Sprinter/mame
2
0
Fork 0
mirror of https://github.com/holub/mame synced 2025-04-28 19:14:55 +03:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
b718eba236
mame/3rdparty/winpcap/docs/html/group__wpcap__tut9.html
Miodrag Milanovic c4fa7719b1 Added integral version of WinPcap SDK (nw)
2015-01-10 12:21:12 +01:00

207 lines
16 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>WinPcap: Gathering Statistics on the network traffic</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="style.css" rel="stylesheet" type="text/css"/>
</head>
<body>
<!-- Generated by Doxygen 1.6.1 -->
<div class="navigation" id="top">
<div class="tabs">
<ul>
<li><a href="main.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="pages.html"><span>Related&nbsp;Pages</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="files.html"><span>Files</span></a></li>
</ul>
</div>
</div>
<div class="contents">
<h1>Gathering Statistics on the network traffic</h1><table border="0" cellpadding="0" cellspacing="0">
</table>
<p>This lesson shows another advanced feature of WinPcap: the ability to collect statistics about network traffic. The statistical engine makes use of the kernel-level packet filter to efficiently classify the incoming packet. You can take a look at the <a class="el" href="group__NPF.html">NPF driver internals manual</a> if you want to know more details.</p>
<p>In order to use this feature, the programmer must open an adapter and put it in <em>statistical</em> <em>mode</em>. This can be done with <a class="el" href="group__wpcapfunc.html#gaef07ef49d3c75644f3fd34518e2fe720" title="Set the working mode of the interface p to mode.">pcap_setmode()</a>. In particular, MODE_STAT must be used as the <em>mode</em> argument of this function.</p>
<p>With statistical mode, making an application that monitors the TCP traffic load is a matter of few lines of code. The following sample shows how to do it.</p>
<div class="fragment"><pre class="fragment"><span class="comment">/*</span>
<span class="comment"> * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy)</span>
<span class="comment"> * Copyright (c) 2005 - 2006 CACE Technologies, Davis (California)</span>
<span class="comment"> * All rights reserved.</span>
<span class="comment"> *</span>
<span class="comment"> * Redistribution and use in source and binary forms, with or without</span>
<span class="comment"> * modification, are permitted provided that the following conditions</span>
<span class="comment"> * are met:</span>
<span class="comment"> *</span>
<span class="comment"> * 1. Redistributions of source code must retain the above copyright</span>
<span class="comment"> * notice, this list of conditions and the following disclaimer.</span>
<span class="comment"> * 2. Redistributions in binary form must reproduce the above copyright</span>
<span class="comment"> * notice, this list of conditions and the following disclaimer in the</span>
<span class="comment"> * documentation and/or other materials provided with the distribution.</span>
<span class="comment"> * 3. Neither the name of the Politecnico di Torino, CACE Technologies </span>
<span class="comment"> * nor the names of its contributors may be used to endorse or promote </span>
<span class="comment"> * products derived from this software without specific prior written </span>
<span class="comment"> * permission.</span>
<span class="comment"> *</span>
<span class="comment"> * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS</span>
<span class="comment"> * &quot;AS IS&quot; AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT</span>
<span class="comment"> * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR</span>
<span class="comment"> * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT</span>
<span class="comment"> * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,</span>
<span class="comment"> * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT</span>
<span class="comment"> * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,</span>
<span class="comment"> * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY</span>
<span class="comment"> * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT</span>
<span class="comment"> * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE</span>
<span class="comment"> * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.</span>
<span class="comment"> *</span>
<span class="comment"> */</span>
<span class="preprocessor">#include &lt;stdlib.h&gt;</span>
<span class="preprocessor">#include &lt;stdio.h&gt;</span>
<span class="preprocessor">#include &lt;pcap.h&gt;</span>
<span class="keywordtype">void</span> usage();
<span class="keywordtype">void</span> dispatcher_handler(u_char *, <span class="keyword">const</span> <span class="keyword">struct</span> <a class="code" href="structpcap__pkthdr.html" title="Header of a packet in the dump file.">pcap_pkthdr</a> *, <span class="keyword">const</span> u_char *);
<span class="keywordtype">void</span> main(<span class="keywordtype">int</span> argc, <span class="keywordtype">char</span> **argv)
{
<a class="code" href="group__wpcap__def.html#ga4711d025f83503ce692efa5e45ec60a7" title="Descriptor of an open capture instance. This structure is opaque to the user, that...">pcap_t</a> *fp;
<span class="keywordtype">char</span> errbuf[<a class="code" href="group__wpcap__def.html#gacd448353957d92c98fccc29e1fc8d927" title="Size to use when allocating the buffer that contains the libpcap errors.">PCAP_ERRBUF_SIZE</a>];
<span class="keyword">struct </span>timeval st_ts;
u_int netmask;
<span class="keyword">struct </span>bpf_program fcode;
<span class="comment">/* Check the validity of the command line */</span>
<span class="keywordflow">if</span> (argc != 2)
{
usage();
<span class="keywordflow">return</span>;
}
<span class="comment">/* Open the output adapter */</span>
<span class="keywordflow">if</span> ( (fp= <a class="code" href="group__wpcapfunc.html#ga2b64c7b6490090d1d37088794f1f1791" title="Open a generic source in order to capture / send (WinPcap only) traffic.">pcap_open</a>(argv[1], 100, <a class="code" href="group__remote__open__flags.html#ga9134ce51a9a6a7d497c3dee5affdc3b9" title="Defines if the adapter has to go in promiscuous mode.">PCAP_OPENFLAG_PROMISCUOUS</a>, 1000, NULL, errbuf) ) == NULL)
{
fprintf(stderr,<span class="stringliteral">&quot;\nUnable to open adapter %s.\n&quot;</span>, errbuf);
<span class="keywordflow">return</span>;
}
<span class="comment">/* Don&apos;t care about netmask, it won&apos;t be used for this filter */</span>
netmask=0xffffff;
<span class="comment">//compile the filter</span>
<span class="keywordflow">if</span> (<a class="code" href="group__wpcapfunc.html#ga363bdc6f6b39b4979ddcf15ecb830c5c" title="Compile a packet filter, converting an high level filtering expression (see Filtering...">pcap_compile</a>(fp, &amp;fcode, <span class="stringliteral">&quot;tcp&quot;</span>, 1, netmask) &lt;0 )
{
fprintf(stderr,<span class="stringliteral">&quot;\nUnable to compile the packet filter. Check the syntax.\n&quot;</span>);
<span class="comment">/* Free the device list */</span>
<span class="keywordflow">return</span>;
}
<span class="comment">//set the filter</span>
<span class="keywordflow">if</span> (<a class="code" href="group__wpcapfunc.html#gaf5f9cfe85dad0967ff607e5159b1ba61" title="Associate a filter to a capture.">pcap_setfilter</a>(fp, &amp;fcode)&lt;0)
{
fprintf(stderr,<span class="stringliteral">&quot;\nError setting the filter.\n&quot;</span>);
<a class="code" href="group__wpcapfunc.html#gaa45a5e1a4ba9925bb3586dcbeec78560" title="close the files associated with p and deallocates resources.">pcap_close</a>(fp);
<span class="comment">/* Free the device list */</span>
<span class="keywordflow">return</span>;
