Merge pull request #199 from takeoverjp/feature-udp-support

Issue: #62 - UDP support

src/conninode.cpp

@@ -36,12 +36,14 @@
 
 extern local_addr *local_addrs;
 extern bool bughuntmode;
+extern bool catchall;
 /*
  * connection-inode table. takes information from /proc/net/tcp.
  * key contains source ip, source port, destination ip, destination
  * port in format: '1.2.3.4:5-1.2.3.4:5'
  */
-std::map<std::string, unsigned long> conninode;
+std::map<std::string, unsigned long> conninode_tcp;
+std::map<std::string, unsigned long> conninode_udp;
 
 /*
  * parses a /proc/net/tcp-line of the form:
@@ -58,7 +60,8 @@ std::map<std::string, unsigned long> conninode;
  *00000000     0        0 2525 2 c732eca0 201 40 1 2 -1
  *
  */
-void addtoconninode(char *buffer) {
+void addtoconninode(char *buffer,
+                    std::map<std::string, unsigned long> &conninode) {
   short int sa_family;
   struct in6_addr result_addr_local = {};
   struct in6_addr result_addr_remote = {};
@@ -159,7 +162,8 @@ void addtoconninode(char *buffer) {
 }
 
 /* opens /proc/net/tcp[6] and adds its contents line by line */
-int addprocinfo(const char *filename) {
+int addprocinfo(const char *filename,
+                std::map<std::string, unsigned long> &conninode) {
   FILE *procinfo = fopen(filename, "r");
 
   char buffer[8192];
@@ -171,7 +175,7 @@ int addprocinfo(const char *filename) {
 
   do {
     if (fgets(buffer, sizeof(buffer), procinfo))
-      addtoconninode(buffer);
+      addtoconninode(buffer, conninode);
   } while (!feof(procinfo));
 
   fclose(procinfo);
@@ -185,15 +189,27 @@ void refreshconninode() {
   // conninode = new HashTable (256);
 
 #if defined(__APPLE__) || defined(__FreeBSD__)
-  addprocinfo("net.inet.tcp.pcblist");
+  addprocinfo("net.inet.tcp.pcblist", conninode_tcp);
 #else
-  if (!addprocinfo("/proc/net/tcp")) {
+  if (!addprocinfo("/proc/net/tcp", conninode_tcp)) {
     std::cout << "Error: couldn't open /proc/net/tcp\n";
     exit(0);
   }
-  addprocinfo("/proc/net/tcp6");
+  addprocinfo("/proc/net/tcp6", conninode_tcp);
 #endif
 
+  if (catchall) {
+#if defined(__APPLE__) || defined(__FreeBSD__)
+    addprocinfo("net.inet.udp.pcblist", conninode_udp);
+#else
+    if (!addprocinfo("/proc/net/udp", conninode_udp)) {
+      std::cout << "Error: couldn't open /proc/net/udp\n";
+      exit(0);
+    }
+    addprocinfo("/proc/net/udp6", conninode_udp);
+#endif
+  }
+
   // if (DEBUG)
   //	reviewUnknown();
 }

src/conninode_test.cpp

@@ -2,23 +2,40 @@
 
 local_addr *local_addrs = NULL;
 bool bughuntmode = false;
+bool catchall = false;
 
 int main() {
-  if (!addprocinfo("testfiles/proc_net_tcp")) {
+  if (!addprocinfo("testfiles/proc_net_tcp", conninode_tcp)) {
     std::cerr << "Failed to load testfiles/proc_net_tcp" << std::endl;
     return 1;
   }
-  if (!addprocinfo("testfiles/proc_net_tcp_big")) {
+  if (!addprocinfo("testfiles/proc_net_tcp_big", conninode_tcp)) {
     std::cerr << "Failed to load testfiles/proc_net_tcp_big" << std::endl;
     return 2;
   }
 
 #if !defined(__APPLE__) && !defined(__FreeBSD__)
-  if (!addprocinfo("/proc/net/tcp")) {
+  if (!addprocinfo("/proc/net/tcp", conninode_tcp)) {
     std::cerr << "Failed to load /proc/net/tcp" << std::endl;
     return 3;
   }
 #endif
 
+  if (!addprocinfo("testfiles/proc_net_udp", conninode_udp)) {
+    std::cerr << "Failed to load testfiles/proc_net_udp" << std::endl;
+    return 4;
+  }
+  if (!addprocinfo("testfiles/proc_net_udp_big", conninode_udp)) {
+    std::cerr << "Failed to load testfiles/proc_net_udp_big" << std::endl;
+    return 5;
+  }
+
+#if !defined(__APPLE__) && !defined(__FreeBSD__)
+  if (!addprocinfo("/proc/net/udp", conninode_udp)) {
+    std::cerr << "Failed to load /proc/net/udp" << std::endl;
+    return 6;
+  }
+#endif
+
   return 0;
 }

src/nethogs.cpp

@@ -150,7 +150,7 @@ int process_tcp(u_char *userdata, const dp_header *header,
   } else {
     /* else: unknown connection, create new */
     connection = new Connection(packet);
-    getProcess(connection, args->device);
+    getProcess(connection, args->device, IPPROTO_TCP);
   }
   delete packet;
 
