Re: Bandwidth monitoring

To: debian-devel@lists.debian.org
Subject: Re: Bandwidth monitoring
From: Peter Palfrader <weasel@debian.org>
Date: Thu, 23 May 2002 02:33:23 +0200
Message-id: <[🔎] 20020523003323.GA416@valiant.oeknet.mhn.de>
Mail-followup-to: Peter Palfrader <weasel@debian.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 1022113140.27596.38.camel@scrooge>
References: <[🔎] 1021951214.878.33.camel@scrooge> <[🔎] 1022025965.17240.53.camel@scrooge> <[🔎] 20020522001426.GA31453@the-penguin.otak.com> <[🔎] 20020522075049.6FA896B78@lyta.coker.com.au> <[🔎] 1022054644.19435.50.camel@scrooge> <[🔎] 20020522133306.GA23499@valiant.oeknet.mhn.de> <[🔎] 1022113140.27596.38.camel@scrooge>

On Thu, 23 May 2002, Brian May wrote:

> My understanding of the code is that local vs remote connections are
> determined purely by IP numbers. I wonder how it would get this wrong?
> 
> The code is:
[perl]

Please note that I'm only relaying that info - I might have confused
something.

Some of the ipaudit-web reports - not all - got confused. So he hacked
ipaudit.c to not report local 2 local at all.


Patch by Florian Reitmeir <squat@riot.org>

Index: ipaudit.c
===================================================================
RCS file: /cvsroot/ipaudit/ipaudit-web/src/ipaudit.c,v
retrieving revision 1.9
diff -u -r1.9 ipaudit.c
--- ipaudit.c	18 Feb 2002 16:10:16 -0000	1.9
+++ ipaudit.c	23 May 2002 00:24:43 -0000
@@ -1048,6 +1048,7 @@
 	data_t  *data;
 	FILE    *outfile_m = stdout;
 	int     switch_mach;
+	int 	local_local_match;
 	int     first_mach, last_mach;
 
 	/*  Open file if outname is not -  */
@@ -1069,47 +1070,55 @@
 		/*  Get ip addresses and ports  */
 		data = (data_t *) t->data;
 
-		/*  Re-order ip addresses if 2nd is local and first is not  */
-		switch_mach = 
-			!in_iprange (*(int*)(t->key),   iplist_m, niplist_m) &&
-			 in_iprange (*(int*)(t->key+4), iplist_m, niplist_m);
+		/* check if the packet is from local to local */
+		local_local_match = 
+			in_iprange (*(int*)(t->key),   iplist_m, niplist_m) && 
+			in_iprange (*(int*)(t->key+4), iplist_m, niplist_m);
 
-		if (switch_mach) {
+		if ( ! local_local_match ) {
 		
-			fwrite (t->key+4, 1, 4, outfile_m);   /* 2nd ip  */
-			fwrite (t->key  , 1, 4, outfile_m);   /* 1st ip  */
-			fwrite (t->key+12,1, 1, outfile_m);   /* protocol */
-			fwrite (t->key+10,1, 2, outfile_m);   /* 2nd port  */
-			fwrite (t->key+8, 1, 2, outfile_m);   /* 1st port  */
-			fwrite (&data->nbyte2, 8, 1, outfile_m);  /* 2nd ip, bytes received  */ 
-			fwrite (&data->nbyte1, 8, 1, outfile_m);  /* 1st ip, bytes received  */
-			fwrite (&data->npkt2,  4, 1, outfile_m);  /* 2nd ip, packets recevied  */
-			fwrite (&data->npkt1,  4, 1, outfile_m);  /* 1st ip, packets received  */
+			/*  Re-order ip addresses if 2nd is local and first is not  */
+			switch_mach = 
+				!in_iprange (*(int*)(t->key),   iplist_m, niplist_m) &&
+				 in_iprange (*(int*)(t->key+4), iplist_m, niplist_m);
 
