diff options
Diffstat (limited to 'src/fnettrace/main.c')
-rw-r--r-- | src/fnettrace/main.c | 52 |
1 files changed, 35 insertions, 17 deletions
diff --git a/src/fnettrace/main.c b/src/fnettrace/main.c index 2d5072379..136a16e6d 100644 --- a/src/fnettrace/main.c +++ b/src/fnettrace/main.c | |||
@@ -33,13 +33,16 @@ typedef struct hnode_t { | |||
33 | struct hnode_t *hnext; // used for hash table and unused linked list | 33 | struct hnode_t *hnext; // used for hash table and unused linked list |
34 | struct hnode_t *dnext; // used to display streams on the screen | 34 | struct hnode_t *dnext; // used to display streams on the screen |
35 | uint32_t ip_src; | 35 | uint32_t ip_src; |
36 | RNode *rnode; // radix tree entry | ||
37 | |||
38 | // stats | ||
36 | uint32_t bytes; // number of bytes received in the last display interval | 39 | uint32_t bytes; // number of bytes received in the last display interval |
37 | uint16_t port_src; | 40 | uint16_t port_src; |
38 | uint8_t protocol; | 41 | uint8_t protocol; |
42 | |||
39 | // the firewall is build based on source address, and in the linked list | 43 | // the firewall is build based on source address, and in the linked list |
40 | // we have elements with the same address but different ports | 44 | // we could have elements with the same address but different ports |
41 | uint8_t ip_instance; | 45 | uint8_t ip_instance; |
42 | char *hostname; | ||
43 | int ttl; | 46 | int ttl; |
44 | } HNode; | 47 | } HNode; |
45 | 48 | ||
@@ -89,6 +92,8 @@ static void hnode_add(uint32_t ip_src, uint8_t protocol, uint16_t port_src, uint | |||
89 | ip_instance++; | 92 | ip_instance++; |
90 | if (ptr->port_src == port_src && ptr->protocol == protocol) { | 93 | if (ptr->port_src == port_src && ptr->protocol == protocol) { |
91 | ptr->bytes += bytes; | 94 | ptr->bytes += bytes; |
95 | assert(ptr->rnode); | ||
96 | ptr->rnode->pkts++; | ||
92 | return; | 97 | return; |
93 | } | 98 | } |
94 | } | 99 | } |
@@ -100,7 +105,6 @@ static void hnode_add(uint32_t ip_src, uint8_t protocol, uint16_t port_src, uint | |||
100 | #endif | 105 | #endif |
101 | HNode *hnew = hmalloc(); | 106 | HNode *hnew = hmalloc(); |
102 | assert(hnew); | 107 | assert(hnew); |
103 | hnew->hostname = NULL; | ||
104 | hnew->ip_src = ip_src; | 108 | hnew->ip_src = ip_src; |
105 | hnew->port_src = port_src; | 109 | hnew->port_src = port_src; |
106 | hnew->protocol = protocol; | 110 | hnew->protocol = protocol; |
@@ -126,6 +130,11 @@ static void hnode_add(uint32_t ip_src, uint8_t protocol, uint16_t port_src, uint | |||
126 | ptr->dnext = hnew; | 130 | ptr->dnext = hnew; |
127 | } | 131 | } |
128 | 132 | ||
133 | hnew->rnode = radix_longest_prefix_match(hnew->ip_src); | ||
134 | if (!hnew->rnode) | ||
135 | hnew->rnode = radix_add(hnew->ip_src, 0xffffffff, NULL); | ||
136 | hnew->rnode->pkts++; | ||
137 | |||
129 | if (arg_netfilter) | 138 | if (arg_netfilter) |
130 | logprintf(" %d.%d.%d.%d ", PRINT_IP(hnew->ip_src)); | 139 | logprintf(" %d.%d.%d.%d ", PRINT_IP(hnew->ip_src)); |
131 | } | 140 | } |
@@ -242,15 +251,15 @@ static PortType ports[] = { | |||
242 | {110, "(POP3)"}, | 251 | {110, "(POP3)"}, |
243 | {113, "(IRC)"}, | 252 | {113, "(IRC)"}, |
244 | {123, "(NTP)"}, | 253 | {123, "(NTP)"}, |
245 | {161, "(SNP)"}, | 254 | {161, "(SNMP)"}, |
246 | {162, "(SNP)"}, | 255 | {162, "(SNMP)"}, |
247 | {194, "(IRC)"}, | 256 | {194, "(IRC)"}, |
248 | {0, NULL}, | 257 | {0, NULL}, |
249 | }; | 258 | }; |
250 | 259 | ||
251 | 260 | ||
252 | static inline const char *common_port(uint16_t port) { | 261 | static inline const char *common_port(uint16_t port) { |
253 | if (port >= 6660 && port <= 9150) { | 262 | if (port >= 6660 && port <= 10162) { |
254 | if (port >= 6660 && port <= 6669) | 263 | if (port >= 6660 && port <= 6669) |
