« back to all changes in this revision
Viewing changes to sessions.c
- browse files at revision 11
- compare with another revision
- download diff
- download tarball
- view history from revision 11
- Committer: Bazaar Package Importer
- Author(s): Ludovico Cavedon, Jordan Metzmeier, Ludovico Cavedon
- Date: 2010-12-15 20:06:19 UTC
- mfrom: (5.1.5 sid)
- Revision ID: james.westby@ubuntu.com-20101215200619-0ojz3iak95ihibun
Tags: 3:4.0.3+dfsg1-1
[ Jordan Metzmeier ]
* New upstream release (Closes: #522042)
* Move data files to /usr/share/ntop (Closes: #595450).
* Package architecture independent data in a separate ntop-data package.
* Use debhelper 7.
* Update Standards-Version to 3.9.1.
* Depend on python-mako.
* Do not include ntop.txt in binary packages as it is a copy of the man
page.
* Do not include NEWS, as it is outdated.
* Switch to package source version 3.0 (quilt).
* Add password creation to debconf
* Changed init script to fix localization problems (thanks to Alejandro
Varas <alej0varas@gmail.com>, LP: #257466)
* Remove manual update-rc.d calls from postrm and postinst. debhelper adds
this for us.
* Add pre-depends on adduser for postinst script.
* Fix errors in the manpages: fix-manpage-errors.patch.
* Added fixes for matching active interfaces.
* Added a watch file.
[ Ludovico Cavedon ]
* Remove direct changes to upstream tree, and move them into specific patch
files:
- fix-manpage-errors.patch: fix typos in ntop.8.
- dot-path.patch: fix path of /usr/bin/dot executable
* Add patches:
- reduce-autogen-purged-files.patch: prevent agutogen.sh from reamoving
too many files during cleanup.
- Add build-without-ntop-darwin.patch, to fix compilation without
ntop_darwin.c.
* No longer add faq.html, as it is not distributed in the upstream tarball.
* Use ${source:Version} in control file. Have ntop-data recommend
ntop.
* Rename dirs to ntop.dirs and keep only empty directories that need
to be created.
* Remove var/lib from ntop.install file, as it is empty (keeping it in
ntop.dirs).
* Update po files.
* Breaks and Replaces instead of Conflitcs for ntop-data.
* Use a longer package description.
* Remove useless configure options from debian/rules.
* Move private shared libraries libraries in /usr/lib/ntop.
* Add change-plugin-dir.patch for adjusting plugin directory.
* Remove development files.
* Use system library for MochiKit.js.
* Rewrite DEP5 copyright file.
* Repackage upstream tarball in order to remove non-DFSG-compliant code. Add
get-orig-source.sh script and get-orig-source target in debian/rules.
* Add explanation to README.Debian why geolocation is no longer working.
* Add avoid-copy-maxmind-db.patch to prevent copying of Geo*.dat
files.
* Remove old unused patches.
* New upstream release (Closes: #522042)
* Move data files to /usr/share/ntop (Closes: #595450).
* Package architecture independent data in a separate ntop-data package.
* Use debhelper 7.
* Update Standards-Version to 3.9.1.
* Depend on python-mako.
* Do not include ntop.txt in binary packages as it is a copy of the man
page.
* Do not include NEWS, as it is outdated.
* Switch to package source version 3.0 (quilt).
* Add password creation to debconf
* Changed init script to fix localization problems (thanks to Alejandro
Varas <alej0varas@gmail.com>, LP: #257466)
* Remove manual update-rc.d calls from postrm and postinst. debhelper adds
this for us.
* Add pre-depends on adduser for postinst script.
* Fix errors in the manpages: fix-manpage-errors.patch.
* Added fixes for matching active interfaces.
* Added a watch file.
[ Ludovico Cavedon ]
* Remove direct changes to upstream tree, and move them into specific patch
files:
- fix-manpage-errors.patch: fix typos in ntop.8.
- dot-path.patch: fix path of /usr/bin/dot executable
* Add patches:
- reduce-autogen-purged-files.patch: prevent agutogen.sh from reamoving
too many files during cleanup.
- Add build-without-ntop-darwin.patch, to fix compilation without
ntop_darwin.c.
* No longer add faq.html, as it is not distributed in the upstream tarball.
* Use ${source:Version} in control file. Have ntop-data recommend
ntop.
* Rename dirs to ntop.dirs and keep only empty directories that need
to be created.
* Remove var/lib from ntop.install file, as it is empty (keeping it in
ntop.dirs).
* Update po files.
* Breaks and Replaces instead of Conflitcs for ntop-data.
* Use a longer package description.
* Remove useless configure options from debian/rules.
* Move private shared libraries libraries in /usr/lib/ntop.
* Add change-plugin-dir.patch for adjusting plugin directory.
* Remove development files.
* Use system library for MochiKit.js.
* Rewrite DEP5 copyright file.
* Repackage upstream tarball in order to remove non-DFSG-compliant code. Add
get-orig-source.sh script and get-orig-source target in debian/rules.
* Add explanation to README.Debian why geolocation is no longer working.
* Add avoid-copy-maxmind-db.patch to prevent copying of Geo*.dat
files.
* Remove old unused patches.
- files added:
- .pc
- .pc/avoid-copy-maxmind-db.patch
- .pc/build-without-ntop-darwin.patch
- .pc/change-plugin-dir.patch
- .pc/change-plugin-dir.patch/plugins
- .pc/dot-path.patch
- .pc/fix-manpage-errors.patch
- .pc/fix-wget-during-build.patch
- .pc/reduce-autogen-purged-files.patch
- 3rd_party
- debian/source
- html/ajax
- html/docs
- html/docs/python
- iwtan
- misc
- misc/lua
- misc/perl
- misc/perl/report
- packages/debian/etc/ld.so.conf.d
- python
- python/docs
- python/docs/src
- python/json
- python/json/iphone
- python/rrdalarm
- python/rrdalarm/scripts
- python/templates
- utils/getopt
- files removed:
- AS-list.txt.gz
- l7-patterns
- packages/debian/usr
- files modified:
- COPYING
added
removed
sessions.c
1
1
/*
2
2
* -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
3
*
3
4
* http://www.ntop.org
4
5
*
5
* Copyright (C) 1998-2007 Luca Deri <deri@ntop.org>
6
* Copyright (C) 1998-2010 Luca Deri <deri@ntop.org>
6
7
*
7
8
* -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
8
9
*
98
99
99
100
/* ************************************ */
100
101
101
static void updateFileList(char *fileName, u_char upDownloadMode, HostTraffic *theRemHost) {
102
if(fileName != NULL) {
103
FileList *list, *lastPtr = NULL;
104
int numEntries = 0;
105
106
if(theRemHost->protocolInfo == NULL) theRemHost->protocolInfo = calloc(1, sizeof(ProtocolInfo));
107
list = theRemHost->protocolInfo->fileList;
108
109
#ifdef DEBUG
110
traceEvent(CONST_TRACE_INFO, "updateFileList: %s for host %s",
111
fileName, theRemHost->hostNumIpAddress);
112
#endif
113
114
while(list != NULL) {
115
if(strcmp(list->fileName, fileName) == 0) {
116
FD_SET(upDownloadMode, &list->fileFlags);
117
return;
118
} else {
119
lastPtr = list;
120
list = list->next;
121
numEntries++;
122
}
123
}
124
125
if(list == NULL) {
126
list = (FileList*)malloc(sizeof(FileList));
127
list->fileName = strdup(fileName);
128
FD_ZERO(&list->fileFlags);
129
FD_SET(upDownloadMode, &list->fileFlags);
130
list->next = NULL;
131
132
if(numEntries >= MAX_NUM_LIST_ENTRIES) {
133
FileList *ptr = theRemHost->protocolInfo->fileList->next;
134
135
lastPtr->next = list; /* Append */
136
/* Free the first entry */
137
free(theRemHost->protocolInfo->fileList->fileName);
138
free(theRemHost->protocolInfo->fileList);
139
/* The first ptr points to the second element */
140
theRemHost->protocolInfo->fileList = ptr;
141
} else {
142
list->next = theRemHost->protocolInfo->fileList;
143
theRemHost->protocolInfo->fileList = list;
144
}
145
}
146
}
147
}
148
149
/* ************************************ */
150
151
102
void updateHostUsers(char *userName, int userType, HostTraffic *theHost) {
152
103
int i;
153
104
221
172
u_short sport,
222
173
u_short dport,
223
174
u_int length) {
224
u_short clientPort, serverPort;
225
PortUsage *ports;
226
int sport_idx = mapGlobalToLocalIdx(sport);
227
int dport_idx = mapGlobalToLocalIdx(dport);
228
229
/* Now let's update the list of ports recently used by the hosts */
230
if((sport > dport) || broadcastHost(dstHost)) {
231
clientPort = sport, serverPort = dport;
232
233
if(sport_idx == -1) addPortToList(srcHost, srcHost->otherIpPortsSent, sport);
234
if(dport_idx == -1) addPortToList(dstHost, dstHost->otherIpPortsRcvd, dport);
235
236
if(srcHost != myGlobals.otherHostEntry)
237
updatePortList(srcHost, clientPort, -1);
238
if(dstHost != myGlobals.otherHostEntry)
239
updatePortList(dstHost, -1, serverPort);
240
} else {
241
clientPort = dport, serverPort = sport;
242
243
if(srcHost != myGlobals.otherHostEntry)
244
updatePortList(srcHost, -1, serverPort);
245
if(dstHost != myGlobals.otherHostEntry)
246
updatePortList(dstHost, clientPort, -1);
247
}
248
249
/* **************** */
250
251
if(/* (srcHost == dstHost) || */
252
broadcastHost(srcHost) || broadcastHost(dstHost))
253
return;
254
255
if(sport < MAX_ASSIGNED_IP_PORTS) {
256
ports = getPortsUsage(srcHost, sport, 1);
257
258
#ifdef DEBUG
259
traceEvent(CONST_TRACE_INFO, "DEBUG: Adding svr peer %u", dstHost->hostTrafficBucket);
260
#endif
261
262
incrementTrafficCounter(&ports->serverTraffic, length);
263
ports->serverUses++, ports->serverUsesLastPeer = dstHost->hostSerial;
264
265
ports = getPortsUsage(dstHost, sport, 1);
266
267
#ifdef DEBUG
268
traceEvent(CONST_TRACE_INFO, "DEBUG: Adding client peer %u", dstHost->hostTrafficBucket);
269
#endif
270
271
incrementTrafficCounter(&ports->clientTraffic, length);
272
ports->clientUses++, ports->clientUsesLastPeer = srcHost->hostSerial;
273
}
274
275
if(dport < MAX_ASSIGNED_IP_PORTS) {
276
ports = getPortsUsage(srcHost, dport, 1);
277
278
#ifdef DEBUG
279
traceEvent(CONST_TRACE_INFO, "DEBUG: Adding client peer %u", dstHost->hostTrafficBucket);
280
#endif
281
282
incrementTrafficCounter(&ports->clientTraffic, length);
283
ports->clientUses++, ports->clientUsesLastPeer = dstHost->hostSerial;
284
285
ports = getPortsUsage(dstHost, dport, 1);
286
287
#ifdef DEBUG
288
