Update:
[obnox/wireshark/wip.git] / tap-dcerpcstat.c
1 /* tap-dcerpcstat.c
2  * dcerpcstat   2002 Ronnie Sahlberg
3  *
4  * $Id$
5  *
6  * Wireshark - Network traffic analyzer
7  * By Gerald Combs <gerald@wireshark.org>
8  * Copyright 1998 Gerald Combs
9  *
10  * This program is free software; you can redistribute it and/or
11  * modify it under the terms of the GNU General Public License
12  * as published by the Free Software Foundation; either version 2
13  * of the License, or (at your option) any later version.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License
21  * along with this program; if not, write to the Free Software
22  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
23  */
24
25 #ifdef HAVE_CONFIG_H
26 # include "config.h"
27 #endif
28
29 #include <stdio.h>
30
31 #ifdef HAVE_SYS_TYPES_H
32 # include <sys/types.h>
33 #endif
34
35 #include <string.h>
36 #include "epan/packet_info.h"
37 #include <epan/tap.h>
38 #include <epan/stat_cmd_args.h>
39 #include <epan/dissectors/packet-dcerpc.h>
40
41 #define MICROSECS_PER_SEC   1000000
42 #define NANOSECS_PER_SEC    1000000000
43
44 /* used to keep track of statistics for a specific procedure */
45 typedef struct _rpc_procedure_t {
46         const char *proc;
47         int num;
48         nstime_t min;
49         nstime_t max;
50         nstime_t tot;
51 } rpc_procedure_t;
52
53 /* used to keep track of the statistics for an entire program interface */
54 typedef struct _rpcstat_t {
55         const char *prog;
56         char *filter;
57         e_uuid_t uuid;
58         guint16 ver;
59         guint32 num_procedures;
60         rpc_procedure_t *procedures;
61 } rpcstat_t;
62
63
64
65 static int
66 dcerpcstat_packet(void *prs, packet_info *pinfo, epan_dissect_t *edt _U_, const void *pri)
67 {
68         const dcerpc_info *ri=pri;
69         rpcstat_t *rs=prs;
70         nstime_t delta;
71         rpc_procedure_t *rp;
72
73         if(!ri->call_data){
74                 return 0;
75         }
76         if(!ri->call_data->req_frame){
77                 /* we have not seen the request so we dont know the delta*/
78                 return 0;
79         }
80         if(ri->call_data->opnum>=rs->num_procedures){
81                 /* dont handle this since its outside of known table */
82                 return 0;
83         }
84
85         /* we are only interested in reply packets */
86         if(ri->ptype != PDU_RESP){
87                 return 0;
88         }
89
90         /* we are only interested in certain program/versions */
91         if( (ri->call_data->uuid.Data1!=rs->uuid.Data1)
92           ||(ri->call_data->uuid.Data2!=rs->uuid.Data2)
93           ||(ri->call_data->uuid.Data3!=rs->uuid.Data3)
94           ||(ri->call_data->uuid.Data4[0]!=rs->uuid.Data4[0])
95           ||(ri->call_data->uuid.Data4[1]!=rs->uuid.Data4[1])
96           ||(ri->call_data->uuid.Data4[2]!=rs->uuid.Data4[2])
97           ||(ri->call_data->uuid.Data4[3]!=rs->uuid.Data4[3])
98           ||(ri->call_data->uuid.Data4[4]!=rs->uuid.Data4[4])
99           ||(ri->call_data->uuid.Data4[5]!=rs->uuid.Data4[5])
100           ||(ri->call_data->uuid.Data4[6]!=rs->uuid.Data4[6])
101           ||(ri->call_data->uuid.Data4[7]!=rs->uuid.Data4[7])
102           ||(ri->call_data->ver!=rs->ver)){
103                 return 0;
104         }
105
106         rp=&(rs->procedures[ri->call_data->opnum]);
107
108         /* calculate time delta between request and reply */
109         nstime_delta(&delta, &pinfo->fd->abs_ts, &ri->call_data->req_time);
110
111         if(rp->num==0){
112                 rp->max.secs=delta.secs;
