diff options
Diffstat (limited to 'src/fnettrace/main.c')
| -rw-r--r-- | src/fnettrace/main.c | 52 |
1 files changed, 35 insertions, 17 deletions
diff --git a/src/fnettrace/main.c b/src/fnettrace/main.c index 2d5072379..136a16e6d 100644 --- a/src/fnettrace/main.c +++ b/src/fnettrace/main.c | |||
| @@ -33,13 +33,16 @@ typedef struct hnode_t { | |||
| 33 | struct hnode_t *hnext; // used for hash table and unused linked list | 33 | struct hnode_t *hnext; // used for hash table and unused linked list |
| 34 | struct hnode_t *dnext; // used to display streams on the screen | 34 | struct hnode_t *dnext; // used to display streams on the screen |
| 35 | uint32_t ip_src; | 35 | uint32_t ip_src; |
| 36 | RNode *rnode; // radix tree entry | ||
| 37 | |||
| 38 | // stats | ||
| 36 | uint32_t bytes; // number of bytes received in the last display interval | 39 | uint32_t bytes; // number of bytes received in the last display interval |
| 37 | uint16_t port_src; | 40 | uint16_t port_src; |
| 38 | uint8_t protocol; | 41 | uint8_t protocol; |
| 42 | |||
| 39 | // the firewall is build based on source address, and in the linked list | 43 | // the firewall is build based on source address, and in the linked list |
| 40 | // we have elements with the same address but different ports | 44 | // we could have elements with the same address but different ports |
| 41 | uint8_t ip_instance; | 45 | uint8_t ip_instance; |
| 42 | char *hostname; | ||
| 43 | int ttl; | 46 | int ttl; |
| 44 | } HNode; | 47 | } HNode; |
| 45 | 48 | ||
| @@ -89,6 +92,8 @@ static void hnode_add(uint32_t ip_src, uint8_t protocol, uint16_t port_src, uint | |||
| 89 | ip_instance++; | 92 | ip_instance++; |
| 90 | if (ptr->port_src == port_src && ptr->protocol == protocol) { | 93 | if (ptr->port_src == port_src && ptr->protocol == protocol) { |
| 91 | ptr->bytes += bytes; | 94 | ptr->bytes += bytes; |
| 95 | assert(ptr->rnode); | ||
| 96 | ptr->rnode->pkts++; | ||
| 92 | return; | 97 | return; |
| 93 | } | 98 | } |
| 94 | } | 99 | } |
| @@ -100,7 +105,6 @@ static void hnode_add(uint32_t ip_src, uint8_t protocol, uint16_t port_src, uint | |||
| 100 | #endif | 105 | #endif |
| 101 | HNode *hnew = hmalloc(); | 106 | HNode *hnew = hmalloc(); |
| 102 | assert(hnew); | 107 | assert(hnew); |
| 103 | hnew->hostname = NULL; | ||
| 104 | hnew->ip_src = ip_src; | 108 | hnew->ip_src = ip_src; |
| 105 | hnew->port_src = port_src; | 109 | hnew->port_src = port_src; |
| 106 | hnew->protocol = protocol; | 110 | hnew->protocol = protocol; |
| @@ -126,6 +130,11 @@ static void hnode_add(uint32_t ip_src, uint8_t protocol, uint16_t port_src, uint | |||
| 126 | ptr->dnext = hnew; | 130 | ptr->dnext = hnew; |
| 127 | } | 131 | } |
| 128 | 132 | ||
| 133 | hnew->rnode = radix_longest_prefix_match(hnew->ip_src); | ||
| 134 | if (!hnew->rnode) | ||
| 135 | hnew->rnode = radix_add(hnew->ip_src, 0xffffffff, NULL); | ||
| 136 | hnew->rnode->pkts++; | ||
| 137 | |||
| 129 | if (arg_netfilter) | 138 | if (arg_netfilter) |
| 130 | logprintf(" %d.%d.%d.%d ", PRINT_IP(hnew->ip_src)); | 139 | logprintf(" %d.%d.%d.%d ", PRINT_IP(hnew->ip_src)); |
| 131 | } | 140 | } |
| @@ -242,15 +251,15 @@ static PortType ports[] = { | |||
| 242 | {110, "(POP3)"}, | 251 | {110, "(POP3)"}, |
| 243 | {113, "(IRC)"}, | 252 | {113, "(IRC)"}, |
| 244 | {123, "(NTP)"}, | 253 | {123, "(NTP)"}, |
| 245 | {161, "(SNP)"}, | 254 | {161, "(SNMP)"}, |
| 246 | {162, "(SNP)"}, | 255 | {162, "(SNMP)"}, |
| 247 | {194, "(IRC)"}, | 256 | {194, "(IRC)"}, |
| 248 | {0, NULL}, | 257 | {0, NULL}, |
| 249 | }; | 258 | }; |
| 250 | 259 | ||
| 251 | 260 | ||
| 252 | static inline const char *common_port(uint16_t port) { | 261 | static inline const char *common_port(uint16_t port) { |
| 253 | if (port >= 6660 && port <= 9150) { | 262 | if (port >= 6660 && port <= 10162) { |
| 254 | if (port >= 6660 && port <= 6669) | 263 | if (port >= 6660 && port <= 6669) |
