This repository has been archived by the owner on Oct 23, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 26
/
Copy pathtrace.c
3678 lines (3184 loc) · 105 KB
/
trace.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
/*
* Copyright (c) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
* 2002, 2003, 2004
* Ohio University.
*
* ---
*
* Starting with the release of tcptrace version 6 in 2001, tcptrace
* is licensed under the GNU General Public License (GPL). We believe
* that, among the available licenses, the GPL will do the best job of
* allowing tcptrace to continue to be a valuable, freely-available
* and well-maintained tool for the networking community.
*
* Previous versions of tcptrace were released under a license that
* was much less restrictive with respect to how tcptrace could be
* used in commercial products. Because of this, I am willing to
* consider alternate license arrangements as allowed in Section 10 of
* the GNU GPL. Before I would consider licensing tcptrace under an
* alternate agreement with a particular individual or company,
* however, I would have to be convinced that such an alternative
* would be to the greater benefit of the networking community.
*
* ---
*
* This file is part of Tcptrace.
*
* Tcptrace was originally written and continues to be maintained by
* Shawn Ostermann with the help of a group of devoted students and
* users (see the file 'THANKS'). The work on tcptrace has been made
* possible over the years through the generous support of NASA GRC,
* the National Science Foundation, and Sun Microsystems.
*
* Tcptrace is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* Tcptrace is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Tcptrace (in the file 'COPYING'); if not, write to the
* Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,
* MA 02111-1307 USA
*
* Author: Shawn Ostermann
* School of Electrical Engineering and Computer Science
* Ohio University
* Athens, OH
* http://www.tcptrace.org/
*/
#include "tcptrace.h"
static char const GCC_UNUSED copyright[] =
"@(#)Copyright (c) 2004 -- Ohio University.\n";
static char const GCC_UNUSED rcsid[] =
"@(#)$Header$";
#include "gcache.h"
/* locally global variables */
static int tcp_packet_count = 0;
static int search_count = 0;
static int active_conn_count = 0;
static int closed_conn_count = 0;
static Bool *ignore_pairs = NULL;/* which ones will we ignore */
static Bool bottom_letters = 0; /* I don't use this anymore */
static Bool more_conns_ignored = FALSE;
static double sample_elapsed_time=0; /* to keep track of owin samples */
static double total_elapsed_time=0; /* to keep track of owin samples */
static int num_removed_tcp_pairs = 0;
static int tline_left = 0; /* left and right time lines for the time line charts */
static int tline_right = 0;
/* provided globals */
int num_tcp_pairs = -1; /* how many pairs we've allocated */
tcp_pair **ttp = NULL; /* array of pointers to allocated pairs */
int max_tcp_pairs = 64; /* initial value, automatically increases */
u_long tcp_trace_count = 0;
/* local routine definitions */
static tcp_pair *NewTTP(struct ip *, struct tcphdr *);
static tcp_pair *FindTTP(struct ip *, struct tcphdr *, int *, ptp_ptr **);
static void MoreTcpPairs(int num_needed);
static void ExtractContents(u_long seq, u_long tcp_data_bytes,
u_long saved_data_bytes, void *pdata, tcb *ptcb);
static Bool check_hw_dups(u_short id, seqnum seq, tcb *ptcb);
