| blob | 213e149ae8593acb2cf363ee243431491cbdaacb |
1 /* tap-icmpstat.c
2 * icmpstat 2011 Christopher Maynard
3 *
4 * $Id$
5 *
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 */
25 /* This module provides icmp echo request/reply SRT statistics to tshark.
26 * It is only used by tshark and not wireshark
27 *
28 * It was based on tap-rpcstat.c and doc/README.tapping.
29 */
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <string.h>
38 #include <epan/tap.h>
39 #include <epan/stat_cmd_args.h>
40 #include <epan/dissectors/packet-icmp.h>
41 #include <math.h>
45 /* used to keep track of the ICMP statistics */
49 guint num_rqsts;
50 guint num_resps;
51 guint min_frame;
52 guint max_frame;
59 /* This callback is never used by tshark but it is here for completeness. When
60 * registering below, we could just have left this function as NULL.
61 *
62 * When used by wireshark, this function will be called whenever we would need
63 * to reset all state, such as when wireshark opens a new file, when it starts
64 * a new capture, when it rescans the packetlist after some prefs have changed,
65 * etc.
66 *
67 * So if your application has some state it needs to clean up in those
68 * situations, here is a good place to put that code.
69 */
70 static void
72 {
78 }
82 {
93 }
96 /* This callback is invoked whenever the tap system has seen a packet we might
97 * be interested in. The function is to be used to only update internal state
98 * information in the *tapdata structure, and if there were state changes which
99 * requires the window to be redrawn, return 1 and (*draw) will be called
100 * sometime later.
101 *
102 * This function should be as lightweight as possible since it executes
103 * together with the normal wireshark dissectors. Try to push as much
104 * processing as possible into (*draw) instead since that function executes
105 * asynchronously and does not affect the main thread's performance.
106 *
107 * If it is possible, try to do all "filtering" explicitly since you will get
108 * MUCH better performance than applying a similar display-filter in the
109 * register call.
110 *
111 * The third parameter is tap dependent. Since we register this one to the
112 * "icmp" tap, the third parameter type is icmp_transaction_t.
113 *
114 * function returns :
115 * 0: no updates, no need to call (*draw) later
116 * !0: state has changed, call (*draw) sometime later
117 */
118 static int
119 icmpstat_packet(void *tapdata, packet_info *pinfo _U_, epan_dissect_t *edt _U_, const void *data)
120 {
139 }
143 }
147 else
151 }
154 /*
155 * Compute the mean, median and standard deviation.
156 */
158 {
171 }
173 /* (arithmetic) mean */
176 /* median: If we have an odd number of elements in our list, then the
177 * median is simply the middle element, otherwise the median is computed by
178 * averaging the 2 elements on either side of the mid-point. */
185 }
187 /* (sample) standard deviation */
191 }
194 else
196 }
199 /* This callback is used when tshark wants us to draw/update our data to the
200 * output device. Since this is tshark, the only output is stdout.
201 * TShark will only call this callback once, which is when tshark has finished
202 * reading all packets and exits.
203 * If used with wireshark this may be called any time, perhaps once every 3
204 * seconds or so.
205 * This function may even be called in parallel with (*reset) or (*draw), so
206 * make sure there are no races. The data in the icmpstat_t can thus change
207 * beneath us. Beware!
208 *
209 * How best to display the data? For now, following other tap statistics
210 * output, but here are a few other alternatives we might choose from:
211 *
212 * -> Windows ping output:
213 * Ping statistics for <IP>:
214 * Packets: Sent = <S>, Received = <R>, Lost = <L> (<LP>% loss),
215 * Approximate round trip times in milli-seconds:
216 * Minimum = <m>ms, Maximum = <M>ms, Average = <A>ms
217 *
218 * -> Cygwin ping output:
219 * ----<HOST> PING Statistics----
220 * <S> packets transmitted, <R> packets received, <LP>% packet loss
221 * round-trip (ms) min/avg/max/med = <m>/<M>/<A>/<D>
222 *
223 * -> Linux ping output:
224 * --- <HOST> ping statistics ---
225 * <S> packets transmitted, <R> received, <LP>% packet loss, time <T>ms
226 * rtt min/avg/max/mdev = <m>/<A>/<M>/<D> ms
227 */
228 static void
230 {
257 }
259 }
262 /* When called, this function will create a new instance of icmpstat.
263 *
264 * This function is called from tshark when it parses the -z icmp, arguments
265 * and it creates a new instance to store statistics in and registers this new
266 * instance for the icmp tap.
267 */
268 static void
270 {
282 }
289 /* It is possible to create a filter and attach it to the callbacks. Then the
290 * callbacks would only be invoked if the filter matched.
291 *
292 * Evaluating filters is expensive and if we can avoid it and not use them,
293 * then we gain performance.
294 *
295 * In this case we do the filtering for protocol and version inside the
296 * callback itself but use whatever filter the user provided.
297 */
302 /* error, we failed to attach to the tap. clean up */
311 }
312 }
315 void
317 {
319 }