Ethereal->Wireshark
[obnox/wireshark/wip.git] / tap-dcerpcstat.c
1 /* tap-dcerpcstat.c
2  * dcerpcstat   2002 Ronnie Sahlberg
3  *
4  * $Id$
5  *
6  * Wireshark - Network traffic analyzer
7  * By Gerald Combs <gerald@wireshark.org>
8  * Copyright 1998 Gerald Combs
9  * 
10  * This program is free software; you can redistribute it and/or
11  * modify it under the terms of the GNU General Public License
12  * as published by the Free Software Foundation; either version 2
13  * of the License, or (at your option) any later version.
14  * 
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18  * GNU General Public License for more details.
19  * 
20  * You should have received a copy of the GNU General Public License
21  * along with this program; if not, write to the Free Software
22  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
23  */
24
25 #ifdef HAVE_CONFIG_H
26 # include "config.h"
27 #endif
28
29 #include <stdio.h>
30
31 #ifdef HAVE_SYS_TYPES_H
32 # include <sys/types.h>
33 #endif
34
35 #include <string.h>
36 #include "epan/packet_info.h"
37 #include <epan/tap.h>
38 #include <epan/stat_cmd_args.h>
39 #include <epan/dissectors/packet-dcerpc.h>
40 #include "register.h"
41
42 /* used to keep track of statistics for a specific procedure */
43 typedef struct _rpc_procedure_t {
44         const char *proc;
45         int num;
46         nstime_t min;
47         nstime_t max;
48         nstime_t tot;
49 } rpc_procedure_t;
50
51 /* used to keep track of the statistics for an entire program interface */
52 typedef struct _rpcstat_t {
53         const char *prog;
54         char *filter;
55         e_uuid_t uuid;
56         guint16 ver;
57         guint32 num_procedures;
58         rpc_procedure_t *procedures;
59 } rpcstat_t;
60
61
62
63 static int
64 dcerpcstat_packet(void *prs, packet_info *pinfo, epan_dissect_t *edt _U_, const void *pri)
65 {
66         const dcerpc_info *ri=pri;
67         rpcstat_t *rs=prs;
68         nstime_t delta;
69         rpc_procedure_t *rp;
70
71         if(!ri->call_data){
72                 return 0;
73         }
74         if(!ri->call_data->req_frame){
75                 /* we have not seen the request so we dont know the delta*/
76                 return 0;
77         }
78         if(ri->call_data->opnum>=rs->num_procedures){
79                 /* dont handle this since its outside of known table */
80                 return 0;
81         }
82
83         /* we are only interested in reply packets */
84         if(ri->ptype != PDU_RESP){
85                 return 0;
86         }
87
88         /* we are only interested in certain program/versions */
89         if( (ri->call_data->uuid.Data1!=rs->uuid.Data1)
90           ||(ri->call_data->uuid.Data2!=rs->uuid.Data2)
91           ||(ri->call_data->uuid.Data3!=rs->uuid.Data3)
92           ||(ri->call_data->uuid.Data4[0]!=rs->uuid.Data4[0])
93           ||(ri->call_data->uuid.Data4[1]!=rs->uuid.Data4[1])
94           ||(ri->call_data->uuid.Data4[2]!=rs->uuid.Data4[2])
95           ||(ri->call_data->uuid.Data4[3]!=rs->uuid.Data4[3])
96           ||(ri->call_data->uuid.Data4[4]!=rs->uuid.Data4[4])
97           ||(ri->call_data->uuid.Data4[5]!=rs->uuid.Data4[5])
98           ||(ri->call_data->uuid.Data4[6]!=rs->uuid.Data4[6])
99           ||(ri->call_data->uuid.Data4[7]!=rs->uuid.Data4[7])
100           ||(ri->call_data->ver!=rs->ver)){
101                 return 0;
102         }
103
104         rp=&(rs->procedures[ri->call_data->opnum]);
105
106         /* calculate time delta between request and reply */
107         nstime_delta(&delta, &pinfo->fd->abs_ts, &ri->call_data->req_time);
108
109         if(rp->num==0){
110                 rp->max.secs=delta.secs;
111                 rp->max.nsecs=delta.nsecs;
112         }
113
114         if(rp->num==0){
115                 rp->min.secs=delta.secs;
116                 rp->min.nsecs=delta.nsecs;
117         }
118
119         if( (delta.secs<rp->min.secs)
120         ||( (delta.secs==rp->min.secs)
121           &&(delta.nsecs<rp->min.nsecs) ) ){
122                 rp->min.secs=delta.secs;
123                 rp->min.nsecs=delta.nsecs;
124         }
125
126         if( (delta.secs>rp->max.secs)
127         ||( (delta.secs==rp->max.secs)
128           &&(delta.nsecs>rp->max.nsecs) ) ){
129                 rp->max.secs=delta.secs;
130                 rp->max.nsecs=delta.nsecs;
131         }
132         
133         rp->tot.secs += delta.secs;
134         rp->tot.nsecs += delta.nsecs;
135         if(rp->tot.nsecs>1000000000){
136                 rp->tot.nsecs-=1000000000;
137                 rp->tot.secs++;
138         }
139
140         rp->num++;
141
142         return 1;
143 }
144
145 static void
146 dcerpcstat_draw(void *prs)
147 {
148         rpcstat_t *rs=prs;
149         guint32 i;
150 #ifdef G_HAVE_UINT64
151         guint64 td;
152 #else
153         guint32 td;
154 #endif
155         printf("\n");
156         printf("===================================================================\n");
157         printf("%s Major Version %u RTT Statistics:\n", rs->prog, rs->ver);
158         printf("Filter: %s\n",rs->filter?rs->filter:"");
159         printf("Procedure                  Calls   Min RTT   Max RTT   Avg RTT\n");
160         for(i=0;i<rs->num_procedures;i++){
161                 /* scale it to units of 10us.*/
162                 /* for long captures with a large tot time, this can overflow on 32bit */
163                 td=(int)rs->procedures[i].tot.secs;
164                 td=td*100000+(int)rs->procedures[i].tot.nsecs/10000;
165                 if(rs->procedures[i].num){
166                         td/=rs->procedures[i].num;
167                 } else {
168                         td=0;
169                 }
170
171                 printf("%-25s %6d %3d.%05d %3d.%05d %3d.%05d\n",
172                         rs->procedures[i].proc,
173                         rs->procedures[i].num,
174                         (int)rs->procedures[i].min.secs,rs->procedures[i].min.nsecs/10000,
175                         (int)rs->procedures[i].max.secs,rs->procedures[i].max.nsecs/10000,
176                         td/100000, td%100000
177                 );
178         }
179         printf("===================================================================\n");
180 }
181
182
183
184 static void
185 dcerpcstat_init(const char *optarg, void* userdata _U_)
186 {
187         rpcstat_t *rs;
188         guint32 i, max_procs;
189         dcerpc_sub_dissector *procs;
190         e_uuid_t uuid;
191         guint d1,d2,d3,d40,d41,d42,d43,d44,d45,d46,d47;
192         int major, minor;
193         guint16 ver;
194         int pos=0;
195         const char *filter=NULL;
196         GString *error_string;
197     
198         /*
199          * XXX - DCE RPC statistics are maintained only by major version,
200          * not by major and minor version, so the minor version number is
201          * ignored.
202          *
203          * Should we just stop supporting minor version numbers here?
204          * Or should we allow it to be omitted?  Or should we keep
205          * separate statistics for different minor version numbers,
206          * and allow the minor version number to be omitted, and
207          * report aggregate statistics for all minor version numbers
208          * if it's omitted?
209          *
210          * XXX - should this be called "srt" rather than "rtt"?  The
211          * equivalent tap for Wireshark calls it "srt", for "Service
212          * Response Time", rather than "rtt" for "Round-Trip Time".