255 | return "(IRC)"; | 264 | return "(IRC)"; |
256 | else if (port == 6679) | 265 | else if (port == 6679) |
@@ -269,6 +278,10 @@ static inline const char *common_port(uint16_t port) { | |||
269 | return "(Tor)"; | 278 | return "(Tor)"; |
270 | else if (port == 9150) | 279 | else if (port == 9150) |
271 | return "(Tor)"; | 280 | return "(Tor)"; |
281 | else if (port == 10161) | ||
282 | return "(secure SNMP)"; | ||
283 | else if (port == 10162) | ||
284 | return "(secure SNMP)"; | ||
272 | return NULL; | 285 | return NULL; |
273 | } | 286 | } |
274 | 287 | ||
@@ -317,7 +330,8 @@ static void hnode_print(unsigned bw) { | |||
317 | sprintf(stats, "%u MB/s ", bw / (1024 * 1024 * DISPLAY_INTERVAL)); | 330 | sprintf(stats, "%u MB/s ", bw / (1024 * 1024 * DISPLAY_INTERVAL)); |
318 | else | 331 | else |
319 | sprintf(stats, "%u KB/s ", bw / (1024 * DISPLAY_INTERVAL)); | 332 | sprintf(stats, "%u KB/s ", bw / (1024 * DISPLAY_INTERVAL)); |
320 | int len = snprintf(line, LINE_MAX, "%32s geoip %d, IP database %d\n", stats, geoip_calls, radix_nodes); | 333 | // int len = snprintf(line, LINE_MAX, "%32s geoip %d, IP database %d\n", stats, geoip_calls, radix_nodes); |
334 | int len = snprintf(line, LINE_MAX, "%32s address:port (protocol) host (packets)\n", stats); | ||
321 | adjust_line(line, len, cols); | 335 | adjust_line(line, len, cols); |
322 | printf("%s", line); | 336 | printf("%s", line); |
323 | 337 | ||
@@ -336,12 +350,11 @@ static void hnode_print(unsigned bw) { | |||
336 | else | 350 | else |
337 | snprintf(bytes, 11, "%u B/s ", (unsigned) (ptr->bytes / DISPLAY_INTERVAL)); | 351 | snprintf(bytes, 11, "%u B/s ", (unsigned) (ptr->bytes / DISPLAY_INTERVAL)); |
338 | 352 | ||
339 | if (!ptr->hostname) | 353 | if (!ptr->rnode->name) |
340 | ptr->hostname = radix_longest_prefix_match(ptr->ip_src); | 354 | ptr->rnode->name = retrieve_hostname(ptr->ip_src); |
341 | if (!ptr->hostname) | 355 | if (!ptr->rnode->name) |
342 | ptr->hostname = retrieve_hostname(ptr->ip_src); | 356 | ptr->rnode->name = " "; |
343 | if (!ptr->hostname) | 357 | assert(ptr->rnode->name); |
344 | ptr->hostname = " "; | ||
345 | 358 | ||
346 | unsigned bwunit = bw / DISPLAY_BW_UNITS; | 359 | unsigned bwunit = bw / DISPLAY_BW_UNITS; |
347 | char *bwline; | 360 | char *bwline; |
@@ -376,11 +389,16 @@ static void hnode_print(unsigned bw) { | |||
376 | protocol = ""; | 389 | protocol = ""; |
377 | if (ptr->port_src == 0) | 390 | if (ptr->port_src == 0) |
378 | len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d (ICMP) %s\n", | 391 | len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d (ICMP) %s\n", |
379 | bytes, bwline, PRINT_IP(ptr->ip_src), ptr->hostname); | 392 | bytes, bwline, PRINT_IP(ptr->ip_src), ptr->rnode->name); |
393 | else if (ptr->rnode->pkts > 1000000) | ||
394 | len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s (%.01fM)\n", | ||
395 | bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->rnode->name, ((double) ptr->rnode->pkts) / 1000000); | ||
396 | else if (ptr->rnode->pkts > 1000) | ||
397 | len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s (%.01fK)\n", | ||
398 | bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->rnode->name, ((double) ptr->rnode->pkts) / 1000); | ||
380 | else | 399 | else |
381 | len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s\n", | 400 | len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s (%u)\n", |
382 | bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->hostname); | 401 | bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->rnode->name, ptr->rnode->pkts); |
383 | |||
384 | adjust_line(line, len, cols); | 402 | adjust_line(line, len, cols); |
385 | printf("%s", line); | 403 | printf("%s", line); |
386 | 404 | ||