2001-03-22 23:54:47 +00:00
|
|
|
/* proto_hier_stats.c
|
|
|
|
* Routines for calculating statistics based on protocol.
|
|
|
|
*
|
2004-07-18 00:24:25 +00:00
|
|
|
* $Id$
|
2001-03-22 23:54:47 +00:00
|
|
|
*
|
2006-05-21 05:12:17 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
2001-03-22 23:54:47 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
# include "config.h"
|
|
|
|
#endif
|
|
|
|
|
2009-08-26 19:27:49 +00:00
|
|
|
#include <stdio.h>
|
|
|
|
|
2001-03-22 23:54:47 +00:00
|
|
|
#include "globals.h"
|
|
|
|
#include "proto_hier_stats.h"
|
2001-03-24 02:07:22 +00:00
|
|
|
#include "progress_dlg.h"
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/epan_dissect.h>
|
2001-03-22 23:54:47 +00:00
|
|
|
#include <wtap.h>
|
|
|
|
|
|
|
|
#include <stdio.h>
|
2007-01-25 23:00:29 +00:00
|
|
|
#include <string.h>
|
2001-03-22 23:54:47 +00:00
|
|
|
#include <glib.h>
|
|
|
|
|
2001-03-24 02:07:22 +00:00
|
|
|
/* Update the progress bar this many times when scanning the packet list. */
|
|
|
|
#define N_PROGBAR_UPDATES 100
|
|
|
|
|
2002-01-02 20:23:46 +00:00
|
|
|
#define STAT_NODE_STATS(n) ((ph_stats_node_t*)(n)->data)
|
|
|
|
#define STAT_NODE_HFINFO(n) (STAT_NODE_STATS(n)->hfinfo)
|
|
|
|
|
2004-03-17 21:48:15 +00:00
|
|
|
|
2001-03-22 23:54:47 +00:00
|
|
|
static GNode*
|
2002-01-02 20:23:46 +00:00
|
|
|
find_stat_node(GNode *parent_stat_node, header_field_info *needle_hfinfo)
|
2001-03-22 23:54:47 +00:00
|
|
|
{
|
2002-01-02 20:23:46 +00:00
|
|
|
GNode *needle_stat_node;
|
|
|
|
header_field_info *hfinfo;
|
|
|
|
ph_stats_node_t *stats;
|
2001-03-22 23:54:47 +00:00
|
|
|
|
2002-01-02 20:23:46 +00:00
|
|
|
needle_stat_node = g_node_first_child(parent_stat_node);
|
2001-03-22 23:54:47 +00:00
|
|
|
|
2002-01-02 20:23:46 +00:00
|
|
|
while (needle_stat_node) {
|
|
|
|
hfinfo = STAT_NODE_HFINFO(needle_stat_node);
|
|
|
|
if (hfinfo && hfinfo->id == needle_hfinfo->id) {
|
|
|
|
return needle_stat_node;
|
2001-03-22 23:54:47 +00:00
|
|
|
}
|
2002-01-02 20:23:46 +00:00
|
|
|
needle_stat_node = g_node_next_sibling(needle_stat_node);
|
2001-03-22 23:54:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* None found. Create one. */
|
|
|
|
stats = g_new(ph_stats_node_t, 1);
|
|
|
|
|
|
|
|
/* Intialize counters */
|
|
|
|
stats->hfinfo = needle_hfinfo;
|
|
|
|
stats->num_pkts_total = 0;
|
|
|
|
stats->num_pkts_last = 0;
|
|
|
|
stats->num_bytes_total = 0;
|
|
|
|
stats->num_bytes_last = 0;
|
|
|
|
|
2002-01-02 20:23:46 +00:00
|
|
|
needle_stat_node = g_node_new(stats);
|
|
|
|
g_node_append(parent_stat_node, needle_stat_node);
|
|
|
|
return needle_stat_node;
|
2001-03-22 23:54:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
2003-12-04 10:59:34 +00:00
|
|
|
process_node(proto_node *ptree_node, GNode *parent_stat_node, ph_stats_t *ps, guint pkt_len)
|
2001-03-22 23:54:47 +00:00
|
|
|
{
|
|
|
|
field_info *finfo;
|
2003-12-04 10:59:34 +00:00
|
|
|
ph_stats_node_t *stats;
|
|
|
|
proto_node *proto_sibling_node;
|
2001-03-22 23:54:47 +00:00
|
|
|
GNode *stat_node;
|
|
|
|
|
2009-08-09 17:33:23 +00:00
|
|
|
finfo = PNODE_FINFO(ptree_node);
|
2009-08-21 11:03:30 +00:00
|
|
|
/* We don't fake protocol nodes we expect them to have a field_info */
|
|
|
|
g_assert(finfo && "dissection with faked proto tree?");
|
2001-03-22 23:54:47 +00:00
|
|
|
|
2007-12-03 12:15:21 +00:00
|
|
|
/* If the field info isn't related to a protocol but to a field,
|
|
|
|
* don't count them, as they don't belong to any protocol.
