#include <stdlib.h>
#include <string.h>
#include <getopt.h>
+#include <signal.h>
+#include <setjmp.h>
#include <netinet/in.h>
#include <pcap.h>
exit(1);
}
+static volatile int stop_signal;
+
+static void sigint_handler(int arg UNUSED)
+{
+ stop_signal = 1;
+}
+
/*** MANUAL MULTIPLEXER ***/
static void mux_open(struct flow *f, u64 when)
struct appl_hooks *appl = &appl_sink;
if (dport == 80 || dport == 8080 || dport == 8081 || dport == 3128)
- {
- appl = &appl_asave;
- save_dir = "flows";
- }
+ appl = &appl_http;
f->appl = appl;
appl->open(f, when);
}
static uns in_count, start_sec;
static u64 last_timestamp;
+static jmp_buf stop_jump;
static int link_setup_handler(int dlt)
{
static void got_pcap_packet(u_char *userdata UNUSED, const struct pcap_pkthdr *hdr, const u_char *pkt)
{
+ if (stop_signal)
+ longjmp(stop_jump, 1);
+ histogram_step((uns) hdr->ts.tv_sec);
stat_pcap_in.packets++;
stat_pcap_in.bytes += hdr->len;
if (hdr->caplen != hdr->len)
static void usage(void)
{
- fprintf(stderr, "Usage: netgrind [<switches>] <capture-file>\n\
+ fprintf(stderr, "Usage: netgrind [<switches>] <capture-files>\n\
\n\
-a TCP: Record arrival times instead of processing times\n\
-c <count> Stop after processing <count> packets\n\
-d <dir> Dump connections to a given directory\n\
-D <dir> Dump connections with more details\n\
-f <filter> Apply filter expression\n\
+-h <file> Write packet histogram to <file>\n\
-s Dump connection summary\n\
-t Calculate statistics only\n\
-w TCP: Wait for ACK before processing packets\n\
exit(1);
}
+static int max_packets = -1;
+static byte *filter = NULL;
+
int main(int argc, char **argv)
{
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t *pcap;
int c, dlt;
- int max_packets = -1;
- byte *filter = NULL;
struct bpf_program filter_prog;
+ byte *histogram = NULL;
tcp_default_appl = &appl_mux;
- while ((c = getopt(argc, argv, "ac:d:D:f:stw")) >= 0)
+ while ((c = getopt(argc, argv, "ac:d:D:f:h:stw")) >= 0)
switch (c)
{
case 'a':
case 'f':
filter = optarg;
break;
+ case 'h':
+ histogram = optarg;
+ break;
case 'w':
tcp_wait_for_ack = 1;
break;
default:
usage();
}
- if (optind != argc - 1)
+ if (optind == argc)
usage();
tcp_init();
+ if (histogram)
+ {
+ histogram_init(histogram);
+ histogram_add_stat("PcapIn", &stat_pcap_in);
+ histogram_add_stat("PcapIncomp", &stat_pcap_incomplete);
+ histogram_add_stat("LinkIn", &stat_link_in);
+ histogram_add_stat("LinkDwarf", &stat_link_dwarf);
+ histogram_add_stat("LinkUnkn", &stat_link_unknown);
+ histogram_add_stat("LinkArp", &stat_link_arp);
+ histogram_add_stat("IPIn", &stat_ip_in);
+ histogram_add_stat("IPBad", &stat_ip_invalid);
+ histogram_add_stat("IPUnint", &stat_ip_uninteresting);
+ histogram_add_stat("IPFrag", &stat_ip_fragmented);
+ histogram_add_stat("IPBadSum", &stat_ip_badsum);
+ histogram_add_stat("TCPIn", &stat_tcp_in);
+ histogram_add_stat("TCPBad", &stat_tcp_invalid);
+ histogram_add_stat("TCPBadSum", &stat_tcp_badsum);
+ histogram_add_stat("TCPUnmatch", &stat_tcp_unmatched);
+ histogram_add_stat("TCPOnClosed", &stat_tcp_on_closed);
+ histogram_add_stat("TCPBadState", &stat_tcp_bad_state);
+ histogram_add_int("FlowsTotal", &cnt_tcp_flows);
+ histogram_add_int("FlowsClosed", &cnt_tcp_causes[CAUSE_CLOSE]);
+ histogram_add_int("FlowsReset", &cnt_tcp_causes[CAUSE_RESET]);
+ histogram_add_int("FlowsTimeout", &cnt_tcp_causes[CAUSE_TIMEOUT]);
+ histogram_add_int("FlowsDoomsday", &cnt_tcp_causes[CAUSE_DOOMSDAY]);
+ histogram_add_int("FlowsBad", &cnt_tcp_causes[CAUSE_CORRUPT]);
+ }
+ signal(SIGINT, sigint_handler);
- if (!(pcap = pcap_open_offline(argv[optind], errbuf)))
- die("Unable to open %s", errbuf);
- dlt = pcap_datalink(pcap);
- if (!link_setup_handler(dlt))
- die("Don't know how to handle data link type %d", dlt);
- if (filter)
+ while (optind < argc)
{
- if (pcap_compile(pcap, &filter_prog, filter, 1, 0) < 0)
- die("Error compiling filter: %s", pcap_geterr(pcap));
- pcap_setfilter(pcap, &filter_prog);
+ fprintf(stderr, "Processing %s...\n", argv[optind]);
+ if (!(pcap = pcap_open_offline(argv[optind], errbuf)))
+ die("Unable to open %s", errbuf);
+ dlt = pcap_datalink(pcap);
+ if (!link_setup_handler(dlt))
+ die("Don't know how to handle data link type %d", dlt);
+ if (filter)
+ {
+ if (pcap_compile(pcap, &filter_prog, filter, 1, 0) < 0)
+ die("Error compiling filter: %s", pcap_geterr(pcap));
+ pcap_setfilter(pcap, &filter_prog);
+ pcap_freecode(&filter_prog);
+ }
+ if (!setjmp(stop_jump))
+ {
+ if (pcap_loop(pcap, max_packets, got_pcap_packet, NULL) < 0)
+ {
+ fprintf(stderr, "Capture failed: %s\n", pcap_geterr(pcap));
+ break;
+ }
+ }
+ else
+ {
+ fprintf(stderr, "Interrupted\n");
+ break;
+ }
+ pcap_close(pcap);
+ optind++;
}
- if (pcap_loop(pcap, max_packets, got_pcap_packet, NULL) < 0)
- die("Capture failed: %s", pcap_geterr(pcap));
tcp_cleanup(last_timestamp);
+ histogram_cleanup();
printf("# Netgrind statistics:\n");
printf("# Pcap: %Ld(%Ld) in, %Ld(%Ld) incomplete\n",
stat_pcap_in.packets, stat_pcap_in.bytes,
printf("# Flows: %d total: %d closed, %d reset, %d timed out, %d overlap end, %d corrupted\n",
cnt_tcp_flows, cnt_tcp_causes[CAUSE_CLOSE], cnt_tcp_causes[CAUSE_RESET],
cnt_tcp_causes[CAUSE_TIMEOUT], cnt_tcp_causes[CAUSE_DOOMSDAY], cnt_tcp_causes[CAUSE_CORRUPT]);
- pcap_close(pcap);
return 0;
}
projects / netgrind.git / blobdiff