http_active.c

跑leach需要的

/*
http_active

Copyright July 5, 2001, The University of North Carolina at Chapel Hill 

All rights reserved.  No part of this software may be sold or
distributed in any form or by any means without the prior written
permission of the Department of Computer Science, University of North
Carolina at Chapel Hill.  Distribution and use of this software is
subject to the Software License Agreement incorporated in this
software. By having, retaining or using a copy of this software, you
agree to be subject to  the terms of the Software License Agreement.

*******

Software License Agreement

Permission is given to copy http_active, and its files (the Software)
and to use them locally, as long as foregoing Copyright Notice is not
removed and the Software name is retained unaltered.  By opening,
possessing, retaining, using, or having a copy of  the Software, you
are deemed to have agreed to the terms of this Software License
Agreement.

The Software is provided strictly on an "as is" basis without warranty
of any kind.   Neither the University of North Carolina at Chapel
Hill, its faculty, staff or students, nor anyone else who has been
involved in the creation, production or delivery of the Software
shall be liable for any direct, indirect, consequential or incidental
damages arising out of the use or inability to use the Software even
if such entities or persons may be advised of the possibility of such
damages.

No part of this software may be sold or distributed in any form or by
any means without the prior written permission of the Department of
Computer Science, University of North Carolina at Chapel Hill.  Your
use of the Software is limited to non-commercial, not-for-profit uses
and activities.  To secure permission to make any other use of the
Software, you should contact the person named below.


Contact person:

    Frank D. Smith, University of North Carolina at Chapel Hill
        email: smithfd@cs.unc.edu
	phone: 919-962-1884
	fax:   919-962-1799
*/

/* Program to create an activity trace (summary form) of web browsing clients
   with respect to three types of activity: client sending request data, 
   server sending response data, client is idle (no request or response).
   Identification of idle periods is used to infer user "think" times 
   between requests for new top-level pages.    A client is defined by
    a single IP address. 
  
   "Idle" is defined as a period of time greater than a threshold value
   ("idle_limit" with a default of 2 seconds) during which a client has no
   requests outstanding.  A request is outstanding from the
   start time of a request until the end time (normal or terminated) of
   the corresponding response.

   The input to this program is the SORTed output from http_connect.  
   The sort to be applied is produced with the following shell script:

      sort -s -o $1.sort +1 -2 +0 -1 -T /tmp $1

   This sorts all the records for a given client IP address in timestamp 
   order.  

   The output is also time ordered with respect to a single client (IP
   address) and consists only of client request entries (in the same format
   as the input) and ordered by start time, server responses (in the same 
   format as the input) and ordered by end time, and client idle periods 
   giving the elapsed idle time and ordered by the end of the idle period.  
   The output file has extension ".activity" added by the program.

   To get usage information, invoke the program with the -h switch.

*/

#include <stdlib.h>
#include <stdio.h>
#include <math.h>
#include <sys/time.h>

#define min(a,b) ((a) <= (b) ? (a) : (b))
#define max(a,b) ((a) >= (b) ? (a) : (b))

void Usage(char *s)
{
  fprintf (stderr,"\nUsage: %s\n", s);
  fprintf (stderr,"    [-w file_name] (name for output file)\n");
  fprintf (stderr,"    [-r file_name] (name for input file)\n");
  fprintf (stderr,"    [-I idle_limit] (min inactivity interval)\n");
  fprintf (stderr,"\n");
  exit(-1);
}

  FILE *dumpFP, *outFP;

  struct timeval time_stamp = {0,0};

  int req;
  int rsp;

  char ts[20]; 
  char sh[25]; 
  char sp[10];
  char gt[3]; 
  char dh[25]; 
  char dp[10];
  char fl[5]; 

  char current_src[25] = "";

  enum client_states 
             {PENDING_ACTIVE, ACTIVE, PENDING_IDLE, IDLE};
  enum client_states client_state = PENDING_ACTIVE;

  enum event_types {SYN, ACT_REQ, ACT_RSP, END, REQ, RSP};
  enum event_types event_type;


  char idle_begin[20];
  char earliest_end[20];
  char last_client_ts[20];

