 	xrange = int(self.end - self.start)
## 	if xrange*scalef < self.scaleup_minx:
## 	    scalef = self.scaleup_minx/float(xrange)
	
## 	self.view.scalef = scalef
## 	return scalef

	# Set a scale factor so the longest timespan is decently visible
	max_x = float(self.max_viewx)
	self.view.scalef = scalef = max_x/maxdur

        # but check it doesn't result in an over-large canvas (ie. where short
        # duration events are widely separated)

        dur = self.end - self.start
        if dur*scalef > self.max_canv_sz:
            self.view.scalef = scalef = self.max_canv_sz/float(dur) 

	
	self.view.scalef = scalef
	return scalef

#############################################################################

    #def calc_gaps(self, eventlist, mindur, min_show_dur):
    def calc_gaps(self, eventlist):

	gaps = []
	tot_gap = 0
	ngaps = 0
	current_reqs = []
	current_conns = []
	current_ns = []
	last_etm = 0

	#print 'start %s' % (tsLongstring(self.client.start))

	first = 0
	first_tm = eventlist[0][0]
        last_etm = first_tm #?
	mingap = self.client.mindur
        mindur = mingap
	mintm = int(self.mingapx/self.draw.scalef)
	#print 'events:'
	for evno in range(len(eventlist)):
	    e = eventlist[evno]
	    tm = e[0]
	    type = e[1]
	    ob = e[2]

            #print last_etm, tm

	    #print 'event time %s type %d' % (tsLongstring(tm), type)
	    
	    # any compacting possible?
            try:
                # note any ver long gap
                sincelast =  int(tm - last_etm)
            except OverflowError:
                inform('%s Large Sincelast: last_etm=%d, tm=%d, ev No %d, type %d' % (self.nslookup(self.client.addr), last_etm, tm, evno, type))
                sincelast =  tm - last_etm
                
	    if first:
		minleft = mindur
	    else:
		minleft = mintm
	    #if sincelast > mingap:
	    gap = sincelast - minleft
	    if gap > mingap:
		gap_tm = last_etm + minleft/2
		if not len(current_conns) and not len(current_ns):
		    gaptype = GAP_CONNS
		elif not len(current_reqs):
		    gaptype = GAP_REQS
		else:
		    gaptype = GAP_TM
		
		gaps.append([gaptype, gap_tm, gap, 0])
		tot_gap = tot_gap + gap
		ngaps = ngaps + 1
		#print 'internal gap %9d %9d' % (gap_tm/1000, gap/1000)
		for c in current_conns:
		    c.gaps.append((gap_tm, gap))
		    c.totgap = c.totgap + gap
		for n in current_ns:
		    n.gaps.append((gap_tm, gap))
		    n.totgap = n.totgap + gap
		for r in current_reqs:
		    r.gaps.append((gap_tm, gap))
		    r.totgap = r.totgap + gap

	    if tm > first_tm + mindur:
		first = 0


	    if type == EV_REQBEGIN:
		first = 1
		first_tm = tm
		if len(current_conns) == 0 and ob.sobtype != CT_UNSYNCH:
		    # Sanity - must be at least one in progress
		    self.whoops('Req starting but no conn in progress! tm = %d' % (tm/1000))
		    #sys.exit(1)
		current_reqs.append(ob)
		ob.gaps = []
		ob.totgap = 0
		ob.gap_before = tot_gap
		ob.ngaps_before = ngaps
		
	    elif type == EV_REQSTART:
		# req start
		ob.reqstart_gap_before = tot_gap
		ob.reqstart_ngaps_before = ngaps

	    elif type ==  EV_REQEND:
		ob.reqend_gap_before = tot_gap
		ob.reqend_ngaps_before = ngaps 

	    elif type == EV_REPSTART:
		ob.repstart_gap_before = tot_gap
		ob.repstart_ngaps_before = ngaps
		    
	    elif type == EV_REPEND:
		ob.repend_gap_before = tot_gap
		ob.repend_ngaps_before = ngaps
		    