213          */
214         if(sscanf(optarg,"dcerpc,rtt,%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x,%d.%d%n", &d1,&d2,&d3,&d40,&d41,&d42,&d43,&d44,&d45,&d46,&d47,&major,&minor,&pos)==13){
215                 uuid.Data1=d1;
216                 uuid.Data2=d2;
217                 uuid.Data3=d3;
218                 uuid.Data4[0]=d40;
219                 uuid.Data4[1]=d41;
220                 uuid.Data4[2]=d42;
221                 uuid.Data4[3]=d43;
222                 uuid.Data4[4]=d44;
223                 uuid.Data4[5]=d45;
224                 uuid.Data4[6]=d46;
225                 uuid.Data4[7]=d47;
226                 if(pos){
227                         filter=optarg+pos;
228                 } else {
229                         filter=NULL;
230                 }
231         } else {
232                 fprintf(stderr, "twireshark: invalid \"-z dcerpc,rtt,<uuid>,<major version>.<minor version>[,<filter>]\" argument\n");
233                 exit(1);
234         }
235         if (major < 0 || major > 65535) {
236                 fprintf(stderr,"twireshark: dcerpcstat_init() Major version number %d is invalid - must be positive and <= 65535\n", major);
237                 exit(1);
238         }
239         if (minor < 0 || minor > 65535) {
240                 fprintf(stderr,"twireshark: dcerpcstat_init() Minor version number %d is invalid - must be positive and <= 65535\n", minor);
241                 exit(1);
242         }
243         ver = major;
244
245         rs=g_malloc(sizeof(rpcstat_t));
246         rs->prog=dcerpc_get_proto_name(&uuid, ver);
247         if(!rs->prog){
248                 g_free(rs);
249                 fprintf(stderr,"twireshark: dcerpcstat_init() Protocol with uuid:%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x v%u not supported\n",uuid.Data1,uuid.Data2,uuid.Data3,uuid.Data4[0],uuid.Data4[1],uuid.Data4[2],uuid.Data4[3],uuid.Data4[4],uuid.Data4[5],uuid.Data4[6],uuid.Data4[7],ver);
250                 exit(1);
251         }
252         procs=dcerpc_get_proto_sub_dissector(&uuid, ver);
253         rs->uuid=uuid;
254         rs->ver=ver;
255
256         if(filter){
257                 rs->filter=g_malloc(strlen(filter)+1);
258                 strcpy(rs->filter, filter);
259         } else {
260                 rs->filter=NULL;
261         }
262
263         for(i=0,max_procs=0;procs[i].name;i++){
264                 if(procs[i].num>max_procs){
265                         max_procs=procs[i].num;
266                 }
267         }
268         rs->num_procedures=max_procs+1;
269         rs->procedures=g_malloc(sizeof(rpc_procedure_t)*(rs->num_procedures+1));
270         for(i=0;i<rs->num_procedures;i++){
271                 int j;
272                 rs->procedures[i].proc="unknown";
273                 for(j=0;procs[j].name;j++){
274                         if(procs[j].num==i){
275                                 rs->procedures[i].proc=procs[j].name;
276                         }
277                 }
278                 rs->procedures[i].num=0;        
279                 rs->procedures[i].min.secs=0;
280                 rs->procedures[i].min.nsecs=0;
281                 rs->procedures[i].max.secs=0;
282                 rs->procedures[i].max.nsecs=0;
283                 rs->procedures[i].tot.secs=0;
284                 rs->procedures[i].tot.nsecs=0;
285         }
286
287         error_string=register_tap_listener("dcerpc", rs, filter, NULL, dcerpcstat_packet, dcerpcstat_draw);
288         if(error_string){
289                 /* error, we failed to attach to the tap. clean up */
290                 g_free(rs->procedures);
291                 g_free(rs->filter);
292                 g_free(rs);
293
294                 fprintf(stderr, "twireshark: Couldn't register dcerpc,rtt tap: %s\n",
295                     error_string->str);
296                 g_string_free(error_string, TRUE);
297                 exit(1);
298         }
299 }
300
301 void
302 register_tap_listener_dcerpcstat(void)
303 {
304         register_stat_cmd_arg("dcerpc,rtt,", dcerpcstat_init,NULL);
305 }