@@ -202,8 +202,7 @@ int process_udp(u_char *userdata, const dp_header *header,
   } else {
     /* else: unknown connection, create new */
     connection = new Connection(packet);
-    unknownudp->connections = new ConnList(connection, unknownudp->connections);
-    // getProcess(connection, args->device);
+    getProcess(connection, args->device, IPPROTO_UDP);
   }
   delete packet;
 

src/process.cpp

@@ -47,7 +47,8 @@ extern bool catchall;
  * key contains source ip, source port, destination ip, destination
  * port in format: '1.2.3.4:5-1.2.3.4:5'
  */
-extern std::map<std::string, unsigned long> conninode;
+extern std::map<std::string, unsigned long> conninode_tcp;
+extern std::map<std::string, unsigned long> conninode_udp;
 
 /* this file includes:
  * - calls to inodeproc to get the pid that belongs to that inode
@@ -306,7 +307,10 @@ Process *getProcess(unsigned long inode, const char *devicename) {
  * is made. If no process can be found even then, it's added to the
  * 'unknown' process.
  */
-Process *getProcess(Connection *connection, const char *devicename) {
+Process *getProcess(Connection *connection, const char *devicename,
+                    short int packettype) {
+  std::map<std::string, unsigned long> &conninode =
+      (packettype == IPPROTO_TCP) ? conninode_tcp : conninode_udp;
   unsigned long inode = conninode[connection->refpacket->gethashstring()];
 
   if (inode == 0) {
@@ -370,8 +374,15 @@ Process *getProcess(Connection *connection, const char *devicename) {
   }
 
   Process *proc = NULL;
-  if (inode != 0)
+  if (inode != 0) {
     proc = getProcess(inode, devicename);
+  } else {
+    if (packettype == IPPROTO_TCP) {
+      proc = unknowntcp;
+    } else {
+      proc = unknownudp;
+    }
+  }
 
   if (proc == NULL) {
     proc = new Process(inode, "", connection->refpacket->gethashstring());

src/process.h

@@ -134,7 +134,8 @@ private:
   Process *val;
 };
 
-Process *getProcess(Connection *connection, const char *devicename = NULL);
+Process *getProcess(Connection *connection, const char *devicename = NULL,
+                    short int packettype = IPPROTO_TCP);
 
 void process_init();
 

src/testfiles/proc_net_udp

@@ -0,0 +1,16 @@
+  sl  local_address rem_address   st tx_queue rx_queue tr tm->when retrnsmt   uid  timeout inode ref pointer drops             
+   39: 3419F40A:DB26 BDCC7D4A:01BB 01 00000000:00000000 00:00000000 00000000  1000        0 79657 2 0000000000000000 0         
+ 1955: 3419F40A:E2A2 6319D9AC:01BB 01 00000000:00000000 00:00000000 00000000  1000        0 185469 2 0000000000000000 0        
+ 4626: 00000000:ED11 00000000:0000 07 00000000:00000000 00:00000000 00000000   116        0 32328 2 0000000000000000 0         
+ 8847: 3419F40A:BD8E BDCC7D4A:01BB 01 00000000:00000000 00:00000000 00000000  1000        0 51058 2 0000000000000000 0         
+ 9526: 017AA8C0:0035 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 35289 2 0000000000000000 0         
+ 9526: 3500007F:0035 00000000:0000 07 00000000:00000000 00:00000000 00000000   101        0 26778 2 0000000000000000 0         
+ 9540: 00000000:0043 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 35286 2 0000000000000000 0         
+ 9541: 00000000:0044 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 35490 2 0000000000000000 0         
+10104: 00000000:0277 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 68859 2 0000000000000000 0         
+13615: 3419F40A:D02E 8E1FD9AC:01BB 01 00000000:00000000 00:00000000 00000000  1000        0 184575 2 0000000000000000 0        
+14826: FB0000E0:14E9 00000000:0000 07 00000000:00000000 00:00000000 00000000  1000        0 58803 2 0000000000000000 0         
+14826: 00000000:14E9 00000000:0000 07 00000000:00000000 00:00000000 00000000   116        0 32326 2 0000000000000000 0         
+15093: 3419F40A:95F4 AA6A7D4A:01BB 01 00000000:00000000 00:00000000 00000000  1000        0 180186 2 0000000000000000 0        
+15432: 3419F40A:D747 431BD9AC:01BB 01 00000000:00000000 00:00000000 00000000  1000        0 186370 2 0000000000000000 0        
+15816: 3419F40A:98C7 BDCC7D4A:01BB 01 00000000:00000000 00:00000000 00000000  1000        0 79872 2 0000000000000000 0