113                 rp->max.nsecs=delta.nsecs;
114         }
115
116         if(rp->num==0){
117                 rp->min.secs=delta.secs;
118                 rp->min.nsecs=delta.nsecs;
119         }
120
121         if( (delta.secs<rp->min.secs)
122         ||( (delta.secs==rp->min.secs)
123           &&(delta.nsecs<rp->min.nsecs) ) ){
124                 rp->min.secs=delta.secs;
125                 rp->min.nsecs=delta.nsecs;
126         }
127
128         if( (delta.secs>rp->max.secs)
129         ||( (delta.secs==rp->max.secs)
130           &&(delta.nsecs>rp->max.nsecs) ) ){
131                 rp->max.secs=delta.secs;
132                 rp->max.nsecs=delta.nsecs;
133         }
134
135         rp->tot.secs += delta.secs;
136         rp->tot.nsecs += delta.nsecs;
137         if(rp->tot.nsecs > NANOSECS_PER_SEC){
138                 rp->tot.nsecs -= NANOSECS_PER_SEC;
139                 rp->tot.secs++;
140         }
141
142         rp->num++;
143
144         return 1;
145 }
146
147 static void
148 dcerpcstat_draw(void *prs)
149 {
150         rpcstat_t *rs=prs;
151         guint32 i;
152         guint64 td;
153         printf("\n");
154         printf("=======================================================================\n");
155         printf("%s Major Version %u SRT Statistics:\n", rs->prog, rs->ver);
156         printf("Filter: %s\n",rs->filter?rs->filter:"");
157         printf("Procedure                        Calls    Min SRT    Max SRT    Avg SRT\n");
158         
159         for(i=0;i<rs->num_procedures;i++){
160                 /* Only display procs with non-zero calls */
161                 if(rs->procedures[i].num==0){
162                         continue;
163                 }
164                 /* Scale the average SRT in units of 1us and round to the nearest us. */
165                 td = ((guint64)(rs->procedures[i].tot.secs)) * NANOSECS_PER_SEC + rs->procedures[i].tot.nsecs;
166                 td = ((td / rs->procedures[i].num) + 500) / 1000;
167
168                 printf("%-31s %6d %3d.%06d %3d.%06d %3" G_GINT64_MODIFIER "u.%06" G_GINT64_MODIFIER "u\n",
169                         rs->procedures[i].proc,
170                         rs->procedures[i].num,
171                         (int)(rs->procedures[i].min.secs),(rs->procedures[i].min.nsecs+500)/1000,
172                         (int)(rs->procedures[i].max.secs),(rs->procedures[i].max.nsecs+500)/1000,
173                         td/MICROSECS_PER_SEC, td%MICROSECS_PER_SEC
174                 );
175         }
176         printf("=======================================================================\n");
177 }
178
179
180
181 static void
182 dcerpcstat_init(const char *optarg, void* userdata _U_)
183 {
184         rpcstat_t *rs;
185         guint32 i, max_procs;
186         dcerpc_sub_dissector *procs;
187         e_uuid_t uuid;
188         guint d1,d2,d3,d40,d41,d42,d43,d44,d45,d46,d47;
189         int major, minor;
190         guint16 ver;
191         int pos=0;
192         const char *filter=NULL;
193         GString *error_string;
194
195         /*
196          * XXX - DCE RPC statistics are maintained only by major version,
197          * not by major and minor version, so the minor version number is
198          * ignored.
199          *
200          * Should we just stop supporting minor version numbers here?
201          * Or should we allow it to be omitted?  Or should we keep
202          * separate statistics for different minor version numbers,
203          * and allow the minor version number to be omitted, and
204          * report aggregate statistics for all minor version numbers
205          * if it's omitted?