-		} else {
+			if (switch_mach) {
 		
-			fwrite (t->key  , 1, 4, outfile_m);   /* 1st ip  */
-			fwrite (t->key+4, 1, 4, outfile_m);   /* 2nd ip  */
-			fwrite (t->key+12,1, 1, outfile_m);   /* protocol */
-			fwrite (t->key+8, 1, 2, outfile_m);   /* 1st port  */
-			fwrite (t->key+10,1, 2, outfile_m);   /* 2nd port  */
-			fwrite (&data->nbyte1, 8, 1, outfile_m); /* 1st ip, bytes received  */
-			fwrite (&data->nbyte2, 8, 1, outfile_m); /* 2nd ip, bytes received  */
-			fwrite (&data->npkt1,  4, 1, outfile_m); /* 1st ip, packets received  */
-			fwrite (&data->npkt2,  4, 1, outfile_m); /* 2nd ip, packets recevied  */
-		}
+				fwrite (t->key+4, 1, 4, outfile_m);   /* 2nd ip  */
+				fwrite (t->key  , 1, 4, outfile_m);   /* 1st ip  */
+				fwrite (t->key+12,1, 1, outfile_m);   /* protocol */
+				fwrite (t->key+10,1, 2, outfile_m);   /* 2nd port  */
+				fwrite (t->key+8, 1, 2, outfile_m);   /* 1st port  */
+				fwrite (&data->nbyte2, 8, 1, outfile_m);  /* 2nd ip, bytes received  */ 
+				fwrite (&data->nbyte1, 8, 1, outfile_m);  /* 1st ip, bytes received  */
+				fwrite (&data->npkt2,  4, 1, outfile_m);  /* 2nd ip, packets recevied  */
+				fwrite (&data->npkt1,  4, 1, outfile_m);  /* 1st ip, packets received  */
 
-		/*  If switching machine order, correct first/last machine id  */
-		if (write_time_m) {
-			if (switch_mach) {
-				first_mach  = 3 - data->time.first_mach;
-				last_mach   = 3 - data->time.last_mach;
-			} else { 
-				first_mach  = data->time.first_mach;
-				last_mach   = data->time.last_mach;
+			} else {
+		
+				fwrite (t->key  , 1, 4, outfile_m);   /* 1st ip  */
+				fwrite (t->key+4, 1, 4, outfile_m);   /* 2nd ip  */
+				fwrite (t->key+12,1, 1, outfile_m);   /* protocol */
+				fwrite (t->key+8, 1, 2, outfile_m);   /* 1st port  */
+				fwrite (t->key+10,1, 2, outfile_m);   /* 2nd port  */
+				fwrite (&data->nbyte1, 8, 1, outfile_m); /* 1st ip, bytes received  */
+				fwrite (&data->nbyte2, 8, 1, outfile_m); /* 2nd ip, bytes received  */
+				fwrite (&data->npkt1,  4, 1, outfile_m); /* 1st ip, packets received  */
+				fwrite (&data->npkt2,  4, 1, outfile_m); /* 2nd ip, packets recevied  */
+			}
+
+			/*  If switching machine order, correct first/last machine id  */
+			if (write_time_m) {
+				if (switch_mach) {
+					first_mach  = 3 - data->time.first_mach;
+					last_mach   = 3 - data->time.last_mach;
+				} else { 
+					first_mach  = data->time.first_mach;
+					last_mach   = data->time.last_mach;
+				}
+				fwrite (&first_mach, sizeof(first_mach), 1, outfile_m);
+				fwrite (&last_mach, sizeof(last_mach), 1, outfile_m);
 			}
-			fwrite (&first_mach, sizeof(first_mach), 1, outfile_m);
-			fwrite (&last_mach, sizeof(last_mach), 1, outfile_m);
 		}
 	}
 
@@ -1131,6 +1140,7 @@
 	int     pt1, pt2, prot;
 	int     hour,min,sec,msec;
 	int     switch_mach;
+	int 	local_local_match;
 	int     first_mach, last_mach;
 	int     iconn, nconn;
 	helem_t **conn = NULL;
@@ -1187,144 +1197,151 @@
 	for (iconn=0;iconn<nconn;iconn++) {
 		t = conn[iconn];
 
-		if (dbf_output)
-			fprintf (outfile_m, "INSERT INTO ipaudit SET ");
+		local_local_match = 
+			in_iprange (ntohl(*(int*)(t->key)),   iplist_m, niplist_m) &&
+			in_iprange (ntohl(*(int*)(t->key+4)), iplist_m, niplist_m);
 
-		/* Display probe info if requested */
-		if (probename) {
+		if ( ! local_local_match ) {
+			
 			if (dbf_output)
-				fprintf (outfile_m, "probename='%s',", 
-						sys_info_err != 0?"unknown":hostname);
-			else 
-				fprintf (outfile_m, "%s ", 
-						sys_info_err != 0?"unknown":hostname);
-		}
-
-		/*  Get ip addresses and ports  */
-		if (printshort_m) {
-			sprintf (ip1, "%u.%u.%u.%u", 
-				t->key[0], t->key[1], t->key[2], t->key[3]);
-			sprintf (ip2, "%u.%u.%u.%u", 
-				t->key[4], t->key[5], t->key[6], t->key[7]);
-		} else {
-			sprintf (ip1, "%03u.%03u.%03u.%03u", 
-				t->key[0], t->key[1], t->key[2], t->key[3]);
-			sprintf (ip2, "%03u.%03u.%03u.%03u", 
-				t->key[4], t->key[5], t->key[6], t->key[7]);
-		}
-		pt1  = (int) t->key[ 8]*256 + t->key[ 9];
-		pt2  = (int) t->key[10]*256 + t->key[11];
-		prot = t->key[12];
-
-		/*  Re-order ip addresses if 2nd is local and first is not  */
-		switch_mach = 
-			!in_iprange (ntohl(*(int*)(t->key)),   iplist_m, niplist_m) &&
-			 in_iprange (ntohl(*(int*)(t->key+4)), iplist_m, niplist_m);
+				fprintf (outfile_m, "INSERT INTO ipaudit SET ");
 
-		if (switch_mach) {
-		
-			/*  Print key info  */
-			if (dbf_output) {
-				fprintf (outfile_m, "ip2='%s',ip1='%s',protocol=%u,ipport2=%u,ipport1=%u", 
-						ip2, ip1, prot, pt2, pt1);
-			} else {
-				fprintf (outfile_m, "%s %s %u %u %u", ip2, ip1, prot, pt2, pt1);
+			/* Display probe info if requested */
+			if (probename) {
+				if (dbf_output)
+					fprintf (outfile_m, "probename='%s',", 
+							sys_info_err != 0?"unknown":hostname);
+				else 
+					fprintf (outfile_m, "%s ", 
+							sys_info_err != 0?"unknown":hostname);
 			}
-
-			/*  Data  */
-			data = (data_t *) t->data;
-			if (dbf_output) {
-				fprintf (outfile_m, ",ip2bytes=%lu,ip1bytes=%lu,ip2pkts=%u,ip1pkts=%u", 
-					data->nbyte2, data->nbyte1, data->npkt2, data->npkt1);
+	
+			/*  Get ip addresses and ports  */
+			if (printshort_m) {
+				sprintf (ip1, "%u.%u.%u.%u", 
+					t->key[0], t->key[1], t->key[2], t->key[3]);
+				sprintf (ip2, "%u.%u.%u.%u", 
+					t->key[4], t->key[5], t->key[6], t->key[7]);
 			} else {
-				fprintf (outfile_m, " %lu %lu %u %u", 
-					data->nbyte2, data->nbyte1, data->npkt2, data->npkt1);
+				sprintf (ip1, "%03u.%03u.%03u.%03u", 
+					t->key[0], t->key[1], t->key[2], t->key[3]);
+				sprintf (ip2, "%03u.%03u.%03u.%03u", 
+					t->key[4], t->key[5], t->key[6], t->key[7]);
 			}
+			pt1  = (int) t->key[ 8]*256 + t->key[ 9];
+			pt2  = (int) t->key[10]*256 + t->key[11];
+			prot = t->key[12];
+
+			/*  Re-order ip addresses if 2nd is local and first is not  */
+			switch_mach = 
+				!in_iprange (ntohl(*(int*)(t->key)),   iplist_m, niplist_m) &&
+				 in_iprange (ntohl(*(int*)(t->key+4)), iplist_m, niplist_m);
 
-		} else {
+			if (switch_mach) {
 		
-			/*  Print key info  */
-			if (dbf_output) {
-				fprintf (outfile_m, "ip1='%s',ip2='%s',protocol=%u,ip1port=%u,ip2port=%u", 
-						ip1, ip2, prot, pt1, pt2);
-			} else {
-				fprintf (outfile_m, "%s %s %u %u %u", ip1, ip2, prot, pt1, pt2);
-			}
-
-			/*  Data  */
-			data = (data_t *) t->data;
-			if (dbf_output) {
-				fprintf (outfile_m, ",ip1bytes=%lu,ip2bytes=%lu,ip1pkts=%u,ip2pkts=%u", 
-					data->nbyte1, data->nbyte2, data->npkt1, data->npkt2);
-			} else {
-				fprintf (outfile_m, " %lu %lu %u %u", 
-					data->nbyte1, data->nbyte2, data->npkt1, data->npkt2);
-			}
-		}
+				/*  Print key info  */
+				if (dbf_output) {
+					fprintf (outfile_m, "ip2='%s',ip1='%s',protocol=%u,ipport2=%u,ipport1=%u", 
+							ip2, ip1, prot, pt2, pt1);
+				} else {
+					fprintf (outfile_m, "%s %s %u %u %u", ip2, ip1, prot, pt2, pt1);
+				}
 
-		if (write_time_m) {
-			/*  Convert seconds from midnight to 24 hour time  */
-			msec  = data->time.first_time;
-			HMS(hour,min,sec,msec)
+				/*  Data  */
+				data = (data_t *) t->data;
+				if (dbf_output) {
+					fprintf (outfile_m, ",ip2bytes=%lu,ip1bytes=%lu,ip2pkts=%u,ip1pkts=%u", 
+						data->nbyte2, data->nbyte1, data->npkt2, data->npkt1);
+				} else {
+					fprintf (outfile_m, " %lu %lu %u %u", 
+						data->nbyte2, data->nbyte1, data->npkt2, data->npkt1);
+				}
 
-			if (dbf_output) {
-				fprintf (outfile_m, ",constart='%02d:%02d:%02d',constartmsec=%04d", hour,min,sec,msec);
 			} else {
-				fprintf (outfile_m, " %02d:%02d:%02d.%04d", hour,min,sec,msec);
+		
+				/*  Print key info  */
+				if (dbf_output) {
+					fprintf (outfile_m, "ip1='%s',ip2='%s',protocol=%u,ip1port=%u,ip2port=%u", 
+							ip1, ip2, prot, pt1, pt2);
+				} else {
+					fprintf (outfile_m, "%s %s %u %u %u", ip1, ip2, prot, pt1, pt2);
+				}
+
+				/*  Data  */
+				data = (data_t *) t->data;
+				if (dbf_output) {
+					fprintf (outfile_m, ",ip1bytes=%lu,ip2bytes=%lu,ip1pkts=%u,ip2pkts=%u", 
+						data->nbyte1, data->nbyte2, data->npkt1, data->npkt2);
+				} else {
+					fprintf (outfile_m, " %lu %lu %u %u", 
+						data->nbyte1, data->nbyte2, data->npkt1, data->npkt2);
+				}
 			}
 
-			msec  = data->time.last_time;
-			HMS(hour,min,sec,msec)
+			if (write_time_m) {
+				/*  Convert seconds from midnight to 24 hour time  */
+				msec  = data->time.first_time;
+				HMS(hour,min,sec,msec)
+
+				if (dbf_output) {
+					fprintf (outfile_m, ",constart='%02d:%02d:%02d',constartmsec=%04d", hour,min,sec,msec);
+				} else {
+					fprintf (outfile_m, " %02d:%02d:%02d.%04d", hour,min,sec,msec);
+				}
 
-			if (dbf_output) {
-				fprintf (outfile_m, ",constop='%02d:%02d:%02d',constopmsec=%04d", hour,min,sec,msec);
-			} else {
-				fprintf (outfile_m, " %02d:%02d:%02d.%04d", hour,min,sec,msec);
-			}
+				msec  = data->time.last_time;
+				HMS(hour,min,sec,msec)
 
-			/* Don't display machine order if dbf output */
-			if (!dbf_output) {
-			/*  If switching machine order, correct first/last machine id  */
-				if (switch_mach) {
-					first_mach  = 3 - data->time.first_mach;
-					last_mach   = 3 - data->time.last_mach;
-				} else { 
-					first_mach  = data->time.first_mach;
-					last_mach   = data->time.last_mach;
+				if (dbf_output) {
+					fprintf (outfile_m, ",constop='%02d:%02d:%02d',constopmsec=%04d", hour,min,sec,msec);
+				} else {
+					fprintf (outfile_m, " %02d:%02d:%02d.%04d", hour,min,sec,msec);
 				}
 