/* For each client (IP address) maintain a table of HTTP connections
   that are "active" with the following information about each connection:
     id (host/port 4-tuple identifying the connection 
     activity (1 if a request has been sent and the response is not
               yet complete; 0 otherwise)
     state (like activity)
   A connection is "active" (in the table) from the time a connection
   start (SYN, ACT-REQ or ACT-RSP) is seen in the input until a 
   connection end (FIN, RST, TRM) is also seen in the input
*/
     
int active_connections = 0;
#define MAX_CONNECTIONS 1000
  struct connect
    {
     char id[50];
     int  activity;
     enum event_types state;
    }connections[MAX_CONNECTIONS];

  char new_line[500];

void error_line(char *s);
void error_state(char *s);

void log_REQ(void);
void log_RSP(void);
void log_IDLE(char *s);

void set_connection(char *sp, char *dh, char *dp, enum event_types type);
void ClearConnections(void);
int ConnectionsActive(void);
int FindConnection(char *sp, char *dh, char *dp);
int AddConnection(char *sp, char *dh, char *dp);
int RemoveConnection(char *sp, char *dh, char *dp);

long elapsed_ms(char *end, char *start);

void main (int argc, char* argv[])
{
  int i;

  char input_name[256] = "";
  char output_name[256] = "";
  long idle_limit = 2000;  /* default threshold for idleness in millisec. */ 
  long elapsed;

  char parse_line[500];
  char discard[50];

  char *cursor;
  char *vp;

  /* Parse the command line */
  i = 1;
  while (i < argc) {
    if (strcmp (argv[i], "-r") == 0) {
      if (++i >= argc) Usage (argv[0]);
      strcpy (input_name, argv[i]);
    }
    else if (strcmp (argv[i], "-w") == 0) {
      if (++i >= argc) Usage (argv[0]);
      strcpy (output_name, argv[i]);
    }
    else if (strcmp (argv[i], "-I") == 0) {
      if (++i >= argc) Usage (argv[0]);
      idle_limit = (long)atoi(argv[i]);
    }
    else 
      Usage (argv[0]);
    i++;
  }

  /* Open files */
  if (strcmp(output_name, "") == 0)
     outFP = stdout;
  else 
     {
      strcat(output_name, ".activity");
      if ((outFP = fopen (output_name, "w")) == NULL) {
          fprintf (stderr, "error opening %s\n", output_name);
          exit (-1);
          }
     }

  if (strcmp(input_name, "") == 0)
     dumpFP = stdin;
  else 
     {
      if ((dumpFP = fopen (input_name, "r")) == NULL) {
          fprintf (stderr, "error opening %s\n", input_name);
          exit (-1);
         }
     }

  /* Read each record in the input file.  Look for a change in the 
     source IP address (which indicates a new client).  If a new
     client, log the end of an idle period (if any) for the old
     client and initialize the connection table for the new client.
     If a record for the current client has been read, classify the
     type of event it represent and process it to update the client
     and connection state.
  */

  while (!feof (dumpFP)) {
    /* Get and parse line of data */
    if (fgets (new_line, sizeof(new_line), dumpFP) == NULL)
       break;
    /* get first line pieces */

    sscanf (new_line, "%s %s %s %s %s %s %s",
                      &ts, &sh, &sp, &gt, &dh, &dp, &fl);

    /* if an ERR line, just show it */
    if (strcmp(fl, "ERR:") == 0)
       {
        error_line(new_line);
        continue;
       }

    /* now get variable part starting with the ":" considering that */
    /* interpretation of the remaining fields depends on the flag value */ 
    /* This is necessary to find the ending timestamp for FIN, RST, and 
       TRM events.
    */

    strcpy(parse_line, new_line);
    cursor = parse_line;
    vp = (char *)strsep(&cursor, ":" );
    if ((cursor == (char *)NULL) ||
        (vp == (char *)NULL))
        {
         error_line(new_line);
         continue;
        }

