'Re: New Feature? [PATCH]'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: New Feature? [PATCH]
From:       devet () devet ! org (Arjan de Vet)
Date:       2001-10-29 12:03:15
[Download RAW message or body]

In article <3BDD39AE.2070704@ipom.com> you write:

>I'm sitting here looking at StateTop, and I thought, it would be really helpful 
>if statetop could be sorted by SourceIP. Come to think of it even DestinationIP 
>would be helpful from time to time, but I think that SourceIP could come in 
>handy more often.

Good idea, try the patch below :). It also fixes an old bug of not
displaying half-closed connections in the default statetop display.

Arjan

-- 
Arjan de Vet, Eindhoven, The Netherlands               <devet@devet.org>
URL: http://www.iae.nl/users/devet/             <Arjan.deVet@adv.iae.nl>

Index: fils.c
===================================================================
RCS file: /home/freebsd/CVS/src/contrib/ipfilter/fils.c,v
retrieving revision 1.1.1.8.2.3
diff -u -r1.1.1.8.2.3 fils.c
--- fils.c	2001/07/28 13:34:15	1.1.1.8.2.3
+++ fils.c	2001/10/29 11:58:30
@@ -102,7 +102,9 @@
 #define	STSORT_PKTS	1
 #define	STSORT_BYTES	2
 #define	STSORT_TTL	3
-#define	STSORT_MAX	STSORT_TTL
+#define	STSORT_SRCIP	4
+#define	STSORT_DSTIP	5
+#define	STSORT_MAX	STSORT_DSTIP
 #define	STSORT_DEFAULT	STSORT_BYTES
 
 
@@ -138,6 +140,8 @@
 static	int	sort_pkts __P((const void *, const void *));
 static	int	sort_bytes __P((const void *, const void *));
 static	int	sort_ttl __P((const void *, const void *));
+static	int	sort_srcip __P((const void *, const void *));
+static	int	sort_dstip __P((const void *, const void *));
 #endif
 #if SOLARIS
 void showqiflist __P((char *));
@@ -841,8 +845,8 @@
 			      ((dport < 0) ||
 			       (htons(dport) == ips.is_dport)))) &&
 			     (topclosed || (ips.is_p != IPPROTO_TCP) ||
-			     (ips.is_state[0] < TCPS_CLOSE_WAIT) ||
-			     (ips.is_state[1] < TCPS_CLOSE_WAIT))) { 
+			     (ips.is_state[0] < TCPS_LAST_ACK) ||
+			     (ips.is_state[1] < TCPS_LAST_ACK))) { 
 				/*
 				 * if necessary make room for this state
 				 * entry
@@ -899,6 +903,14 @@
 				qsort(tstable, tsentry + 1,
 				      sizeof(statetop_t), sort_ttl);
 				break;
+			case STSORT_SRCIP:
+				qsort(tstable, tsentry + 1,
+				      sizeof(statetop_t), sort_srcip);
+				break;
+			case STSORT_DSTIP:
+				qsort(tstable, tsentry + 1,
+				      sizeof(statetop_t), sort_dstip);
+				break;
 			default:
 				break;
 			}
@@ -957,6 +969,12 @@
 		case STSORT_TTL:
 			sprintf(str4, "ttl");
 			break;
+		case STSORT_SRCIP:
+			sprintf(str4, "srcip");
+			break;
+		case STSORT_DSTIP:
+			sprintf(str4, "dstip");
+			break;
 		default:
 			sprintf(str4, "unknown");
 			break;
@@ -1367,6 +1385,34 @@
 	if (ap->st_age == bp->st_age)
 		return 0;
 	else if (ap->st_age < bp->st_age)
+		return 1;
+	return -1;
+}
+
+static int sort_srcip(a, b)
+const void *a;
+const void *b;
+{
+	register const statetop_t *ap = a;
+	register const statetop_t *bp = b;
+
+	if (ntohl(ap->st_src.in4.s_addr) == ntohl(bp->st_src.in4.s_addr))
+		return 0;
+	else if (ntohl(ap->st_src.in4.s_addr) > ntohl(bp->st_src.in4.s_addr))
+		return 1;
+	return -1;
+}
+
+static int sort_dstip(a, b)
+const void *a;
+const void *b;
+{
+	register const statetop_t *ap = a;
+	register const statetop_t *bp = b;
+
+	if (ntohl(ap->st_dst.in4.s_addr) == ntohl(bp->st_dst.in4.s_addr))
+		return 0;
+	else if (ntohl(ap->st_dst.in4.s_addr) > ntohl(bp->st_dst.in4.s_addr))
 		return 1;
 	return -1;
 }

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic