4 * libtcp-portmon.c: tcp port monitoring library.
6 * Copyright (C) 2005 Philip Kovacs pkovacs@users.sourceforge.net
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2.1 of the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
25 #include <glib/gprintf.h>
26 #include "libtcp-portmon.h"
28 /* -------------------------------------------------------------------
29 * IMPLEMENTATION INTERFACE
31 * Implementation-specific interface begins here. Clients should not
32 * manipulate these structures directly, nor call the defined helper
33 * functions. Use the "Client interface" functions defined at bottom.
34 * ------------------------------------------------------------------- */
36 /* ----------------------------------
37 * Copy a tcp_connection_t
39 * Returns 0 on success, -1 otherwise.
40 * ----------------------------------*/
41 int copy_tcp_connection(
42 tcp_connection_t * p_dest_connection,
43 const tcp_connection_t * p_source_connection
46 if ( !p_dest_connection || !p_source_connection )
49 g_strlcpy (p_dest_connection->key, p_source_connection->key, sizeof(p_dest_connection->key));
50 p_dest_connection->local_addr = p_source_connection->local_addr;
51 p_dest_connection->local_port = p_source_connection->local_port;
52 p_dest_connection->remote_addr = p_source_connection->remote_addr;
53 p_dest_connection->remote_port = p_source_connection->remote_port;
54 p_dest_connection->age = p_source_connection->age;
59 /* ---------------------------------------------------------------------------
60 * Port monitor utility functions implementing tcp_port_monitor_function_ptr_t
61 * ---------------------------------------------------------------------------*/
62 void destroy_tcp_port_monitor(
63 tcp_port_monitor_t * p_monitor,
67 tcp_connection_node_t *p_node, *p_temp;
69 if ( !p_monitor || p_void ) /* p_void should be NULL in this context */
72 /* destroy the monitor's peek array */
73 free( p_monitor->p_peek );
75 /* destroy the monitor's connection list */
76 for ( p_node=p_monitor->connection_list.p_head; p_node!=NULL; )
78 /* p_temp is for the next iteration */
79 p_temp = p_node->p_next;
86 /* destroy the monitor's hash */
87 g_hash_table_destroy (p_monitor->hash);
90 /* destroy the monitor */
95 void age_tcp_port_monitor(
96 tcp_port_monitor_t * p_monitor,
100 /* Run through the monitor's connections and decrement the age variable.
101 * If the age goes negative, we remove the connection from the monitor.
102 * Function takes O(n) time on the number of connections. */
104 tcp_connection_node_t *p_node, *p_temp;
105 tcp_connection_t *p_conn;
107 if ( !p_monitor || p_void ) /* p_void should be NULL in this context */
110 if ( !p_monitor->p_peek )
113 for ( p_node = p_monitor->connection_list.p_head; p_node; )
115 if ( --p_node->connection.age >= 0 ) {
116 p_node = p_node->p_next;
120 /* connection on p_node is old. remove connection from the hash. */
121 p_conn = &p_node->connection;
123 fprintf (stderr, "monitor hash removal of connection [%s]", p_conn->key);
124 if ( !g_hash_table_remove (p_monitor->hash, (gconstpointer)p_conn->key) ) {
125 fprintf (stderr, " - ERROR NOT FOUND\n");
128 fprintf (stderr, " - OK\n");
130 if ( !g_hash_table_remove (p_monitor->hash, (gconstpointer)p_conn->key) )
134 /* splice p_node out of the connection_list */
135 if ( p_node->p_prev != NULL )
136 p_node->p_prev->p_next = p_node->p_next;
137 if ( p_node->p_next != NULL )
138 p_node->p_next->p_prev = p_node->p_prev;
140 /* correct the list head and tail if necessary */
141 if ( p_monitor->connection_list.p_head == p_node )
142 p_monitor->connection_list.p_head = p_node->p_next;
143 if ( p_monitor->connection_list.p_tail == p_node )
144 p_monitor->connection_list.p_tail = p_node->p_prev;