|
|
|
|
* (happens e.g. for toplevel tree item of desegmentation "[Reassembled TCP Segments]") */
|
|
|
|
if (finfo->hfinfo->parent != -1) {
|
|
|
|
/* Skip this element, use parent status node */
|
|
|
|
stat_node = parent_stat_node;
|
|
|
|
stats = STAT_NODE_STATS(stat_node);
|
|
|
|
} else {
|
|
|
|
stat_node = find_stat_node(parent_stat_node, finfo->hfinfo);
|
2001-03-22 23:54:47 +00:00
|
|
|
|
2007-12-03 12:15:21 +00:00
|
|
|
stats = STAT_NODE_STATS(stat_node);
|
|
|
|
stats->num_pkts_total++;
|
|
|
|
stats->num_bytes_total += pkt_len;
|
|
|
|
}
|
2001-03-22 23:54:47 +00:00
|
|
|
|
2003-12-04 10:59:34 +00:00
|
|
|
proto_sibling_node = ptree_node->next;
|
2001-03-22 23:54:47 +00:00
|
|
|
|
2007-12-03 12:15:21 +00:00
|
|
|
if (proto_sibling_node) {
|
2007-01-25 23:00:29 +00:00
|
|
|
/* If the name does not exist for this proto_sibling_node, then it is
|
|
|
|
* not a normal protocol in the top-level tree. It was instead
|
|
|
|
* added as a normal tree such as IPv6's Hop-by-hop Option Header and
|
|
|
|
* should be skipped when creating the protocol hierarchy display. */
|
2009-08-09 17:57:31 +00:00
|
|
|
if(strlen(PNODE_FINFO(proto_sibling_node)->hfinfo->name) == 0 && ptree_node->next)
|
2007-01-25 23:00:29 +00:00
|
|
|
proto_sibling_node = proto_sibling_node->next;
|
|
|
|
|
2001-03-22 23:54:47 +00:00
|
|
|
process_node(proto_sibling_node, stat_node, ps, pkt_len);
|
2007-11-29 07:40:08 +00:00
|
|
|
} else {
|
2001-03-22 23:54:47 +00:00
|
|
|
stats->num_pkts_last++;
|
|
|
|
stats->num_bytes_last += pkt_len;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
process_tree(proto_tree *protocol_tree, ph_stats_t* ps, guint pkt_len)
|
|
|
|
{
|
2003-12-04 10:59:34 +00:00
|
|
|
proto_node *ptree_node;
|
2001-03-22 23:54:47 +00:00
|
|
|
|
2003-12-04 10:59:34 +00:00
|
|
|
ptree_node = ((proto_node *)protocol_tree)->first_child;
|
2001-12-18 19:09:08 +00:00
|
|
|
if (!ptree_node) {
|
2001-03-22 23:54:47 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2001-12-18 19:09:08 +00:00
|
|
|
process_node(ptree_node, ps->stats_tree, ps, pkt_len);
|
2001-03-22 23:54:47 +00:00
|
|
|
}
|
|
|
|
|
2003-09-03 23:32:40 +00:00
|
|
|
static gboolean
|
2001-12-10 00:26:21 +00:00
|
|
|
process_frame(frame_data *frame, column_info *cinfo, ph_stats_t* ps)
|
2001-03-22 23:54:47 +00:00
|
|
|
{
|
2009-08-13 19:42:46 +00:00
|
|
|
epan_dissect_t edt;
|
2001-03-22 23:54:47 +00:00
|
|
|
union wtap_pseudo_header phdr;
|
|
|
|
guint8 pd[WTAP_MAX_PACKET_SIZE];
|
2004-03-17 21:48:15 +00:00
|
|
|
double cur_time;
|
2001-03-22 23:54:47 +00:00
|
|
|
|
|
|
|
/* Load the frame from the capture file */
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
if (!cf_read_frame_r(&cfile, frame, &phdr, pd))
|
2003-09-03 23:32:40 +00:00
|
|
|
return FALSE; /* failure */
|
2001-03-22 23:54:47 +00:00
|
|
|
|
2005-04-07 12:00:03 +00:00
|
|
|
/* Dissect the frame tree not visible */
|
2009-08-13 19:42:46 +00:00
|
|
|
epan_dissect_init(&edt, TRUE, FALSE);
|
2009-08-11 18:08:03 +00:00
|
|
|
/* Don't fake protocols. We need them for the protocol hierarchy */
|
2009-08-13 19:42:46 +00:00
|
|
|
epan_dissect_fake_protocols(&edt, FALSE);
|
|
|
|
epan_dissect_run(&edt, &phdr, pd, frame, cinfo);
|
2001-03-22 23:54:47 +00:00
|
|
|
|
|
|
|
/* Get stats from this protocol tree */
|
2009-08-13 19:42:46 +00:00
|
|
|
process_tree(edt.tree, ps, frame->pkt_len);
|
2001-03-22 23:54:47 +00:00
|
|
|
|
2004-03-17 21:48:15 +00:00
|
|
|
/* Update times */
|
2005-08-24 21:31:56 +00:00
|
|
|
cur_time = nstime_to_sec(&frame->abs_ts);
|
2004-03-17 21:48:15 +00:00
|
|
|
if (cur_time < ps->first_time) {
|
|
|
|
ps->first_time = cur_time;
|
|
|
|
}
|
|
|
|
if (cur_time > ps->last_time){
|
|
|
|
ps->last_time = cur_time;
|
|
|
|
}
|
|
|
|
|
2001-03-22 23:54:47 +00:00
|
|
|
/* Free our memory. */
|
2009-08-13 19:42:46 +00:00
|
|
|
epan_dissect_cleanup(&edt);
|
2003-09-03 23:32:40 +00:00
|
|
|
|
|
|
|
return TRUE; /* success */
|
2001-03-22 23:54:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
ph_stats_t*
|
|
|
|
ph_stats_new(void)
|
|
|
|
{
|
|
|
|
ph_stats_t *ps;
|
|
|
|
frame_data *frame;
|
|
|
|
guint tot_packets, tot_bytes;
|
2002-07-30 10:13:16 +00:00
|
|
|
progdlg_t *progbar = NULL;
|
2001-03-24 02:07:22 +00:00
|
|
|
gboolean stop_flag;
|
2002-08-28 10:07:37 +00:00
|
|
|
int count;
|
2005-10-27 20:18:50 +00:00
|
|
|
float progbar_val;
|
2002-07-30 10:13:16 +00:00
|
|
|
GTimeVal start_time;
|
2002-08-28 10:07:37 +00:00
|
|
|
gchar status_str[100];
|
2004-01-09 21:38:21 +00:00
|
|
|
int progbar_nextstep;
|
|
|
|
int progbar_quantum;
|
2001-03-22 23:54:47 +00:00
|
|
|
|
|
|
|
/* Initialize the data */
|
|
|
|
ps = g_new(ph_stats_t, 1);
|
|
|
|
ps->tot_packets = 0;
|
|
|
|
ps->tot_bytes = 0;
|
|
|
|
ps->stats_tree = g_node_new(NULL);
|
2004-03-17 21:48:15 +00:00
|
|
|
ps->first_time = 0.0;
|
|
|
|
ps->last_time = 0.0;
|
2001-03-22 23:54:47 +00:00
|
|
|
|
2001-03-24 02:07:22 +00:00
|
|
|
/* Update the progress bar when it gets to this value. */
|
2004-01-09 21:38:21 +00:00
|
|
|
progbar_nextstep = 0;
|
2001-03-24 02:07:22 +00:00
|
|
|
/* When we reach the value that triggers a progress bar update,
|
|
|
|
bump that value by this amount. */
|
