bugtracking mode, performance improvement by earlier caching of inode2pid data
This commit is contained in:
Arnout Engelen
@@ -154,18 +154,33 @@ void Connection::add (Packet * packet)
|
||||
}
|
||||
}
|
||||
|
||||
/* finds connection to which this packet belongs.
|
||||
/*
|
||||
* finds connection to which this packet belongs.
|
||||
* a packet belongs to a connection if it matches
|
||||
* to its reference packet */
|
||||
* to its reference packet
|
||||
*/
|
||||
Connection * findConnection (Packet * packet)
|
||||
{
|
||||
ConnList * current = connections;
|
||||
Packet * invertedPacket = packet->newInverted();
|
||||
while (current != NULL)
|
||||
{
|
||||
/* the reference packet is always *outgoing* */
|
||||
if ((packet->match(current->val->refpacket))
|
||||
|| (invertedPacket->match(current->val->refpacket)))
|
||||
if (packet->match(current->val->refpacket))
|
||||
{
|
||||
return current->val;
|
||||
}
|
||||
|
||||
current = current->next;
|
||||
}
|
||||
|
||||
// Try again, now with the packet inverted:
|
||||
current = connections;
|
||||
Packet * invertedPacket = packet->newInverted();
|
||||
|
||||
while (current != NULL)
|
||||
{
|
||||
/* the reference packet is always *outgoing* */
|
||||
if (invertedPacket->match(current->val->refpacket))
|
||||
{
|
||||
delete invertedPacket;
|
||||
return current->val;
|
||||
@@ -173,6 +188,7 @@ Connection * findConnection (Packet * packet)
|
||||
|
||||
current = current->next;
|
||||
}
|
||||
|
||||
delete invertedPacket;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
3
cui.cpp
3
cui.cpp
@@ -2,6 +2,7 @@
|
||||
#include <string>
|
||||
#include <pwd.h>
|
||||
#include <sys/types.h>
|
||||
#include <stdlib.h>
|
||||
#include <cstdlib>
|
||||
#include <algorithm>
|
||||
|
||||
@@ -386,7 +387,7 @@ void do_refresh()
|
||||
|
||||
if (viewMode == VIEWMODE_KBPS)
|
||||
{
|
||||
std::cout << "kbps viemode" << std::endl;
|
||||
//std::cout << "kbps viemode" << std::endl;
|
||||
getkbps (curproc->getVal(), &value_recv, &value_sent);
|
||||
}
|
||||
else if (viewMode == VIEWMODE_TOTAL_KB)
|
||||
|
||||
@@ -15,6 +15,8 @@
|
||||
|
||||
#include "inode2prog.h"
|
||||
|
||||
extern bool bughuntmode;
|
||||
|
||||
/* maps from inode to program-struct */
|
||||
std::map <unsigned long, prg_node *> inodeproc;
|
||||
|
||||
@@ -193,11 +195,29 @@ struct prg_node * findPID (unsigned long inode)
|
||||
struct prg_node * node = inodeproc[inode];
|
||||
|
||||
if (node != NULL)
|
||||
{
|
||||
if (bughuntmode)
|
||||
{
|
||||
std::cout << ":) Found pid in inodeproc table" << std::endl;
|
||||
}
|
||||
return node;
|
||||
}
|
||||
|
||||
reread_mapping();
|
||||
|
||||
return inodeproc[inode];
|
||||
struct prg_node * retval = inodeproc[inode];
|
||||
if (bughuntmode)
|
||||
{
|
||||
if (retval == NULL)
|
||||
{
|
||||
std::cout << ":( No pid after inodeproc refresh" << std::endl;
|
||||
}
|
||||
else
|
||||
{
|
||||
std::cout << ":) Found pid after inodeproc refresh" << std::endl;
|
||||
}
|
||||
}
|
||||
return retval;
|
||||
}
|
||||
|
||||
void prg_cache_clear() {};
|
||||
|
||||
@@ -14,3 +14,6 @@ struct prg_node {
|
||||
struct prg_node * findPID (unsigned long inode);
|
||||
|
||||
void prg_cache_clear();
|
||||
|
||||
// reread the inode-to-prg_node-mapping
|
||||
void reread_mapping ();
|
||||
|
||||
16
nethogs.cpp
16
nethogs.cpp
