tap-dcerpcstat.c

   1 /* tap-dcerpcstat.c
   2  * dcerpcstat   2002 Ronnie Sahlberg
   3  *
   4  * $Id: tap-dcerpcstat.c,v 1.8 2004/01/19 18:23:01 jmayer Exp $
   5  *
   6  * Ethereal - Network traffic analyzer
   7  * By Gerald Combs <gerald@ethereal.com>
   8  * Copyright 1998 Gerald Combs
   9  *
  10  * This program is free software; you can redistribute it and/or
  11  * modify it under the terms of the GNU General Public License
  12  * as published by the Free Software Foundation; either version 2
  13  * of the License, or (at your option) any later version.
  14  *
  15  * This program is distributed in the hope that it will be useful,
  16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18  * GNU General Public License for more details.
  19  *
  20  * You should have received a copy of the GNU General Public License
  21  * along with this program; if not, write to the Free Software
  22  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  23  */
  24
  25 #ifdef HAVE_CONFIG_H
  26 # include "config.h"
  27 #endif
  28
  29 #include <stdio.h>
  30
  31 #ifdef HAVE_SYS_TYPES_H
  32 # include <sys/types.h>
  33 #endif
  34
  35 #include <string.h>
  36 #include "epan/packet_info.h"
  37 #include "tap.h"
  38 #include "packet-dcerpc.h"
  39 #include "register.h"
  40
  41 /* used to keep track of statistics for a specific procedure */
  42 typedef struct _rpc_procedure_t {
  43         char *proc;
  44         int num;
  45         nstime_t min;
  46         nstime_t max;
  47         nstime_t tot;
  48 } rpc_procedure_t;
  49
  50 /* used to keep track of the statistics for an entire program interface */
  51 typedef struct _rpcstat_t {
  52         char *prog;
  53         char *filter;
  54         e_uuid_t uuid;
  55         guint16 ver;
  56         guint32 num_procedures;
  57         rpc_procedure_t *procedures;
  58 } rpcstat_t;
  59
  60
  61
  62 static int
  63 dcerpcstat_packet(void *prs, packet_info *pinfo, epan_dissect_t *edt _U_, void *pri)
  64 {
  65         dcerpc_info *ri=pri;
  66         rpcstat_t *rs=prs;
  67         nstime_t delta;
  68         rpc_procedure_t *rp;
  69
  70         if(!ri->call_data){
  71                 return 0;
  72         }
  73         if(!ri->call_data->req_frame){
  74                 /* we have not seen the request so we dont know the delta*/
  75                 return 0;
  76         }
  77         if(ri->call_data->opnum>=rs->num_procedures){
  78                 /* dont handle this since its outside of known table */
  79                 return 0;
  80         }
  81
  82         /* we are only interested in reply packets */
  83         if(ri->request){
  84                 return 0;
  85         }
  86
  87         /* we are only interested in certain program/versions */
  88         if( (ri->call_data->uuid.Data1!=rs->uuid.Data1)
  89           ||(ri->call_data->uuid.Data2!=rs->uuid.Data2)
  90           ||(ri->call_data->uuid.Data3!=rs->uuid.Data3)
  91           ||(ri->call_data->uuid.Data4[0]!=rs->uuid.Data4[0])
  92           ||(ri->call_data->uuid.Data4[1]!=rs->uuid.Data4[1])
  93           ||(ri->call_data->uuid.Data4[2]!=rs->uuid.Data4[2])
  94           ||(ri->call_data->uuid.Data4[3]!=rs->uuid.Data4[3])
  95           ||(ri->call_data->uuid.Data4[4]!=rs->uuid.Data4[4])
  96           ||(ri->call_data->uuid.Data4[5]!=rs->uuid.Data4[5])
  97           ||(ri->call_data->uuid.Data4[6]!=rs->uuid.Data4[6])
  98           ||(ri->call_data->uuid.Data4[7]!=rs->uuid.Data4[7])
  99           ||(ri->call_data->ver!=rs->ver)){
 100                 return 0;
 101         }
 102
 103         rp=&(rs->procedures[ri->call_data->opnum]);
 104
 105         /* calculate time delta between request and reply */
 106         delta.secs=pinfo->fd->abs_secs-ri->call_data->req_time.secs;