static u_long SeqRep(tcb *ptcb, u_long seq);
static void UpdateConnLists(ptp_ptr *tcp_ptr, struct tcphdr *ptcp);
static void UpdateConnList(ptp_ptr *tcp_ptr,
const Bool valid,
ptp_ptr **conn_list_head,
ptp_ptr **conn_list_tail);
static void RemoveOldConns(ptp_ptr **conn_list_head,
ptp_ptr **conn_list_tail,
const unsigned expire_interval,
const Bool num_conn_check,
int *conn_count);
static void RemoveConn(const ptp_ptr *tcp_ptr);
static void RemoveTcpPair(const ptp_ptr *tcp_ptr);
static Bool MissingData(tcp_pair *ptp);
/* options */
Bool show_zero_window = TRUE;
Bool show_rexmit = TRUE;
Bool show_out_order = TRUE;
Bool show_sacks = TRUE;
Bool show_rtt_dongles = FALSE;
Bool show_triple_dupack = TRUE;
Bool show_zwnd_probes = TRUE;
Bool nonames = FALSE;
Bool use_short_names = FALSE;
Bool show_urg = TRUE;
int thru_interval = 10; /* in segments */
/* what colors to use */
/* choose from: "green" "red" "blue" "yellow" "purple" "orange"
"magenta" "pink" */
char *window_color = "yellow";
char *ack_color = "green";
char *sack_color = "purple";
char *data_color = "white";
char *retrans_color = "red";
char *hw_dup_color = "blue";
char *out_order_color = "pink";
char *text_color = "magenta";
char *default_color = "white";
char *synfin_color = "orange";
char *push_color = "white"; /* top arrow for PUSHed segments */
char *ecn_color = "yellow";
char *urg_color = "red";
char *probe_color = "orange";
char *a2b_seg_color = "green"; /* colors for segments on the time line chart */
char *b2a_seg_color = "yellow";
/* ack diamond dongle colors */
char *ackdongle_nosample_color = "blue";
char *ackdongle_ambig_color = "red";
/*
* ipcopyaddr: copy an IPv4 or IPv6 address
*/
static inline void IP_COPYADDR (ipaddr *ptoaddr, ipaddr *pfromaddr)
{
if (ADDR_ISV6(pfromaddr)) {
memcpy(ptoaddr->un.ip6.s6_addr, pfromaddr->un.ip6.s6_addr, 16);
ptoaddr->addr_vers = 6;
} else {
ptoaddr->un.ip4.s_addr = pfromaddr->un.ip4.s_addr;
ptoaddr->addr_vers = 4;
}
}
/*
* ipsameaddr: test for equality of two IPv4 or IPv6 addresses
*/
static inline int IP_SAMEADDR (ipaddr *paddr1, ipaddr *paddr2)
{
int ret = 0;
if (ADDR_ISV4(paddr1)) {
if (ADDR_ISV4(paddr2))
ret = (paddr1->un.ip4.s_addr == paddr2->un.ip4.s_addr);
} else {
/* already know ADDR_ISV6(paddr1) */
if (ADDR_ISV6(paddr2))
ret = (memcmp(paddr1->un.ip6.s6_addr,
paddr2->un.ip6.s6_addr,16) == 0);
}
if (debug > 3)
printf("SameAddr(%s(%d),%s(%d)) returns %d\n",
HostName(*paddr1), ADDR_VERSION(paddr1),
HostName(*paddr2), ADDR_VERSION(paddr2),
ret);
return ret;
}
/*
* iplowaddr: test if one IPv4 or IPv6 address is lower than the second one
*/
static inline int IP_LOWADDR (ipaddr *paddr1, ipaddr *paddr2)
{
int ret = 0;
if (ADDR_ISV6(paddr1)) {
if (ADDR_ISV6(paddr2))
ret = (memcmp(paddr1->un.ip6.s6_addr,
paddr2->un.ip6.s6_addr,16) < 0);
} else {
/* already know ADDR_ISV4(paddr1) */
if (ADDR_ISV4(paddr2))
ret = (paddr1->un.ip4.s_addr < paddr2->un.ip4.s_addr);
}
if (debug > 3)
printf("LowAddr(%s(%d),%s(%d)) returns %d\n",
HostName(*paddr1), ADDR_VERSION(paddr1),
HostName(*paddr2), ADDR_VERSION(paddr2),
ret);
return ret;
}
/* return elapsed time in microseconds */
/* (time2 - time1) */
double
elapsed(
struct timeval time1,
struct timeval time2)
{
struct timeval etime;
/*sanity check, some of the files have packets out of order */
if (tv_lt(time2,time1)) {
return(0.0);
}
if (0) {
fprintf(stderr,"elapsed(%s,", ts2ascii(&time1));
fprintf(stderr,"%s) is ", ts2ascii(&time2));