2004-01-09 21:38:21 +00:00
|
|
|
progbar_quantum = cfile.count/N_PROGBAR_UPDATES;
|
2001-03-24 02:07:22 +00:00
|
|
|
/* Count of packets at which we've looked. */
|
|
|
|
count = 0;
|
2005-10-27 20:18:50 +00:00
|
|
|
/* Progress so far. */
|
2009-04-21 16:57:52 +00:00
|
|
|
progbar_val = 0.0f;
|
2001-03-24 02:07:22 +00:00
|
|
|
|
|
|
|
stop_flag = FALSE;
|
2002-07-30 10:13:16 +00:00
|
|
|
g_get_current_time(&start_time);
|
2001-03-24 02:07:22 +00:00
|
|
|
|
2001-03-22 23:54:47 +00:00
|
|
|
tot_packets = 0;
|
|
|
|
tot_bytes = 0;
|
|
|
|
|
2009-09-21 18:09:19 +00:00
|
|
|
for (frame = cfile.plist_start; frame != NULL; frame = frame->next) {
|
2005-10-27 06:45:37 +00:00
|
|
|
/* Create the progress bar if necessary.
|
|
|
|
We check on every iteration of the loop, so that
|
|
|
|
it takes no longer than the standard time to create
|
|
|
|
it (otherwise, for a large file, we might take
|
|
|
|
considerably longer than that standard time in order
|
|
|
|
to get to the next progress bar step). */
|
|
|
|
if (progbar == NULL)
|
|
|
|
progbar = delayed_create_progress_dlg(
|
2009-09-21 18:09:19 +00:00
|
|
|
"Computing", "protocol hierarchy statistics",
|
2005-11-12 11:05:02 +00:00
|
|
|
TRUE, &stop_flag, &start_time, progbar_val);
|
2005-10-27 06:45:37 +00:00
|
|
|
|
2001-03-24 02:07:22 +00:00
|
|
|
/* Update the progress bar, but do it only N_PROGBAR_UPDATES
|
|
|
|
times; when we update it, we have to run the GTK+ main
|
|
|
|
loop to get it to repaint what's pending, and doing so
|
|
|
|
may involve an "ioctl()" to see if there's any pending
|
|
|
|
input from an X server, and doing that for every packet
|
|
|
|
can be costly, especially on a big file. */
|
2004-01-09 21:38:21 +00:00
|
|
|
if (count >= progbar_nextstep) {
|
2001-03-24 02:07:22 +00:00
|
|
|
/* let's not divide by zero. I should never be started
|
|
|
|
* with count == 0, so let's assert that
|
|
|
|
*/
|
|
|
|
g_assert(cfile.count > 0);
|
|
|
|
|
2005-10-27 20:18:50 +00:00
|
|
|
progbar_val = (gfloat) count / cfile.count;
|
2001-03-24 02:07:22 +00:00
|
|
|
|
2002-08-28 10:07:37 +00:00
|
|
|
if (progbar != NULL) {
|
|
|
|
g_snprintf(status_str, sizeof(status_str),
|
|
|
|
"%4u of %u frames", count, cfile.count);
|
2005-10-27 20:18:50 +00:00
|
|
|
update_progress_dlg(progbar, progbar_val, status_str);
|
2002-08-28 10:07:37 +00:00
|
|
|
}
|
2002-07-30 10:13:16 +00:00
|
|
|
|
2004-01-09 21:38:21 +00:00
|
|
|
progbar_nextstep += progbar_quantum;
|
2001-03-24 02:07:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (stop_flag) {
|
|
|
|
/* Well, the user decided to abort the statistics.