traceEvent(CONST_TRACE_INFO, "DEBUG: Adding svr peer %u", srcHost->hostTrafficBucket);
289
#endif
290
291
incrementTrafficCounter(&ports->serverTraffic, length);
292
ports->serverUses++, ports->serverUsesLastPeer = srcHost->hostSerial;
175
if(length > 0) {
176
u_short clientPort, serverPort;
177
PortUsage *ports;
178
int sport_idx = mapGlobalToLocalIdx(sport);
179
int dport_idx = mapGlobalToLocalIdx(dport);
180
181
/* Now let's update the list of ports recently used by the hosts */
182
if((sport > dport) || broadcastHost(dstHost)) {
183
clientPort = sport, serverPort = dport;
184
185
if(sport_idx == -1) addPortToList(srcHost, srcHost->otherIpPortsSent, sport);
186
if(dport_idx == -1) addPortToList(dstHost, dstHost->otherIpPortsRcvd, dport);
187
188
if(srcHost != myGlobals.otherHostEntry)
189
updatePortList(srcHost, clientPort, -1);
190
if(dstHost != myGlobals.otherHostEntry)
191
updatePortList(dstHost, -1, serverPort);
192
} else {
193
clientPort = dport, serverPort = sport;
194
195
if(srcHost != myGlobals.otherHostEntry)
196
updatePortList(srcHost, -1, serverPort);
197
if(dstHost != myGlobals.otherHostEntry)
198
updatePortList(dstHost, clientPort, -1);
199
}
200
201
/* **************** */
202
203
if(/* (srcHost == dstHost) || */
204
broadcastHost(srcHost) || broadcastHost(dstHost))
205
return;
206
207
if(sport < MAX_ASSIGNED_IP_PORTS) {
208
ports = getPortsUsage(srcHost, sport, 1);
209
210
#ifdef DEBUG
211
traceEvent(CONST_TRACE_INFO, "DEBUG: Adding svr peer %u", dstHost->hostTrafficBucket);
212
#endif
213
214
incrementTrafficCounter(&ports->serverTraffic, length);
215
ports->serverUses++, ports->serverUsesLastPeer = dstHost->hostSerial;
216
217
ports = getPortsUsage(dstHost, sport, 1);
218
219
#ifdef DEBUG
220
traceEvent(CONST_TRACE_INFO, "DEBUG: Adding client peer %u", dstHost->hostTrafficBucket);
221
#endif
222
223
incrementTrafficCounter(&ports->clientTraffic, length);
224
ports->clientUses++, ports->clientUsesLastPeer = srcHost->hostSerial;
225
}
226
227
if(dport < MAX_ASSIGNED_IP_PORTS) {
228
ports = getPortsUsage(srcHost, dport, 1);
229
230
#ifdef DEBUG
231
traceEvent(CONST_TRACE_INFO, "DEBUG: Adding client peer %u", dstHost->hostTrafficBucket);
232
#endif
233
234
incrementTrafficCounter(&ports->clientTraffic, length);
235
ports->clientUses++, ports->clientUsesLastPeer = dstHost->hostSerial;
236
237
ports = getPortsUsage(dstHost, dport, 1);
238
239
#ifdef DEBUG
240
traceEvent(CONST_TRACE_INFO, "DEBUG: Adding svr peer %u", srcHost->hostTrafficBucket);
241
#endif
242
243
incrementTrafficCounter(&ports->serverTraffic, length);
244
ports->serverUses++, ports->serverUsesLastPeer = srcHost->hostSerial;
245
}
293
246
}
294
247
}
295
248
300
253
u_char lockMutex /* unused so far */) {
301
254
/* Session to purge */
302
255
256
notifyEvent(sessionDeletion, NULL, sessionToPurge, 0);
303
257
dump_session_to_db(sessionToPurge);
304
258
305
259
if(sessionToPurge->magic != CONST_MAGIC_NUMBER) {
320
274
321
275
if(((sessionToPurge->bytesProtoSent.value == 0)
322
276
|| (sessionToPurge->bytesProtoRcvd.value == 0))
323
&& ((sessionToPurge->nwLatency.tv_sec != 0) || (sessionToPurge->nwLatency.tv_usec != 0))
277
&& ((sessionToPurge->clientNwDelay.tv_sec != 0) || (sessionToPurge->clientNwDelay.tv_usec != 0)
278
|| (sessionToPurge->serverNwDelay.tv_sec != 0) || (sessionToPurge->serverNwDelay.tv_usec != 0)
279
)
324
280
/*
325
281
"Valid" TCP session used to skip faked sessions (e.g. portscans
326
282
with one faked packet + 1 response [RST usually])
359
315
traceEvent(CONST_TRACE_INFO, "SESSION_TRACE_DEBUG: Session terminated: %s:%d<->%s:%d (lastSeend=%d) (# sessions = %d)",
360
316
_addrtostr(&sessionToPurge->initiatorRealIp, buf, sizeof(buf)), sessionToPurge->sport,
361
317
_addrtostr(&sessionToPurge->remotePeerRealIp, buf1, sizeof(buf1)), sessionToPurge->dport,
362
sessionToPurge->lastSeen, myGlobals.device[actualDeviceId].numTcpSessions);
318
sessionToPurge->lastSeen, myGlobals.device[actualDeviceId].numTcpSessions-1);
363
319
}
364
320
#endif
365
321
399
355
400
356
/* ************************************ */
401
357
358
#ifdef ENABLE_FC
359
402
360
void freeFcSession(FCSession *sessionToPurge, int actualDeviceId,
403
361
u_char allocateMemoryIfNeeded,
404
u_char lockMutex /* unused so far */)
405
{
362
u_char lockMutex /* unused so far */) {
406
363
int i;
407
364
408
365
/* Session to purge */
409
366
367
// notifyEvent(sessionDeletion, NULL, sessionToPurge, 0); - FIX
368
410
369
if(sessionToPurge->magic != CONST_MAGIC_NUMBER) {
411
370
traceEvent(CONST_TRACE_ERROR, "Bad magic number (expected=%d/real=%d) freeFcSession()",
412
371
CONST_MAGIC_NUMBER, sessionToPurge->magic);
448
407
free(sessionToPurge);
449
408
#endif
450
409
}
410
#endif
451
411
452
412
/* ************************************ */
453
413
479
439
480
440
for(_idx=0; _idx<MAX_TOT_NUM_SESSIONS; _idx++) {
481
441
IPSession *nextSession, *prevSession, *theSession;
482
442
int mutex_idx;
443
483
444
idx = (idx + 1) % MAX_TOT_NUM_SESSIONS;
484
445
485
446
if(freeSessionCount > purgeLimit) break;
486
447
448
mutex_idx = idx % NUM_SESSION_MUTEXES;
449
accessMutex(&myGlobals.tcpSessionsMutex[mutex_idx], "purgeIdleHosts");
487
450
prevSession = NULL, theSession = myGlobals.device[actualDeviceId].tcpSession[idx];
488
451
489
accessMutex(&myGlobals.tcpSessionsMutex, "purgeIdleHosts");
490
491
452
while(theSession != NULL) {
492
453
u_char free_session;
493
454
548
509
}
549
510
} /* while */
550
511
551
releaseMutex(&myGlobals.tcpSessionsMutex);
512
releaseMutex(&myGlobals.tcpSessionsMutex[mutex_idx]);
552
513
} /* end for */
553
514
554
515
#ifdef DEBUG
569
530
char *rcStr;
570
531
571
532
if(sport == IP_TCP_PORT_FTP)
572
FD_SET(FLAG_HOST_TYPE_SVC_FTP, &srcHost->flags);
533
setHostFlag(FLAG_HOST_TYPE_SVC_FTP, srcHost);
573
534
else
574
FD_SET(FLAG_HOST_TYPE_SVC_FTP, &dstHost->flags);
535
setHostFlag(FLAG_HOST_TYPE_SVC_FTP, dstHost);
575
536
576
537
if(((theSession->bytesProtoRcvd.value < 64)
577
538
|| (theSession->bytesProtoSent.value < 64))
613
574
char *rcStr;
614
575
615
576
if(sport == IP_TCP_PORT_SMTP)
616
FD_SET(FLAG_HOST_TYPE_SVC_SMTP, &srcHost->flags);
577
setHostFlag(FLAG_HOST_TYPE_SVC_SMTP, srcHost);
617
578
else
618
FD_SET(FLAG_HOST_TYPE_SVC_SMTP, &dstHost->flags);
579
setHostFlag(FLAG_HOST_TYPE_SVC_SMTP, dstHost);
619
580
620
581
if(((theSession->bytesProtoRcvd.value < 64)
621
582
|| (theSession->bytesProtoSent.value < 64))
676
637
char *rcStr;
677
638
678
639
if((sport == IP_TCP_PORT_POP2) || (sport == IP_TCP_PORT_POP3))
679
FD_SET(FLAG_HOST_TYPE_SVC_POP, &srcHost->flags);
640
setHostFlag(FLAG_HOST_TYPE_SVC_POP, srcHost);
680
641
else
681
FD_SET(FLAG_HOST_TYPE_SVC_POP, &dstHost->flags);
642
setHostFlag(FLAG_HOST_TYPE_SVC_POP, dstHost);
682
643
683
644
if(((theSession->bytesProtoRcvd.value < 64)
684
645
|| (theSession->bytesProtoSent.value < 64)) /* The user name is sent at the beginning of the communication */
720
681
char *rcStr;
721
682
722
683
if(sport == IP_TCP_PORT_IMAP)
723
FD_SET(FLAG_HOST_TYPE_SVC_IMAP, &srcHost->flags);
684
setHostFlag(FLAG_HOST_TYPE_SVC_IMAP, srcHost);
724
685
else
725
FD_SET(FLAG_HOST_TYPE_SVC_IMAP, &dstHost->flags);
686
setHostFlag(FLAG_HOST_TYPE_SVC_IMAP, dstHost);
726
687
727
688
if(((theSession->bytesProtoRcvd.value < 64)
728
689
|| (theSession->bytesProtoSent.value < 64))
853
814
&& (called_num[0] != '\0')) {
854
815
char logStr[256];
855
816
856
FD_SET(FLAG_HOST_TYPE_SVC_VOIP_CLIENT, &srcHost->flags);
857
FD_SET(FLAG_HOST_TYPE_SVC_VOIP_GATEWAY, &dstHost->flags);
817
setHostFlag(FLAG_HOST_TYPE_SVC_VOIP_CLIENT, srcHost);
818
setHostFlag(FLAG_HOST_TYPE_SVC_VOIP_GATEWAY, dstHost);
858
819
859
820
safe_snprintf(__FILE__, __LINE__, logStr, sizeof(logStr),
860
821
"%s <%s> -> <%s>",
893
854
memcpy(rcStr, packetData, packetDataLength);
894
855
rcStr[packetDataLength-1] = '\0';
895
856
896
if(0) {
897
traceEvent(CONST_TRACE_WARNING, "-------------------------");
898
traceEvent(CONST_TRACE_WARNING, rcStr);
899
traceEvent(CONST_TRACE_WARNING, "-------------------------");
900
}
901
902
857
row = strtok_r((char*)rcStr, "\r\n", &strtokState);
903
858
while(row != NULL) {
904
859
if((from == NULL)
969
924
}
970
925
971
926
if(server != NULL)
972
FD_SET(FLAG_HOST_TYPE_SVC_VOIP_GATEWAY, &srcHost->flags);
927
setHostFlag(FLAG_HOST_TYPE_SVC_VOIP_GATEWAY, srcHost);
973
928
else
974
FD_SET(FLAG_HOST_TYPE_SVC_VOIP_CLIENT, &srcHost->flags);
929
setHostFlag(FLAG_HOST_TYPE_SVC_VOIP_CLIENT, srcHost);
975
930
976
931
free(rcStr);
977
932
}
1046
1001
else if(dport == IP_TCP_PORT_SCCP)
1047
1002
addVoIPSessionInfo(&dstHost->hostIpAddress, dport, theSession->session_info);
1048
1003
1049
FD_SET(FLAG_HOST_TYPE_SVC_VOIP_GATEWAY, &dstHost->flags);
1050
FD_SET(FLAG_HOST_TYPE_SVC_VOIP_CLIENT, &srcHost->flags);
1004
setHostFlag(FLAG_HOST_TYPE_SVC_VOIP_GATEWAY, dstHost);
1005
setHostFlag(FLAG_HOST_TYPE_SVC_VOIP_CLIENT, srcHost);
1051
1006
1052
1007
updateHostUsers(caller, BITFLAG_VOIP_USER, srcHost);
1053
1008
1098
1053
1099
1054
/* *********************************** */
1100
1055
1101
static void handleWinMxSession (const struct pcap_pkthdr *h,
1102
HostTraffic *srcHost, u_short sport,
1103
HostTraffic *dstHost, u_short dport,
1104
u_int packetDataLength, u_char* packetData,
1105
IPSession *theSession, int actualDeviceId) {
1106
u_char *rcStr;
1107
1108
if (((theSession->bytesProtoSent.value == 3 /* GET */) &&
1109
(theSession->bytesProtoRcvd.value <= 1 /* 1 */))
1110
|| ((theSession->bytesProtoSent.value == 4 /* SEND */) &&
1111
(theSession->bytesProtoRcvd.value <= 1 /* 1 */))) {
1112
char *user, *strtokState, *strtokState1, *row, *file;
1113
int i, begin=0;
1114
1115
theSession->isP2P = FLAG_P2P_WINMX;
1116
1117
if ((rcStr = (u_char*)malloc(packetDataLength+1)) == NULL) {
1118
traceEvent (CONST_TRACE_WARNING, "handleWinMxSession: Unable to "
1119
"allocate memory, WINMX Session handling incomplete\n");
1120
return;
1121
}
1122
memcpy(rcStr, packetData, packetDataLength);