}
etime = time2;
tv_sub(&etime, time1);
if (0)
fprintf(stderr,"\n\t%s \n", ts2ascii(&etime));
return((double)etime.tv_sec * 1000000 + (double)etime.tv_usec);
}
/* subtract the rhs from the lhs, result in lhs */
void
tv_sub(struct timeval *plhs, struct timeval rhs)
{
/* sanity check, lhs MUST BE more than rhs */
if (tv_lt(*plhs,rhs)) {
fprintf(stderr,"tvsub(%s,", ts2ascii(plhs));
fprintf(stderr,"%s) bad timestamp order!\n", ts2ascii(&rhs));
/* exit(-1); */
plhs->tv_sec = plhs->tv_usec = 0;
return;
}
if (plhs->tv_usec >= rhs.tv_usec) {
plhs->tv_usec -= rhs.tv_usec;
} else if (plhs->tv_usec < rhs.tv_usec) {
plhs->tv_usec += US_PER_SEC - rhs.tv_usec;
plhs->tv_sec -= 1;
}
plhs->tv_sec -= rhs.tv_sec;
}
/* add the RHS to the LHS, answer in *plhs */
void
tv_add(struct timeval *plhs, struct timeval rhs)
{
plhs->tv_sec += rhs.tv_sec;
plhs->tv_usec += rhs.tv_usec;
if (plhs->tv_usec >= US_PER_SEC) {
plhs->tv_usec -= US_PER_SEC;
plhs->tv_sec += 1;
}
}
/* are the 2 times the same? */
Bool
tv_same(struct timeval lhs, struct timeval rhs)
{
return((lhs.tv_sec == rhs.tv_sec) &&
(lhs.tv_usec == rhs.tv_usec));
}
/* 1: lhs > rhs */
/* 0: lhs == rhs */
/* -1: lhs < rhs */
int
tv_cmp(struct timeval lhs, struct timeval rhs)
{
if (lhs.tv_sec > rhs.tv_sec) {
return(1);
}
if (lhs.tv_sec < rhs.tv_sec) {
return(-1);
}
/* ... else, seconds are the same */
if (lhs.tv_usec > rhs.tv_usec)
return(1);
else if (lhs.tv_usec == rhs.tv_usec)
return(0);
else
return(-1);
}
/* copy the IP addresses and port numbers into an addrblock structure */
/* in addition to copying the address, we also create a HASH value */
/* which is based on BOTH IP addresses and port numbers. It allows */
/* faster comparisons most of the time */
void
CopyAddr(
tcp_pair_addrblock *ptpa,
struct ip *pip,
portnum port1,
portnum port2)
{
ptpa->a_port = port1;
ptpa->b_port = port2;
if (PIP_ISV4(pip)) { /* V4 */
IP_COPYADDR(&ptpa->a_address, IPV4ADDR2ADDR(&pip->ip_src));
IP_COPYADDR(&ptpa->b_address, IPV4ADDR2ADDR(&pip->ip_dst));
/* fill in the hashed address */
ptpa->hash = ptpa->a_address.un.ip4.s_addr
+ ptpa->b_address.un.ip4.s_addr
+ ptpa->a_port + ptpa->b_port;
} else { /* V6 */
int i;
struct ipv6 *pip6 = (struct ipv6 *)pip;
IP_COPYADDR(&ptpa->a_address, IPV6ADDR2ADDR(&pip6->ip6_saddr));
IP_COPYADDR(&ptpa->b_address, IPV6ADDR2ADDR(&pip6->ip6_daddr));
/* fill in the hashed address */
ptpa->hash = ptpa->a_port + ptpa->b_port;
for (i=0; i < 16; ++i) {
ptpa->hash += ptpa->a_address.un.ip6.s6_addr[i];
ptpa->hash += ptpa->b_address.un.ip6.s6_addr[i];
}
}
if (debug > 3)
printf("Hash of (%s:%d,%s:%d) is %d\n",
HostName(ptpa->a_address),
ptpa->a_port,
HostName(ptpa->b_address),
ptpa->b_port,
ptpa->hash);
}
/*
* This function tells us which way to go (Left or Right) in search for our
* matching 4-tuple {IP1:port1; IP2:port2} in the AVL tree hash-bucket.
*
* It returns LT or RT depending on if we had to go left or right in the AVL Tree to
* find our exact 4-tuple match, if it existed in the tree.
* If the exact 4-tuple is found, it returns 0.
*/
int
AVL_WhichDir(
tcp_pair_addrblock *ptpa1,
tcp_pair_addrblock *ptpa2)
{
/*
* Here is our algorithm. If ptpa1={x1:p1; x2:p2} and ptpa2={y1:q1; y2:q2}
* we choose X1=min(x1,x2) and X2=max(x1,x2); Similarly for Y1, Y2.
* P1=port associated with X1, i.e. it is p1 if x1<x2 and it is p2 if not.
* P2=port associated with X2. Similarly Q1, Q2 are calculated based on Y1,Y2.