|
|
|
|
computation process Just stop. */
|
|
|
|
break;
|
2001-03-22 23:54:47 +00:00
|
|
|
}
|
|
|
|
|
2001-03-24 02:07:22 +00:00
|
|
|
/* Skip frames that are hidden due to the display filter.
|
|
|
|
XXX - should the progress bar count only packets that
|
|
|
|
passed the display filter? If so, it should
|
|
|
|
probably do so for other loops (see "file.c") that
|
|
|
|
look only at those packets. */
|
|
|
|
if (frame->flags.passed_dfilter) {
|
2004-03-17 21:48:15 +00:00
|
|
|
|
|
|
|
if (tot_packets == 0) {
|
2005-08-24 21:31:56 +00:00
|
|
|
double cur_time = nstime_to_sec(&frame->abs_ts);
|
2004-03-17 21:48:15 +00:00
|
|
|
ps->first_time = cur_time;
|
|
|
|
ps->last_time = cur_time;
|
|
|
|
}
|
2009-09-21 18:09:19 +00:00
|
|
|
|
2005-04-07 12:00:03 +00:00
|
|
|
/* we don't care about colinfo */
|
|
|
|
if (!process_frame(frame, NULL, ps)) {
|
2003-09-03 23:32:40 +00:00
|
|
|
/*
|
|
|
|
* Give up, and set "stop_flag" so we
|
|
|
|
* just abort rather than popping up
|
|
|
|
* the statistics window.
|
|
|
|
*/
|
|
|
|
stop_flag = TRUE;
|
|
|
|
break;
|
|
|
|
}
|
2001-03-24 02:07:22 +00:00
|
|
|
|
|
|
|
tot_packets++;
|
|
|
|
tot_bytes += frame->pkt_len;
|
|
|
|
}
|
2001-03-22 23:54:47 +00:00
|
|
|
|
2001-03-24 02:07:22 +00:00
|
|
|
count++;
|
|
|
|
}
|
2001-03-22 23:54:47 +00:00
|
|
|
|
2002-07-30 10:13:16 +00:00
|
|
|
/* We're done calculating the statistics; destroy the progress bar
|
|
|
|
if it was created. */
|
|
|
|
if (progbar != NULL)
|
|
|
|
destroy_progress_dlg(progbar);
|
2001-03-24 02:07:22 +00:00
|
|
|
|
|
|
|
if (stop_flag) {
|
|
|
|
/*
|
|
|
|
* We quit in the middle; throw away the statistics
|
|
|
|
* and return NULL, so our caller doesn't pop up a
|
|
|
|
* window with the incomplete statistics.
|
|
|
|
*/
|
|
|
|
ph_stats_free(ps);
|
|
|
|
return NULL;
|
2001-03-22 23:54:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
ps->tot_packets = tot_packets;
|
|
|
|
ps->tot_bytes = tot_bytes;
|
|
|
|
|
|
|
|
return ps;
|
|
|
|
}
|
|
|
|
|
|
|
|
static gboolean
|
2002-03-31 20:39:08 +00:00
|
|
|
stat_node_free(GNode *node, gpointer data _U_)
|
2001-03-22 23:54:47 +00:00
|
|
|
{
|
2010-03-27 18:24:05 +00:00
|
|
|
ph_stats_node_t *stats = (ph_stats_node_t *)node->data;
|
2001-03-22 23:54:47 +00:00
|
|
|
|
|
|
|
if (stats) {
|
|
|
|
g_free(stats);
|
|
|
|
}
|
2001-03-23 21:55:36 +00:00
|
|
|
return FALSE;
|
2001-03-22 23:54:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
ph_stats_free(ph_stats_t *ps)
|
|
|
|
{
|
|
|
|
|
|
|
|
if (ps->stats_tree) {
|
|
|
|
g_node_traverse(ps->stats_tree, G_IN_ORDER,
|
|
|
|
G_TRAVERSE_ALL, -1,
|
|
|
|
stat_node_free, NULL);
|
|
|
|
g_node_destroy(ps->stats_tree);
|
|
|
|
}
|
|
|
|
|
|
|
|
g_free(ps);
|
|
|
|
}
|