1: /*
2: * iftop.c:
3: *
4: */
5:
6: #include "integers.h"
7:
8: #if defined(HAVE_PCAP_H)
9: # include <pcap.h>
10: #elif defined(HAVE_PCAP_PCAP_H)
11: # include <pcap/pcap.h>
12: #else
13: # error No pcap.h
14: #endif
15: #include <stdio.h>
16: #include <stdlib.h>
17: #include <time.h>
18: #include <sys/types.h>
19: #include <sys/ioctl.h>
20: #include <sys/socket.h>
21: #include <net/if.h>
22:
23: #include <pthread.h>
24: #include <curses.h>
25: #include <signal.h>
26: #include <string.h>
27: #include <unistd.h>
28:
29: #include "iftop.h"
30: #include "addr_hash.h"
31: #include "resolver.h"
32: #include "ui.h"
33: #include "options.h"
34: #ifdef DLT_LINUX_SLL
35: #include "sll.h"
36: #endif /* DLT_LINUX_SLL */
37: #include "threadprof.h"
38: #include "ether.h"
39: #include "ip.h"
40: #include "tcp.h"
41: #include "token.h"
42: #include "llc.h"
43: #include "extract.h"
44: #include "ethertype.h"
45: #include "cfgfile.h"
46: #include "ppp.h"
47:
48:
49: /* ethernet address of interface. */
50: int have_hw_addr = 0;
51: unsigned char if_hw_addr[6];
52:
53: /* IP address of interface */
54: int have_ip_addr = 0;
55: struct in_addr if_ip_addr;
56:
57: extern options_t options;
58:
59: hash_type* history;
60: history_type history_totals;
61: time_t last_timestamp;
62: int history_pos = 0;
63: int history_len = 1;
64: pthread_mutex_t tick_mutex;
65:
66: pcap_t* pd; /* pcap descriptor */
67: struct bpf_program pcap_filter;
68: pcap_handler packet_handler;
69:
70: sig_atomic_t foad;
71:
72: static void finish(int sig) {
73: foad = sig;
74: }
75:
76:
77:
78:
79: /* Only need ethernet (plus optional 4 byte VLAN) and IP headers (48) + first 2 bytes of tcp/udp header */
80: #define CAPTURE_LENGTH 72
81:
82: void init_history() {
83: history = addr_hash_create();
84: last_timestamp = time(NULL);
85: memset(&history_totals, 0, sizeof history_totals);
86: }
87:
88: history_type* history_create() {
89: history_type* h;
90: h = xcalloc(1, sizeof *h);
91: return h;
92: }
93:
94: void history_rotate() {
95: hash_node_type* n = NULL;
96: history_pos = (history_pos + 1) % HISTORY_LENGTH;
97: hash_next_item(history, &n);
98: while(n != NULL) {
99: hash_node_type* next = n;
100: history_type* d = (history_type*)n->rec;
101: hash_next_item(history, &next);
102:
103: if(d->last_write == history_pos) {
104: addr_pair key = *(addr_pair*)(n->key);
105: hash_delete(history, &key);
106: free(d);
107: }
108: else {
109: d->recv[history_pos] = 0;
110: d->sent[history_pos] = 0;
111: }
112: n = next;
113: }
114:
115: history_totals.sent[history_pos] = 0;
116: history_totals.recv[history_pos] = 0;
117:
118: if(history_len < HISTORY_LENGTH) {
119: history_len++;
120: }
121: }
122:
123:
124: void tick(int print) {
125: time_t t;
126:
127: pthread_mutex_lock(&tick_mutex);
128:
129: t = time(NULL);
130: if(t - last_timestamp >= RESOLUTION) {
131: //printf("TICKING\n");
132: analyse_data();
133: ui_print();
134: history_rotate();
135: last_timestamp = t;
136: }
137: else {
138: ui_tick(print);
139: }
140:
141: pthread_mutex_unlock(&tick_mutex);
142: }
143:
144: int in_filter_net(struct in_addr addr) {
145: int ret;
146: ret = ((addr.s_addr & options.netfiltermask.s_addr) == options.netfilternet.s_addr);
147: return ret;
148: }
149:
150: int ip_addr_match(struct in_addr addr) {
151: return addr.s_addr == if_ip_addr.s_addr;
152: }
153:
154: /**
155: * Creates an addr_pair from an ip (and tcp/udp) header, swapping src and dst
156: * if required
157: */
158: void assign_addr_pair(addr_pair* ap, struct ip* iptr, int flip) {
159: unsigned short int src_port = 0;
160: unsigned short int dst_port = 0;