}
<span class="comment">/* Put the interface in statstics mode */</span>
<span class="keywordflow">if</span> (<a class="code" href="group__wpcapfunc.html#gaef07ef49d3c75644f3fd34518e2fe720" title="Set the working mode of the interface p to mode.">pcap_setmode</a>(fp, <a class="code" href="group__NPF__include.html#ga503326906a62e96c147ae6af31fb5659" title="Statistical working mode.">MODE_STAT</a>)&lt;0)
{
fprintf(stderr,<span class="stringliteral">&quot;\nError setting the mode.\n&quot;</span>);
<a class="code" href="group__wpcapfunc.html#gaa45a5e1a4ba9925bb3586dcbeec78560" title="close the files associated with p and deallocates resources.">pcap_close</a>(fp);
<span class="comment">/* Free the device list */</span>
<span class="keywordflow">return</span>;
}
printf(<span class="stringliteral">&quot;TCP traffic summary:\n&quot;</span>);
<span class="comment">/* Start the main loop */</span>
<a class="code" href="group__wpcapfunc.html#ga6bcb7c5c59d76ec16b8a699da136b5de" title="Collect a group of packets.">pcap_loop</a>(fp, 0, dispatcher_handler, (PUCHAR)&amp;st_ts);
<a class="code" href="group__wpcapfunc.html#gaa45a5e1a4ba9925bb3586dcbeec78560" title="close the files associated with p and deallocates resources.">pcap_close</a>(fp);
<span class="keywordflow">return</span>;
}
<span class="keywordtype">void</span> dispatcher_handler(u_char *state, <span class="keyword">const</span> <span class="keyword">struct</span> <a class="code" href="structpcap__pkthdr.html" title="Header of a packet in the dump file.">pcap_pkthdr</a> *header, <span class="keyword">const</span> u_char *pkt_data)
{
<span class="keyword">struct </span>timeval *old_ts = (<span class="keyword">struct </span>timeval *)state;
u_int delay;
LARGE_INTEGER Bps,Pps;
<span class="keyword">struct </span>tm ltime;
<span class="keywordtype">char</span> timestr[16];
time_t local_tv_sec;
<span class="comment">/* Calculate the delay in microseconds from the last sample. */</span>
<span class="comment">/* This value is obtained from the timestamp that the associated with the sample. */</span>
delay=(header-&gt;<a class="code" href="structpcap__pkthdr.html#a21be78b2818c91cb205885b8a6f5aed8" title="time stamp">ts</a>.tv_sec - old_ts-&gt;tv_sec) * 1000000 - old_ts-&gt;tv_usec + header-&gt;<a class="code" href="structpcap__pkthdr.html#a21be78b2818c91cb205885b8a6f5aed8" title="time stamp">ts</a>.tv_usec;
<span class="comment">/* Get the number of Bits per second */</span>
Bps.QuadPart=(((*(LONGLONG*)(pkt_data + 8)) * 8 * 1000000) / (delay));
<span class="comment">/* ^ ^</span>
<span class="comment"> | |</span>
<span class="comment"> | | </span>
<span class="comment"> | |</span>
<span class="comment"> converts bytes in bits -- |</span>
<span class="comment"> |</span>
<span class="comment"> delay is expressed in microseconds --</span>
<span class="comment"> */</span>
<span class="comment">/* Get the number of Packets per second */</span>
Pps.QuadPart=(((*(LONGLONG*)(pkt_data)) * 1000000) / (delay));
<span class="comment">/* Convert the timestamp to readable format */</span>
local_tv_sec = header-&gt;<a class="code" href="structpcap__pkthdr.html#a21be78b2818c91cb205885b8a6f5aed8" title="time stamp">ts</a>.tv_sec;
localtime_s(&amp;ltime, &amp;local_tv_sec);
strftime( timestr, <span class="keyword">sizeof</span> timestr, <span class="stringliteral">&quot;%H:%M:%S&quot;</span>, &amp;ltime);
<span class="comment">/* Print timestamp*/</span>
printf(<span class="stringliteral">&quot;%s &quot;</span>, timestr);
<span class="comment">/* Print the samples */</span>
printf(<span class="stringliteral">&quot;BPS=%I64u &quot;</span>, Bps.QuadPart);
printf(<span class="stringliteral">&quot;PPS=%I64u\n&quot;</span>, Pps.QuadPart);
<span class="comment">//store current timestamp</span>
old_ts-&gt;tv_sec=header-&gt;<a class="code" href="structpcap__pkthdr.html#a21be78b2818c91cb205885b8a6f5aed8" title="time stamp">ts</a>.tv_sec;