206          */
207         if(sscanf(optarg,
208                 "dcerpc,srt,%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x,%d.%d%n",
209                 &d1,&d2,&d3,&d40,&d41,&d42,&d43,&d44,&d45,&d46,&d47,
210                 &major,&minor,&pos)==13){
211                 uuid.Data1=d1;
212                 uuid.Data2=d2;
213                 uuid.Data3=d3;
214                 uuid.Data4[0]=d40;
215                 uuid.Data4[1]=d41;
216                 uuid.Data4[2]=d42;
217                 uuid.Data4[3]=d43;
218                 uuid.Data4[4]=d44;
219                 uuid.Data4[5]=d45;
220                 uuid.Data4[6]=d46;
221                 uuid.Data4[7]=d47;
222                 if(pos){
223                         filter=optarg+pos;
224                 } else {
225                         filter=NULL;
226                 }
227         } else {
228                 fprintf(stderr, "tshark: invalid \"-z dcerpc,srt,<uuid>,<major version>.<minor version>[,<filter>]\" argument\n");
229                 exit(1);
230         }
231         if (major < 0 || major > 65535) {
232                 fprintf(stderr,"tshark: dcerpcstat_init() Major version number %d is invalid - must be positive and <= 65535\n", major);
233                 exit(1);
234         }
235         if (minor < 0 || minor > 65535) {
236                 fprintf(stderr,"tshark: dcerpcstat_init() Minor version number %d is invalid - must be positive and <= 65535\n", minor);
237                 exit(1);
238         }
239         ver = major;
240
241         rs=g_malloc(sizeof(rpcstat_t));
242         rs->prog=dcerpc_get_proto_name(&uuid, ver);
243         if(!rs->prog){
244                 g_free(rs);
245                 fprintf(stderr,"tshark: dcerpcstat_init() Protocol with uuid:%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x v%u not supported\n",uuid.Data1,uuid.Data2,uuid.Data3,uuid.Data4[0],uuid.Data4[1],uuid.Data4[2],uuid.Data4[3],uuid.Data4[4],uuid.Data4[5],uuid.Data4[6],uuid.Data4[7],ver);
246                 exit(1);
247         }
248         procs=dcerpc_get_proto_sub_dissector(&uuid, ver);
249         rs->uuid=uuid;
250         rs->ver=ver;
251
252         if(filter){
253                 rs->filter=g_strdup(filter);
254         } else {
255                 rs->filter=NULL;
256         }
257
258         for(i=0,max_procs=0;procs[i].name;i++){
259                 if(procs[i].num>max_procs){
260                         max_procs=procs[i].num;
261                 }
262         }
263         rs->num_procedures=max_procs+1;
264         rs->procedures=g_malloc(sizeof(rpc_procedure_t)*(rs->num_procedures+1));
265         for(i=0;i<rs->num_procedures;i++){
266                 int j;
267                 rs->procedures[i].proc="unknown";
268                 for(j=0;procs[j].name;j++){
269                         if(procs[j].num==i){
270                                 rs->procedures[i].proc=procs[j].name;
271                         }
272                 }
273                 rs->procedures[i].num=0;
274                 rs->procedures[i].min.secs=0;
275                 rs->procedures[i].min.nsecs=0;
276                 rs->procedures[i].max.secs=0;
277                 rs->procedures[i].max.nsecs=0;
278                 rs->procedures[i].tot.secs=0;
279                 rs->procedures[i].tot.nsecs=0;
280         }
281
282         error_string=register_tap_listener("dcerpc", rs, filter, 0, NULL, dcerpcstat_packet, dcerpcstat_draw);
283         if(error_string){
284                 /* error, we failed to attach to the tap. clean up */
285                 g_free(rs->procedures);
286                 g_free(rs->filter);
287                 g_free(rs);
288
289                 fprintf(stderr, "tshark: Couldn't register dcerpc,srt tap: %s\n",
290                     error_string->str);
291                 g_string_free(error_string, TRUE);
292                 exit(1);
293         }
294 }
295
296 void
297 register_tap_listener_dcerpcstat(void)
298 {
299         register_stat_cmd_arg("dcerpc,srt,", dcerpcstat_init,NULL);
300 }