161:
162: /* Does this protocol use ports? */
163: if(iptr->ip_p == IPPROTO_TCP || iptr->ip_p == IPPROTO_UDP) {
164: /* We take a slight liberty here by treating UDP the same as TCP */
165:
166: /* Find the TCP/UDP header */
167: struct tcphdr* thdr = ((void*)iptr) + IP_HL(iptr) * 4;
168: src_port = ntohs(thdr->th_sport);
169: dst_port = ntohs(thdr->th_dport);
170: }
171:
172: if(flip == 0) {
173: ap->src = iptr->ip_src;
174: ap->src_port = src_port;
175: ap->dst = iptr->ip_dst;
176: ap->dst_port = dst_port;
177: }
178: else {
179: ap->src = iptr->ip_dst;
180: ap->src_port = dst_port;
181: ap->dst = iptr->ip_src;
182: ap->dst_port = src_port;
183: }
184:
185: }
186:
187: static void handle_ip_packet(struct ip* iptr, int hw_dir)
188: {
189: int direction = 0; /* incoming */
190: history_type* ht;
191: union {
192: history_type **ht_pp;
193: void **void_pp;
194: } u_ht = { &ht };
195: addr_pair ap;
196: int len;
197:
198: if(options.netfilter == 0) {
199: /*
200: * Net filter is off, so assign direction based on MAC address
201: */
202: if(hw_dir == 1) {
203: /* Packet leaving this interface. */
204: assign_addr_pair(&ap, iptr, 0);
205: direction = 1;
206: }
207: else if(hw_dir == 0) {
208: /* Packet incoming */
209: assign_addr_pair(&ap, iptr, 1);
210: direction = 0;
211: }
212: /* Packet direction is not given away by h/ware layer. Try IP
213: * layer
214: */
215: else if(have_ip_addr && ip_addr_match(iptr->ip_src)) {
216: /* outgoing */
217: assign_addr_pair(&ap, iptr, 0);
218: direction = 1;
219: }
220: else if(have_ip_addr && ip_addr_match(iptr->ip_dst)) {
221: /* incoming */
222: assign_addr_pair(&ap, iptr, 1);
223: direction = 0;
224: }
225: /*
226: * Cannot determine direction from hardware or IP levels. Therefore
227: * assume that it was a packet between two other machines, assign
228: * source and dest arbitrarily (by numerical value) and account as
229: * incoming.
230: */
231: else if (options.promiscuous_but_choosy) {
232: return; /* junk it */
233: }
234: else if(iptr->ip_src.s_addr < iptr->ip_dst.s_addr) {
235: assign_addr_pair(&ap, iptr, 1);
236: direction = 0;
237: }
238: else {
239: assign_addr_pair(&ap, iptr, 0);
240: direction = 0;
241: }
242: }
243: else {
244: /*
245: * Net filter on, assign direction according to netmask
246: */
247: if(in_filter_net(iptr->ip_src) && !in_filter_net(iptr->ip_dst)) {
248: /* out of network */
249: assign_addr_pair(&ap, iptr, 0);
250: direction = 1;
251: }
252: else if(in_filter_net(iptr->ip_dst) && !in_filter_net(iptr->ip_src)) {
253: /* into network */
254: assign_addr_pair(&ap, iptr, 1);
255: direction = 0;
256: }
257: else {
258: /* drop packet */
259: return ;
260: }
261: }
262:
263: ap.protocol = iptr->ip_p;
264:
265: /* Add the addresses to be resolved */
266: resolve(&iptr->ip_dst, NULL, 0);
267: resolve(&iptr->ip_src, NULL, 0);
268:
269: if(hash_find(history, &ap, u_ht.void_pp) == HASH_STATUS_KEY_NOT_FOUND) {
270: ht = history_create();
271: hash_insert(history, &ap, ht);
272: }
273:
274: len = ntohs(iptr->ip_len);
275:
276: /* Update record */
277: ht->last_write = history_pos;
278: if(iptr->ip_src.s_addr == ap.src.s_addr) {
279: ht->sent[history_pos] += len;
280: ht->total_sent += len;
281: }
282: else {
283: ht->recv[history_pos] += len;
284: ht->total_recv += len;
285: }
286:
287: if(direction == 0) {
288: /* incoming */
289: history_totals.recv[history_pos] += len;
290: history_totals.total_recv += len;
291: }
292: else {
293: history_totals.sent[history_pos] += len;
294: history_totals.total_sent += len;
295: }
296:
297: }
298:
299: static void handle_raw_packet(unsigned char* args, const struct pcap_pkthdr* pkthdr, const unsigned char* packet)
300: {
301: handle_ip_packet((struct ip*)packet, -1);
302: }
303:
304: static void handle_llc_packet(const struct llc* llc, int dir) {
305:
306: struct ip* ip = (struct ip*)((void*)llc + sizeof(struct llc));
307:
308: /* Taken from tcpdump/print-llc.c */
309: if(llc->ssap == LLCSAP_SNAP && llc->dsap == LLCSAP_SNAP
310: && llc->llcui == LLC_UI) {
311: u_int32_t orgcode;
312: register u_short et;
313: orgcode = EXTRACT_24BITS(&llc->llc_orgcode[0]);
314: et = EXTRACT_16BITS(&llc->llc_ethertype[0]);
315: switch(orgcode) {
316: case OUI_ENCAP_ETHER:
317: case OUI_CISCO_90:
318: handle_ip_packet(ip, dir);
319: break;
320: case OUI_APPLETALK:
321: if(et == ETHERTYPE_ATALK) {
322: handle_ip_packet(ip, dir);
323: }
324: break;
325: default:;
326: /* Not a lot we can do */
327: }
328: }
329: }
330:
331: static void handle_tokenring_packet(unsigned char* args, const struct pcap_pkthdr* pkthdr, const unsigned char* packet)
332: {
333: struct token_header *trp;
334: int dir = -1;
335: trp = (struct token_header *)packet;
336:
337: if(IS_SOURCE_ROUTED(trp)) {
338: packet += RIF_LENGTH(trp);
339: }
340: packet += TOKEN_HDRLEN;
341:
342: if(memcmp(trp->token_shost, if_hw_addr, 6) == 0 ) {
343: /* packet leaving this i/f */
344: dir = 1;
345: }
346: else if(memcmp(trp->token_dhost, if_hw_addr, 6) == 0 || memcmp("\xFF\xFF\xFF\xFF\xFF\xFF", trp->token_dhost, 6) == 0) {
347: /* packet entering this i/f */
348: dir = 0;
349: }
350:
351: /* Only know how to deal with LLC encapsulated packets */
352: if(FRAME_TYPE(trp) == TOKEN_FC_LLC) {
353: handle_llc_packet((struct llc*)packet, dir);
354: }
355: }
356:
357: static void handle_ppp_packet(unsigned char* args, const struct pcap_pkthdr* pkthdr, const unsigned char* packet)
358: {
359: register u_int length = pkthdr->len;
360: register u_int caplen = pkthdr->caplen;
361: u_int proto;
362:
363: if (caplen < 2)
364: return;
365:
366: if(packet[0] == PPP_ADDRESS) {
367: if (caplen < 4)
368: return;
369:
370: packet += 2;
371: length -= 2;
372:
373: proto = EXTRACT_16BITS(packet);
374: packet += 2;
375: length -= 2;
376:
377: if(proto == PPP_IP || proto == ETHERTYPE_IP) {
378: handle_ip_packet((struct ip*)packet, -1);
379: }
380: }
381: }
382:
383: #ifdef DLT_LINUX_SLL
384: static void handle_cooked_packet(unsigned char *args, const struct pcap_pkthdr * thdr, const unsigned char * packet)
385: {
386: struct sll_header *sptr;
387: int dir = -1;
388: sptr = (struct sll_header *) packet;
389:
390: switch (ntohs(sptr->sll_pkttype))
391: {
392: case LINUX_SLL_HOST:
393: /*entering this interface*/
394: dir = 0;
395: break;
396: case LINUX_SLL_OUTGOING:
397: /*leaving this interface */
398: dir=1;
399: break;
400: }
401: handle_ip_packet((struct ip*)(packet+SLL_HDR_LEN), dir);
402: }
403: #endif /* DLT_LINUX_SLL */
404:
405: static void handle_eth_packet(unsigned char* args, const struct pcap_pkthdr* pkthdr, const unsigned char* packet)
406: {
407: struct ether_header *eptr;
408: int ether_type;
409: const unsigned char *payload;
410: eptr = (struct ether_header*)packet;
411: ether_type = ntohs(eptr->ether_type);
412: payload = packet + sizeof(struct ether_header);
413:
414: tick(0);
415:
416: if(ether_type == ETHERTYPE_8021Q) {
417: struct vlan_8021q_header* vptr;
418: vptr = (struct vlan_8021q_header*)payload;
419: ether_type = ntohs(vptr->ether_type);
420: payload += sizeof(struct vlan_8021q_header);
421: }
422:
423: if(ether_type == ETHERTYPE_IP) {
424: struct ip* iptr;
425: int dir = -1;
426:
427: /*
428: * Is a direction implied by the MAC addresses?