*
* Compare (X1, Y1)? ; X1<Y1 => LEFT; X1>Y1 => RIGHT; X1==Y1 => Continue down
*
* Compare (X2, Y2)? ; X2<Y2 => LEFT; X2>Y2 => RIGHT; X2==Y2 => Continue down
*
* Compare (P1, Q1)? ; P1<Q1 => LEFT; P1>Q1 => RIGHT; P1==Q1 => Continue down
*
* Compare (P2, Q2)? ; P2<Q2 => LEFT; P2>Q2 => RIGHT;
*
* If P2==Q2, then this connection should have matched the A2B or B2A catch
* from WhichDir()
*/
ipaddr *X1, *X2, *Y1, *Y2;
int P1, P2, Q1, Q2;
if (IP_LOWADDR(&(ptpa1->a_address), &(ptpa1->b_address))) {
X1=&ptpa1->a_address;
P1=ptpa1->a_port;
X2=&ptpa1->b_address;
P2=ptpa1->b_port;
}
else {
X1=&ptpa1->b_address;
P1=ptpa1->b_port;
X2=&ptpa1->a_address;
P2=ptpa1->a_port;
}
if (IP_LOWADDR(&(ptpa2->a_address), &(ptpa2->b_address))) {
Y1=&ptpa2->a_address;
Q1=ptpa2->a_port;
Y2=&ptpa2->b_address;
Q2=ptpa2->b_port;
}
else {
Y1=&ptpa2->b_address;
Q1=ptpa2->b_port;
Y2=&ptpa2->a_address;
Q2=ptpa2->a_port;
}
// Optimization suggested by Dr.Ostermann. Check the ports first.
if (P1<Q1) return LT;
if (Q1<P1) return RT;
if (P2<Q2) return LT;
if (Q2<P2) return RT;
if (IP_LOWADDR(X1,Y1)) return LT;
if (IP_LOWADDR(Y1,X1)) return RT;
if (IP_LOWADDR(X2,Y2)) return LT;
if (IP_LOWADDR(Y2,X2)) return RT;
return 0;
}
int
WhichDir(
tcp_pair_addrblock *ptpa1,
tcp_pair_addrblock *ptpa2)
{
#ifdef BROKEN_COMPILER
/* sorry for the ugly nested 'if', but a 4-way conjunction broke my*/
/* Optimizer (under 'gcc version cygnus-2.0.2')*/
/* same as first packet */
if (IP_SAMEADDR(&(ptpa1->a_address), &(ptpa2->a_address)))
if (IP_SAMEADDR(&(ptpa1->b_address), &(ptpa2->b_address)))
if ((ptpa1->a_port == ptpa2->a_port))
if ((ptpa1->b_port == ptpa2->b_port))
return(A2B);
/* reverse of first packet */
if (IP_SAMEADDR(&(ptpa1->a_address), &(ptpa2->b_address)))
if (IP_SAMEADDR(&(ptpa1->b_address), &(ptpa2->a_address)))
if ((ptpa1->a_port == ptpa2->b_port))
if ((ptpa1->b_port == ptpa2->a_port))
return(B2A);
#else /* BROKEN_COMPILER */
/* same as first packet */
if (IP_SAMEADDR(&(ptpa1->a_address), &(ptpa2->a_address)) &&
IP_SAMEADDR(&(ptpa1->b_address), &(ptpa2->b_address)) &&
(ptpa1->a_port == ptpa2->a_port) &&
(ptpa1->b_port == ptpa2->b_port))
return(A2B);
/* reverse of first packet */
if (IP_SAMEADDR(&(ptpa1->a_address), &(ptpa2->b_address)) &&
IP_SAMEADDR(&(ptpa1->b_address), &(ptpa2->a_address)) &&
(ptpa1->a_port == ptpa2->b_port) &&
(ptpa1->b_port == ptpa2->a_port))
return(B2A);
#endif /* BROKEN_COMPILER */
/* different connection */
return(0);
}
int
SameConn(
tcp_pair_addrblock *ptpa1,
tcp_pair_addrblock *ptpa2,
int *pdir)
{
/* if the hash values are different, they can't be the same */
if (ptpa1->hash != ptpa2->hash)
return(0);
/* OK, they hash the same, are they REALLY the same function */
*pdir = WhichDir(ptpa1,ptpa2);
return(*pdir != 0);
}
static tcp_pair *
NewTTP(
struct ip *pip,
struct tcphdr *ptcp)
{
char title[210];
tcp_pair *ptp;
if (0) {
printf("trace.c:NewTTP() calling MakeTcpPair()\n");
}
ptp = MakeTcpPair();
++num_tcp_pairs;
if (!run_continuously) {
/* make a new one, if possible */
if ((num_tcp_pairs+1) >= max_tcp_pairs) {
MoreTcpPairs(num_tcp_pairs+1);
}
/* create a new TCP pair record and remember where you put it */
ttp[num_tcp_pairs] = ptp;
ptp->ignore_pair = ignore_pairs[num_tcp_pairs];
}
/* grab the address from this packet */
CopyAddr(&ptp->addr_pair,
pip, ntohs(ptcp->th_sport), ntohs(ptcp->th_dport));
ptp->a2b.time.tv_sec = -1;
ptp->b2a.time.tv_sec = -1;
ptp->a2b.host_letter = strdup(NextHostLetter());
ptp->b2a.host_letter = strdup(NextHostLetter());
ptp->a2b.ptp = ptp;
ptp->b2a.ptp = ptp;
ptp->a2b.ptwin = &ptp->b2a;
