File: 0003-Add-host-port-aggregation.patch

package info (click to toggle)
jnettop 0.13.0-4
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 1,072 kB
  • sloc: ansic: 4,012; sh: 775; makefile: 15
file content (306 lines) | stat: -rw-r--r-- 12,320 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
 
From: Ari Pollak <aripollak@gmail.com>
Date: Mon, 4 Oct 2010 22:08:49 -0400
Subject: [PATCH] Add host+port aggregation
 Closes: #250032

---
 README           |   29 +++++++++++++++--------------
 jbase.c          |    2 +-
 jbase.h          |    3 +--
 jconfig.c        |    6 +++++-
 jcursesdisplay.c |   10 +++++-----
 jnettop.8        |   12 ++++++------
 jnettop.c        |    8 ++++----
 jprocessor.c     |   12 ++++++++++++
 jutil.c          |   17 +++++++++--------
 9 files changed, 58 insertions(+), 41 deletions(-)

diff --git a/README b/README
index 940ba4b..54fa773 100644
--- a/README
+++ b/README
@@ -38,10 +38,11 @@ Is jnettop crashing under your FreeBSD? Try passing
   (What is it?)
 
 Aggregation is a way, how to modify packet classicication rules. There are
-two types of aggregation in jnettop: host and port. If there is port
-aggregation enabled, it means, that all packets seem to come(go to) same port
-numbers. If there is host aggregation enabled, it means, that all packets
-seem to come(go to) same host. Let's have an example:
+two types of aggregation in jnettop: host, port, and host+port. If there 
+is port aggregation enabled, it means, that all packets seem to come(go 
+to) same port numbers. If there is host aggregation enabled, it means, 
+that all packets seem to come(go to) same host. If host+port 
+aggregation is enabled, it aggregates both. Let's have an example:
 Suppose we have following configuration:
 
                                                              +--- host0
@@ -51,14 +52,14 @@ Suppose we have following configuration:
 i.e. typical border router with eth0 interface looking into internet and
 eth1 interface looking to intranet. Suppose we're running jnettop on router
 sniffing on interface eth0. To see how many bytes every host consumes out
-of the internet connection, we enable remote host aggregation and local port
-aggregation. i.e. All internet will behave as one endpoint and all programs
-on one host will, too, behave as one endpoint. This way, every stream we see
-in jnettop will be from one of the hosts in intranet to a public internet.
-Aggregation is very powerfull laser-knife in network traffic analysis.
-I understand, that it is not very user friendly implementation in jnettop and
-I will gratefully welcome every suggestion on how to make this topic clear and
-more clear-to-use.
+of the internet connection, we enable remote host+port aggregation and 
+local port aggregation. i.e. All internet will behave as one endpoint 
+and all programs on one host will, too, behave as one endpoint. This 
+way, every stream we see in jnettop will be from one of the hosts in 
+intranet to a public internet. Aggregation is very powerfull laser-knife 
+in network traffic analysis. I understand, that it is not very user 
+friendly implementation in jnettop and I will gratefully welcome every 
+suggestion on how to make this topic clear and more clear-to-use.
 
 -- .jnettop configuration file --
 
@@ -105,14 +106,14 @@ which interface to listen after you start it up. Example:
 
 Since version 0.9, jnettop supports following new keywors:
 
-  local_aggregation	[none|host|port]
+  local_aggregation	[none|host|port|host+port]
 
     this keyword sets startup local aggregation value
     ex.
 
       local_aggregation  port
 
-  remote_aggregation	[none|host|port]
+  remote_aggregation	[none|host|port|host+port]
 
     this keyword sets startup remote aggregation value
     ex.
diff --git a/jbase.c b/jbase.c
index 5af47b2..aebdbf1 100644
--- a/jbase.c
+++ b/jbase.c
@@ -26,5 +26,5 @@ char	pcap_errbuf[PCAP_ERRBUF_SIZE];
 
 gchar 	*JBASE_PROTOCOLS[] = { "UNK.", "IP", "TCP", "UDP", "ARP", "ETHER", 
                               "SLL", "AGGR.", "ICMP", "IP6", "TCP6", "UDP6", "ICMP6" };
-gchar 	*JBASE_AGGREGATION[] = { "none", "port", "host" };
+gchar 	*JBASE_AGGREGATION[] = { "none", "port", "host", "host+port" };
 
diff --git a/jbase.h b/jbase.h
index 25073ab..6a5b84b 100644
--- a/jbase.h
+++ b/jbase.h
@@ -250,12 +250,11 @@ typedef struct _jbase_network_mask_list {
 
 #define JBASE_AF_SIZE(a)	(a == AF_INET6 ? sizeof(struct in6_addr) : sizeof(struct in_addr))
 