@@ -31,6 +31,7 @@ extern Process * unknownudp;
|
||||
|
||||
unsigned refreshdelay = 1;
|
||||
bool tracemode = false;
|
||||
bool bughuntmode = false;
|
||||
bool needrefresh = true;
|
||||
//packet_type packettype = packet_ethernet;
|
||||
//dp_link_type linktype = dp_link_ethernet;
|
||||
@@ -89,7 +90,7 @@ int process_tcp (u_char * userdata, const dp_header * header, const u_char * m_p
|
||||
|
||||
curtime = header->ts;
|
||||
|
||||
/* TODO get info from userdata, then call getPacket */
|
||||
/* get info from userdata, then call getPacket */
|
||||
Packet * packet;
|
||||
switch (args->sa_family)
|
||||
{
|
||||
@@ -101,9 +102,6 @@ int process_tcp (u_char * userdata, const dp_header * header, const u_char * m_p
|
||||
break;
|
||||
}
|
||||
|
||||
//if (DEBUG)
|
||||
// std::cout << "Got packet from " << packet->gethashstring() << std::endl;
|
||||
|
||||
Connection * connection = findConnection(packet);
|
||||
|
||||
if (connection != NULL)
|
||||
@@ -229,12 +227,13 @@ static void versiondisplay(void)
|
||||
|
||||
static void help(void)
|
||||
{
|
||||
//std::cerr << "usage: nethogs [-V] [-d seconds] [-t] [-p] [-f (eth|ppp))] [device [device [device ...]]]\n";
|
||||
std::cerr << "usage: nethogs [-V] [-d seconds] [-t] [-p] [device [device [device ...]]]\n";
|
||||
//std::cerr << "usage: nethogs [-V] [-b] [-d seconds] [-t] [-p] [-f (eth|ppp))] [device [device [device ...]]]\n";
|
||||
std::cerr << "usage: nethogs [-V] [-b] [-d seconds] [-t] [-p] [device [device [device ...]]]\n";
|
||||
std::cerr << " -V : prints version.\n";
|
||||
std::cerr << " -d : delay for update refresh rate in seconds. default is 1.\n";
|
||||
std::cerr << " -t : tracemode.\n";
|
||||
//std::cerr << " -f : format of packets on interface, default is eth.\n";
|
||||
std::cerr << " -b : bughunt mode - implies tracemode.\n";
|
||||
std::cerr << " -p : sniff in promiscious mode (not recommended).\n";
|
||||
std::cerr << " device : device(s) to monitor. default is eth0\n";
|
||||
std::cerr << std::endl;
|
||||
@@ -284,6 +283,9 @@ int main (int argc, char** argv)
|
||||
exit(0);
|
||||
case 'h': help();
|
||||
exit(0);
|
||||
case 'b': bughuntmode = true;
|
||||
tracemode = true;
|
||||
break;
|
||||
case 't': tracemode = true;
|
||||
break;
|
||||
case 'p': promisc = 1;
|
||||
@@ -324,7 +326,7 @@ int main (int argc, char** argv)
|
||||
}
|
||||
|
||||
if (NEEDROOT && (getuid() != 0))
|
||||
forceExit("You need to be root to run NetHogs !");
|
||||
forceExit("You need to be root to run NetHogs!");
|
||||
|
||||
char errbuf[PCAP_ERRBUF_SIZE];
|
||||
|
||||
|
||||
@@ -43,7 +43,7 @@ void getLocal (const char *device, bool tracemode)
|
||||
}
|
||||
strcpy(iFreq.ifr_name, device);
|
||||
if(ioctl(sock, SIOCGIFADDR, &iFreq)<0){
|
||||
forceExit("ioctl failed while establishing local IP for device ", device);
|
||||
forceExit("ioctl failed while establishing local IP for selected device ", device);
|
||||
}
|
||||
saddr=(struct sockaddr_in*)&iFreq.ifr_addr;
|
||||
local_addrs = new local_addr (saddr->sin_addr.s_addr, local_addrs);
|
||||
|
||||
46
process.cpp
46
process.cpp
@@ -238,7 +238,11 @@ Process * findProcess (unsigned long inode)
|
||||
}
|
||||
|
||||
/* check if we have identified any previously unknown
|
||||
* connections are now known */
|
||||
* connections are now known
|
||||
*
|
||||
* When this is the case, something weird is going on.