 107         delta.nsecs=pinfo->fd->abs_usecs*1000-ri->call_data->req_time.nsecs;
 108         if(delta.nsecs<0){
 109                 delta.nsecs+=1000000000;
 110                 delta.secs--;
 111         }
 112
 113         if(rp->num==0){
 114                 rp->max.secs=delta.secs;
 115                 rp->max.nsecs=delta.nsecs;
 116         }
 117
 118         if(rp->num==0){
 119                 rp->min.secs=delta.secs;
 120                 rp->min.nsecs=delta.nsecs;
 121         }
 122
 123         if( (delta.secs<rp->min.secs)
 124         ||( (delta.secs==rp->min.secs)
 125           &&(delta.nsecs<rp->min.nsecs) ) ){
 126                 rp->min.secs=delta.secs;
 127                 rp->min.nsecs=delta.nsecs;
 128         }
 129
 130         if( (delta.secs>rp->max.secs)
 131         ||( (delta.secs==rp->max.secs)
 132           &&(delta.nsecs>rp->max.nsecs) ) ){
 133                 rp->max.secs=delta.secs;
 134                 rp->max.nsecs=delta.nsecs;
 135         }
 136
 137         rp->tot.secs += delta.secs;
 138         rp->tot.nsecs += delta.nsecs;
 139         if(rp->tot.nsecs>1000000000){
 140                 rp->tot.nsecs-=1000000000;
 141                 rp->tot.secs++;
 142         }
 143
 144         rp->num++;
 145
 146         return 1;
 147 }
 148
 149 static void
 150 dcerpcstat_draw(void *prs)
 151 {
 152         rpcstat_t *rs=prs;
 153         guint32 i;
 154 #ifdef G_HAVE_UINT64
 155         guint64 td;
 156 #else
 157         guint32 td;
 158 #endif
 159         printf("\n");
 160         printf("===================================================================\n");
 161         printf("%s Version %u.%u RTT Statistics:\n", rs->prog, rs->ver&0xff,rs->ver>>8);
 162         printf("Filter: %s\n",rs->filter?rs->filter:"");
 163         printf("Procedure                  Calls   Min RTT   Max RTT   Avg RTT\n");
 164         for(i=0;i<rs->num_procedures;i++){
 165                 /* scale it to units of 10us.*/
 166                 /* for long captures with a large tot time, this can overflow on 32bit */
 167                 td=(int)rs->procedures[i].tot.secs;
 168                 td=td*100000+(int)rs->procedures[i].tot.nsecs/10000;
 169                 if(rs->procedures[i].num){
 170                         td/=rs->procedures[i].num;
 171                 } else {
 172                         td=0;
 173                 }
 174
 175                 printf("%-25s %6d %3d.%05d %3d.%05d %3d.%05d\n",
 176                         rs->procedures[i].proc,
 177                         rs->procedures[i].num,
 178                         (int)rs->procedures[i].min.secs,rs->procedures[i].min.nsecs/10000,
 179                         (int)rs->procedures[i].max.secs,rs->procedures[i].max.nsecs/10000,
 180                         td/100000, td%100000
 181                 );
 182         }
 183         printf("===================================================================\n");
 184 }
 185
 186
 187
 188 static void
 189 dcerpcstat_init(char *optarg)
 190 {
 191         rpcstat_t *rs;
 192         guint32 i, max_procs;
 193         dcerpc_sub_dissector *procs;
 194         e_uuid_t uuid;
 195         guint d1,d2,d3,d40,d41,d42,d43,d44,d45,d46,d47;
 196         int major, minor;
 197         guint16 ver;
 198         int pos=0;
 199         char *filter=NULL;
 200         GString *error_string;
 201
 202         if(sscanf(optarg,"dcerpc,rtt,%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x,%d.%d%n", &d1,&d2,&d3,&d40,&d41,&d42,&d43,&d44,&d45,&d46,&d47,&major,&minor,&pos)==13){
 203                 uuid.Data1=d1;
 204                 uuid.Data2=d2;
 205                 uuid.Data3=d3;
 206                 uuid.Data4[0]=d40;
 207                 uuid.Data4[1]=d41;