1123
rcStr[packetDataLength] = '\0';
1124
1125
row = strtok_r((char*)rcStr, "\"", &strtokState);
1126
1127
if(row != NULL) {
1128
user = strtok_r(row, "_", &strtokState1);
1129
file = strtok_r(NULL, "\"", &strtokState);
1130
1131
if((user != NULL) && (file != NULL)) {
1132
for(i=0; file[i] != '\0'; i++) {
1133
if(file[i] == '\\') begin = i;
1134
}
1135
1136
begin++;
1137
file = &file[begin];
1138
if(strlen(file) > 64) file[strlen(file)-64] = '\0';
1139
1140
#ifdef P2P_DEBUG
1141
traceEvent(CONST_TRACE_INFO, "WinMX: %s->%s [%s][%s]",
1142
srcHost->hostNumIpAddress,
1143
dstHost->hostNumIpAddress,
1144
user, file);
1145
#endif
1146
1147
if(theSession->bytesProtoSent.value == 3) {
1148
/* GET */
1149
updateFileList(file, BITFLAG_P2P_DOWNLOAD_MODE, srcHost);
1150
updateFileList(file, BITFLAG_P2P_UPLOAD_MODE, dstHost);
1151
updateHostUsers(user, BITFLAG_P2P_USER, srcHost);
1152
} else {
1153
/* SEND */
1154
updateFileList(file, BITFLAG_P2P_UPLOAD_MODE, srcHost);
1155
updateFileList(file, BITFLAG_P2P_DOWNLOAD_MODE, dstHost);
1156
updateHostUsers(user, BITFLAG_P2P_USER, dstHost);
1157
}
1158
}
1159
}
1160
1161
free(rcStr);
1162
}
1163
}
1164
1165
/* *********************************** */
1166
1167
static void handleGnutellaSession(const struct pcap_pkthdr *h,
1168
HostTraffic *srcHost, u_short sport,
1169
HostTraffic *dstHost, u_short dport,
1170
u_int packetDataLength, u_char* packetData,
1171
IPSession *theSession, int actualDeviceId) {
1172
u_char *rcStr, tmpStr[256];
1173
1174
if(theSession->bytesProtoSent.value == 0) {
1175
char *strtokState, *row;
1176
char *theStr = "GET /get/";
1177
1178
if ((rcStr = (u_char*)malloc(packetDataLength+1)) == NULL) {
1179
traceEvent (CONST_TRACE_WARNING, "handleGnutellaSession: Unable to "
1180
"allocate memory, Gnutella Session handling incomplete\n");
1181
return;
1182
}
1183
memcpy(rcStr, packetData, packetDataLength);
1184
rcStr[packetDataLength] = '\0';
1185
1186
if(strncmp((char*)rcStr, theStr, strlen(theStr)) == 0) {
1187
char *file;
1188
int i, begin=0;
1189
1190
row = strtok_r((char*)rcStr, "\n", &strtokState);
1191
file = &row[strlen(theStr)+1];
1192
if(strlen(file) > 10) file[strlen(file)-10] = '\0';
1193
1194
for(i=0; file[i] != '\0'; i++) {
1195
if(file[i] == '/') begin = i;
1196
}
1197
1198
begin++;
1199
1200
unescape((char*)tmpStr, sizeof(tmpStr), &file[begin]);
1201
1202
#ifdef P2P_DEBUG
1203
traceEvent(CONST_TRACE_INFO, "Gnutella: %s->%s [%s]",
1204
srcHost->hostNumIpAddress,
1205
dstHost->hostNumIpAddress,
1206
tmpStr);
1207
#endif
1208
updateFileList((char*)tmpStr, BITFLAG_P2P_DOWNLOAD_MODE, srcHost);
1209
updateFileList((char*)tmpStr, BITFLAG_P2P_UPLOAD_MODE, dstHost);
1210
theSession->isP2P = FLAG_P2P_GNUTELLA;
1211
}
1212
free(rcStr);
1213
}
1214
}
1215
1216
/* *********************************** */
1217
1218
static void handleKazaaSession(const struct pcap_pkthdr *h,
1219
HostTraffic *srcHost, u_short sport,
1220
HostTraffic *dstHost, u_short dport,
1221
u_int packetDataLength, u_char* packetData,
1222
IPSession *theSession, int actualDeviceId) {
1223
char *rcStr;
1224
char tmpStr[256];
1225
1226
if(theSession->bytesProtoSent.value == 0) {
1227
char *strtokState, *row;
1228
1229
if ((rcStr = (char*)malloc(packetDataLength+1)) == NULL) {
1230
traceEvent (CONST_TRACE_WARNING, "handleKazaaSession: Unable to "
1231
"allocate memory, Kazaa Session handling incomplete\n");
1232
return;
1233
}
1234
memcpy(rcStr, packetData, packetDataLength);
1235
rcStr[packetDataLength] = '\0';
1236
1237
if(strncmp(rcStr, "GET ", 4) == 0) {
1238
row = strtok_r(rcStr, "\n", &strtokState);
1239
1240
while(row != NULL) {
1241
if(strncmp(row, "GET /", 4) == 0) {
1242
char *theStr = "GET /.hash=";
1243
if(strncmp(row, theStr, strlen(theStr)) != 0) {
1244
char *strtokState1, *file = strtok_r(&row[4], " ", &strtokState1);
1245
int i, begin=0;
1246
1247
if(file != NULL) {
1248
for(i=0; file[i] != '\0'; i++) {
1249
if(file[i] == '/') begin = i;
1250
}
1251
1252
begin++;
1253
1254
unescape(tmpStr, sizeof(tmpStr), &file[begin]);
1255
1256
#ifdef P2P_DEBUG
1257
traceEvent(CONST_TRACE_INFO, "Kazaa: %s->%s [%s]",
1258
srcHost->hostNumIpAddress,
1259
dstHost->hostNumIpAddress,
1260
tmpStr);
1261
#endif
1262
updateFileList(tmpStr, BITFLAG_P2P_DOWNLOAD_MODE, srcHost);
1263
updateFileList(tmpStr, BITFLAG_P2P_UPLOAD_MODE, dstHost);
1264
theSession->isP2P = FLAG_P2P_KAZAA;
1265
}
1266
}
1267
} else if(strncmp(row, "X-Kazaa-Username", 15) == 0) {
1268
char *user;
1269
1270
row[strlen(row)-1] = '\0';
1271
1272
user = &row[18];
1273
if(strlen(user) > 48)
1274
user[48] = '\0';
1275
1276
/* traceEvent(CONST_TRACE_INFO, "DEBUG: USER='%s'", user); */
1277
1278
updateHostUsers(user, BITFLAG_P2P_USER, srcHost);
1279
theSession->isP2P = FLAG_P2P_KAZAA;
1280
}
1281
1282
row = strtok_r(NULL, "\n", &strtokState);
1283
}
1284
1285
/* printf("==>\n\n%s\n\n", rcStr); */
1286
}
1287
free(rcStr);
1288
1289
} else if (((theSession->bytesProtoSent.value > 0)
1290
|| (theSession->bytesProtoSent.value < 32))) {
1291
char *strtokState, *row;
1292
1293
if ((rcStr = (char*)malloc(packetDataLength+1)) == NULL) {
1294
traceEvent (CONST_TRACE_WARNING, "handleKazaaSession: Unable to "
1295
"allocate memory, Kazaa Session handling incomplete\n");
1296
return;
1297
}
1298
memcpy(rcStr, packetData, packetDataLength);
1299
rcStr[packetDataLength] = '\0';
1300
1301
if(strncmp(rcStr, "HTTP", 4) == 0) {
1302
row = strtok_r(rcStr, "\n", &strtokState);
1303
1304
while(row != NULL) {
1305
char *str = "X-KazaaTag: 4=";
1306
1307
if(strncmp(row, str, strlen(str)) == 0) {
1308
char *file = &row[strlen(str)];
1309
1310
file[strlen(file)-1] = '\0';
1311
#ifdef P2P_DEBUG
1312
traceEvent(CONST_TRACE_INFO, "Uploading '%s'", file);
1313
#endif
1314
updateFileList(file, BITFLAG_P2P_UPLOAD_MODE, srcHost);
1315
updateFileList(file, BITFLAG_P2P_DOWNLOAD_MODE, dstHost);
1316
theSession->isP2P = FLAG_P2P_KAZAA;
1317
break;
1318
}
1319
row = strtok_r(NULL, "\n", &strtokState);
1320
}
1321
}
1322
free(rcStr);
1323
}
1324
}
1325
1326
/* *********************************** */
1327
1328
1056
static void handleHTTPSession(const struct pcap_pkthdr *h,
1329
1057
HostTraffic *srcHost, u_short sport,
1330
1058
HostTraffic *dstHost, u_short dport,
1331
1059
u_int packetDataLength, u_char* packetData,
1332
1060
IPSession *theSession, int actualDeviceId) {
1333
char *rcStr, tmpStr[256];
1061
char *rcStr, tmpStr[256] = { '\0' };
1334
1062
struct timeval tvstrct;
1335
1063
1336
if (sport == IP_TCP_PORT_HTTP) FD_SET(FLAG_HOST_TYPE_SVC_HTTP, &srcHost->flags);
1337
if (dport == IP_TCP_PORT_HTTP) FD_SET(FLAG_HOST_TYPE_SVC_HTTP, &dstHost->flags);
1064
if (sport == IP_TCP_PORT_HTTP) setHostFlag(FLAG_HOST_TYPE_SVC_HTTP, srcHost);
1065
if (dport == IP_TCP_PORT_HTTP) setHostFlag(FLAG_HOST_TYPE_SVC_HTTP, dstHost);
1338
1066
1339
1067
if ((sport == IP_TCP_PORT_HTTP)
1340
1068
&& (theSession->bytesProtoRcvd.value == 0)) {
1363
1091
if(srcHost->protocolInfo == NULL) srcHost->protocolInfo = calloc(1, sizeof(ProtocolInfo));
1364
1092
if(dstHost->protocolInfo == NULL) dstHost->protocolInfo = calloc(1, sizeof(ProtocolInfo));
1365
1093
1366
if(srcHost->protocolInfo->httpStats == NULL) {
1367
srcHost->protocolInfo->httpStats = (ServiceStats*)malloc(sizeof(ServiceStats));
1368
memset(srcHost->protocolInfo->httpStats, 0, sizeof(ServiceStats));
1369
}
1370
1371
if(dstHost->protocolInfo->httpStats == NULL) {
1372
dstHost->protocolInfo->httpStats = (ServiceStats*)malloc(sizeof(ServiceStats));
1373
memset(dstHost->protocolInfo->httpStats, 0, sizeof(ServiceStats));
1374
}
1375
1094
/* Fix courtesy of Ronald Roskens <ronr@econet.com> */
1095
allocHostTrafficCounterMemory(srcHost, protocolInfo->httpStats, sizeof(ServiceStats));
1096
allocHostTrafficCounterMemory(dstHost, protocolInfo->httpStats, sizeof(ServiceStats));
1097
1376
1098
rc = atoi(&tmpStr[9]);
1377
1099
1378
1100
if(rc == 200) /* HTTP/1.1 200 OK */ {
1379
incrementTrafficCounter(&srcHost->protocolInfo->httpStats->numPositiveReplSent, 1);
1380
incrementTrafficCounter(&dstHost->protocolInfo->httpStats->numPositiveReplRcvd, 1);
1101
incrementHostTrafficCounter(srcHost, protocolInfo->httpStats->numPositiveReplSent, 1);
1102
incrementHostTrafficCounter(dstHost, protocolInfo->httpStats->numPositiveReplRcvd, 1);
1381
1103
} else {
1382
incrementTrafficCounter(&srcHost->protocolInfo->httpStats->numNegativeReplSent, 1);
1383
incrementTrafficCounter(&dstHost->protocolInfo->httpStats->numNegativeReplRcvd, 1);
1104
incrementHostTrafficCounter(srcHost, protocolInfo->httpStats->numNegativeReplSent, 1);
1105
incrementHostTrafficCounter(dstHost, protocolInfo->httpStats->numNegativeReplRcvd, 1);
1384
1106
}
1385
1107
1386
1108
if(microSecTimeDiff > 0) {
1448
1170
if(srcHost->protocolInfo == NULL) srcHost->protocolInfo = calloc(1, sizeof(ProtocolInfo));
1449
1171
if(dstHost->protocolInfo == NULL) dstHost->protocolInfo = calloc(1, sizeof(ProtocolInfo));
1450
1172
1451
if(srcHost->protocolInfo->httpStats == NULL) {
1452
srcHost->protocolInfo->httpStats = (ServiceStats*)malloc(sizeof(ServiceStats));
1453
memset(srcHost->protocolInfo->httpStats, 0, sizeof(ServiceStats));
1454
}
1455
if(dstHost->protocolInfo->httpStats == NULL) {
1456
dstHost->protocolInfo->httpStats = (ServiceStats*)malloc(sizeof(ServiceStats));
1457
memset(dstHost->protocolInfo->httpStats, 0, sizeof(ServiceStats));
1458
}
1459
1460
if(subnetLocalHost(dstHost))
1461
incrementTrafficCounter(&srcHost->protocolInfo->httpStats->numLocalReqSent, 1);
1462
else
1463
incrementTrafficCounter(&srcHost->protocolInfo->httpStats->numRemReqSent, 1);
1464
1465
if(subnetLocalHost(srcHost))
1466
incrementTrafficCounter(&dstHost->protocolInfo->httpStats->numLocalReqRcvd, 1);
1467
else
1468
incrementTrafficCounter(&dstHost->protocolInfo->httpStats->numRemReqRcvd, 1);
1173
/* Fix courtesy of Ronald Roskens <ronr@econet.com> */
1174
allocHostTrafficCounterMemory(srcHost, protocolInfo->httpStats, sizeof(ServiceStats));