ptp->b2a.ptwin = &ptp->a2b;
/* fill in connection name fields */
ptp->a_hostname = strdup(HostName(ptp->addr_pair.a_address));
ptp->a_portname = strdup(ServiceName(ptp->addr_pair.a_port));
ptp->a_endpoint =
strdup(EndpointName(ptp->addr_pair.a_address,
ptp->addr_pair.a_port));
ptp->b_hostname = strdup(HostName(ptp->addr_pair.b_address));
ptp->b_portname = strdup(ServiceName(ptp->addr_pair.b_port));
ptp->b_endpoint =
strdup(EndpointName(ptp->addr_pair.b_address,
ptp->addr_pair.b_port));
/* make the initial guess that each side is a reno tcp */
/* this might actually be a poor thing to do in the sense that
we could be looking at a Tahoe trace ... but the only side
effect for the moment is that the LEAST estimate may be
busted, although it very well may not be */
ptp->a2b.tcp_strain = TCP_RENO;
ptp->b2a.tcp_strain = TCP_RENO;
ptp->a2b.LEAST = ptp->b2a.LEAST = 0;
ptp->a2b.in_rto = ptp->b2a.in_rto = FALSE;
/* init time sequence graphs */
ptp->a2b.tsg_plotter = ptp->b2a.tsg_plotter = NO_PLOTTER;
if (graph_tsg && !ptp->ignore_pair) {
if (!ignore_non_comp || (SYN_SET(ptcp))) {
snprintf(title,sizeof(title),"%s_==>_%s (time sequence graph)",
ptp->a_endpoint, ptp->b_endpoint);
ptp->a2b.tsg_plotter =
new_plotter(&ptp->a2b,NULL,title,
graph_time_zero?"relative time":"time",
graph_seq_zero?"sequence offset":"sequence number",
PLOT_FILE_EXTENSION);
snprintf(title,sizeof(title),"%s_==>_%s (time sequence graph)",
ptp->b_endpoint, ptp->a_endpoint);
ptp->b2a.tsg_plotter =
new_plotter(&ptp->b2a,NULL,title,
graph_time_zero?"relative time":"time",
graph_seq_zero?"sequence offset":"sequence number",
PLOT_FILE_EXTENSION);
if (graph_time_zero) {
/* set graph zero points */
plotter_nothing(ptp->a2b.tsg_plotter, current_time);
plotter_nothing(ptp->b2a.tsg_plotter, current_time);
}
}
}
/* init owin graphs */
ptp->a2b.owin_plotter = ptp->b2a.owin_plotter = NO_PLOTTER;
if (graph_owin && !ptp->ignore_pair) {
if (!ignore_non_comp || (SYN_SET(ptcp))) {
snprintf(title,sizeof(title),"%s_==>_%s (outstanding data)",
ptp->a_endpoint, ptp->b_endpoint);
ptp->a2b.owin_plotter =
new_plotter(&ptp->a2b,NULL,title,
graph_time_zero?"relative time":"time",
"Outstanding Data (bytes)",
OWIN_FILE_EXTENSION);
snprintf(title,sizeof(title),"%s_==>_%s (outstanding data)",
ptp->b_endpoint, ptp->a_endpoint);
ptp->b2a.owin_plotter =
new_plotter(&ptp->b2a,NULL,title,
graph_time_zero?"relative time":"time",
"Outstanding Data (bytes)",
OWIN_FILE_EXTENSION);
if (graph_time_zero) {
/* set graph zero points */
plotter_nothing(ptp->a2b.owin_plotter, current_time);
plotter_nothing(ptp->b2a.owin_plotter, current_time);
}
ptp->a2b.owin_line =
new_line(ptp->a2b.owin_plotter, "owin", "red");
ptp->b2a.owin_line =
new_line(ptp->b2a.owin_plotter, "owin", "red");
if (show_rwinline) {
ptp->a2b.rwin_line =
new_line(ptp->a2b.owin_plotter, "rwin", "yellow");
ptp->b2a.rwin_line =
new_line(ptp->b2a.owin_plotter, "rwin", "yellow");
}
ptp->a2b.owin_avg_line =
new_line(ptp->a2b.owin_plotter, "avg owin", "blue");
ptp->b2a.owin_avg_line =
new_line(ptp->b2a.owin_plotter, "avg owin", "blue");
ptp->a2b.owin_wavg_line =
new_line(ptp->a2b.owin_plotter, "wavg owin", "green");
ptp->b2a.owin_wavg_line =
new_line(ptp->b2a.owin_plotter, "wavg owin", "green");
}
}
/* init time line graphs (Avinash, 2 July 2002) */
ptp->a2b.tline_plotter = ptp->b2a.tline_plotter = NO_PLOTTER;
if (graph_tline && !ptp->ignore_pair) {
if (!ignore_non_comp || (SYN_SET(ptcp))) {
/* We don't want the standard a2b type name so we will specify
* a filename of type a_b when we call new_plotter.
*/
char filename[25];
snprintf(filename,sizeof(filename),"%s_%s",
ptp->a2b.host_letter, ptp->a2b.ptwin->host_letter);
snprintf(title,sizeof(title),"%s_==>_%s (time line graph)",
ptp->a_endpoint, ptp->b_endpoint);
/* We will keep both the plotters the same since we want all
* segments going in either direction to be plotted on the same
* graph
*/
ptp->a2b.tline_plotter = ptp->b2a.tline_plotter =
new_plotter(&ptp->a2b,filename,title,
"segments",
"relative time",
TLINE_FILE_EXTENSION);
/* Switch the x & y axis types.
* The default is x - timeval, y - unsigned,
* we need x - unsigned, y - dtime.
* Both the plotters are the same so we will
* only call this function once.
*/
plotter_switch_axis(ptp->a2b.tline_plotter, TRUE);
/* set graph zero points */
plotter_nothing(ptp->a2b.tline_plotter, current_time);
plotter_nothing(ptp->b2a.tline_plotter, current_time);
/* Some graph initializations
* Generating a drawing space between x=0-100.
* The time lines will be at x=40 for source, x=60 for destination.
* Rest of the area on either sides will be used to print segment
* information.
*
* seg info |----->|
* |<-----| seg info
*/
tline_left = 40;
tline_right = 60;
plotter_invisible(ptp->a2b.tline_plotter, current_time, 0);
plotter_invisible(ptp->a2b.tline_plotter, current_time, 100);
}
}
/* init segment size graphs */
ptp->a2b.segsize_plotter = ptp->b2a.segsize_plotter = NO_PLOTTER;
if (graph_segsize && !ptp->ignore_pair) {
snprintf(title,sizeof(title),"%s_==>_%s (segment size graph)",
ptp->a_endpoint, ptp->b_endpoint);
ptp->a2b.segsize_plotter =
new_plotter(&ptp->a2b,NULL,title,
graph_time_zero?"relative time":"time",
"segment size (bytes)",
SEGSIZE_FILE_EXTENSION);
snprintf(title,sizeof(title),"%s_==>_%s (segment size graph)",
ptp->b_endpoint, ptp->a_endpoint);
ptp->b2a.segsize_plotter =
new_plotter(&ptp->b2a,NULL,title,
graph_time_zero?"relative time":"time",
"segment size (bytes)",
SEGSIZE_FILE_EXTENSION);
if (graph_time_zero) {
/* set graph zero points */
plotter_nothing(ptp->a2b.segsize_plotter, current_time);
plotter_nothing(ptp->b2a.segsize_plotter, current_time);
}
ptp->a2b.segsize_line =
new_line(ptp->a2b.segsize_plotter, "segsize", "red");
ptp->b2a.segsize_line =
new_line(ptp->b2a.segsize_plotter, "segsize", "red");
ptp->a2b.segsize_avg_line =
new_line(ptp->a2b.segsize_plotter, "avg segsize", "blue");
ptp->b2a.segsize_avg_line =
new_line(ptp->b2a.segsize_plotter, "avg segsize", "blue");
}
/* init RWIN graphs */
ptp->a2b.recvwin_plotter = ptp->b2a.recvwin_plotter = NO_PLOTTER;
if (graph_recvwin && !ptp->ignore_pair) {
snprintf(title,sizeof(title),"%s_==>_%s (advertised receive window graph)",
ptp->a_endpoint, ptp->b_endpoint);
ptp->a2b.recvwin_plotter =
new_plotter(&ptp->a2b,NULL,title,
graph_time_zero?"relative time":"time",