    /* Classify the event type by looking at the flag field from input
       records */

    if ((strcmp(fl, "REQ") == 0) || 
        (strcmp(fl, "REQ-") == 0))
       event_type = REQ;
    else
      {
       if ((strcmp(fl, "RSP") == 0) ||
           (strcmp(fl, "RSP-") == 0))
          event_type = RSP;
       else
	 {
          if ((strcmp(fl, "FIN") == 0) ||
              (strcmp(fl, "TRM") == 0) ||
              (strcmp(fl, "RST") == 0))
	     {
	       /* need the ending timestamp from these record types */
              sscanf(cursor, "%s %s", &discard, &earliest_end);
              event_type = END;
             }
           else 
             {
              if (strcmp(fl, "SYN") == 0)
                 event_type = SYN;
              else
		{
                 if (strcmp(fl, "ACT-REQ") == 0)
                    event_type = ACT_REQ;
                 else
                     if (strcmp(fl, "ACT-RSP") == 0)
                        event_type = ACT_RSP;
                }
             }
	 }
      }

   /* now use data from new trace record to update status */  
   /* first check to see if this is the same client host */
   if (strcmp(current_src, sh) != 0)
       {
        if (client_state == IDLE)
            log_IDLE(last_client_ts);  
        ClearConnections();
        client_state = PENDING_ACTIVE;
        strcpy(current_src, sh);
       }


   /* update the connection status for this client's connection */

   set_connection(sp, dh, dp, event_type);

   
   /* The main processing for idle periods is done by maintaining a state
      variable (client_status) for the client and looking for specific input 
      record types at different values of the state variable.  The 
      values of client_state and their implications are:
      PENDING_ACTIVE   - A new client is started and remains PENDING_ACTIVE
                         until an activity indication such as ACT-REQ,
                         ACT-RSP, or REQ is seen in which case it enters
                         the ACTIVE state.  If there is an initial response,
                         PENDING_IDLE is entered.
      ACTIVE           - At least one request is outstanding and the state
                         can only change if there is a response completion
                         or connection termination.
      PENDING_IDLE     - There are no requests outstanding but the idle
                         period threshold has not elapsed since it entered
                         the PENDING_IDLE state.
      IDLE             - No outstanding requests for a period greater than
                         the idle threshold.  The IDLE (and PENDING_IDLE)
                         states are exited on activity indication such as 
                         ACT-REQ, ACT-RSP, or REQ
   */

   switch (client_state)
      {
       case PENDING_ACTIVE:
            switch (event_type)
	       {
	        case SYN:
                    break;
	        case ACT_REQ:
	        case ACT_RSP:
                    client_state = ACTIVE;
                    break;
	        case REQ:
                    client_state = ACTIVE;
                    log_REQ();
                    break;
	        case RSP:
                    client_state = PENDING_IDLE;
                    strcpy(idle_begin, ts);
                    log_RSP();
                    break;
	        case END:
                    break;
               }
            break;

       case ACTIVE:
            switch (event_type)
	       {
	        case SYN:
	        case ACT_REQ:
	        case ACT_RSP:
                    break;
	        case REQ:
                    log_REQ();
                    break;
	        case RSP:
                    log_RSP(); 
                    if (ConnectionsActive() == 0) /* Any active connections?*/
		       {
                        client_state = PENDING_IDLE;
                        strcpy(idle_begin, ts);
                       }
                    break;
	        case END:
                    if (ConnectionsActive() == 0) /* Any active connections?*/
		       {
                        client_state = PENDING_IDLE;
                        strcpy(idle_begin, earliest_end);
                       }
                    break;
               }
            break;

       case PENDING_IDLE:
	    /* must start checking time, if > n seconds elapse since
               entering PENDING_IDLE state, enter IDLE state */
            elapsed = elapsed_ms(ts, idle_begin);
            if (elapsed < idle_limit)
	       {
                switch (event_type)
		   {