np_tcp.py

该软件根据网络数据生成NetFlow记录。NetFlow可用于网络规划、负载均衡、安全监控等

#! /usr/bin/env python
###############################################################################
#                                                                             #
#   Copyright 2005 University of Cambridge Computer Laboratory.               #
#                                                                             #
#   This file is part of Nprobe.                                              #
#                                                                             #
#   Nprobe is free software; you can redistribute it and/or modify            #
#   it under the terms of the GNU General Public License as published by      #
#   the Free Software Foundation; either version 2 of the License, or         #
#   (at your option) any later version.                                       #
#                                                                             #
#   Nprobe is distributed in the hope that it will be useful,                 #
#   but WITHOUT ANY WARRANTY; without even the implied warranty of            #
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the             #
#   GNU General Public License for more details.                              #
#                                                                             #
#   You should have received a copy of the GNU General Public License         #
#   along with Nprobe; if not, write to the Free Software                     #
#   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA #
#                                                                             #
###############################################################################


##############################################################################
## 
##
## 
## 
##
## 

############################################################################ 

import string
import glob
import os
import sys
import nprobe
from sys import argv
import getopt
from signal import *
import atexit
import gc
from traceback import print_stack
from Tkinter import *

import Numeric

from nprobe import REC_TCP_HTTP, REC_TCP_HTTP_OPEN, REC_TCP_HTTP_HDRS, \
     OPEN_BIT, HDRS_BIT
from nprobe import SERVER, CLIENT, tcp_open, tcp_hdrs
from np_file_util import get_files
from np_http_util import get_http_rec
from np_http_util import allocate_http_reusable_objects, get_http_rec_and_trans
import np_ns_utils
from np_lookups import get_cached_lookups
from np_TCPConn import TCPConn, TCPHdr
from np_TCPDisplay import TcpDisplay
from  np_longutil import ull2l, Longstring, tv2l
#from np_lookups import *
from np_tfilter import TFilter
#from np_TCP import TCP_Machine, TCPNoModel, TCPModelPkts, TCPModelNoTrans
from TCP_Imp import TCP_Imps
from np_atypes import Atype
from np_filerec import FileRec
from np_tcpstats import TCPStats
from minmax import BIGNUMBER, MIN, MAX, MAX3, MAX4

#from np_notesel import Sellist
from np_ectrs import E_Counters

from print_col import whoops, overprint


############################################################################
############################################################################

def usage(scriptname):
    print "usage: " + scriptname + " rep-file-list"

    sys.exit(1)

############################################################################

def exitfun():
    
    from np_grabrec import grabobj
    
    #print 'exitfun called'
    #cache_lookups()
    print grabobj
    if grabobj:
        grabobj.close()



#############################################################################

def handle_sigint(n, f):

    global logf

    print 'SIGINT'
    if logf != None:
	logf.flush()
    sys.exit(0)

#############################################################################

#
# Save logged events to file
#

log = []
logpath = None
logf = None

def save_log():

    global logf, logpath

    

    if logf == None:
	logf = open(logpath, 'w')

    for s in log:
        #if not ':' in s:
            #print s
        logf.write(s+'\n')

#############################################################################

#
# Log 'difficult' events noted
#

def write_log(txt):

    global log

    log.append(txt[:])

#############################################################################

#
# Null logfun
#

def logfun_null(txt):

    pass

#############################################################################

#
# Aggregate cl list of connections wanted

def get_conns_wanted(s):
    connids = []
    for f in string.splitfields(s, ','):
	#print f
	#print '%d' % (string.atoi(f))
	connids.append(string.atoi(f))

    return connids

#############################################################################

#
# Call-back for Sellist if desired to examine object(s)
#   - reconstructs from file records and displays

def drawfun(what, oblist, obdict):

##     keys =  obdict.keys()
##     keys.sort()
    print what, oblist

    if what == 'Connections':
        oblist.sort()
        clist = []
        for m in oblist:
            type = m[2]
            if type == 'TCPConn':
                #conn = obdict[m[0]][0].reconstruct(trace=1)
                conn = obdict[m[0]].reconstruct(trace=1)
                conn.adjust_tm_offsets(conn.abstart)
                clist.append(conn)
            elif type == 'Rank Server':
                for c in obdict[m[0]]:
                    conn = obdict[c].reconstruct(trace=1)
                    conn.adjust_tm_offsets(conn.abstart)
                    clist.append(conn)
            else:
                whoops('Can\'t draw TCP Connection type %s\n' % (type))
                sys.exit (0)
                
        t = TcpDisplay(clist, standalone='no', trace=1)
        del(t.display)
        del(t)
    else:
        stats = obdict['stats']
        stats.drawfun(what, oblist, obdict)
        
        

#############################################################################
	
def main():

    global logpath, logf

    scriptname = os.path.basename(argv[0])
    do_draw = 0
    nrecs = 0
    startconn = 0
    oneconn = None
    conn_ids_got = 0
    connstr = ''
    fspec = 0
    fstr = ''
    tstr = ''
    trace = 0
    quiet = 0
    tfilt = TFilter()


    try:
	optlist, args = getopt.getopt(sys.argv[1:], 'hvdtr:F:T:s:c:q')

    except getopt.error, s:
        print '%s: %s' % (scriptname, s)
	usage(scriptname)
	sys.exit(1)

    optstr = ''

    for opt in optlist:
	if opt[0] == "-h":
	    usage(scriptname)
	if opt[0] == "-v":
	    nprobe.set_print_full_hostname(1)
	if opt[0] == "-d":
	    do_draw = 1
	if opt[0] == "-t":
	    trace = 1
        if opt[0] == "-q":
            quiet = 1
            optstr += '-q'
	if opt[0] == "-r":
	    nrecs = string.atoi(opt[1])
	    optstr = optstr + '-r' + opt[1]
	if opt[0] == "-s":
	    startconn = string.atoi(opt[1])
	    optstr = optstr + '-s' + opt[1]
	if opt[0] == "-c":
	    #print opt[1]
	    #sys.exit(0)
	    #oneconn = string.atoi(opt[1])
	    oneconn = get_conns_wanted(opt[1])
	    #connstr = '.#' + opt[1]
	    optstr = optstr + '-c' + opt[1]
	    print 'analysing only connection(s) ',
	    print oneconn
	if opt[0] == "-F":
	    if opt[1] == 'h' or opt[1] == 'H':
		nprobe.filter_help()
		sys.exit(0)
	    fspec = string.atoi(opt[1])
	    #fstr = '.F' + opt[1]
	    optstr = optstr + '-F' + opt[1] 
	if opt[0] == "-T":
	    if opt[1] == 'h' or opt[1] == 'H':
		tfilt.help()
		sys.exit(0)
	    #tspec = string.atoi(opt[1])
	    tfilt.build_filters(opt[1])
	    #tstr = '.T' + opt[1]
	    optstr = optstr + '-T' + opt[1]

    if optstr and optstr[0] == '-':
        optstr = optstr[1:]

    signal(SIGINT, handle_sigint)
    get_cached_lookups()

    atexit.register(exitfun)

    openfilelist, counters, basepath = get_files(args)
    run_start = tv2l(counters.run_start())
    

    #counters.printself("")
    filepath = basepath + 'counters'
    counters.printself_tofile(filepath, '')
    del counters

    basep = basepath + optstr
    if os.path.basename(basep):
        basep += '.'