-extern gchar  *JBASE_PROTOCOLS[];
-
 #define AGG_UNKNOWN		(-1)
 #define AGG_NONE		0
 #define AGG_PORT		1
 #define AGG_HOST		2
+#define AGG_BOTH		3
 
 extern gchar *JBASE_PROTOCOLS[];
 extern gchar *JBASE_AGGREGATION[];
diff --git a/jconfig.c b/jconfig.c
index 0a1fe80..bc8edf1 100644
--- a/jconfig.c
+++ b/jconfig.c
@@ -115,6 +115,10 @@ gboolean jconfig_ParseFile(char *configFileName) {
 	}
 
 	s = g_scanner_new(NULL);
+	/* Add + to accepted identifier characters: */
+	s->config->cset_identifier_nth = g_strjoin(NULL,
+		s->config->cset_identifier_nth, "+", NULL);
+
 	g_scanner_input_file(s, fileno(f));
 	while (!g_scanner_eof(s)) {
 		GTokenType tt;
@@ -211,7 +215,7 @@ gboolean jconfig_ParseFile(char *configFileName) {
 		if (!g_ascii_strcasecmp(s->value.v_identifier, "local_aggregation")) {
 			int val = parse_aggregation(s);
 			if (val == AGG_UNKNOWN) {
-				fprintf(stderr, "Parse error on line %d: expecting none or host or port.\n", line);
+				fprintf(stderr, "Parse error on line %d: expecting none, host, port, or host+port.\n", line);
 				return FALSE;
 			}
 			if (jconfig_Settings.localAggregation == AGG_UNKNOWN)
diff --git a/jcursesdisplay.c b/jcursesdisplay.c
index 897078c..197a291 100644
--- a/jcursesdisplay.c
+++ b/jcursesdisplay.c
@@ -84,7 +84,7 @@ static void drawScreen() {
 		attrset(A_NORMAL);
 
 		mvprintw(0, 0, "run XXX:XX:XX device XXXXXXXXXX pkt[f]ilter: XXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
-		mvprintw(1, 0, "[c]ntfilter: XXX [b]ps=XXXXXXX [l]ocal aggr.: XXXX [r]emote aggr.: XXXX   ");
+		mvprintw(1, 0, "[c]ntfilter: XXX [b]ps=XXXXXXX [l]ocal aggr: XXXX      [r]emote aggr: XXXX     ");
 		mvprintw(0, activeColumns-1, ".");
 
 		{
@@ -138,8 +138,8 @@ static void drawHeader() {
 	mvprintw(0, 45, "%-29.29s", jconfig_GetSelectedBpfFilterName());
 	mvprintw(1, 13, "%s", jprocessor_ContentFiltering?"on ":"off");
 	mvprintw(1, 23, "%s", onoffPackets ? "pckts/s" : (onoffBitValues?"bits/s ":"bytes/s"));
-	mvprintw(1, 46, "%s", JBASE_AGGREGATION[jprocessor_LocalAggregation]);
-	mvprintw(1, 67, "%s", JBASE_AGGREGATION[jprocessor_RemoteAggregation]);
+	mvprintw(1, 45, "%-9s", JBASE_AGGREGATION[jprocessor_LocalAggregation]);
+	mvprintw(1, 70, "%-9s", JBASE_AGGREGATION[jprocessor_RemoteAggregation]);
 
 	attroff(A_BOLD);
 