429: */
430: if(have_hw_addr && memcmp(eptr->ether_shost, if_hw_addr, 6) == 0 ) {
431: /* packet leaving this i/f */
432: dir = 1;
433: }
434: else if(have_hw_addr && memcmp(eptr->ether_dhost, if_hw_addr, 6) == 0 ) {
435: /* packet entering this i/f */
436: dir = 0;
437: }
438: else if (memcmp("\xFF\xFF\xFF\xFF\xFF\xFF", eptr->ether_dhost, 6) == 0) {
439: /* broadcast packet, count as incoming */
440: dir = 0;
441: }
442:
443: iptr = (struct ip*)(payload); /* alignment? */
444: handle_ip_packet(iptr, dir);
445: }
446: }
447:
448:
449: /* set_filter_code:
450: * Install some filter code. Returns NULL on success or an error message on
451: * failure. */
452: char *set_filter_code(const char *filter) {
453: char *x;
454: if (filter) {
455: x = xmalloc(strlen(filter) + sizeof "() and ip");
456: sprintf(x, "(%s) and ip", filter);
457: } else
458: x = xstrdup("ip");
459: if (pcap_compile(pd, &pcap_filter, x, 1, 0) == -1) {
460: xfree(x);
461: return pcap_geterr(pd);
462: }
463: xfree(x);
464: if (pcap_setfilter(pd, &pcap_filter) == -1)
465: return pcap_geterr(pd);
466: else
467: return NULL;
468: }
469:
470:
471:
472: /*
473: * packet_init:
474: *
475: * performs pcap initialisation, called before ui is initialised
476: */
477: void packet_init() {
478: char errbuf[PCAP_ERRBUF_SIZE];
479: char *m;
480: int s;
481: int i;
482: int dlt;
483: int result;
484:
485: #ifdef HAVE_DLPI
486: result = get_addrs_dlpi(options.interface, if_hw_addr, &if_ip_addr);
487: #else
488: result = get_addrs_ioctl(options.interface, if_hw_addr, &if_ip_addr);
489: #endif
490:
491: if (result < 0) {
492: exit(1);
493: }
494:
495: have_hw_addr = result & 1;
496: have_ip_addr = result & 2;
497:
498: if(have_ip_addr) {
499: fprintf(stderr, "IP address is: %s\n", inet_ntoa(if_ip_addr));
500: }
501:
502: if(have_hw_addr) {
503: fprintf(stderr, "MAC address is:");
504: for (i = 0; i < 6; ++i)
505: fprintf(stderr, "%c%02x", i ? ':' : ' ', (unsigned int)if_hw_addr[i]);
506: fprintf(stderr, "\n");
507: }
508:
509: // exit(0);
510: resolver_initialise();
511:
512: pd = pcap_open_live(options.interface, CAPTURE_LENGTH, options.promiscuous, 1000, errbuf);
513: // DEBUG: pd = pcap_open_offline("tcpdump.out", errbuf);
514: if(pd == NULL) {
515: fprintf(stderr, "pcap_open_live(%s): %s\n", options.interface, errbuf);
516: exit(1);
517: }
518: dlt = pcap_datalink(pd);
519: if(dlt == DLT_EN10MB) {
520: packet_handler = handle_eth_packet;
521: }
522: else if(dlt == DLT_RAW || dlt == DLT_NULL) {
523: packet_handler = handle_raw_packet;
524: }
525: else if(dlt == DLT_IEEE802) {
526: packet_handler = handle_tokenring_packet;
527: }
528: else if(dlt == DLT_PPP) {
529: packet_handler = handle_ppp_packet;
530: }
531: /*
532: * SLL support not available in older libpcaps
533: */
534: #ifdef DLT_LINUX_SLL
535: else if(dlt == DLT_LINUX_SLL) {
536: packet_handler = handle_cooked_packet;
537: }
538: #endif
539: else {
540: fprintf(stderr, "Unsupported datalink type: %d\n"
541: "Please email pdw@ex-parrot.com, quoting the datalink type and what you were\n"
542: "trying to do at the time\n.", dlt);
543: exit(1);
544: }
545:
546: if ((m = set_filter_code(options.filtercode))) {
547: fprintf(stderr, "set_filter_code: %s\n", m);
548: exit(1);
549: return;
550: }
551: }
552:
553: /* packet_loop:
554: * Worker function for packet capture thread. */
555: void packet_loop(void* ptr) {
556: pcap_loop(pd,-1,(pcap_handler)packet_handler,NULL);
557: }
558:
559:
560: /* main:
561: * Entry point. See usage(). */
562: int main(int argc, char **argv) {
563: pthread_t thread;
564: struct sigaction sa = {};
565:
566: /* TODO: tidy this up */
567: /* read command line options and config file */
568: config_init();
569: options_set_defaults();
570: options_read_args(argc, argv);
571: /* If a config was explicitly specified, whinge if it can't be found */
572: read_config(options.config_file, options.config_file_specified);
573: options_make();
574:
575: sa.sa_handler = finish;
576: sigaction(SIGINT, &sa, NULL);
577:
578: pthread_mutex_init(&tick_mutex, NULL);
579:
580: packet_init();
581:
582: init_history();
583:
584: ui_init();
585:
586: pthread_create(&thread, NULL, (void*)&packet_loop, NULL);
587:
588: ui_loop();
589:
590: pthread_cancel(thread);
591:
592: ui_finish();
593:
594: return 0;
595: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to iftop.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / iftop