	    elif type == EV_DELREPEND:
                #print 'XXXXEV_DELREPEND'
		ob.delrepend_gap_before = tot_gap
		ob.delrepend_ngaps_before = ngaps

	    elif type == EV_REQFINISH:
		current_reqs.remove(ob)

	    elif type == EV_CONNOP:
		# conn open
		current_conns.append(ob)
		ob.gap_before = tot_gap
		ob.ngaps_before = ngaps
		ob.gaps = []
		ob.totgap = 0
	    elif type == EV_CONNCLO:
		# conn close
		current_conns.remove(ob)
		if len(current_conns) == 0:
		    # Sanity s/be no reqs
		    if len(current_reqs):
			self.whoops('Last conn finished but still live reqs! tm = %d %d reqs' % (tm/1000, len(current_reqs)))
	    elif type == EV_NSOP:
		# ns req
		current_ns.append(ob)
		ob.gap_before = tot_gap
		ob.ngaps_before = ngaps
		ob.gaps = []
		ob.totgap = 0
	    elif type == EV_NSCLO:
		# ns rep
		current_ns.remove(ob)

	    elif type == EV_CONN_CSYN:
		ob.csyn_gap_before = tot_gap
		ob.csyn_ngaps_before = ngaps
	    elif type == EV_CONN_SSYN:
		ob.ssyn_gap_before = tot_gap
		ob.ssyn_ngaps_before = ngaps

	    elif type == EV_CONN_CACKSYN:
		ob.cacksyn_gap_before = tot_gap
		ob.cacksyn_ngaps_before = ngaps
	    elif type == EV_CONN_SACKSYN:
		ob.sacksyn_gap_before = tot_gap
		ob.sacksyn_ngaps_before = ngaps

	    elif type == EV_CONN_CRST:
		ob.crst_gap_before = tot_gap
		ob.crst_ngaps_before = ngaps
	    elif type == EV_CONN_SRST:
		ob.srst_gap_before = tot_gap
		ob.srst_ngaps_before = ngaps
	    elif type == EV_CONN_CFIN:
		ob.cfin_gap_before = tot_gap
		ob.cfin_ngaps_before = ngaps
	    elif type == EV_CONN_SFIN:
		ob.sfin_gap_before = tot_gap
		ob.sfin_ngaps_before = ngaps
	    elif type == EV_CONN_SPKT:
		ob.pkt_gap_before = tot_gap
		ob.pkt_ngaps_before = ngaps
	    elif type == EV_CONN_CPKT:
		ob.pkt_gap_before = tot_gap
		ob.pkt_ngaps_before = ngaps
	    else:
		print 'WHOOPS - non-existant event type %d' % (type)
		sys.exit(1)
		

	    last_etm = tm

            self.gaps = gaps
            self.ngaps = ngaps
            self.tot_gap = tot_gap

#############################################################################

    def scale_canvas(self):

	eventlist = self.client.eventlist
	mindur = self.client.mindur
	scalef = self.calc_scalef(mindur)

        sys.stdout.flush()
	#self.draw.xrange = int(self.end - self.start)
	self.draw.xrange = self.end - self.start
	self.draw.yrange = len(self.client.connlist)*self.connht
	#allow space for any implied objects
 	if len(self.client.implied_obs):
	    self.draw.yrange += self.connht

	#print'o/a time: %d' % (xrange/1000)
        self.draw.scalef = scalef
	self.draw.xrange -= self.tot_gap

#############################################################################

    def scale_canvas_v(self):


	scalef = self.calc_scalef_v(self.client.maxdur)

	#print 'start: %s / %d' % (Longstring(self.start), self.start-self.start)
	#print 'end: %s / %d' % (Longstring(self.end), int(self.end - self.start)/1000)
    
	#self.view.xrange = int(self.end - self.start)
	self.view.xrange = self.end - self.start
	self.view.yrange = len(self.client.connlist)*self.connht + self.toplabely + self.bottommargin
        self.view.scalef = scalef
 	# allow space for any implied objects
 	if len(self.client.implied_obs):
	    self.view.yrange += self.connht