old_ts-&gt;tv_usec=header-&gt;<a class="code" href="structpcap__pkthdr.html#a21be78b2818c91cb205885b8a6f5aed8" title="time stamp">ts</a>.tv_usec;
}
<span class="keywordtype">void</span> usage()
{
printf(<span class="stringliteral">&quot;\nShows the TCP traffic load, in bits per second and packets per second.\nCopyright (C) 2002 Loris Degioanni.\n&quot;</span>);
printf(<span class="stringliteral">&quot;\nUsage:\n&quot;</span>);
printf(<span class="stringliteral">&quot;\t tcptop adapter\n&quot;</span>);
printf(<span class="stringliteral">&quot;\t You can use \&quot;WinDump -D\&quot; if you don&apos;t know the name of your adapters.\n&quot;</span>);
exit(0);
}
</pre></div><p>Before enabling statistical mode, the user has the option to set a filter that defines the subset of network traffic that will be monitored. See the paragraph on the <a class="el" href="group__language.html">Filtering expression syntax</a> for details. If no filter has been set, all of the traffic will be monitored.</p>
<p>Once</p>
<ul>
<li>the filter is set</li>
<li><a class="el" href="group__wpcapfunc.html#gaef07ef49d3c75644f3fd34518e2fe720" title="Set the working mode of the interface p to mode.">pcap_setmode()</a> is called</li>
<li>callback invocation is enabled with <a class="el" href="group__wpcapfunc.html#ga6bcb7c5c59d76ec16b8a699da136b5de" title="Collect a group of packets.">pcap_loop()</a></li>
</ul>
<p>the interface descriptor starts to work in statistical mode. Notice the fourth parameter (<em>to_ms</em>) of <a class="el" href="group__wpcapfunc.html#ga2b64c7b6490090d1d37088794f1f1791" title="Open a generic source in order to capture / send (WinPcap only) traffic.">pcap_open()</a>: it defines the interval among the statistical samples. The callback function receives the samples calculated by the driver every <em>to_ms</em> milliseconds. These samples are encapsulated in the second and third parameters of the callback function, as shown in the following figure:</p>
<div align="center">
<img src="stats_wpcap.gif" alt="stats_wpcap.gif"/>
</div>
<p>Two 64-bit counters are provided: the number of packets and the amount of bytes received during the last interval.</p>
<p>In the example, the adapter is opened with a timeout of 1000 ms. This means that dispatcher_handler() is called once per second. At this point a filter that keeps only tcp packets is compiled and set. Then <a class="el" href="group__wpcapfunc.html#gaef07ef49d3c75644f3fd34518e2fe720" title="Set the working mode of the interface p to mode.">pcap_setmode()</a> and <a class="el" href="group__wpcapfunc.html#ga6bcb7c5c59d76ec16b8a699da136b5de" title="Collect a group of packets.">pcap_loop()</a> are called. Note that a struct timeval pointer is passed to <a class="el" href="group__wpcapfunc.html#ga6bcb7c5c59d76ec16b8a699da136b5de" title="Collect a group of packets.">pcap_loop()</a> as the <em>user</em> parameter. This structure will be used to store a timestamp in order to calculate the interval between two samples. dispatcher_handler()uses this interval to obtain the bits per second and the packets per second and then prints these values on the screen.</p>
<p>Note finally that this example is by far more efficient than a program that captures the packets in the traditional way and calculates statistics at user-level. Statistical mode requires the minumum amount of data copies and context switches and therefore the CPU is optimized. Moreover, a very small amount of memory is required.</p>
<p><a class="el" href="group__wpcap__tut8.html">&lt;&lt;&lt; Previous</a> </p>
</div>
<hr>
<p align="right"><img border="0" src="winpcap_small.gif" align="absbottom" width="91" height="27">
documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2009
CACE Technologies. All rights reserved.</p>
Reference in New Issue View Git Blame Copy Permalink