1175
allocHostTrafficCounterMemory(dstHost, protocolInfo->httpStats, sizeof(ServiceStats));
1176
1177
if(subnetLocalHost(dstHost)) {
1178
incrementHostTrafficCounter(srcHost, protocolInfo->httpStats->numLocalReqSent, 1);
1179
} else {
1180
incrementHostTrafficCounter(srcHost, protocolInfo->httpStats->numRemReqSent, 1);
1181
}
1182
1183
if(subnetLocalHost(srcHost)) {
1184
incrementHostTrafficCounter(dstHost, protocolInfo->httpStats->numLocalReqRcvd, 1);
1185
} else {
1186
incrementHostTrafficCounter(dstHost, protocolInfo->httpStats->numRemReqRcvd, 1);
1187
}
1469
1188
1470
1189
row = strtok_r(rcStr, "\n", &strtokState);
1471
1190
1473
1192
int len = strlen(row);
1474
1193
1475
1194
if((len > 12) && (strncmp(row, "User-Agent:", 11) == 0)) {
1476
char *token, *tokState, *browser = NULL, *os = NULL;
1195
char *token, *tokState = NULL, *browser = NULL, *os = NULL;
1477
1196
1478
1197
row[len-1] = '\0';
1479
1198
1523
1242
if((delimiter = strchr(buffer, '(')) != NULL) delimiter[0] = '\0';
1524
1243
if((delimiter = strchr(buffer, ')')) != NULL) delimiter[0] = '\0';
1525
1244
1526
accessAddrResMutex("makeHostLink");
1527
1245
srcHost->fingerprint = strdup(buffer);
1528
releaseAddrResMutex();
1529
1246
}
1530
1247
}
1531
1248
break;
1588
1305
char tmpStr[256];
1589
1306
1590
1307
if((theSession->sessionState == FLAG_STATE_ACTIVE)
1591
&& ((theSession->nwLatency.tv_sec != 0)
1592
|| (theSession->nwLatency.tv_usec != 0))
1308
&& ((theSession->clientNwDelay.tv_sec != 0) || (theSession->clientNwDelay.tv_usec != 0)
1309
|| (theSession->serverNwDelay.tv_sec != 0) || (theSession->serverNwDelay.tv_usec != 0)
1310
)
1593
1311
) {
1594
1312
/* This session started *after* ntop started (i.e. ntop
1595
1313
didn't miss the beginning of the session). If the session
1671
1389
/*
1672
1390
* Security checks based on TCP Flags
1673
1391
*/
1674
if((tp->th_flags == TH_ACK) && (theSession->sessionState == FLAG_FLAG_STATE_SYN_ACK)) {
1392
if((tp->th_flags == TH_ACK) && (theSession->sessionState == FLAG_STATE_SYN_ACK)) {
1675
1393
allocateSecurityHostPkts(srcHost); allocateSecurityHostPkts(dstHost);
1676
1394
incrementUsageCounter(&srcHost->secHostPkts->establishedTCPConnSent, dstHost, actualDeviceId);
1677
1395
incrementUsageCounter(&dstHost->secHostPkts->establishedTCPConnRcvd, srcHost, actualDeviceId);
1678
1396
incrementTrafficCounter(&myGlobals.device[actualDeviceId].securityPkts.establishedTCPConn, 1);
1679
1397
incrementTrafficCounter(&myGlobals.device[actualDeviceId].numEstablishedTCPConnections, 1);
1398
theSession->sessionState = FLAG_STATE_ACTIVE;
1680
1399
}
1681
1400
else if ((addedNewEntry == 0)
1682
1401
&& ((theSession->sessionState == FLAG_STATE_SYN)
1683
|| (theSession->sessionState == FLAG_FLAG_STATE_SYN_ACK))
1402
|| (theSession->sessionState == FLAG_STATE_SYN_ACK))
1684
1403
&& (!(tp->th_flags & TH_RST))) {
1685
1404
allocateSecurityHostPkts(srcHost); allocateSecurityHostPkts(dstHost);
1686
1405
if(sport > dport) {
1860
1579
|| ((dport >= minPort) && (dport <= maxPort)));
1861
1580
}
1862
1581
1582
/* ****************************************************** */
1583
1584
static void timeval_diff(struct timeval *begin,
1585
struct timeval *end, struct timeval *result) {
1586
if(end->tv_sec >= begin->tv_sec) {
1587
result->tv_sec = end->tv_sec-begin->tv_sec;
1588
1589
if((end->tv_usec - begin->tv_usec) < 0) {
1590
result->tv_usec = 1000000 + end->tv_usec - begin->tv_usec;
1591
if(result->tv_usec > 1000000) begin->tv_usec = 1000000;
1592
result->tv_sec--;
1593
} else
1594
result->tv_usec = end->tv_usec-begin->tv_usec;
1595
1596
result->tv_sec /= 2, result->tv_usec /= 2;
1597
} else
1598
result->tv_sec = 0, result->tv_usec = 0;
1599
}
1600
1601
/* *********************************** */
1602
1603
static void updateNetworkDelay(NetworkDelay *delayStats,
1604
HostSerial *peer, u_int16_t peer_port,
1605
struct timeval *delay,
1606
struct timeval *when,
1607
int port_idx) {
1608
u_long int_delay;
1609
1610
if(0)
1611
traceEvent(CONST_TRACE_WARNING,
1612
"updateNetworkDelay(port=%d [idx=%d], delay=%.2f ms)",
1613
peer_port, port_idx, (float)int_delay/1000);
1614
1615
if(port_idx == -1) return;
1616
1617
int_delay = delay->tv_sec * 1000000 + delay->tv_usec;
1618
if((when->tv_sec == 0) && (when->tv_usec == 0)) gettimeofday(when, NULL);
1619
memcpy(&delayStats[port_idx].last_update, when, sizeof(struct timeval));
1620
1621
if(delayStats[port_idx].min_nw_delay == 0)
1622
delayStats[port_idx].min_nw_delay = int_delay;
1623
else
1624
delayStats[port_idx].min_nw_delay = min(delayStats[port_idx].min_nw_delay, int_delay);
1625
1626
if(delayStats[port_idx].max_nw_delay == 0)
1627
delayStats[port_idx].max_nw_delay = int_delay;
1628
else
1629
delayStats[port_idx].max_nw_delay = max(delayStats[port_idx].max_nw_delay, int_delay);
1630
1631
delayStats[port_idx].total_delay += int_delay, delayStats[port_idx].num_samples++;
1632
delayStats[port_idx].peer_port = peer_port;
1633
memcpy(&delayStats[port_idx].last_peer, peer, sizeof(HostSerial));
1634
}
1635
1636
/* *********************************** */
1637
1638
void updatePeersDelayStats(HostTraffic *peer_a,
1639
HostSerial *peer_b_serial,
1640
u_int16_t port,
1641
struct timeval *nwDelay,
1642
struct timeval *synAckTime,
1643
struct timeval *ackTime,
1644
u_char is_client_delay,
1645
int port_idx) {
1646
/* traceEvent(CONST_TRACE_WARNING, "----------> updateSessionDelayStats()"); */
1647
1648
if((!subnetPseudoLocalHost(peer_a)) || (port_idx == -1)) return;
1649
1650
if(is_client_delay) {
1651
if((nwDelay->tv_sec > 0) || (nwDelay->tv_usec > 0)) {
1652
if(peer_a->clientDelay == NULL)
1653
peer_a->clientDelay = (NetworkDelay*)calloc(sizeof(NetworkDelay),
1654
myGlobals.ipPortMapper.numSlots);
1655
1656
if(peer_a->clientDelay == NULL) {
1657
traceEvent(CONST_TRACE_ERROR, "Sanity check failed [Low memory?]");
1658
return;
1659
}
1660
1661
updateNetworkDelay(peer_a->clientDelay,
1662
peer_b_serial,
1663
port,
1664
nwDelay,
1665
synAckTime,
1666
port_idx);
1667
}
1668
} else {
1669
if((nwDelay->tv_sec > 0) || (nwDelay->tv_usec > 0)) {
1670
if(peer_a->serverDelay == NULL)
1671
peer_a->serverDelay = (NetworkDelay*)calloc(sizeof(NetworkDelay),
1672
myGlobals.ipPortMapper.numSlots);
1673
if(peer_a->serverDelay == NULL) {
1674
traceEvent(CONST_TRACE_ERROR, "Sanity check failed [Low memory?]");
1675
return;
1676
}
1677
1678
updateNetworkDelay(peer_a->serverDelay,
1679
peer_b_serial,
1680
port,
1681
nwDelay,
1682
ackTime,
1683
port_idx);
1684
}
1685
}
1686
}
1687
1688
/* *********************************** */
1689
1690
void updateSessionDelayStats(IPSession* session) {
1691
int port_idx, port;
1692
1693
/* traceEvent(CONST_TRACE_WARNING, "----------> updateSessionDelayStats()"); */
1694
1695
port = session->dport;
1696
if((port_idx = mapGlobalToLocalIdx(port)) == -1) {
1697
port = session->sport;
1698
if((port_idx = mapGlobalToLocalIdx(port)) == -1) {
1699
return;
1700
}
1701
}
1702
1703
if(subnetPseudoLocalHost(session->initiator))
1704
updatePeersDelayStats(session->initiator,
1705
&session->remotePeer->hostSerial,
1706
port,
1707
&session->clientNwDelay,
1708
&session->synAckTime,
1709
NULL, 1 /* client */, port_idx);
1710
1711
if(subnetPseudoLocalHost(session->remotePeer))
1712
updatePeersDelayStats(session->remotePeer,
1713
&session->initiator->hostSerial,
1714
port,
1715
&session->serverNwDelay,
1716
NULL,
1717
&session->ackTime,
1718
0 /* server */, port_idx);
1719
}
1720
1863
1721
/* *********************************** */
1864
1722
1865
1723
static IPSession* handleTCPSession(const struct pcap_pkthdr *h,
1866
1724
u_short fragmentedData, u_int tcpWin,
1867
1725
HostTraffic *srcHost, u_short sport,
1868
1726
HostTraffic *dstHost, u_short dport,
1869
u_int length, struct tcphdr *tp,
1727
u_int sent_length, u_int rcvd_length /* Always 0 except for NetFlow v9 */,
1728
struct tcphdr *tp,
1870
1729
u_int packetDataLength, u_char* packetData,
1871
1730
int actualDeviceId, u_short *newSession) {
1872
1731
IPSession *prevSession;
1877
1736
u_short check, found=0;
1878
1737
HostTraffic *hostToUpdate = NULL;
1879
1738
u_char *rcStr, tmpStr[256];
1880
int len = 0;
1739
int len = 0, mutex_idx;
1881
1740
char *pnotes, *snotes, *dnotes;
1882
1741
/* Latency measurement */
1883
1742
char buf[32], buf1[32];
1884
1743
memset(&buf, 0, sizeof(buf));
1885
1744
memset(&buf1, 0, sizeof(buf1));
1886
1745
1887
accessMutex(&myGlobals.tcpSessionsMutex, "handleTCPSession");
1888
1889
idx = computeIdx(&srcHost->hostIpAddress, &dstHost->hostIpAddress, sport, dport);
1890
idx %= MAX_TOT_NUM_SESSIONS;
1891
1746
idx = computeIdx(&srcHost->hostIpAddress, &dstHost->hostIpAddress, sport, dport) % MAX_TOT_NUM_SESSIONS;
1747
mutex_idx = idx % NUM_SESSION_MUTEXES;
1748
1749
accessMutex(&myGlobals.tcpSessionsMutex[mutex_idx], "handleTCPSession");
1892
1750
prevSession = theSession = myGlobals.device[actualDeviceId].tcpSession[idx];
1893
1751
1752
#ifdef DEBUG
1753
traceEvent(CONST_TRACE_INFO, "handleTCPSession [%s%s%s%s%s]",
1754
(tp->th_flags & TH_SYN) ? " SYN" : "",
1755
(tp->th_flags & TH_ACK) ? " ACK" : "",
1756
(tp->th_flags & TH_FIN) ? " FIN" : "",
1757
(tp->th_flags & TH_RST) ? " RST" : "",
1758
(tp->th_flags & TH_PUSH) ? " PUSH" : "");
1759
#endif
1760
1894
1761
while(theSession != NULL) {
1895
1762
if(theSession && (theSession->next == theSession)) {
1896
1763
traceEvent(CONST_TRACE_WARNING, "Internal Error (4) (idx=%d)", idx);
1924
1791
1925
1792
if(!found) {
1926
1793
/* New Session */
1927
#ifdef DEBUG
1928
printf("DEBUG: NEW ");
1929
#endif
1930
1931
1794
(*newSession) = 1; /* This is a new session */
1932
1795
incrementTrafficCounter(&myGlobals.device[actualDeviceId].tcpGlobalTrafficStats.totalFlows,
1933
1796
2 /* 2 x monodirectional flows */);
1941
1804
myGlobals.runningPref.maxNumSessions);
1942
1805
}
1943
1806
1944
releaseMutex(&myGlobals.tcpSessionsMutex);
1807
releaseMutex(&myGlobals.tcpSessionsMutex[mutex_idx]);
1945
1808