146 /* p_temp is for the next iteration */
147 p_temp = p_node->p_next;
149 /* destroy the node */
156 void rebuild_tcp_port_monitor_peek_table(
157 tcp_port_monitor_t * p_monitor,
161 /* Run through the monitor's connections and rebuild the peek table
162 * of connection pointers. This is done so peeking into the monitor
163 * can be done in O(1) time instead of O(n) time for each peek. */
165 tcp_connection_node_t *p_node;
168 if ( !p_monitor || p_void ) /* p_void should be NULL in this context */
171 /* zero out the peek array */
172 memset( p_monitor->p_peek, 0, p_monitor->max_port_monitor_connections * sizeof(tcp_connection_t *) );
174 for ( p_node=p_monitor->connection_list.p_head; p_node!=NULL; p_node=p_node->p_next, i++ )
176 p_monitor->p_peek[i] = &p_node->connection;
181 void show_connection_to_tcp_port_monitor(
182 tcp_port_monitor_t * p_monitor,
186 /* The monitor gets to look at each connection to see if it falls within
187 * the monitor's port range of interest. Connections of interest are first
188 * looked up in the hash to see if they are already there. If they are, we
189 * reset the age of the connection so it is not deleted. If the connection
190 * is not in the hash, we add it, but only if we haven't exceeded the maximum
191 * connection limit for the monitor. The function takes O(1) time. */
193 tcp_connection_node_t *p_node;
194 tcp_connection_t *p_connection, *p_conn_hash;
196 if ( !p_monitor || !p_void )
199 /* This p_connection is on caller's stack and not the heap. If we are interested,
200 * we will create a copy of the connection (on the heap) and add it to our list. */
201 p_connection = (tcp_connection_t *)p_void;
203 /* inspect the local port number of the connection to see if we're interested. */
204 if ( (p_monitor->port_range_begin <= p_connection->local_port) &&
205 (p_connection->local_port <= p_monitor->port_range_end) )
207 /* the connection is in the range of the monitor. */
209 /* first check the hash to see if the connection is already there. */
210 if ( (p_conn_hash = g_hash_table_lookup (p_monitor->hash, (gconstpointer)p_connection->key)) )
212 /* it's already in the hash. reset the age of the connection. */
213 p_conn_hash->age = TCP_CONNECTION_STARTING_AGE;
218 /* Connection is not yet in the hash. Add it if max_connections not exceeded. */
219 if (g_hash_table_size (p_monitor->hash) >= p_monitor->max_port_monitor_connections)
222 /* create a new connection node */
223 if ( (p_node = (tcp_connection_node_t *) calloc(1, sizeof(tcp_connection_node_t))) == NULL )
226 /* copy the connection data */
227 if ( copy_tcp_connection( &p_node->connection, p_connection ) != 0 )
229 /* error copying the connection data. deallocate p_node to avoid leaks and return. */
234 p_node->connection.age = TCP_CONNECTION_STARTING_AGE;
235 p_node->p_next = NULL;
237 /* insert it into the monitor's hash table */
239 fprintf (stderr, "monitor hash insert of connection [%s]\n", p_node->connection.key);
241 g_hash_table_insert( p_monitor->hash,
242 (gpointer)p_node->connection.key,
243 (gpointer)&p_node->connection);
245 /* append the node to the monitor's connection list */
246 if ( p_monitor->connection_list.p_tail == NULL ) /* assume p_head is NULL too */
248 p_monitor->connection_list.p_head = p_node;
249 p_monitor->connection_list.p_tail = p_node;
250 p_node->p_prev = NULL;
254 p_monitor->connection_list.p_tail->p_next = p_node;
255 p_node->p_prev = p_monitor->connection_list.p_tail;
256 p_monitor->connection_list.p_tail = p_node;
261 /* ---------------------------------------------------------------------------------------
262 * Apply a tcp_port_monitor_function_ptr_t function to each port monitor in the collection.
263 * ---------------------------------------------------------------------------------------*/
264 void for_each_tcp_port_monitor_in_collection(
265 tcp_port_monitor_collection_t * p_collection,
266 tcp_port_monitor_function_ptr_t p_function,
267 void * p_function_args
270 tcp_port_monitor_node_t * p_current_node, * p_next_node;
272 if ( !p_collection || !p_function )
275 /* for each monitor in the collection */
276 for ( p_current_node = p_collection->monitor_list.p_head; p_current_node != NULL; )
278 p_next_node = p_current_node->p_next; /* do this first! */
280 if ( p_current_node->p_monitor )
282 /* apply the function with the given arguments */
283 (*p_function)( p_current_node->p_monitor, p_function_args );
286 p_current_node = p_next_node;
291 /* ----------------------------------------------------------------------
294 * Clients should call only those functions below this line.
295 * ---------------------------------------------------------------------- */
297 /* ----------------------------------
298 * Client operations on port monitors
299 * ---------------------------------- */
301 /* Clients should first try to "find_tcp_port_monitor" before creating one
302 so that there are no redundant monitors. */
303 tcp_port_monitor_t * create_tcp_port_monitor(
304 in_port_t port_range_begin,
305 in_port_t port_range_end,
306 tcp_port_monitor_args_t * p_creation_args
309 tcp_port_monitor_t * p_monitor;
311 /* create the monitor */
312 p_monitor = (tcp_port_monitor_t *) calloc(1, sizeof(tcp_port_monitor_t) );
316 p_monitor->max_port_monitor_connections = p_creation_args->max_port_monitor_connections;
318 /* build the monitor key for the collection hash */
319 g_sprintf (p_monitor->key, ":%04X :%04X", port_range_begin, port_range_end);
321 /* create the monitor's connection hash */
322 if ( (p_monitor->hash = g_hash_table_new (g_str_hash, g_str_equal)) == NULL)
324 /* we failed to create the hash, so destroy the monitor completely so we don't leak */
325 destroy_tcp_port_monitor(p_monitor,NULL);
329 /* create the monitor's peek array */
330 if ( (p_monitor->p_peek = (tcp_connection_t **) calloc (p_monitor->max_port_monitor_connections,
331 sizeof(tcp_connection_t *))) == NULL )
333 /* we failed to create the peek array, so destroy the monitor completely, again, so we don't leak */
334 destroy_tcp_port_monitor(p_monitor,NULL);
338 p_monitor->port_range_begin = port_range_begin;
339 p_monitor->port_range_end = port_range_end;
341 p_monitor->connection_list.p_head = NULL;
342 p_monitor->connection_list.p_tail = NULL;
347 /* Clients use this function to get connection data from the indicated port monitor.
