tcpflow  1.6.1
About: tcpflow is a TCP/IP packet demultiplexer that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging.
  Fossies Dox: tcpflow-1.6.1.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

scan_netviz.cpp
Go to the documentation of this file.
1 /**
2  * scan_netviz:
3  *
4  * Our first try at a pcap visualization engine.
5  * Requires LIBCAIRO
6  */
7 
8 #include "config.h"
9 #include <iostream>
10 #include <sys/types.h>
11 
12 #include "bulk_extractor_i.h"
13 
14 #ifdef HAVE_LIBCAIRO
15 #include "netviz/one_page_report.h"
16 
17 /* These control the size of the iptable histogram
18  * and whether or not it is dumped. The histogram should be kept
19  * either small enough that it is not expensive to maintain, or large
20  * enough so that it never needs to be pruned.
21  */
22 
23 #define HISTOGRAM_SIZE "netviz_histogram_size"
24 #define HISTOGRAM_DUMP "netviz_histogram_dump"
25 #define DEFAULT_MAX_HISTOGRAM_SIZE 1000
26 
27 static one_page_report *report=0;
28 static void netviz_process_packet(void *user,const be13::packet_info &pi)
29 {
30  report->ingest_packet(pi);
31 }
32 
33 #endif
34 
35 #ifdef HAVE_LIBCAIRO
36 static int histogram_dump = 0;
37 #endif
38 
39 extern "C"
40 void scan_netviz(const class scanner_params &sp,const recursion_control_block &rcb)
41 {
43  std::cout << "scan_timehistogram requires sp version "
45  << "got version " << sp.sp_version << "\n";
46  exit(1);
47  }
48 
50  sp.info->name = "netviz";
51  sp.info->flags = scanner_info::SCANNER_DISABLED; // disabled by default
52  sp.info->author= "Mike Shick";
53  sp.info->packet_user = 0;
54 #ifdef HAVE_LIBCAIRO
55  sp.info->description = "Performs 1-page visualization of network packets";
56  sp.info->packet_cb = netviz_process_packet;
57  sp.info->get_config(HISTOGRAM_DUMP,&histogram_dump,"Dumps the histogram");
58  int max_histogram_size = DEFAULT_MAX_HISTOGRAM_SIZE;
59  sp.info->get_config(HISTOGRAM_SIZE,&max_histogram_size,"Maximum histogram size");
60  report = new one_page_report(max_histogram_size);
61 #else
62  sp.info->description = "Disabled (compiled without libcairo";
63 #endif
64  }
65 #ifdef HAVE_LIBCAIRO
66 
68  assert(report!=0);
69  if(histogram_dump){
70  report->src_tree.dump_stats(std::cout);
71  report->dump(histogram_dump);
72  }
73  report->source_identifier = sp.fs.get_input_fname();
74  report->render(sp.fs.get_outdir());
75  delete report;
76  report = 0;
77  }
78 #endif
79 }
80 
std::ostream & dump_stats(std::ostream &os) const
Definition: iptree.h:441
std::string source_identifier
void dump(int debug)
void ingest_packet(const be13::packet_info &pi)
void render(const std::string &outdir)
virtual const std::string & get_outdir() const
std::string get_input_fname() const
std::string name
static const int CURRENT_SP_VERSION
virtual void get_config(const scanner_info::config_t &c, const std::string &name, std::string *val, const std::string &help)
Definition: plugin.cpp:415
packet_callback_t * packet_cb
std::string author
scanner_info * info
static const int SCANNER_DISABLED
std::string description
const int sp_version
class feature_recorder_set & fs
const phase_t phase
void scan_netviz(const class scanner_params &sp, const recursion_control_block &rcb)
Definition: scan_netviz.cpp:40