return(NULL);
1946
1809
}
1947
1810
1967
1830
#endif
1968
1831
1969
1832
if((theSession = (IPSession*)malloc(sizeof(IPSession))) == NULL) {
1970
releaseMutex(&myGlobals.tcpSessionsMutex);
1833
releaseMutex(&myGlobals.tcpSessionsMutex[mutex_idx]);
1971
1834
return(NULL);
1972
1835
}
1973
1836
1975
1838
addedNewEntry = 1;
1976
1839
1977
1840
if(tp && (tp->th_flags == TH_SYN)) {
1978
theSession->nwLatency.tv_sec = h->ts.tv_sec;
1979
theSession->nwLatency.tv_usec = h->ts.tv_usec;
1841
theSession->synTime.tv_sec = h->ts.tv_sec;
1842
theSession->synTime.tv_usec = h->ts.tv_usec;
1980
1843
theSession->sessionState = FLAG_STATE_SYN;
1981
}
1844
/* traceEvent(CONST_TRACE_ERROR, "DEBUG: SYN [%d.%d]", h->ts.tv_sec, h->ts.tv_usec); */
1845
}
1982
1846
1983
1847
theSession->magic = CONST_MAGIC_NUMBER;
1984
1848
2015
1879
2016
1880
theSession->firstSeen = myGlobals.actTime;
2017
1881
flowDirection = FLAG_CLIENT_TO_SERVER;
1882
1883
notifyEvent(sessionCreation, NULL, theSession, 0);
1884
} /* End of new session branch */
1885
1886
/* traceEvent(CONST_TRACE_ERROR, "--> DEBUG: [state=%d][flags=%d]", theSession->sessionState, tp->th_flags); */
1887
if(tp
1888
&& (theSession->sessionState == FLAG_STATE_SYN)
1889
&& (tp->th_flags == (TH_SYN | TH_ACK))) {
1890
theSession->synAckTime.tv_sec = h->ts.tv_sec;
1891
theSession->synAckTime.tv_usec = h->ts.tv_usec;
1892
timeval_diff(&theSession->synTime, (struct timeval*)&h->ts, &theSession->serverNwDelay);
1893
/* Sanity check */
1894
if(theSession->serverNwDelay.tv_sec > 1000) {
1895
/*
1896
This value seems to be wrong so it's better to ignore it
1897
rather than showing a false/wrong/dummy value
1898
*/
1899
theSession->serverNwDelay.tv_usec = theSession->serverNwDelay.tv_sec = 0;
1900
}
1901
1902
theSession->sessionState = FLAG_STATE_SYN_ACK;
1903
/* traceEvent(CONST_TRACE_ERROR, "DEBUG: SYN_ACK [%d.%d]", h->ts.tv_sec, h->ts.tv_usec); */
1904
} else if(tp
1905
&& (theSession->sessionState == FLAG_STATE_SYN_ACK)
1906
&& (tp->th_flags == TH_ACK)) {
1907
theSession->ackTime.tv_sec = h->ts.tv_sec;
1908
theSession->ackTime.tv_usec = h->ts.tv_usec;
1909
1910
/* traceEvent(CONST_TRACE_ERROR, "DEBUG: ACK [%d.%d]", h->ts.tv_sec, h->ts.tv_usec); */
1911
1912
if(theSession->synTime.tv_sec > 0) {
1913
timeval_diff(&theSession->synAckTime, (struct timeval*)&h->ts, &theSession->clientNwDelay);
1914
/* Sanity check */
1915
if(theSession->clientNwDelay.tv_sec > 1000) {
1916
/*
1917
This value seems to be wrong so it's better to ignore it
1918
rather than showing a false/wrong/dummy value
1919
*/
1920
theSession->clientNwDelay.tv_usec = theSession->clientNwDelay.tv_sec = 0;
1921
}
1922
1923
updateSessionDelayStats(theSession);
1924
}
1925
1926
/*
1927
traceEvent(CONST_TRACE_ERROR, "DEBUG: ** FLAG_STATE_ACTIVE ** [client=%d.%d][server=%d.%d]",
1928
theSession->clientNwDelay.tv_sec, theSession->clientNwDelay.tv_usec,
1929
theSession->serverNwDelay.tv_sec, theSession->serverNwDelay.tv_usec);
1930
*/
1931
1932
theSession->sessionState = FLAG_STATE_ACTIVE;
2018
1933
}
2019
1934
2020
1935
if(tp)
2032
1947
else
2033
1948
len = packetDataLength;
2034
1949
2035
#ifdef HAVE_LIBPCRE
2036
if(myGlobals.runningPref.enableL7)
2037
l7SessionProtoDetection(theSession, packetDataLength, packetData);
2038
#endif
2039
2040
1950
if(myGlobals.runningPref.enablePacketDecoding
2041
1951
&& ((theSession->bytesProtoSent.value > 0) && (theSession->bytesProtoSent.value < 128))
2042
1952
/* Reduce protocol decoding effort */
2047
1957
packetDataLength, packetData, theSession,
2048
1958
actualDeviceId);
2049
1959
} else if((dport == IP_TCP_PORT_KAZAA) && (packetDataLength > 0)) {
2050
handleKazaaSession(h, srcHost, sport, dstHost, dport,
2051
packetDataLength, packetData, theSession,
2052
actualDeviceId);
1960
theSession->isP2P = FLAG_P2P_KAZAA;
2053
1961
} else if (((dport == IP_TCP_PORT_GNUTELLA1) ||
2054
1962
(dport == IP_TCP_PORT_GNUTELLA2) ||
2055
1963
(dport == IP_TCP_PORT_GNUTELLA3))
2056
1964
&& (packetDataLength > 0)) {
2057
handleGnutellaSession(h, srcHost, sport, dstHost, dport,
2058
packetDataLength, packetData, theSession,
2059
actualDeviceId);
2060
} else if((dport == IP_TCP_PORT_WINMX) && (packetDataLength > 0)) {
2061
handleWinMxSession(h, srcHost, sport, dstHost, dport,
2062
packetDataLength, packetData, theSession,
2063
actualDeviceId);
1965
theSession->isP2P = FLAG_P2P_GNUTELLA;
2064
1966
} else if (((sport == IP_TCP_PORT_MSMSGR) ||
2065
1967
(dport == IP_TCP_PORT_MSMSGR))
2066
1968
&& (packetDataLength > 0)) {
2067
1969
handleMsnMsgrSession(h, srcHost, sport, dstHost, dport,
2068
1970
packetDataLength, packetData, theSession,
2069
1971
actualDeviceId);
2070
} else if(((sport == IP_TCP_PORT_SMTP) ||
2071
(dport == IP_TCP_PORT_SMTP))
1972
} else if(((sport == IP_TCP_PORT_SMTP) || (dport == IP_TCP_PORT_SMTP))
2072
1973
&& (theSession->sessionState == FLAG_STATE_ACTIVE)) {
2073
1974
handleSMTPSession(h, srcHost, sport, dstHost, dport,
2074
1975
packetDataLength, packetData, theSession,
2075
1976
actualDeviceId);
2076
} else if(((sport == IP_TCP_PORT_FTP) ||
2077
(dport == IP_TCP_PORT_FTP))
1977
} else if(((sport == IP_TCP_PORT_FTP) || (dport == IP_TCP_PORT_FTP))
2078
1978
&& (theSession->sessionState == FLAG_STATE_ACTIVE)) {
2079
1979
handleFTPSession(h, srcHost, sport, dstHost, dport,
2080
1980
packetDataLength, packetData, theSession,
2082
1982
} else if(((dport == IP_TCP_PORT_PRINTER) || (sport == IP_TCP_PORT_PRINTER))
2083
1983
&& (theSession->sessionState == FLAG_STATE_ACTIVE)) {
2084
1984
if(sport == IP_TCP_PORT_PRINTER)
2085
FD_SET(FLAG_HOST_TYPE_PRINTER, &srcHost->flags);
1985
setHostFlag(FLAG_HOST_TYPE_PRINTER, srcHost);
2086
1986
else
2087
FD_SET(FLAG_HOST_TYPE_PRINTER, &dstHost->flags);
1987
setHostFlag(FLAG_HOST_TYPE_PRINTER, dstHost);
2088
1988
} else if(((sport == IP_TCP_PORT_POP2) || (sport == IP_TCP_PORT_POP3)
2089
1989
|| (dport == IP_TCP_PORT_POP2) || (dport == IP_TCP_PORT_POP3))
2090
1990
&& (theSession->sessionState == FLAG_STATE_ACTIVE)) {
2107
2007
/* Further decoders */
2108
2008
if((!theSession->isP2P)
2109
2009
&& (packetDataLength > 0)
2110
&& ((theSession->bytesProtoSent.value > 0) && (theSession->bytesProtoSent.value < 1400))) {
2010
&& ((theSession->bytesProtoSent.value > 0)
2011
&& (theSession->bytesProtoSent.value < 1400))) {
2111
2012
rcStr = (u_char*)malloc(len+1);
2112
2013
memcpy(rcStr, packetData, len);
2113
2014
rcStr[len-1] = '\0';
2114
2015
2115
/* See dcplusplus.sourceforge.net */
2116
if(portRange(sport, dport, 411, 412)
2117
|| (!strncmp((char*)rcStr, "$Connect", 8))
2118
|| (!strncmp((char*)rcStr, "$Direction", 10))
2119
|| (!strncmp((char*)rcStr, "$Hello", 6))
2120
|| (!strncmp((char*)rcStr, "$Key", 4))
2121
|| (!strncmp((char*)rcStr, "$Lock", 5))
2122
|| (!strncmp((char*)rcStr, "$MyInfo", 7))
2123
|| (!strncmp((char*)rcStr, "$Pin", 4))
2124
|| (!strncmp((char*)rcStr, "$Quit", 5))
2125
|| (!strncmp((char*)rcStr, "$Send", 5))
2126
|| (!strncmp((char*)rcStr, "$SR", 3))
2127
|| (!strncmp((char*)rcStr, "$Search", 7))) {
2128
theSession->isP2P = FLAG_P2P_DIRECTCONNECT;
2129
updateFileList(UNKNOWN_P2P_FILE, BITFLAG_P2P_DOWNLOAD_MODE, srcHost);
2130
updateFileList(UNKNOWN_P2P_FILE, BITFLAG_P2P_UPLOAD_MODE, dstHost);
2131
} else if(!strncmp((char*)rcStr, "$MyNick", 7)) {
2132
theSession->isP2P = FLAG_P2P_DIRECTCONNECT;
2133
updateHostUsers(strtok((char*)&rcStr[8], "|"), BITFLAG_P2P_USER, srcHost);
2134
updateFileList(UNKNOWN_P2P_FILE, BITFLAG_P2P_DOWNLOAD_MODE, srcHost);
2135
updateFileList(UNKNOWN_P2P_FILE, BITFLAG_P2P_UPLOAD_MODE, dstHost);
2136
} else if(!strncmp((char*)rcStr, "$Get", 4)) {
2137
char *file = strtok((char*)&rcStr[5], "$");
2138
theSession->isP2P = FLAG_P2P_DIRECTCONNECT;
2139
updateFileList(file, BITFLAG_P2P_DOWNLOAD_MODE, srcHost);
2140
updateFileList(file, BITFLAG_P2P_UPLOAD_MODE, dstHost);
2141
} else if(portRange(sport, dport, 4661, 4665)
2016
if(portRange(sport, dport, 4661, 4665)
2142
2017
|| (rcStr[0] == 0xE3) || (rcStr[0] == 0xC5)) {
2143
2018
/* Skype uses the eDonkey protocol so we must male sure that
2144
2019
we don't mix them */
2147
2022
theSession->voipSession = 1;
2148
2023
} else {
2149
2024
theSession->isP2P = FLAG_P2P_EDONKEY;
2150
updateFileList(UNKNOWN_P2P_FILE, BITFLAG_P2P_DOWNLOAD_MODE, srcHost);
2151
updateFileList(UNKNOWN_P2P_FILE, BITFLAG_P2P_UPLOAD_MODE, dstHost);
2152
2025
}
2153
2026
} else if(portRange(sport, dport, 6881, 6889)
2154
2027
|| portRange(sport, dport, 6969, 6969)
2159
2032
|| (strstr((char*)rcStr, "GET TrackPak") != NULL)
2160
2033
|| (strstr((char*)rcStr, "BitTorrent") != NULL)) {
2161
2034
theSession->isP2P = FLAG_P2P_BITTORRENT;
2162
updateFileList(UNKNOWN_P2P_FILE, BITFLAG_P2P_DOWNLOAD_MODE, srcHost);
2163
updateFileList(UNKNOWN_P2P_FILE, BITFLAG_P2P_UPLOAD_MODE, dstHost);
2164
2035
} else if(portRange(sport, dport, 6346, 6347)
2165
2036
|| (!strncmp((char*)rcStr, "GNUTELLA", 8))
2166
2037
|| (!strncmp((char*)rcStr, "GIV", 3))
2167
2038
|| (!strncmp((char*)rcStr, "GET /uri-res/", 13))) {
2168
2039
theSession->isP2P = FLAG_P2P_GNUTELLA;
2169
updateFileList(UNKNOWN_P2P_FILE, BITFLAG_P2P_DOWNLOAD_MODE, srcHost);
2170
updateFileList(UNKNOWN_P2P_FILE, BITFLAG_P2P_UPLOAD_MODE, dstHost);
2171
2040
} else if((!strncmp((char*)rcStr, "GET hash:", 9))
2172
2041
|| (!strncmp((char*)rcStr, "PUSH", 4))
2173
2042
|| (!strncmp((char*)rcStr, "GET /uri-res/", 12))) {
2174
2043
/* Ares */
2175
2044
theSession->isP2P = FLAG_P2P_OTHER_PROTOCOL;
2176
updateFileList(UNKNOWN_P2P_FILE, BITFLAG_P2P_DOWNLOAD_MODE, srcHost);
2177
updateFileList(UNKNOWN_P2P_FILE, BITFLAG_P2P_UPLOAD_MODE, dstHost);
2178
2045
} else if((!strncmp((char*)rcStr, "GET /$$$$$$$$$/", 15))) {
2179
2046
/* EarthStation5 */
2180
2047
theSession->isP2P = FLAG_P2P_OTHER_PROTOCOL;
2181
updateFileList(UNKNOWN_P2P_FILE, BITFLAG_P2P_DOWNLOAD_MODE, srcHost);
2182
updateFileList(UNKNOWN_P2P_FILE, BITFLAG_P2P_UPLOAD_MODE, dstHost);
2183
2048
}
2184
2049
2185
2050
free(rcStr);
2190
2055