348 The requested monitor value is copied into a client-supplied char buffer.
349 Returns 0 on success, -1 otherwise. */
350 int peek_tcp_port_monitor(
351 const tcp_port_monitor_t * p_monitor,
353 int connection_index,
358 struct hostent *p_hostent;
359 struct servent *p_servent;
362 if ( !p_monitor || !p_buffer || connection_index < 0 )
365 memset(p_buffer, 0, buffer_size);
366 memset(&net, 0, sizeof(net));
368 /* if the connection index is out of range, we simply return with no error
369 * having first cleared the client-supplied buffer. */
370 if ( (item!=COUNT) && (connection_index > (int)g_hash_table_size (p_monitor->hash) - 1) )
377 snprintf( p_buffer, buffer_size, "%d" , g_hash_table_size (p_monitor->hash) );
382 net.s_addr = p_monitor->p_peek[ connection_index ]->remote_addr;
383 snprintf( p_buffer, buffer_size, "%s", inet_ntoa( net ) );
388 p_hostent = gethostbyaddr( (const void *)&p_monitor->p_peek[ connection_index ]->remote_addr,
389 sizeof(in_addr_t), AF_INET);
390 /* if no host name found, just use ip address. */
391 if ( !p_hostent || !p_hostent->h_name )
393 net.s_addr = p_monitor->p_peek[ connection_index ]->remote_addr;
394 snprintf( p_buffer, buffer_size, "%s", inet_ntoa( net ) );
397 snprintf( p_buffer, buffer_size, "%s", p_hostent->h_name );
402 snprintf( p_buffer, buffer_size, "%d", p_monitor->p_peek[ connection_index ]->remote_port );
407 p_servent = getservbyport( htons(p_monitor->p_peek[ connection_index ]->remote_port ), "tcp" );
408 /* if no service name found for the port, just use the port number. */
409 if ( !p_servent || !p_servent->s_name ) {
410 snprintf( p_buffer, buffer_size, "%d", p_monitor->p_peek[ connection_index ]->remote_port );
412 snprintf( p_buffer, buffer_size, "%s", p_servent->s_name );
418 net.s_addr = p_monitor->p_peek[ connection_index ]->local_addr;
419 snprintf( p_buffer, buffer_size, "%s", inet_ntoa( net ) );
424 p_hostent = gethostbyaddr( (const void *)&p_monitor->p_peek[ connection_index ]->local_addr,
425 sizeof(in_addr_t), AF_INET);
426 /* if no host name found, just use ip address. */
427 if ( !p_hostent || !p_hostent->h_name )
429 net.s_addr = p_monitor->p_peek[ connection_index ]->local_addr;
430 snprintf( p_buffer, buffer_size, "%s", inet_ntoa( net ) );
433 snprintf( p_buffer, buffer_size, "%s", p_hostent->h_name );
438 snprintf( p_buffer, buffer_size, "%d", p_monitor->p_peek[ connection_index ]->local_port );
443 p_servent = getservbyport( htons(p_monitor->p_peek[ connection_index ]->local_port ), "tcp" );
444 /* if no service name found for the port, just use the port number. */
445 if ( !p_servent || !p_servent->s_name )
447 snprintf( p_buffer, buffer_size, "%d", p_monitor->p_peek[ connection_index ]->local_port );
450 snprintf( p_buffer, buffer_size, "%s", p_servent->s_name );
460 /* --------------------------------
461 * Client operations on collections
462 * -------------------------------- */
464 /* Create a monitor collection. Do this one first. */
465 tcp_port_monitor_collection_t * create_tcp_port_monitor_collection (void)
467 tcp_port_monitor_collection_t * p_collection;
469 p_collection = (tcp_port_monitor_collection_t *) calloc( 1, sizeof( tcp_port_monitor_collection_t ) );
473 /* create the collection's monitor hash */
474 if ( (p_collection->hash = g_hash_table_new (g_str_hash, g_str_equal)) == NULL)
476 /* we failed to create the hash, so destroy the monitor completely so we don't leak */
477 destroy_tcp_port_monitor_collection(p_collection);
481 p_collection->monitor_list.p_head = NULL;
482 p_collection->monitor_list.p_tail = NULL;
487 /* Destroy the monitor collection (and the monitors inside). Do this one last. */
488 void destroy_tcp_port_monitor_collection(
489 tcp_port_monitor_collection_t * p_collection