"advertised window (bytes)",
RECVWIN_FILE_EXTENSION);
snprintf(title,sizeof(title),"%s_==>_%s (advertised receive window graph)",
ptp->b_endpoint, ptp->a_endpoint);
ptp->b2a.recvwin_plotter =
new_plotter(&ptp->b2a,NULL,title,
graph_time_zero?"relative time":"time",
"advertised window (bytes)",
RECVWIN_FILE_EXTENSION);
if (graph_time_zero) {
/* set graph zero points */
plotter_nothing(ptp->a2b.recvwin_plotter, current_time);
plotter_nothing(ptp->b2a.recvwin_plotter, current_time);
}
ptp->a2b.recvwin_line =
new_line(ptp->a2b.recvwin_plotter, "recvwin", "red");
ptp->b2a.recvwin_line =
new_line(ptp->b2a.recvwin_plotter, "recvwin", "red");
}
/* init RTT graphs */
ptp->a2b.rtt_plotter = ptp->b2a.rtt_plotter = NO_PLOTTER;
ptp->a2b.ss = MakeSeqspace();
ptp->b2a.ss = MakeSeqspace();
ptp->filename = cur_filename;
return(ptp);
}
/* connection records are stored in a hash table. Buckets are linked */
/* lists sorted by most recent access. */
#ifdef SMALL_TABLE
#define HASH_TABLE_SIZE 1021 /* oughta be prime */
#else /* SMALL_TABLE */
#define HASH_TABLE_SIZE 4099 /* oughta be prime */
#endif /* SMALL_TABLE */
static ptp_snap *ptp_hashtable[HASH_TABLE_SIZE] = {NULL};
/* search efficiency data (optional) */
/* one entry per hash table bucket */
struct search_efficiency {
unsigned num_connections;
unsigned max_connections;
unsigned max_depth;
unsigned num_searches;
unsigned num_comparisons;
};
static struct search_efficiency hashtable_efficiency[HASH_TABLE_SIZE];
/* double linked-lists of live and closed connections */
static ptp_ptr *live_conn_list_head = NULL;
static ptp_ptr *live_conn_list_tail = NULL;
static ptp_ptr *closed_conn_list_head = NULL;
static ptp_ptr *closed_conn_list_tail = NULL;
static timeval last_update_time = {0, 0};
static tcp_pair *
FindTTP(
struct ip *pip,
struct tcphdr *ptcp,
int *pdir,
ptp_ptr **tcp_ptr)
{
ptp_snap **pptph_head = NULL;
ptp_snap *ptph;
tcp_pair_addrblock tp_in;
struct search_efficiency *pse = NULL;
unsigned depth = 0;
int dir, conn_status;
hash hval;
*tcp_ptr = NULL;
if (debug > 10) {
printf("trace.c: FindTTP() called\n");
}
/* grab the address from this packet */
CopyAddr(&tp_in, pip, ntohs(ptcp->th_sport), ntohs(ptcp->th_dport));
/* grab the hash value (already computed by CopyAddr) */
hval = tp_in.hash % HASH_TABLE_SIZE;
pptph_head = &ptp_hashtable[hval];
if (debug) {
/* search efficiency checking */
pse = &hashtable_efficiency[hval];
}
if (pse) {
/* search efficiency instrumentation */
depth = 0;
++pse->num_searches;
}
for (ptph = *pptph_head; ptph; ) {
if (debug) {
/* search efficiency instrumentation */
++search_count;
if (pse) {
++depth;
++pse->num_comparisons;
}
}
/* See if the current node in the AVL tree hash-bucket
* is the exact same connection as ourselves,
* either in A2B or B2A directions.