2191
2056
switch(sport) {
2192
2057
case IP_TCP_PORT_FTP:
2193
FD_SET(FLAG_HOST_TYPE_SVC_FTP, &srcHost->flags);
2058
setHostFlag(FLAG_HOST_TYPE_SVC_FTP, srcHost);
2194
2059
break;
2195
2060
case IP_TCP_PORT_SMTP:
2196
FD_SET(FLAG_HOST_TYPE_SVC_SMTP, &srcHost->flags);
2061
setHostFlag(FLAG_HOST_TYPE_SVC_SMTP, srcHost);
2197
2062
break;
2198
2063
case IP_TCP_PORT_HTTP:
2199
2064
case IP_TCP_PORT_HTTPS:
2200
FD_SET(FLAG_HOST_TYPE_SVC_HTTP, &srcHost->flags);
2065
setHostFlag(FLAG_HOST_TYPE_SVC_HTTP, srcHost);
2201
2066
break;
2202
2067
case IP_TCP_PORT_POP2:
2203
2068
case IP_TCP_PORT_POP3:
2204
FD_SET(FLAG_HOST_TYPE_SVC_POP, &srcHost->flags);
2069
setHostFlag(FLAG_HOST_TYPE_SVC_POP, srcHost);
2205
2070
break;
2206
2071
case IP_TCP_PORT_IMAP:
2207
FD_SET(FLAG_HOST_TYPE_SVC_IMAP, &srcHost->flags);
2072
setHostFlag(FLAG_HOST_TYPE_SVC_IMAP, srcHost);
2208
2073
break;
2209
2074
case IP_TCP_PORT_PRINTER:
2210
2075
case IP_TCP_PORT_JETDIRECT:
2211
FD_SET(FLAG_HOST_TYPE_PRINTER, &srcHost->flags);
2076
setHostFlag(FLAG_HOST_TYPE_PRINTER, srcHost);
2212
2077
break;
2213
2078
}
2214
2079
2215
2080
switch(dport) {
2216
2081
case IP_TCP_PORT_FTP:
2217
FD_SET(FLAG_HOST_TYPE_SVC_FTP, &dstHost->flags);
2082
setHostFlag(FLAG_HOST_TYPE_SVC_FTP, dstHost);
2218
2083
break;
2219
2084
case IP_TCP_PORT_SMTP:
2220
FD_SET(FLAG_HOST_TYPE_SVC_SMTP, &dstHost->flags);
2085
setHostFlag(FLAG_HOST_TYPE_SVC_SMTP, dstHost);
2221
2086
break;
2222
2087
case IP_TCP_PORT_HTTP:
2223
2088
case IP_TCP_PORT_HTTPS:
2224
FD_SET(FLAG_HOST_TYPE_SVC_HTTP, &dstHost->flags);
2089
setHostFlag(FLAG_HOST_TYPE_SVC_HTTP, dstHost);
2225
2090
break;
2226
2091
case IP_TCP_PORT_POP2:
2227
2092
case IP_TCP_PORT_POP3:
2228
FD_SET(FLAG_HOST_TYPE_SVC_POP, &dstHost->flags);
2093
setHostFlag(FLAG_HOST_TYPE_SVC_POP, dstHost);
2229
2094
break;
2230
2095
case IP_TCP_PORT_IMAP:
2231
FD_SET(FLAG_HOST_TYPE_SVC_IMAP, &dstHost->flags);
2096
setHostFlag(FLAG_HOST_TYPE_SVC_IMAP, dstHost);
2232
2097
break;
2233
2098
case IP_TCP_PORT_PRINTER:
2234
2099
case IP_TCP_PORT_JETDIRECT:
2235
FD_SET(FLAG_HOST_TYPE_PRINTER, &dstHost->flags);
2100
setHostFlag(FLAG_HOST_TYPE_PRINTER, dstHost);
2236
2101
break;
2237
2102
}
2238
2103
}
2295
2160
if((theSession->maxWindow < tcpWin) || (theSession->maxWindow == 0))
2296
2161
theSession->maxWindow = tcpWin;
2297
2162
2298
#ifdef DEBUG
2299
printf("DEBUG: sessionsState=%d\n", theSession->sessionState);
2300
#endif
2301
2302
2163
if((theSession->lastFlags == (TH_SYN|TH_ACK)) && (theSession->sessionState == FLAG_STATE_SYN)) {
2303
theSession->sessionState = FLAG_FLAG_STATE_SYN_ACK;
2304
} else if((theSession->lastFlags == TH_ACK) && (theSession->sessionState == FLAG_FLAG_STATE_SYN_ACK)) {
2305
if(h->ts.tv_sec >= theSession->nwLatency.tv_sec) {
2306
theSession->nwLatency.tv_sec = h->ts.tv_sec-theSession->nwLatency.tv_sec;
2307
2308
if((h->ts.tv_usec - theSession->nwLatency.tv_usec) < 0) {
2309
theSession->nwLatency.tv_usec = 1000000 + h->ts.tv_usec - theSession->nwLatency.tv_usec;
2310
if(theSession->nwLatency.tv_usec > 1000000) theSession->nwLatency.tv_usec = 1000000;
2311
theSession->nwLatency.tv_sec--;
2312
} else
2313
theSession->nwLatency.tv_usec = h->ts.tv_usec-theSession->nwLatency.tv_usec;
2314
2315
theSession->nwLatency.tv_sec /= 2;
2316
theSession->nwLatency.tv_usec /= 2;
2317
2318
/* Sanity check */
2319
if(theSession->nwLatency.tv_sec > 1000) {
2320
/*
2321
This value seems to be wrong so it's better to ignore it
2322
rather than showing a false/wrong/dummy value
2323
*/
2324
theSession->nwLatency.tv_usec = theSession->nwLatency.tv_sec = 0;
2325
#ifdef LATENCY_DEBUG
2326
traceEvent(CONST_TRACE_NOISY, "LATENCY: %s:%d->%s:%d invalid (too big), ignored",
2327
_addrtostr(&theSession->initiatorRealIp, buf, sizeof(buf)),
2328
theSession->sport,
2329
_addrtostr(&theSession->remotePeerRealIp, buf1, sizeof(buf1)),
2330
theSession->dport);
2331
#endif
2332
} else {
2333
if(0)
2334
traceEvent(CONST_TRACE_NOISY, "LATENCY: %s:%d->%s:%d is %d us",
2335
_addrtostr(&theSession->initiatorRealIp, buf, sizeof(buf)),
2336
theSession->sport,
2337
_addrtostr(&theSession->remotePeerRealIp, buf1, sizeof(buf1)),
2338
theSession->dport,
2339
(int)(theSession->nwLatency.tv_sec * 1000000 + theSession->nwLatency.tv_usec));
2340
}
2341
2342
theSession->sessionState = FLAG_STATE_ACTIVE;
2343
} else {
2344
/* The latency value is negative. There's something wrong so let's drop it */
2345
theSession->nwLatency.tv_usec = theSession->nwLatency.tv_sec = 0;
2346
#ifdef LATENCY_DEBUG
2347
traceEvent(CONST_TRACE_NOISY, "LATENCY: %s:%d->%s:%d invalid (negative), ignored",
2348
_addrtostr(&theSession->initiatorRealIp, buf, sizeof(buf)),
2349
theSession->sport,
2350
_addrtostr(&theSession->remotePeerRealIp, buf1, sizeof(buf1)),
2351
theSession->dport);
2352
#endif
2353
}
2354
2164
theSession->sessionState = FLAG_STATE_SYN_ACK;
2165
} else if((theSession->lastFlags == TH_ACK) && (theSession->sessionState == FLAG_STATE_SYN_ACK)) {
2166
if(1)
2167
traceEvent(CONST_TRACE_NOISY, "LATENCY: %s:%d->%s:%d [CND: %d us][SND: %d us]",
2168
_addrtostr(&theSession->initiatorRealIp, buf, sizeof(buf)),
2169
theSession->sport,
2170
_addrtostr(&theSession->remotePeerRealIp, buf1, sizeof(buf1)),
2171
theSession->dport,
2172
(int)(theSession->clientNwDelay.tv_sec * 1000000 + theSession->clientNwDelay.tv_usec),
2173
(int)(theSession->serverNwDelay.tv_sec * 1000000 + theSession->serverNwDelay.tv_usec)
2174
);
2175
2176
theSession->sessionState = FLAG_STATE_ACTIVE;
2177
}
2178
2179
#ifdef DEBUG
2180
traceEvent(CONST_TRACE_WARNING, "DEBUG: sessionsState=%d\n", theSession->sessionState);
2181
#endif
2182
2355
2183
if(subnetLocalHost(srcHost)) {
2356
2184
hostToUpdate = dstHost;
2357
2185
} else if(subnetLocalHost(dstHost)) {
2364
2192
2365
2193
a = hostToUpdate->minLatency.tv_usec + 1000*hostToUpdate->minLatency.tv_sec;
2366
2194
b = hostToUpdate->maxLatency.tv_usec + 1000*hostToUpdate->maxLatency.tv_sec;
2367
c = theSession->nwLatency.tv_usec + 1000*theSession->nwLatency.tv_sec;
2195
c = theSession->clientNwDelay.tv_usec + 1000*theSession->clientNwDelay.tv_sec
2196
+ theSession->serverNwDelay.tv_usec + 1000*theSession->serverNwDelay.tv_sec;
2368
2197
2369
2198
if(a > c) {
2370
hostToUpdate->minLatency.tv_usec = theSession->nwLatency.tv_usec;
2371
hostToUpdate->minLatency.tv_sec = theSession->nwLatency.tv_sec;
2199
hostToUpdate->minLatency.tv_sec = theSession->clientNwDelay.tv_sec + theSession->serverNwDelay.tv_sec;
2200
hostToUpdate->minLatency.tv_usec = theSession->clientNwDelay.tv_usec + theSession->serverNwDelay.tv_usec;
2201
if(hostToUpdate->minLatency.tv_usec > 1000)
2202
hostToUpdate->minLatency.tv_usec -= 1000, hostToUpdate->minLatency.tv_sec++;
2372
2203
}
2373
2204
2374
2205
if(b < c) {
2375
hostToUpdate->maxLatency.tv_usec = theSession->nwLatency.tv_usec;
2376
hostToUpdate->maxLatency.tv_sec = theSession->nwLatency.tv_sec;
2206
hostToUpdate->maxLatency.tv_sec = theSession->clientNwDelay.tv_sec + theSession->serverNwDelay.tv_sec;
2207
hostToUpdate->maxLatency.tv_usec = theSession->clientNwDelay.tv_usec + theSession->serverNwDelay.tv_usec;
2208
if(hostToUpdate->maxLatency.tv_usec > 1000)
2209
hostToUpdate->maxLatency.tv_usec -= 1000, hostToUpdate->maxLatency.tv_sec++;
2377
2210
}
2378
}
2379
} else if ((addedNewEntry == 0)
2211
} else if ((addedNewEntry == 0)
2380
2212
&& ((theSession->sessionState == FLAG_STATE_SYN)
2381
|| (theSession->sessionState == FLAG_FLAG_STATE_SYN_ACK))
2213
|| (theSession->sessionState == FLAG_STATE_SYN_ACK))
2382
2214
&& (!(theSession->lastFlags & TH_RST))) {
2383
2215
/*
2384
2216
We might have lost a packet so:
2386
2218
- we don't set the state to initialized
2387
2219
*/
2388
2220
2389
theSession->nwLatency.tv_usec = theSession->nwLatency.tv_sec = 0;
2221
/*
2222
theSession->clientNwDelay.tv_usec = theSession->clientNwDelay.tv_sec = 0;
2223
theSession->serverNwDelay.tv_usec = theSession->serverNwDelay.tv_sec = 0;
2224
*/
2390
2225
2391
2226
#ifdef LATENCY_DEBUG
2392
2227
traceEvent(CONST_TRACE_NOISY, "LATENCY: (%s ->0x%x%s%s%s%s%s) %s:%d->%s:%d invalid (lost packet?), ignored",
2489
2324
if((ack == theSession->lastAckIdI2R) && (ack == theSession->lastAckIdR2I)) {
2490
2325
if(theSession->initiator == srcHost) {
2491
2326
theSession->numDuplicatedAckI2R++;
2492
incrementTrafficCounter(&theSession->bytesRetranI2R, length);
2327
incrementTrafficCounter(&theSession->bytesRetranI2R, sent_length+rcvd_length);
2493
2328
incrementTrafficCounter(&theSession->initiator->pktDuplicatedAckSent, 1);
2494
2329
incrementTrafficCounter(&theSession->remotePeer->pktDuplicatedAckRcvd, 1);
2495
2330
2500
2335
#endif
2501
2336
} else {
2502
2337
theSession->numDuplicatedAckR2I++;
2503
incrementTrafficCounter(&theSession->bytesRetranR2I, length);
2338
incrementTrafficCounter(&theSession->bytesRetranR2I, sent_length+rcvd_length);
2504
2339
incrementTrafficCounter(&theSession->remotePeer->pktDuplicatedAckSent, 1);
2505
2340
incrementTrafficCounter(&theSession->initiator->pktDuplicatedAckRcvd, 1);
2506
2341
#ifdef DEBUG
2552
2387
printf("ERROR: unable to handle received ACK (%u) !\n", ack);
2553
2388
#endif
2554
2389
}
2390
2555
2391
break;
2556
2392
}
2557
2393
}
2571
2407
print_flags(theSession, buf, sizeof(buf)), length);
2572
2408
#endif
2573
2409
2574
2575
2410
if((theSession->sessionState == FLAG_STATE_FIN2_ACK2)
2576
2411
|| (theSession->lastFlags & TH_RST)) /* abortive release */ {
2577
if(theSession->sessionState == FLAG_FLAG_STATE_SYN_ACK) {
2412
if(theSession->sessionState == FLAG_STATE_SYN_ACK) {
2578
2413
/*
2579
2414
Rcvd RST packet before to complete the 3-way handshake.
2580
2415
Note that the message is emitted only of the reset is received
2581
while in FLAG_FLAG_STATE_SYN_ACK. In fact if it has been received in
2416
while in FLAG_STATE_SYN_ACK. In fact if it has been received in
2582
2417
FLAG_STATE_SYN this message has not to be emitted because this is
2583
2418
a rejected session.
2584
2419
*/
2608
2443
/* Update session stats */
2609
2444
if(flowDirection == FLAG_CLIENT_TO_SERVER) {
2610
2445
incrementTrafficCounter(&theSession->bytesProtoSent, packetDataLength);
2611
incrementTrafficCounter(&theSession->bytesSent, length);
2446
incrementTrafficCounter(&theSession->bytesSent, sent_length);
2447
incrementTrafficCounter(&theSession->bytesRcvd, rcvd_length);
2612
2448
theSession->pktSent++;
2613
2449
if(fragmentedData) incrementTrafficCounter(&theSession->bytesFragmentedSent, packetDataLength);
2614
2450
} else {
2615
2451
incrementTrafficCounter(&theSession->bytesProtoRcvd, packetDataLength);
2616
incrementTrafficCounter(&theSession->bytesRcvd, length);
2452
incrementTrafficCounter(&theSession->bytesRcvd, sent_length);
2453
incrementTrafficCounter(&theSession->bytesSent, rcvd_length);
2617
2454
theSession->pktRcvd++;
2618
2455
if(fragmentedData) incrementTrafficCounter(&theSession->bytesFragmentedRcvd, packetDataLength);
2619
2456
}
2630
2467
#else
2631
2468
freeSession(theSession, actualDeviceId, 1, 1 /* lock purgeMutex */);
2632
2469
#endif
2633
releaseMutex(&myGlobals.tcpSessionsMutex);
2470
releaseMutex(&myGlobals.tcpSessionsMutex[mutex_idx]);
2634
2471
return(NULL);
2635
2472
}
2636
2473
2637
2638
releaseMutex(&myGlobals.tcpSessionsMutex);
2474
releaseMutex(&myGlobals.tcpSessionsMutex[mutex_idx]);
2639
2475
return(theSession);
2640
2476
}
2641
2477
2644
2480
static void handleUDPSession(const struct pcap_pkthdr *h,
2645
2481
u_short fragmentedData, HostTraffic *srcHost,
2646
2482
u_short sport, HostTraffic *dstHost,
2647
u_short dport, u_int length,
2483
u_short dport,
2484
u_int sent_length, u_int rcvd_length /* Always 0 except for NetFlow v9 */,
2648
2485
u_char* packetData,
2649
2486
int actualDeviceId, u_short *newSession) {
2650
2487
/*
2667
2504
u_short fragmentedData, u_int tcpWin,
2668
2505
HostTraffic *srcHost, u_short sport,
2669
2506
HostTraffic *dstHost, u_short dport,
2670
u_int length, struct tcphdr *tp,
2507
u_int sent_length, u_int rcvd_length /* Always 0 except for NetFlow v9 */,
2508
struct tcphdr *tp,
2671
2509
u_int packetDataLength, u_char* packetData,
2672
2510
int actualDeviceId, u_short *newSession,
2673
2511
u_char real_session /* vs. faked/netflow-session */) {
2707
2545
#ifdef SESSION_TRACE_DEBUG
2708
2546
{
2709
2547
char buf[32], buf1[32];
2710
2548
2711
2549
traceEvent(CONST_TRACE_INFO, "DEBUG: [%s] %s:%d -> %s:%d",
2712
2550
sessionType == IPPROTO_UDP ? "UDP" : "TCP",
2713
2551
_addrtostr(&srcHost->hostIpAddress, buf, sizeof(buf)), sport,
2739
2577
|| ((sport > 1024) && (dport == IP_TCP_PORT_SCCP)) /* Needed for SCCP */))
2740
2578
)) {
2741
2579
if((real_session)
2742
|| ((!tcp_flags(tp->th_flags, TH_SYN|TH_RST)) && (!tcp_flags(tp->th_flags, TH_SYN|TH_FIN)))) {
2580
|| ((!tcp_flags(tp->th_flags, TH_SYN|TH_RST)) && (!tcp_flags(tp->th_flags, TH_SYN|TH_FIN)))
2581
) {
2743
2582
/*
2744
2583
If this is a netflow session that is not self-contained (i.e. that started and
2745
2584
ended into the same flow. In this case it will not be added as it will be
2746
2585
immediately purged
2747
2586
*/
2748
#ifdef DEBUG
2749
traceEvent(CONST_TRACE_INFO, "Handled session [%s%s%s%s%s]",
2750
(tp->th_flags & TH_SYN) ? " SYN" : "",
2751
(tp->th_flags & TH_ACK) ? " ACK" : "",
2752
(tp->th_flags & TH_FIN) ? " FIN" : "",
2753
(tp->th_flags & TH_RST) ? " RST" : "",
2754
(tp->th_flags & TH_PUSH) ? " PUSH" : "");
2755
#endif
2756
2757
2587
theSession = handleTCPSession(h, fragmentedData, tcpWin, srcHost, sport,
2758
dstHost, dport, length, tp, packetDataLength,
2588
dstHost, dport, sent_length, rcvd_length,
2589
tp, packetDataLength,
2759
2590
packetData, actualDeviceId, newSession);
2760
2591
} else {
2761
2592
#ifdef DEBUG
2770
2601
} else if(sessionType == IPPROTO_UDP) {
2771
2602
/* We don't create any permanent structures for UDP sessions */
2772
2603
handleUDPSession(h, fragmentedData, srcHost, sport, dstHost, dport,
2773
length, packetData, actualDeviceId, newSession);
2604
sent_length, rcvd_length, packetData, actualDeviceId, newSession);
2774
2605
}
2775
2606
2776
2607
if((sport == IP_L4_PORT_ECHO) || (dport == IP_L4_PORT_ECHO)
2837
2668
2838
2669
/* ******************* */
2839
2670
2671
#ifdef ENABLE_FC
2840
2672
static int getScsiCmdType(u_char scsiCmd, u_int32_t *ioSize, const u_char *bp) {
2841
2673
int cmdType;
2842
2674
2944
2776
const u_char *bp, FCSession *theSession,
2945
2777
int actualDeviceId)
2946
2778
{
2947
u_char cmd, status, task_mgmt;
2779
u_char cmd = 0, status, task_mgmt;
2948
2780
struct timeval rtt;
2949
2781
u_int16_t lun;
2950
2782
u_int32_t xferRdySize, ioSize, duration = 0, hostDur = 0, iops;
2964
2796
* Increment session counters.
2965
2797
*/
2966
2798
if (isXchgOrig) {
2967
incrementTrafficCounter (&theSession->fcpBytesSent, length);
2799
incrementTrafficCounter(&theSession->fcpBytesSent, length);
2968
2800
}
2969
2801
else {
2970
incrementTrafficCounter (&theSession->fcpBytesRcvd, length);
2802
incrementTrafficCounter(&theSession->fcpBytesRcvd, length);
2971
2803
}
2972
2804
2973
2805
if (rCtl != FCP_IU_CMD) {
2977
2809
if (!getScsiLunCmdInfo (theSession, &lun, &cmd, oxid)) {
2978
2810
/* No matching command/lun found. Skip */
2979
2811
if (isXchgOrig) {
2980
incrementTrafficCounter (&theSession->unknownLunBytesSent,
2812
incrementTrafficCounter(&theSession->unknownLunBytesSent,
2981
2813
length);
2982
2814
}
2983
2815
else {
2984
incrementTrafficCounter (&theSession->unknownLunBytesRcvd,
2816
incrementTrafficCounter(&theSession->unknownLunBytesRcvd,
2985
2817
length);
2986
2818
}
2987
2819
return;
2992
2824
* it cannot be tracked as well. So, just return.
2993
2825
*/
2994
2826
if (isXchgOrig) {
2995
incrementTrafficCounter (&theSession->unknownLunBytesSent,
2827
incrementTrafficCounter(&theSession->unknownLunBytesSent,
2996
2828
length);
2997
2829
}
2998
2830
else {
2999
incrementTrafficCounter (&theSession->unknownLunBytesRcvd,
2831
incrementTrafficCounter(&theSession->unknownLunBytesRcvd,
3000
2832
length);
3001
2833
}
3002
2834
return;
3014
2846
* it cannot be tracked as well. So, just return.
3015
2847
*/
3016
2848
if (isXchgOrig) {
3017
incrementTrafficCounter (&theSession->unknownLunBytesSent,
2849
incrementTrafficCounter(&theSession->unknownLunBytesSent,
3018
2850
length);
3019
2851
}
3020
2852
else {
3021
incrementTrafficCounter (&theSession->unknownLunBytesRcvd,
2853
incrementTrafficCounter(&theSession->unknownLunBytesRcvd,
3022
2854
length);
3023
2855
}
3024
2856
return;
3039
2871
"so stats can be tracked for this LUN.\n",
3040
2872
dstHost->fcCounters->hostNumFcAddress);
3041
2873
if (isXchgOrig) {
3042
incrementTrafficCounter (&theSession->unknownLunBytesSent,
2874
incrementTrafficCounter(&theSession->unknownLunBytesSent,
3043
2875
length);
3044
2876
}
3045
2877
else {
3046
incrementTrafficCounter (&theSession->unknownLunBytesRcvd,
2878
incrementTrafficCounter(&theSession->unknownLunBytesRcvd,
3047
2879
length);
3048
2880
}
3049
2881
return;
3061
2893
"so stats can be tracked for this LUN.\n",
3062
2894
MAX_LUNS_SUPPORTED, dstHost->fcCounters->hostNumFcAddress);
3063
2895
if (isXchgOrig) {
3064
incrementTrafficCounter (&theSession->unknownLunBytesSent,
2896
incrementTrafficCounter(&theSession->unknownLunBytesSent,
3065
2897
length);
3066
2898
}
3067
2899
else {
3068
incrementTrafficCounter (&theSession->unknownLunBytesRcvd,
2900
incrementTrafficCounter(&theSession->unknownLunBytesRcvd,
3069
2901
length);
3070
2902
}
3071
2903
return;
3078
2910
traceEvent (CONST_TRACE_ERROR, "Unable to allocate LUN for %d:%s\n",
3079
2911
lun, dstHost->fcCounters->hostNumFcAddress);
3080
2912
if (isXchgOrig) {
3081
incrementTrafficCounter (&theSession->unknownLunBytesSent,
2913
incrementTrafficCounter(&theSession->unknownLunBytesSent,
3082
2914
length);
3083
2915
}
3084
2916
else {
3085
incrementTrafficCounter (&theSession->unknownLunBytesRcvd,
2917
incrementTrafficCounter(&theSession->unknownLunBytesRcvd,
3086
2918
length);
3087
2919
}
3088
2920
return;
3108
2940
traceEvent (CONST_TRACE_ERROR, "Unable to allocate host LUN for %d:%s\n",
3109
2941
lun, dstHost->fcCounters->hostNumFcAddress);
3110
2942
if (isXchgOrig) {
3111
incrementTrafficCounter (&theSession->unknownLunBytesSent,
2943
incrementTrafficCounter(&theSession->unknownLunBytesSent,
3112
2944
length);
3113
2945
}
3114
2946
else {
3115
incrementTrafficCounter (&theSession->unknownLunBytesRcvd,
2947
incrementTrafficCounter(&theSession->unknownLunBytesRcvd,
3116
2948
length);
3117
2949
}
3118
2950
return;
3133
2965
traceEvent (CONST_TRACE_ERROR, "Unable to allocate host LUN for %d:%s\n",
3134
2966
lun, srcHost->fcCounters->hostNumFcAddress);
3135
2967
if (isXchgOrig) {
3136
incrementTrafficCounter (&theSession->unknownLunBytesSent,
2968
incrementTrafficCounter(&theSession->unknownLunBytesSent,
3137
2969
length);
3138
2970
}
3139
2971
else {
3140
incrementTrafficCounter (&theSession->unknownLunBytesRcvd,
2972
incrementTrafficCounter(&theSession->unknownLunBytesRcvd,
3141
2973
length);
3142
2974
}
3143
2975
return;
3210
3042
theSession->lastLun = lun;
3211
3043
3212
3044
if (iocmdType == SCSI_READ_CMD) {
3213
incrementTrafficCounter (&theSession->numScsiRdCmd, 1);
3214
incrementTrafficCounter (&lunStats->numScsiRdCmd, 1);
3215
incrementTrafficCounter (&hostLunStats->numScsiRdCmd, 1);
3045
incrementTrafficCounter(&theSession->numScsiRdCmd, 1);
3046
incrementTrafficCounter(&lunStats->numScsiRdCmd, 1);
3047
incrementTrafficCounter(&hostLunStats->numScsiRdCmd, 1);
3216
3048
3217
3049
lunStats->frstRdDataRcvd = TRUE;
3218
3050
hostLunStats->frstRdDataRcvd = TRUE;
3236
3068
}
3237
3069
}
3238
3070
else if (iocmdType == SCSI_WR_CMD) {
3239
incrementTrafficCounter (&theSession->numScsiWrCmd, 1);
3240
incrementTrafficCounter (&lunStats->numScsiWrCmd, 1);
3241
incrementTrafficCounter (&hostLunStats->numScsiWrCmd, 1);
3071
incrementTrafficCounter(&theSession->numScsiWrCmd, 1);
3072
incrementTrafficCounter(&lunStats->numScsiWrCmd, 1);
3073
incrementTrafficCounter(&hostLunStats->numScsiWrCmd, 1);
3242
3074
3243
3075
lunStats->frstWrDataRcvd = TRUE;
3244
3076