-				fprintf (outfile_m, " %1d %1d", first_mach, last_mach);
-			}
-		} 
+				/* Don't display machine order if dbf output */
+				if (!dbf_output) {
+				/*  If switching machine order, correct first/last machine id  */
+					if (switch_mach) {
+						first_mach  = 3 - data->time.first_mach;
+						last_mach   = 3 - data->time.last_mach;
+					} else { 
+						first_mach  = data->time.first_mach;
+						last_mach   = data->time.last_mach;
+					}
+		
+					fprintf (outfile_m, " %1d %1d", first_mach, last_mach);
+				}
+			} 
 
-		/*  Print optional ethernet addresses  */
-		if (printeth_m) {
-			sprintf (eth1str, "%02x%02x%02x%02x%02x%02x", 
-				t->key[13], t->key[14], t->key[15], 
-				t->key[16], t->key[17], t->key[18]);
-			sprintf (eth2str, "%02x%02x%02x%02x%02x%02x", 
-				t->key[19], t->key[20], t->key[21], 
-				t->key[22], t->key[23], t->key[24]);
+			/*  Print optional ethernet addresses  */
+			if (printeth_m) {
+				sprintf (eth1str, "%02x%02x%02x%02x%02x%02x", 
+					t->key[13], t->key[14], t->key[15], 
+					t->key[16], t->key[17], t->key[18]);
+				sprintf (eth2str, "%02x%02x%02x%02x%02x%02x", 
+					t->key[19], t->key[20], t->key[21], 
+					t->key[22], t->key[23], t->key[24]);
 
-			if (switch_mach) {
-				if (dbf_output)
-					fprintf (outfile_m, ",eth2='%s',eth1='%s'", eth2str, eth1str);
-				else
-					fprintf (outfile_m, " %s %s", eth2str, eth1str);
-			} else {
-				if (dbf_output)
-					fprintf (outfile_m, ",eth1='%s',eth2='%s'", eth1str, eth2str);
-				else
-					fprintf (outfile_m, " %s %s", eth1str, eth2str);
+				if (switch_mach) {
+					if (dbf_output)
+						fprintf (outfile_m, ",eth2='%s',eth1='%s'", eth2str, eth1str);
+					else
+						fprintf (outfile_m, " %s %s", eth2str, eth1str);
+				} else {
+					if (dbf_output)
+						fprintf (outfile_m, ",eth1='%s',eth2='%s'", eth1str, eth2str);
+					else
+						fprintf (outfile_m, " %s %s", eth1str, eth2str);
+				}
 			}
-		}
 
 
-		if (dbf_output)
-			/* ; is line terminator for SQL */
-			fprintf (outfile_m, ";\n");
-		else
-			fprintf (outfile_m, "\n");
+			if (dbf_output)
+				/* ; is line terminator for SQL */
+				fprintf (outfile_m, ";\n");
+			else
+				fprintf (outfile_m, "\n");
+		}
 
 	}

Attachment: pgpRjbwY2tWLY.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Bandwidth monitoring
  - From: Brian May <bam@snoopy.apana.org.au>

References:
- Bandwidth monitoring
  - From: Brian May <bam@snoopy.apana.org.au>
- Re: Bandwidth monitoring
  - From: Brian May <bam@snoopy.apana.org.au>
- Re: Bandwidth monitoring
  - From: Lawrence Walton <lawrence@the-penguin.otak.com>
- Re: Bandwidth monitoring
  - From: Russell Coker <russell@coker.com.au>
- Re: Bandwidth monitoring
  - From: Brian May <bam@snoopy.apana.org.au>
- Re: Bandwidth monitoring
  - From: Peter Palfrader <weasel@debian.org>
- Re: Bandwidth monitoring
  - From: Brian May <bam@snoopy.apana.org.au>

Prev by Date: Re: Bug#147303: ITP: winex -- A DESCRIPTION
Next by Date: Re: hurd does NOT need /hurd
Previous by thread: Re: Bandwidth monitoring
Next by thread: Re: Bandwidth monitoring
Index(es):
- Date
- Thread