*/
dir = WhichDir(&tp_in, &ptph->addr_pair);
if (dir == A2B || dir == B2A) {
/* OK, this looks good, suck it into memory */
tcb *thisdir;
tcb *otherdir;
tcp_pair *ptp;
if (run_continuously) {
ptp_ptr *ptr = (ptp_ptr *)ptph->ptp;
ptp = ptr->ptp;
}
else {
ptp = (tcp_pair *)ptph->ptp;
}
/* figure out which direction this packet is going */
if (dir == A2B) {
thisdir = &ptp->a2b;
otherdir = &ptp->b2a;
} else {
thisdir = &ptp->b2a;
otherdir = &ptp->a2b;
}
/* check for "inactive" */
/* (this shouldn't happen anymore, they aren't on the list */
if (ptp->inactive) {
if (!run_continuously)
continue;
else {
*tcp_ptr = (ptp_ptr *)ptph->ptp;
return ((*tcp_ptr)->ptp);
}
}
/* Fri Oct 16, 1998 */
/* note: original heuristic was not sufficient. Bugs */
/* were pointed out by Brian Utterback and later by */
/* myself and Mark Allman */
if (!run_continuously) {
/* check for NEW connection on these same endpoints */
/* 1) At least 4 minutes idle time */
/* OR */
/* 2) heuristic (we might miss some) either: */
/* this packet has a SYN */
/* last conn saw both FINs and/or RSTs */
/* SYN sequence number outside last window (rfc 1122) */
/* (or less than initial Sequence, */
/* for wrap around trouble) - Tue Nov 3, 1998*/
/* OR */
/* 3) this is a SYN, last had a SYN, seq numbers differ */
/* if so, mark it INACTIVE and skip from now on */
if (0 && SYN_SET(ptcp)) {
/* better keep this debugging around, it keeps breaking */
printf("elapsed: %f sec\n",
elapsed(ptp->last_time,current_time)/1000000);
printf("SYN_SET: %d\n", SYN_SET(ptcp));
printf("a2b.fin_count: %d\n", ptp->a2b.fin_count);
printf("b2a.fin_count: %d\n", ptp->b2a.fin_count);
printf("a2b.reset_count: %d\n", ptp->a2b.reset_count);
printf("b2a.reset_count: %d\n", ptp->b2a.reset_count);
printf("dir: %d (%s)\n", dir, dir==A2B?"A2B":"B2A");
printf("seq: %lu \n", (u_long)ntohl(ptcp->th_seq));
printf("winend: %lu \n", otherdir->windowend);
printf("syn: %lu \n", otherdir->syn);
printf("SEQ_GREATERTHAN winend: %d\n",
SEQ_GREATERTHAN(ntohl(ptcp->th_seq),otherdir->windowend));
printf("SEQ_LESSTHAN init syn: %d\n",
SEQ_LESSTHAN(ntohl(ptcp->th_seq),thisdir->syn));
}
if (/* rule 1 */
(elapsed(ptp->last_time,current_time)/1000000 > nonreal_live_conn_interval)//(4*60)) - Using nonreal_live_conn_interval instead of the 4 mins heuristic
|| /* rule 2 */
((SYN_SET(ptcp)) &&
(((thisdir->fin_count >= 1) ||
(otherdir->fin_count >= 1)) ||
((thisdir->reset_count >= 1) ||
(otherdir->reset_count >= 1))) &&
(SEQ_GREATERTHAN(ntohl(ptcp->th_seq),otherdir->windowend) ||
SEQ_LESSTHAN(ntohl(ptcp->th_seq),thisdir->syn)))
|| /* rule 3 */
(SYN_SET(ptcp) &&
(thisdir->syn_count > 1) &&
(thisdir->syn != ntohl(ptcp->th_seq)))) {
if (debug>1) {
printf("%s: Marking %p %s<->%s INACTIVE (idle: %f sec)\n",
ts2ascii(¤t_time),
ptp,
ptp->a_endpoint, ptp->b_endpoint,
elapsed(ptp->last_time,
current_time)/1000000);
if (debug > 3)
PrintTrace(ptp);
}
/* we won't need this one anymore, remove it from the */
/* hash table so we won't have to skip over it */
ptp->inactive = TRUE;
if (debug > 4)
printf("Removing connection from hashtable:\
FindTTP() calling SnapRemove()\n");
/* Removes connection snapshot from AVL tree */
SnapRemove(pptph_head, ptph->addr_pair);
break;
}
}
if (run_continuously)
(*tcp_ptr) = (ptp_ptr *)ptph->ptp;
*pdir = dir;
return (ptp);
} else { // WhichDir returned 0, meaning if it exists, it's deeper
conn_status = AVL_WhichDir(&tp_in,&ptph->addr_pair);
if (conn_status == LT)
ptph = ptph->left;
else if (conn_status == RT)
ptph = ptph->right;
else if (!conn_status) {
fprintf(stderr, "WARNING!! AVL_WhichDir() should not return 0 if\n"
"\tWhichDir() didn't return A2B or B2A previously\n");
break;
}
}
}
/* Didn't find it, make a new one, if possible */
if (0) {
printf("trace.c:FindTTP() calling MakePtpSnap()\n");
}
ptph = MakePtpSnap();
if (run_continuously) {
ptp_ptr *ptr = (ptp_ptr *)MakePtpPtr();
ptr->prev = NULL;
if (live_conn_list_head == NULL) {
ptr->next = NULL;
live_conn_list_head = ptr;
live_conn_list_tail = ptr;
}
else {
ptr->next = live_conn_list_head;
live_conn_list_head->prev = ptr;
live_conn_list_head = ptr;
}
ptr->from = ptph;
ptr->ptp = NewTTP(pip, ptcp);
ptph->addr_pair = ptr->ptp->addr_pair;
ptph->ptp = (void *)ptr;
if (conn_num_threshold) {
active_conn_count++;