| 255 | return "(IRC)"; | 264 | return "(IRC)"; |
| 256 | else if (port == 6679) | 265 | else if (port == 6679) |
| @@ -269,6 +278,10 @@ static inline const char *common_port(uint16_t port) { | |||
| 269 | return "(Tor)"; | 278 | return "(Tor)"; |
| 270 | else if (port == 9150) | 279 | else if (port == 9150) |
| 271 | return "(Tor)"; | 280 | return "(Tor)"; |
| 281 | else if (port == 10161) | ||
| 282 | return "(secure SNMP)"; | ||
| 283 | else if (port == 10162) | ||
| 284 | return "(secure SNMP)"; | ||
| 272 | return NULL; | 285 | return NULL; |
| 273 | } | 286 | } |
| 274 | 287 | ||
| @@ -317,7 +330,8 @@ static void hnode_print(unsigned bw) { | |||
| 317 | sprintf(stats, "%u MB/s ", bw / (1024 * 1024 * DISPLAY_INTERVAL)); | 330 | sprintf(stats, "%u MB/s ", bw / (1024 * 1024 * DISPLAY_INTERVAL)); |
| 318 | else | 331 | else |
| 319 | sprintf(stats, "%u KB/s ", bw / (1024 * DISPLAY_INTERVAL)); | 332 | sprintf(stats, "%u KB/s ", bw / (1024 * DISPLAY_INTERVAL)); |
| 320 | int len = snprintf(line, LINE_MAX, "%32s geoip %d, IP database %d\n", stats, geoip_calls, radix_nodes); | 333 | // int len = snprintf(line, LINE_MAX, "%32s geoip %d, IP database %d\n", stats, geoip_calls, radix_nodes); |
| 334 | int len = snprintf(line, LINE_MAX, "%32s address:port (protocol) host (packets)\n", stats); | ||
| 321 | adjust_line(line, len, cols); | 335 | adjust_line(line, len, cols); |
| 322 | printf("%s", line); | 336 | printf("%s", line); |
| 323 | 337 | ||
| @@ -336,12 +350,11 @@ static void hnode_print(unsigned bw) { | |||
| 336 | else | 350 | else |
| 337 | snprintf(bytes, 11, "%u B/s ", (unsigned) (ptr->bytes / DISPLAY_INTERVAL)); | 351 | snprintf(bytes, 11, "%u B/s ", (unsigned) (ptr->bytes / DISPLAY_INTERVAL)); |
| 338 | 352 | ||
| 339 | if (!ptr->hostname) | 353 | if (!ptr->rnode->name) |
| 340 | ptr->hostname = radix_longest_prefix_match(ptr->ip_src); | 354 | ptr->rnode->name = retrieve_hostname(ptr->ip_src); |
| 341 | if (!ptr->hostname) | 355 | if (!ptr->rnode->name) |
| 342 | ptr->hostname = retrieve_hostname(ptr->ip_src); | 356 | ptr->rnode->name = " "; |
| 343 | if (!ptr->hostname) | 357 | assert(ptr->rnode->name); |
| 344 | ptr->hostname = " "; | ||
| 345 | 358 | ||
| 346 | unsigned bwunit = bw / DISPLAY_BW_UNITS; | 359 | unsigned bwunit = bw / DISPLAY_BW_UNITS; |
| 347 | char *bwline; | 360 | char *bwline; |
| @@ -376,11 +389,16 @@ static void hnode_print(unsigned bw) { | |||
| 376 | protocol = ""; | 389 | protocol = ""; |
| 377 | if (ptr->port_src == 0) | 390 | if (ptr->port_src == 0) |
| 378 | len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d (ICMP) %s\n", | 391 | len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d (ICMP) %s\n", |
| 379 | bytes, bwline, PRINT_IP(ptr->ip_src), ptr->hostname); | 392 | bytes, bwline, PRINT_IP(ptr->ip_src), ptr->rnode->name); |
| 393 | else if (ptr->rnode->pkts > 1000000) | ||
| 394 | len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s (%.01fM)\n", | ||
| 395 | bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->rnode->name, ((double) ptr->rnode->pkts) / 1000000); | ||
| 396 | else if (ptr->rnode->pkts > 1000) | ||
| 397 | len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s (%.01fK)\n", | ||
| 398 | bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->rnode->name, ((double) ptr->rnode->pkts) / 1000); | ||
| 380 | else | 399 | else |
| 381 | len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s\n", | 400 | len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s (%u)\n", |
| 382 | bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->hostname); | 401 | bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->rnode->name, ptr->rnode->pkts); |
| 383 | |||
| 384 | adjust_line(line, len, cols); | 402 | adjust_line(line, len, cols); |
| 385 | printf("%s", line); | 403 | printf("%s", line); |
| 386 | 404 | ||