 208                 uuid.Data4[2]=d42;
 209                 uuid.Data4[3]=d43;
 210                 uuid.Data4[4]=d44;
 211                 uuid.Data4[5]=d45;
 212                 uuid.Data4[6]=d46;
 213                 uuid.Data4[7]=d47;
 214                 if(pos){
 215                         filter=optarg+pos;
 216                 } else {
 217                         filter=NULL;
 218                 }
 219         } else {
 220                 fprintf(stderr, "tethereal: invalid \"-z dcerpc,rtt,<uuid>,<major version>.<minor version>[,<filter>]\" argument\n");
 221                 exit(1);
 222         }
 223         if (major < 0 || major > 255) {
 224                 fprintf(stderr,"tethereal: dcerpcstat_init() Major version number %d is invalid - must be positive and <= 255\n", major);
 225                 exit(1);
 226         }
 227         if (minor < 0 || minor > 255) {
 228                 fprintf(stderr,"tethereal: dcerpcstat_init() Minor version number %d is invalid - must be positive and <= 255\n", minor);
 229                 exit(1);
 230         }
 231         ver = ((minor<<8)|(major&0xff));
 232
 233         rs=g_malloc(sizeof(rpcstat_t));
 234         rs->prog=dcerpc_get_proto_name(&uuid, ver);
 235         if(!rs->prog){
 236                 g_free(rs);
 237                 fprintf(stderr,"tethereal: dcerpcstat_init() Protocol with uuid:%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x v%u.%u not supported\n",uuid.Data1,uuid.Data2,uuid.Data3,uuid.Data4[0],uuid.Data4[1],uuid.Data4[2],uuid.Data4[3],uuid.Data4[4],uuid.Data4[5],uuid.Data4[6],uuid.Data4[7],major,minor);
 238                 exit(1);
 239         }
 240         procs=dcerpc_get_proto_sub_dissector(&uuid, ver);
 241         rs->uuid=uuid;
 242         rs->ver=ver;
 243
 244         if(filter){
 245                 rs->filter=g_malloc(strlen(filter)+1);
 246                 strcpy(rs->filter, filter);
 247         } else {
 248                 rs->filter=NULL;
 249         }
 250
 251         for(i=0,max_procs=0;procs[i].name;i++){
 252                 if(procs[i].num>max_procs){
 253                         max_procs=procs[i].num;
 254                 }
 255         }
 256         rs->num_procedures=max_procs+1;
 257         rs->procedures=g_malloc(sizeof(rpc_procedure_t)*(rs->num_procedures+1));
 258         for(i=0;i<rs->num_procedures;i++){
 259                 int j;
 260                 rs->procedures[i].proc="unknown";
 261                 for(j=0;procs[j].name;j++){
 262                         if(procs[j].num==i){
 263                                 rs->procedures[i].proc=procs[j].name;
 264                         }
 265                 }
 266                 rs->procedures[i].num=0;
 267                 rs->procedures[i].min.secs=0;
 268                 rs->procedures[i].min.nsecs=0;
 269                 rs->procedures[i].max.secs=0;
 270                 rs->procedures[i].max.nsecs=0;
 271                 rs->procedures[i].tot.secs=0;
 272                 rs->procedures[i].tot.nsecs=0;
 273         }
 274
 275         error_string=register_tap_listener("dcerpc", rs, filter, NULL, dcerpcstat_packet, dcerpcstat_draw);
 276         if(error_string){
 277                 /* error, we failed to attach to the tap. clean up */
 278                 g_free(rs->procedures);
 279                 g_free(rs->filter);
 280                 g_free(rs);
 281
 282                 fprintf(stderr, "tethereal: Couldn't register dcerpc,rtt tap: %s\n",
 283                     error_string->str);
 284                 g_string_free(error_string, TRUE);
 285                 exit(1);
 286         }
 287 }
 288
 289 void
 290 register_tap_listener_dcerpcstat(void)
 291 {
 292         register_ethereal_tap("dcerpc,rtt,", dcerpcstat_init);
 293 }