@@ -340,10 +340,10 @@ static void displayLoop() {
 						displayMode = DISPLAYMODE_HELP;
 						break;
 					case 'l':
-						jprocessor_SetLocalAggregation((jprocessor_LocalAggregation + 1) % 3);
+						jprocessor_SetLocalAggregation((jprocessor_LocalAggregation + 1) % 4);
 						break;
 					case 'r':
-						jprocessor_SetRemoteAggregation((jprocessor_RemoteAggregation + 1) % 3);
+						jprocessor_SetRemoteAggregation((jprocessor_RemoteAggregation + 1) % 4);
 						break;
 					case '0':
 					case '1':
diff --git a/jnettop.8 b/jnettop.8
index 14af8ea..2564a5e 100644
--- a/jnettop.8
+++ b/jnettop.8
@@ -52,7 +52,7 @@ reads configuration from filename. defaults to ~/.jnettop. an example can be fou
 .B \-i, \-\-interface name
 capture packets on specified interface
 .TP
-.B \-\-local-aggr [none|host|port]
+.B \-\-local-aggr [none|host|port|host+port]
 set local aggregation to specified value
 .TP
 .B \-n, \-\-no-resolver
@@ -61,7 +61,7 @@ disable resolving of ip addresses
 .B \-p, \-\-promiscuous
 enables promiscuous mode on the sniffed interface
 .TP
-.B \-\-remote-aggr [none|host|port]
+.B \-\-remote-aggr [none|host|port|host+port]
 set remote aggregation to specified value
 .TP
 .B \-s, \-\-select-rule name
@@ -83,8 +83,8 @@ The \fBinterface\fP keyword specifies network interface on which to start listen
 interface "eth0"
 .RE
 .TP
-\fBlocal_aggregation [none|host|port]\fR
-The \fBlocal_aggregation\fP keyword specifies initial active local aggregation. Valid values are \fBnone\fP, \fBhost\fP and \fBport\fP. Example:
+\fBlocal_aggregation [none|host|port|host+port]\fR
+The \fBlocal_aggregation\fP keyword specifies initial active local aggregation. Valid values are \fBnone\fP, \fBhost\fP, \fBport\fP, and \fBhost+port\fP. Example:
 .RS
 .PP
 local_aggregation host
@@ -97,8 +97,8 @@ The \fBpromisc\fP keyword specifies, whether jnettop captures packets in promisc
 promisc on
 .RE
 .TP
-\fBremote_aggregation [none|host|port]\fR
-The \fBremote_aggregation\fP keyword specifies initial active remote aggregation. Valid values are \fBnone\fP, \fBhost\fP and \fBport\fP. Example:
+\fBremote_aggregation [none|host|port|host+port]\fR
+The \fBremote_aggregation\fP keyword specifies initial active remote aggregation. Valid values are \fBnone\fP, \fBhost\fP, \fBport\fP, and \fBhost+port\fP. Example:
 .RS
 .PP
 remote_aggregation port
diff --git a/jnettop.c b/jnettop.c
index 1ed45a8..a4fe553 100644
--- a/jnettop.c
+++ b/jnettop.c
@@ -90,10 +90,10 @@ void parseCommandLineAndConfig(int argc, char ** argv) {
 				"    -f, --config-file name reads configuration from file. defaults to ~/.jnettop\n"
 				"    --format format        list of fields to list in text output\n"
 				"    -i, --interface name   capture packets on specified interface\n"
-				"    --local-aggr arg       set local aggregation to none/host/port\n"
+				"    --local-aggr arg       set local aggregation to none/host/port/host+port\n"
 				"    -n, --no-resolver      disable resolving of addresses\n"
 				"    -p, --promiscuous      enable promisc mode on the devices\n"
-				"    --remote-aggr arg      set remote aggregation to none/host/port\n"
+				"    --remote-aggr arg      set remote aggregation to none/host/port/host+port\n"
 				"    -s, --select-rule rule selects one of the rules defined in config file\n"
 				"                           by it's name\n"
 				"    -t, --timeout sec      timeout in seconds after which jnettop ends (text display)\n"
@@ -215,14 +215,14 @@ void parseCommandLineAndConfig(int argc, char ** argv) {
 		}
 		if (!strcmp(argv[a], "--local-aggr")) {
 			if (a+1>=argc || (jconfig_Settings.localAggregation = jutil_ParseAggregation(argv[++a]))==-1) {
-				fprintf(stderr, "%s switch requires none, host or port as an argument\n", argv[a]);
+				fprintf(stderr, "%s switch requires none, host, port, or host+port as an argument\n", argv[a]);
 				exit(255);
 			}
 			continue;
 		}
 		if (!strcmp(argv[a], "--remote-aggr")) {
 			if (a+1>=argc || (jconfig_Settings.remoteAggregation = jutil_ParseAggregation(argv[++a]))==-1) {
-				fprintf(stderr, "%s switch requires none, host or port as an argument\n", argv[a]);
+				fprintf(stderr, "%s switch requires none, host, port, or host+port as an argument\n", argv[a]);
 				exit(255);
 			}
 			continue;
diff --git a/jprocessor.c b/jprocessor.c
index 5b23e07..cf10121 100644
--- a/jprocessor.c
+++ b/jprocessor.c
@@ -211,14 +211,26 @@ static void	aggregateStream(jbase_stream *stream) {
 	switch (jprocessor_LocalAggregation) {
 		case AGG_HOST:
 			setToHostAggregation(JBASE_AF(stream->proto), &stream->src);
+			break;
 		case AGG_PORT:
 			stream->srcport = -1;
+			break;
+		case AGG_BOTH:
+			setToHostAggregation(JBASE_AF(stream->proto), &stream->src);
+			stream->srcport = -1;
+			break;
 	}
 	switch (jprocessor_RemoteAggregation) {
 		case AGG_HOST:
 			setToHostAggregation(JBASE_AF(stream->proto), &stream->dst);
+			break;
 		case AGG_PORT:
 			stream->dstport = -1;
+			break;
+		case AGG_BOTH:
+			setToHostAggregation(JBASE_AF(stream->proto), &stream->dst);
+			stream->dstport = -1;
+			break;
 	}
 }
 
diff --git a/jutil.c b/jutil.c
index d5c0907..16c1810 100644
--- a/jutil.c
+++ b/jutil.c
@@ -98,15 +98,16 @@ const char * jutil_Address2String(int af, const jbase_mutableaddress *src, char
 }
 
 guint     jutil_ParseAggregation(const char *agg) {
-	if (strcmp(agg, "none") && strcmp(agg,"host") && strcmp(agg,"port")) {
+	if (strcmp(agg, "none") == 0)
+		return AGG_NONE;
+	else if (strcmp(agg,"host") == 0)
+		return AGG_HOST;
+	else if (strcmp(agg,"port") == 0)
+		return AGG_PORT;
+	else if (strcmp(agg,"host+port") == 0)
+		return AGG_BOTH;
+	else
 		return AGG_UNKNOWN;
-	}
-	switch (*agg) {
-		case 'n': return AGG_NONE;
-		case 'h': return AGG_HOST;
-		case 'p': return AGG_PORT;
-	}
-	return AGG_UNKNOWN;
 }
 
 void memand(char *buf1, const char *buf2, int length) {
--