hostLunStats->frstWrDataRcvd = TRUE;
3262
3094
}
3263
3095
}
3264
3096
else {
3265
incrementTrafficCounter (&theSession->numScsiOtCmd, 1);
3266
incrementTrafficCounter (&lunStats->numScsiOtCmd, 1);
3267
incrementTrafficCounter (&hostLunStats->numScsiOtCmd, 1);
3097
incrementTrafficCounter(&theSession->numScsiOtCmd, 1);
3098
incrementTrafficCounter(&lunStats->numScsiOtCmd, 1);
3099
incrementTrafficCounter(&hostLunStats->numScsiOtCmd, 1);
3268
3100
}
3269
3101
3270
3102
if ((task_mgmt = bp[10]) != 0) {
3301
3133
}
3302
3134
3303
3135
if (theSession->initiator == srcHost) {
3304
incrementTrafficCounter (&(lunStats->bytesSent), length);
3136
incrementTrafficCounter(&(lunStats->bytesSent), length);
3305
3137
lunStats->pktSent++;
3306
3138
3307
incrementTrafficCounter (&hostLunStats->bytesRcvd, length);
3139
incrementTrafficCounter(&hostLunStats->bytesRcvd, length);
3308
3140
hostLunStats->pktRcvd++;
3309
3141
}
3310
3142
else {
3311
incrementTrafficCounter (&lunStats->bytesRcvd, length);
3143
incrementTrafficCounter(&lunStats->bytesRcvd, length);
3312
3144
lunStats->pktRcvd++;
3313
3145
3314
incrementTrafficCounter (&hostLunStats->bytesSent, length);
3146
incrementTrafficCounter(&hostLunStats->bytesSent, length);
3315
3147
hostLunStats->pktSent++;
3316
3148
}
3317
3149
3370
3202
iocmdType = getScsiCmdType (lunStats->lastScsiCmd, &ioSize, bp);
3371
3203
3372
3204
if (iocmdType == SCSI_READ_CMD) {
3373
incrementTrafficCounter (&lunStats->scsiRdBytes, payload_len);
3374
incrementTrafficCounter (&hostLunStats->scsiRdBytes, payload_len);
3205
incrementTrafficCounter(&lunStats->scsiRdBytes, payload_len);
3206
incrementTrafficCounter(&hostLunStats->scsiRdBytes, payload_len);
3375
3207
3376
3208
if (lunStats->frstRdDataRcvd) {
3377
3209
lunStats->frstRdDataRcvd = FALSE;
3385
3217
}
3386
3218
}
3387
3219
else if (iocmdType == SCSI_WR_CMD) {
3388
incrementTrafficCounter (&lunStats->scsiWrBytes, payload_len);
3389
incrementTrafficCounter (&hostLunStats->scsiWrBytes, payload_len);
3220
incrementTrafficCounter(&lunStats->scsiWrBytes, payload_len);
3221
incrementTrafficCounter(&hostLunStats->scsiWrBytes, payload_len);
3390
3222
3391
3223
if (lunStats->frstWrDataRcvd) {
3392
3224
lunStats->frstWrDataRcvd = FALSE;
3400
3232
}
3401
3233
}
3402
3234
else {
3403
incrementTrafficCounter (&lunStats->scsiOtBytes, payload_len);
3404
incrementTrafficCounter (&hostLunStats->scsiOtBytes, payload_len);
3235
incrementTrafficCounter(&lunStats->scsiOtBytes, payload_len);
3236
incrementTrafficCounter(&hostLunStats->scsiOtBytes, payload_len);
3405
3237
}
3406
3238
3407
3239
if (theSession->initiator == srcHost) {
3408
incrementTrafficCounter (&(lunStats->bytesSent), length);
3240
incrementTrafficCounter(&(lunStats->bytesSent), length);
3409
3241
lunStats->pktSent++;
3410
3242
3411
incrementTrafficCounter (&(hostLunStats->bytesRcvd), length);
3243
incrementTrafficCounter(&(hostLunStats->bytesRcvd), length);
3412
3244
hostLunStats->pktRcvd++;
3413
3245
}
3414
3246
else {
3415
incrementTrafficCounter (&lunStats->bytesRcvd, length);
3247
incrementTrafficCounter(&lunStats->bytesRcvd, length);
3416
3248
lunStats->pktRcvd++;
3417
3249
3418
incrementTrafficCounter (&hostLunStats->bytesSent, length);
3250
incrementTrafficCounter(&hostLunStats->bytesSent, length);
3419
3251
hostLunStats->pktSent++;
3420
3252
}
3421
3253
3440
3272
}
3441
3273
3442
3274
if (theSession->initiator == srcHost) {
3443
incrementTrafficCounter (&(lunStats->bytesSent), length);
3275
incrementTrafficCounter(&(lunStats->bytesSent), length);
3444
3276
lunStats->pktSent++;
3445
3277
3446
incrementTrafficCounter (&(hostLunStats->bytesRcvd), length);
3278
incrementTrafficCounter(&(hostLunStats->bytesRcvd), length);
3447
3279
hostLunStats->pktRcvd++;
3448
3280
}
3449
3281
else {
3450
incrementTrafficCounter (&lunStats->bytesRcvd, length);
3282
incrementTrafficCounter(&lunStats->bytesRcvd, length);
3451
3283
lunStats->pktRcvd++;
3452
3284
3453
incrementTrafficCounter (&hostLunStats->bytesSent, length);
3285
incrementTrafficCounter(&hostLunStats->bytesSent, length);
3454
3286
hostLunStats->pktSent++;
3455
3287
}
3456
3288
3516
3348
}
3517
3349
3518
3350
if (theSession->initiator == srcHost) {
3519
incrementTrafficCounter (&(lunStats->bytesSent), length);
3351
incrementTrafficCounter(&(lunStats->bytesSent), length);
3520
3352
lunStats->pktSent++;
3521
3353
3522
incrementTrafficCounter (&hostLunStats->bytesRcvd, length);
3354
incrementTrafficCounter(&hostLunStats->bytesRcvd, length);
3523
3355
hostLunStats->pktRcvd++;
3524
3356
}
3525
3357
else {
3526
incrementTrafficCounter (&lunStats->bytesRcvd, length);
3358
incrementTrafficCounter(&lunStats->bytesRcvd, length);
3527
3359
lunStats->pktRcvd++;
3528
3360
3529
incrementTrafficCounter (&(hostLunStats->bytesSent), length);
3361
incrementTrafficCounter(&(hostLunStats->bytesSent), length);
3530
3362
hostLunStats->pktSent++;
3531
3363
}
3532
3364
3567
3399
}
3568
3400
else if (event == FC_SW_RSCN_PORT_OFFLINE) {
3569
3401
affectedHost->fcCounters->lastOfflineTime = myGlobals.actTime;
3570
incrementTrafficCounter (&affectedHost->fcCounters->numOffline, 1);
3402
incrementTrafficCounter(&affectedHost->fcCounters->numOffline, 1);
3571
3403
}
3572
3404
}
3573
3405
}
3720
3552
* flow
3721
3553
*/
3722
3554
if (isXchgOrig) {
3723
incrementTrafficCounter (&(theSession->bytesSent), length);
3555
incrementTrafficCounter(&(theSession->bytesSent), length);
3724
3556
theSession->pktSent++;
3725
3557
}
3726
3558
else {
3727
incrementTrafficCounter (&theSession->bytesRcvd, length);
3559
incrementTrafficCounter(&theSession->bytesRcvd, length);
3728
3560
theSession->pktRcvd++;
3729
3561
}
3730
3562
3745
3577
}
3746
3578
3747
3579
if (isXchgOrig) {
3748
incrementTrafficCounter (&theSession->fcElsBytesSent, length);
3580
incrementTrafficCounter(&theSession->fcElsBytesSent, length);
3749
3581
}
3750
3582
else {
3751
incrementTrafficCounter (&theSession->fcElsBytesRcvd, length);
3583
incrementTrafficCounter(&theSession->fcElsBytesRcvd, length);
3752
3584
}
3753
3585
3754
3586
theSession->lastElsCmd = cmd;
3761
3593
if (((gs_type == FCCT_GSTYPE_DIRSVC) && (gs_stype == FCCT_GSSUBTYPE_DNS)) ||
3762
3594
((gs_type == FCCT_GSTYPE_MGMTSVC) && (gs_stype == FCCT_GSSUBTYPE_UNS))) {
3763
3595
if (isXchgOrig) {
3764
incrementTrafficCounter (&theSession->fcDnsBytesSent, length);
3596
incrementTrafficCounter(&theSession->fcDnsBytesSent, length);
3765
3597
}
3766
3598
else {
3767
incrementTrafficCounter (&theSession->fcDnsBytesRcvd, length);
3599
incrementTrafficCounter(&theSession->fcDnsBytesRcvd, length);
3768
3600
}
3769
3601
}
3770
3602
else {
3771
3603
if (isXchgOrig) {
3772
incrementTrafficCounter (&theSession->otherBytesSent, length);
3604
incrementTrafficCounter(&theSession->otherBytesSent, length);
3773
3605
}
3774
3606
else {
3775
incrementTrafficCounter (&theSession->otherBytesRcvd, length);
3607
incrementTrafficCounter(&theSession->otherBytesRcvd, length);
3776
3608
}
3777
3609
}
3778
3610
break;
3780
3612
case FC_FTYPE_SWILS_RSP:
3781
3613
3782
3614
if (isXchgOrig) {
3783
incrementTrafficCounter (&theSession->fcSwilsBytesSent, length);
3615
incrementTrafficCounter(&theSession->fcSwilsBytesSent, length);
3784
3616
}
3785
3617
else {
3786
incrementTrafficCounter (&theSession->fcSwilsBytesRcvd, length);
3618
incrementTrafficCounter(&theSession->fcSwilsBytesRcvd, length);
3787
3619
}
3788
3620
3789
3621
hash = getFcFabricElementHash (srcHost->fcCounters->vsanId, actualDeviceId);
3807
3639
case FC_SWILS_EFP:
3808
3640
case FC_SWILS_DIA:
3809
3641
case FC_SWILS_RDI:
3810
incrementTrafficCounter (&hash->dmBytes, length);
3811
incrementTrafficCounter (&hash->dmPkts, 1);
3642
incrementTrafficCounter(&hash->dmBytes, length);
3643
incrementTrafficCounter(&hash->dmPkts, 1);
3812
3644
break;
3813
3645
case FC_SWILS_HLO:
3814
3646
case FC_SWILS_LSU:
3815
3647
case FC_SWILS_LSA:
3816
incrementTrafficCounter (&hash->fspfBytes, length);
3817
incrementTrafficCounter (&hash->fspfPkts, 1);
3648
incrementTrafficCounter(&hash->fspfBytes, length);
3649
incrementTrafficCounter(&hash->fspfPkts, 1);
3818
3650
break;
3819
3651
case FC_SWILS_RSCN:
3820
incrementTrafficCounter (&hash->rscnBytes, length);
3821
incrementTrafficCounter (&hash->rscnPkts, 1);
3652
incrementTrafficCounter(&hash->rscnBytes, length);
3653
incrementTrafficCounter(&hash->rscnPkts, 1);
3822
3654
processSwRscn (bp, srcHost->fcCounters->vsanId, actualDeviceId);
3823
3655
break;
3824
3656
case FC_SWILS_DRLIR:
3829
3661
case FC_SWILS_RCA:
3830
3662
case FC_SWILS_SFC:
3831
3663
case FC_SWILS_UFC:
3832
incrementTrafficCounter (&hash->zsBytes, length);
3833
incrementTrafficCounter (&hash->zsPkts, 1);
3664
incrementTrafficCounter(&hash->zsBytes, length);
3665
incrementTrafficCounter(&hash->zsPkts, 1);
3834
3666
break;
3835
3667
case FC_SWILS_ELP:
3836
3668
case FC_SWILS_ESC:
3837
3669
default:
3838
incrementTrafficCounter (&hash->otherCtlBytes, length);
3839
incrementTrafficCounter (&hash->otherCtlPkts, 1);
3670
incrementTrafficCounter(&hash->otherCtlBytes, length);
3671
incrementTrafficCounter(&hash->otherCtlPkts, 1);
3840
3672
break;
3841
3673
}
3842
3674
break;
3844
3676
break;
3845
3677
case FC_FTYPE_IP:
3846
3678
if (isXchgOrig) {
3847
incrementTrafficCounter (&theSession->ipfcBytesSent, length);
3679
incrementTrafficCounter(&theSession->ipfcBytesSent, length);
3848
3680
}
3849
3681
else {
3850
incrementTrafficCounter (&theSession->ipfcBytesRcvd, length);
3682
incrementTrafficCounter(&theSession->ipfcBytesRcvd, length);
3851
3683
}
3852
3684
break;
3853
3685
3854
3686
default:
3855
3687
if (isXchgOrig) {
3856
incrementTrafficCounter (&theSession->otherBytesSent, length);
3688
incrementTrafficCounter(&theSession->otherBytesSent, length);
3857
3689
}
3858
3690
else {
3859
incrementTrafficCounter (&theSession->otherBytesRcvd, length);
3691
incrementTrafficCounter(&theSession->otherBytesRcvd, length);
3860
3692
}
3861
3693
break;
3862
3694
}
3864
3696
releaseMutex(&myGlobals.fcSessionsMutex);
3865
3697
return (theSession);
3866
3698
}
3699
3700
#endif
3701
Loggerhead is a web-based interface for Breezy
Version: 2.0.1