Re: Determining traffic on a socket

Wed, 12 Apr 2000 02:34:54 -0700 

I've managed to write a program to do what I want, which works fine on
2.2.8 but doesn't work with elf kernels it appears. Is there an
equivalent interface for elf kernels to the kvm interface for a.out
kernels?

If anyone is interested, I've attached the program.

-- 
Dr Graham Wheeler                        E-mail: [EMAIL PROTECTED]
Director, Research and Development       WWW:    http://www.cequrux.com
CEQURUX Technologies                     Phone:  +27(21)423-6065
Firewalls/VPN Specialists                Fax:    +27(21)424-3656
#include <stdio.h>
#include <fcntl.h>
#include <kvm.h>
#include <nlist.h>

#include <sys/types.h>
#include <sys/socket.h>

#include <net/route.h>

#include <netinet/in.h>
#include <netinet/in_pcb.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#define TCPSTATES
#include <netinet/tcp_fsm.h>
#define TCPTIMERS
#include <netinet/tcp_timer.h>
#include <netinet/tcp_var.h>

struct nlist nml[] = {
#define N_TCB           0
        { "_tcb" },
        0
};

//----------------------------------------------------------------

void Process_IP_CB(kvm_t *kmem, struct inpcb *inpcb)
{
    struct tcpcb tcpcb;
    if (kvm_read(kmem, (long)inpcb->inp_ppcb, (char*)&tcpcb, sizeof(tcpcb))>0)
    {
        if (tcpcb.t_state >= TCPS_ESTABLISHED && tcpcb.t_state < TCP_NSTATES)
        {
            printf("%17s:%-5d ", inet_ntoa(inpcb->inp_laddr.s_addr),
                        ntohs(inpcb->inp_lport));
            printf("%17s:%-5d ", inet_ntoa(inpcb->inp_faddr.s_addr), 
                        ntohs(inpcb->inp_fport));
            printf("[%10s] tx: %10lu rx: %10lu\n",
                        tcpstates[tcpcb.t_state],
                        (u_long)tcpcb.snd_nxt - (u_long)tcpcb.iss,
                        (u_long)tcpcb.rcv_nxt - (u_long)tcpcb.irs);
        }
    }
}

void Process_IP_CBs(kvm_t *kvm)
{
    struct inpcb in_pcb;
    long off = nml[N_TCB].n_value;
    if (kvm_read(kvm, off, (char *) &in_pcb, sizeof (struct inpcb))>0)
    {
        long prev = off;
        while (in_pcb.inp_list.le_next != (struct inpcb *)off)
        {
            long next = (long)in_pcb.inp_list.le_next;
            if (kvm_read(kvm, next, (char*)&in_pcb, sizeof(struct inpcb)) < 0 ||
                (long)in_pcb.inp_list.le_prev != prev) // lost sync
                    break;
            Process_IP_CB(kvm, &in_pcb);
            prev = next;
        }
    }
}

main(int argc, char **argv)
{
    kvm_t *kvm = kvm_open(0,0,0,0,0);
    if (kvm)
    {
        if (kvm_nlist(kvm, nml) < 0)
            perror("kvm_nlist");
        else
        {
            Process_IP_CBs(kvm);
            kvm_close(kvm);
        }
    }
    else perror("kvm_open");
}

Reply via email to