|
||||
* This function is only called in bughunt-mode
|
||||
*/
|
||||
void reviewUnknown ()
|
||||
{
|
||||
ConnList * curr_conn = unknowntcp->connections;
|
||||
@@ -251,8 +255,8 @@ void reviewUnknown ()
|
||||
Process * proc = findProcess (inode);
|
||||
if (proc != unknowntcp && proc != NULL)
|
||||
{
|
||||
if (DEBUG)
|
||||
std::cout << "ITP: WARNING: Previously unknown inode " << inode << " now got process...??\n";
|
||||
if (DEBUG || bughuntmode)
|
||||
std::cout << "FIXME: Previously unknown inode " << inode << " now got process - apparently it makes sense to review unknown connections\n";
|
||||
/* Yay! - but how can this happen? */
|
||||
if (!ROBUST)
|
||||
assert(false);
|
||||
@@ -327,7 +331,7 @@ Process * getProcess (unsigned long inode, char * devicename)
|
||||
|
||||
if (node == NULL)
|
||||
{
|
||||
if (DEBUG)
|
||||
if (DEBUG || bughuntmode)
|
||||
std::cout << "No PID information for inode " << inode << std::endl;
|
||||
return unknowntcp;
|
||||
}
|
||||
@@ -386,11 +390,28 @@ Process * getProcess (Connection * connection, char * devicename)
|
||||
if (inode == 0)
|
||||
{
|
||||
// no? refresh and check conn/inode table
|
||||
#if DEBUG
|
||||
std::cout << "LOC: new connection not in connection-to-inode table.\n";
|
||||
#endif
|
||||
if (bughuntmode)
|
||||
{
|
||||
std::cout << "? new connection not in connection-to-inode table before refresh.\n";
|
||||
}
|
||||
// refresh the inode->pid table first. Presumably processing the renewed connection->inode table
|
||||
// is slow, making this worthwhile.
|
||||
// We take the fact for granted that we might already know the inode->pid (unlikely anyway if we
|
||||
// haven't seen the connection->inode yet though).
|
||||
reread_mapping();
|
||||
refreshconninode();
|
||||
inode = conninode[connection->refpacket->gethashstring()];
|
||||
if (bughuntmode)
|
||||
{
|
||||
if (inode == 0)
|
||||
{
|
||||
std::cout << ":( inode for connection not found after refresh.\n";
|
||||
}
|
||||
else
|
||||
{
|
||||
std::cout << ":) inode for connection found after refresh.\n";
|
||||
}
|
||||
}
|
||||
#if REVERSEHACK
|
||||
if (inode == 0)
|
||||
{
|
||||
@@ -406,7 +427,7 @@ Process * getProcess (Connection * connection, char * devicename)
|
||||
if (inode == 0)
|
||||
{
|
||||
delete reversepacket;
|
||||
if (DEBUG)
|
||||
if (bughuntmode || DEBUG)
|
||||
std::cout << "LOC: " << connection->refpacket->gethashstring() << " STILL not in connection-to-inode table - adding to the unknown process\n";
|
||||
unknowntcp->connections = new ConnList (connection, unknowntcp->connections);
|
||||
return unknowntcp;
|
||||
@@ -417,6 +438,15 @@ Process * getProcess (Connection * connection, char * devicename)
|
||||
}
|
||||
#endif
|
||||
}
|
||||
else if (bughuntmode)
|
||||
{
|
||||
std::cout << ";) new connection in connection-to-inode table before refresh.\n";
|
||||
}
|
||||
|
||||
if (bughuntmode)
|
||||
{
|
||||
std::cout << " inode # " << inode << std::endl;
|
||||
}
|
||||
|
||||
Process * proc;
|
||||
if (inode == 0) {
|
||||
|
||||
Reference in New Issue
Block a user