ui/cli/tap-icmpstat.c

   1 /* tap-icmpstat.c
   2  * icmpstat   2011 Christopher Maynard
   3  *
   4  * Wireshark - Network traffic analyzer
   5  * By Gerald Combs <gerald@wireshark.org>
   6  * Copyright 1998 Gerald Combs
   7  *
   8  * SPDX-License-Identifier: GPL-2.0-or-later
   9  */
  10
  11 /* This module provides icmp echo request/reply SRT statistics to tshark.
  12  * It is only used by tshark and not wireshark
  13  *
  14  * It was based on tap-rpcstat.c and doc/README.tapping.
  15  */
  16
  17 #include "config.h"
  18
  19 #include <stdio.h>
  20 #include <stdlib.h>
  21 #include <string.h>
  22 #include <math.h>
  23
  24 #include <glib.h>
  25
  26 #include <epan/packet_info.h>
  27 #include <epan/tap.h>
  28 #include <epan/stat_tap_ui.h>
  29 #include <epan/dissectors/packet-icmp.h>
  30
  31 #include <wsutil/cmdarg_err.h>
  32
  33 void register_tap_listener_icmpstat(void);
  34
  35 /* used to keep track of the ICMP statistics */
  36 typedef struct _icmpstat_t {
  37     char *filter;
  38     GSList *rt_list;
  39     unsigned num_rqsts;
  40     unsigned num_resps;
  41     unsigned min_frame;
  42     unsigned max_frame;
  43     double min_msecs;
  44     double max_msecs;
  45     double tot_msecs;
  46 } icmpstat_t;
  47
  48
  49 /* This callback is never used by tshark but it is here for completeness.  When
  50  * registering below, we could just have left this function as NULL.
  51  *
  52  * When used by wireshark, this function will be called whenever we would need
  53  * to reset all state, such as when wireshark opens a new file, when it starts
  54  * a new capture, when it rescans the packetlist after some prefs have changed,
  55  * etc.
  56  *
  57  * So if your application has some state it needs to clean up in those
  58  * situations, here is a good place to put that code.
  59  */
  60 static void
  61 icmpstat_reset(void *tapdata)
  62 {
  63     icmpstat_t *icmpstat = (icmpstat_t *)tapdata;
  64
  65     g_slist_free(icmpstat->rt_list);
  66     memset(icmpstat, 0, sizeof(icmpstat_t));
  67     icmpstat->min_msecs = 1.0 * UINT_MAX;
  68 }
  69
  70
  71 static int compare_doubles(const void *a, const void *b)
  72 {
  73     double ad, bd;
  74
  75     ad = *(const double *)a;
  76     bd = *(const double *)b;
  77
  78     if (ad < bd)
  79         return -1;
  80     if (ad > bd)
  81         return 1;
  82     return 0;
  83 }
  84
  85
  86 /* This callback is invoked whenever the tap system has seen a packet we might
  87  * be interested in.  The function is to be used to only update internal state
  88  * information in the *tapdata structure, and if there were state changes which
  89  * requires the window to be redrawn, return 1 and (*draw) will be called
  90  * sometime later.
  91  *
  92  * This function should be as lightweight as possible since it executes
  93  * together with the normal wireshark dissectors.  Try to push as much
  94  * processing as possible into (*draw) instead since that function executes
  95  * asynchronously and does not affect the main thread's performance.
  96  *
  97  * If it is possible, try to do all "filtering" explicitly since you will get
  98  * MUCH better performance than applying a similar display-filter in the
  99  * register call.
 100  *
 101  * The third parameter is tap dependent.  Since we register this one to the
 102  * "icmp" tap, the third parameter type is icmp_transaction_t.
 103  *
 104  * function returns :
 105  *  TAP_PACKET_DONT_REDRAW: no updates, no need to call (*draw) later
 106  *  TAP_PACKET_REDRAW: state has changed, call (*draw) sometime later
 107  */
 108 static tap_packet_status
 109 icmpstat_packet(void *tapdata, packet_info *pinfo _U_, epan_dissect_t *edt _U_, const void *data, tap_flags_t flags _U_)
 110 {
 111     icmpstat_t *icmpstat = (icmpstat_t *)tapdata;
 112     const icmp_transaction_t *trans = (const icmp_transaction_t *)data;
 113     double resp_time, *rt;
 114
 115     if (trans == NULL)
 116         return TAP_PACKET_DONT_REDRAW;
 117
 118     if (trans->resp_frame) {
 119         resp_time = nstime_to_msec(&trans->resp_time);
 120         rt = g_new(double, 1);
 121         if (rt == NULL)
 122             return TAP_PACKET_DONT_REDRAW;
 123         *rt = resp_time;
 124         icmpstat->rt_list = g_slist_prepend(icmpstat->rt_list, rt);
 125         icmpstat->num_resps++;
 126         if (icmpstat->min_msecs > resp_time) {
 127             icmpstat->min_frame = trans->resp_frame;
 128             icmpstat->min_msecs = resp_time;
 129         }
 130         if (icmpstat->max_msecs < resp_time) {
 131             icmpstat->max_frame = trans->resp_frame;
 132             icmpstat->max_msecs = resp_time;
 133         }
 134         icmpstat->tot_msecs += resp_time;
 135     } else if (trans->rqst_frame)
 136         icmpstat->num_rqsts++;
 137     else
 138         return TAP_PACKET_DONT_REDRAW;
 139
 140     return TAP_PACKET_REDRAW;
 141 }
 142
 143
 144 /*
 145  * Compute the mean, median and standard deviation.
 146  */
 147 static void compute_stats(icmpstat_t *icmpstat, double *mean, double *med, double *sdev)
 148 {
 149     GSList *slist;
 150     double diff;
 151     double sq_diff_sum = 0.0;
 152
 153     icmpstat->rt_list = g_slist_sort(icmpstat->rt_list, compare_doubles);
 154     slist = icmpstat->rt_list;
 155
 156     if (icmpstat->num_resps == 0 || slist == NULL) {
 157         *mean = 0.0;
 158         *med = 0.0;
 159         *sdev = 0.0;
 160         return;
 161     }
 162
 163     /* (arithmetic) mean */
 164     *mean = icmpstat->tot_msecs / icmpstat->num_resps;
 165
 166     /* median: If we have an odd number of elements in our list, then the
 167      * median is simply the middle element, otherwise the median is computed by
 168      * averaging the 2 elements on either side of the mid-point. */
 169     if (icmpstat->num_resps & 1)
 170         *med = *(double *)g_slist_nth_data(slist, icmpstat->num_resps / 2);
 171     else {
 172         *med =
 173             (*(double *)g_slist_nth_data(slist, (icmpstat->num_resps - 1) / 2) +
 174             *(double *)g_slist_nth_data(slist, icmpstat->num_resps / 2)) / 2;
 175     }
 176
 177     /* (sample) standard deviation */
 178     for ( ; slist; slist = g_slist_next(slist)) {
 179         diff = *(double *)slist->data - *mean;
 180         sq_diff_sum += diff * diff;
 181     }
 182     if (icmpstat->num_resps > 1)
 183         *sdev = sqrt(sq_diff_sum / (icmpstat->num_resps - 1));
 184     else
 185         *sdev = 0.0;
 186 }
 187
 188
 189 /* This callback is used when tshark wants us to draw/update our data to the
 190  * output device.  Since this is tshark, the only output is stdout.
 191  * TShark will only call this callback once, which is when tshark has finished
 192  * reading all packets and exits.
 193  * If used with wireshark this may be called any time, perhaps once every 3
 194  * seconds or so.
 195  * This function may even be called in parallel with (*reset) or (*draw), so
 196  * make sure there are no races.  The data in the icmpstat_t can thus change
 197  * beneath us.  Beware!
 198  *
 199  * How best to display the data?  For now, following other tap statistics
 200  * output, but here are a few other alternatives we might choose from:
 201  *
 202  * -> Windows ping output:
 203  *      Ping statistics for <IP>:
 204  *          Packets: Sent = <S>, Received = <R>, Lost = <L> (<LP>% loss),
 205  *      Approximate round trip times in milli-seconds:
 206  *          Minimum = <m>ms, Maximum = <M>ms, Average = <A>ms
 207  *
 208  * -> Cygwin ping output:
 209  *      ----<HOST> PING Statistics----
 210  *      <S> packets transmitted, <R> packets received, <LP>% packet loss
 211  *      round-trip (ms)  min/avg/max/med = <m>/<M>/<A>/<D>
 212  *
 213  * -> Linux ping output:
 214  *      --- <HOST> ping statistics ---
 215  *      <S> packets transmitted, <R> received, <LP>% packet loss, time <T>ms
 216  *      rtt min/avg/max/mdev = <m>/<A>/<M>/<D> ms
 217  */
 218 static void
 219 icmpstat_draw(void *tapdata)
 220 {
 221     icmpstat_t *icmpstat = (icmpstat_t *)tapdata;
 222     unsigned int lost;
 223     double mean, sdev, med;
 224
 225     printf("\n");
 226     printf("==========================================================================\n");
 227     printf("ICMP Service Response Time (SRT) Statistics (all times in ms):\n");
 228     printf("Filter: %s\n", icmpstat->filter ? icmpstat->filter : "<none>");
 229     printf("\nRequests  Replies   Lost      %% Loss\n");
 230
 231     if (icmpstat->num_rqsts) {
 232         lost =  icmpstat->num_rqsts - icmpstat->num_resps;
 233         compute_stats(icmpstat, &mean, &med, &sdev);
 234
 235         printf("%-10u%-10u%-10u%5.1f%%\n\n",
 236             icmpstat->num_rqsts, icmpstat->num_resps, lost,
 237             100.0 * lost / icmpstat->num_rqsts);
 238         printf("Minimum   Maximum   Mean      Median    SDeviation     Min Frame Max Frame\n");
 239         printf("%-10.3f%-10.3f%-10.3f%-10.3f%-10.3f     %-10u%-10u\n",
 240             icmpstat->min_msecs >= UINT_MAX ? 0.0 : icmpstat->min_msecs,
 241             icmpstat->max_msecs, mean, med, sdev,
 242             icmpstat->min_frame, icmpstat->max_frame);
 243     } else {
 244         printf("0         0         0           0.0%%\n\n");
 245         printf("Minimum   Maximum   Mean      Median    SDeviation     Min Frame Max Frame\n");
 246         printf("0.000     0.000     0.000     0.000     0.000          0         0\n");
 247     }
 248     printf("==========================================================================\n");
 249 }
 250
 251
 252 /* When called, this function will create a new instance of icmpstat.
 253  *
 254  * This function is called from tshark when it parses the -z icmp, arguments
 255  * and it creates a new instance to store statistics in and registers this new
 256  * instance for the icmp tap.
 257  */
 258 static void
 259 icmpstat_init(const char *opt_arg, void *userdata _U_)
 260 {
 261     icmpstat_t *icmpstat;
 262     const char *filter = NULL;
 263     GString *error_string;
 264
 265     if (strstr(opt_arg, "icmp,srt,"))
 266         filter = opt_arg + strlen("icmp,srt,");
 267
 268     icmpstat = (icmpstat_t *)g_try_malloc(sizeof(icmpstat_t));
 269     if (icmpstat == NULL) {
 270         cmdarg_err("Couldn't register icmp,srt tap: Out of memory");
 271         exit(1);
 272     }
 273     memset(icmpstat, 0, sizeof(icmpstat_t));
 274     icmpstat->min_msecs = 1.0 * UINT_MAX;
 275
 276     icmpstat->filter = g_strdup(filter);
 277
 278 /* It is possible to create a filter and attach it to the callbacks.  Then the
 279  * callbacks would only be invoked if the filter matched.
 280  *
 281  * Evaluating filters is expensive and if we can avoid it and not use them,
 282  * then we gain performance.
 283  *
 284  * In this case we do the filtering for protocol and version inside the
 285  * callback itself but use whatever filter the user provided.
 286  */
 287
 288     error_string = register_tap_listener("icmp", icmpstat, icmpstat->filter,
 289         TL_REQUIRES_NOTHING, icmpstat_reset, icmpstat_packet, icmpstat_draw,
 290         NULL);
 291     if (error_string) {
 292         /* error, we failed to attach to the tap. clean up */
 293         g_free(icmpstat->filter);
 294         g_free(icmpstat);
 295
 296         cmdarg_err("Couldn't register icmp,srt tap: %s", error_string->str);
 297         g_string_free(error_string, TRUE);
 298         exit(1);
 299     }
 300 }
 301
 302 static stat_tap_ui icmpstat_ui = {
 303     REGISTER_STAT_GROUP_GENERIC,
 304     NULL,
 305     "icmp,srt",
 306     icmpstat_init,
 307     0,
 308     NULL
 309 };
 310
 311 void
 312 register_tap_listener_icmpstat(void)
 313 {
 314     register_stat_tap_ui(&icmpstat_ui, NULL);
 315 }