492 tcp_port_monitor_node_t * p_current_node, * p_next_node;
497 /* destroy the monitors */
498 for_each_tcp_port_monitor_in_collection(
500 &destroy_tcp_port_monitor,
504 /* next destroy the empty monitor nodes */
505 for ( p_current_node = p_collection->monitor_list.p_head; p_current_node != NULL; )
507 p_next_node = p_current_node->p_next; /* do this first! */
509 free( p_current_node );
510 p_current_node = p_next_node;
513 /* destroy the collection's hash */
514 g_hash_table_destroy (p_collection->hash);
515 p_collection->hash = NULL;
517 free( p_collection );
521 /* Updates the tcp statistics for all monitors within a collection */
522 void update_tcp_port_monitor_collection(
523 tcp_port_monitor_collection_t * p_collection
528 tcp_connection_t conn;
529 unsigned long inode,uid,state;
534 /* age the connections in all port monitors. */
535 for_each_tcp_port_monitor_in_collection(
537 &age_tcp_port_monitor,
541 /* read tcp data from /proc/net/tcp */
542 if ( ( fp = fopen("/proc/net/tcp", "r" ) ) == NULL )
545 /* ignore field name line */
548 /* read all tcp connections */
549 while (fgets (buf, sizeof (buf), fp) != NULL) {
551 if ( sscanf (buf, "%*d: %x:%hx %x:%hx %lx %*x:%*x %*x:%*x %*x %lu %*d %lu",
552 (unsigned int *)&conn.local_addr, &conn.local_port,
553 (unsigned int *)&conn.remote_addr, &conn.remote_port,
554 (unsigned long *)&state, (unsigned long *)&uid, (unsigned long *)&inode) != 7 )
556 fprintf( stderr, "/proc/net/tcp: bad file format\n" );
558 if ((inode == 0) || (state != TCP_ESTABLISHED)) continue;
561 g_sprintf (conn.key, "%08X:%04X %08X:%04X",
562 conn.local_addr, conn.local_port,
563 conn.remote_addr, conn.remote_port);
565 /* show the connection to each port monitor. */
566 for_each_tcp_port_monitor_in_collection(
568 &show_connection_to_tcp_port_monitor,
575 /* rebuild the connection peek tables of all monitors so clients can peek in O(1) time */
576 for_each_tcp_port_monitor_in_collection(
578 &rebuild_tcp_port_monitor_peek_table,
583 /* After clients create a monitor, use this to add it to the collection.
584 Returns 0 on success, -1 otherwise. */
585 int insert_tcp_port_monitor_into_collection(
586 tcp_port_monitor_collection_t * p_collection,
587 tcp_port_monitor_t * p_monitor
590 tcp_port_monitor_node_t * p_node;
592 if ( !p_collection || !p_monitor )
595 /* create a container node for this monitor */
596 p_node = (tcp_port_monitor_node_t *) calloc( 1, sizeof(tcp_port_monitor_node_t) );
600 /* populate the node */
601 p_node->p_monitor = p_monitor;
602 p_node->p_next = NULL;
604 /* add a pointer to this monitor to the collection's hash */
606 fprintf (stderr, "collection hash insert of monitor [%s]\n", p_monitor->key);
608 g_hash_table_insert (p_collection->hash, (gpointer)p_monitor->key, (gpointer)p_monitor);
610 /* tail of the container gets this node */
611 if ( !p_collection->monitor_list.p_tail )
612 p_collection->monitor_list.p_tail = p_node;
615 /* p_next of the tail better be NULL */
616 if ( p_collection->monitor_list.p_tail->p_next != NULL )
619 /* splice node onto tail */
620 p_collection->monitor_list.p_tail->p_next = p_node;
621 p_collection->monitor_list.p_tail = p_node;
624 /* if this was the first element added */
625 if ( !p_collection->monitor_list.p_head )
626 p_collection->monitor_list.p_head = p_collection->monitor_list.p_tail;
631 /* Clients need a way to find monitors */
632 tcp_port_monitor_t * find_tcp_port_monitor(
633 const tcp_port_monitor_collection_t * p_collection,
634 in_port_t port_range_begin,
635 in_port_t port_range_end
638 tcp_port_monitor_t *p_monitor;
644 /* is monitor in hash? */
645 g_sprintf (key, ":%04X :%04X", port_range_begin, port_range_end);
646 p_monitor = g_hash_table_lookup( p_collection->hash, (gconstpointer)key);