Changeset 117

Timestamp:

10.12.2005 02:56:47 (3 years ago)

Author:

tibob

Message:

• Added left/right dump/clean timestamp for filename (closes #8 and #2)
• More details in the header of log files

Location:

trunk

Files:

• doc/ipfm.conf.man (modified) (1 diff)
• source/config.h.in (modified) (1 diff)
• source/config.l (modified) (1 diff)
• source/config.y (modified) (4 diffs)
• source/data.c (modified) (7 diffs)
• source/filter.h (modified) (2 diffs)
• source/init.c (modified) (2 diffs)
• source/ipfm.c (modified) (1 diff)

trunk/doc/ipfm.conf.man

@@ -59 +59 @@
 
 .SS
+.I Timestamp
+.B Syntax :
+timestamp left|right clear|dump
+
+This indicates IPFM to use the begining (left timestamp) or ending (right timestamp) time of the clear/dump interval  to name the output file.
+
+Default is timestamp right dump
+
+.SS
 .I NEW LOG
 .B Syntax :

trunk/source/config.h.in

@@ -19 +19 @@
 #define DEFAULT_OPTIONS_APPEND        0
 #define DEFAULT_OPTIONS_TIMEZONE      local
+#define DEFAULT_OPTIONS_TIMESTAMP     right_dump
 
 /* But leave these defines untouched */

trunk/source/config.l

@@ -85 +85 @@
 [Uu][Tt][Cc]                     return UNIVERSALTIME;
 [Ww][Ii][Tt][Hh]                 return WITH;
+[Tt]ime[Ss]tamp                  return TIMESTAMP;
+[Rr]ight                         return RIGHT;
+[Ll]eft                          return LEFT;
 
 [Pp][Rr][Oo][Mm][Ii][Ss][Cc]         { yylval.longval = 1; return PROMISC; }

trunk/source/config.y

@@ -105 +105 @@
 %token UNIVERSALTIME
 %token WITH
-
+%token TIMESTAMP
+%token RIGHT
+%token LEFT
 
 %token<SortFunc>  SORTFUNC
@@ -240 +242 @@
           pNewLog->Filter = NULL;
           pNewLog->Data = NULL;
+          pNewLog->TimeStampType = DEFAULT_OPTIONS_TIMESTAMP;
           pNewLog->DumpInterval = DEFAULT_OPTIONS_DUMPINTERVAL;
           pNewLog->ClearInterval = DEFAULT_OPTIONS_CLEARINTERVAL;
           pNewLog->ClearCounter = DEFAULT_OPTIONS_CLEARCOUNTER;
           pNewLog->NextDump = ((time(NULL) / DEFAULT_OPTIONS_DUMPINTERVAL) + 1) * DEFAULT_OPTIONS_DUMPINTERVAL;
+          pNewLog->PrevDump = time(NULL);
+          pNewLog->PrevClear = time(NULL);
+          /* NextClear is set afterwards */
           pNewLog->LogFile = strdup(DEFAULT_OPTIONS_LOGFILE);
           pNewLog->Sort = DEFAULT_OPTIONS_SORT;
@@ -259 +265 @@
           tz = UTC;
         }
+      | TimeStamp EOL
       | error EOL {
           parseerror("Skipping invalid line", line);
@@ -389 +396 @@
       ;
 
+TimeStamp:
+        TIMESTAMP LEFT CLEAR {
+          pAllLogs->TimeStampType = left_clear;
+        }
+      | TIMESTAMP LEFT DUMP {
+          pAllLogs->TimeStampType = left_dump;
+        }
+      | TIMESTAMP RIGHT CLEAR {
+          pAllLogs->TimeStampType = right_clear;
+        }
+      | TIMESTAMP RIGHT DUMP {
+          pAllLogs->TimeStampType = right_dump;
+        }
+      ;
+
 %%
 

trunk/source/data.c

@@ -43 +43 @@
 #include <sys/types.h>
 #include <arpa/inet.h>
+#include <time.h>
 
 #include "config.h"
@@ -49 +50 @@
 #include "init.h"
 #include "utils.h"
+#include "debug.h"
 
 extern struct OptionsType Options;
@@ -106 +108 @@
   char *FileName;
 
-  FileName = timefile(pLog->LogFile, pLog->NextDump);
+  switch (pLog->TimeStampType) {
+    case left_dump:
+      FileName = timefile(pLog->LogFile, pLog->PrevDump);
+      break;
+    case left_clear:
+      FileName = timefile(pLog->LogFile, pLog->PrevClear);
+      break;
+    case right_clear:
+      FileName = timefile(pLog->LogFile, pLog->NextClear);
+      break;
+    case right_dump:
+    default:
+      FileName = timefile(pLog->LogFile, pLog->NextDump);
+      break;
+  }
+
+  DEBUG_MSG("It's %d and I'm dumping in %s\n", time(NULL), FileName);
+
   /* Avoid stdout conflicts between son and father */
   fflush(stdout);
@@ -117 +136 @@
     FILE *logfile;
     char DataToFile[MAX_DATA_SIZE];
-    char *stringTime;
+    /* "=NULL" to avoid a compiler warning */
+    char *stringTime, *DumpTime, *ClearTime=NULL, *PrevClear=NULL, *PrevDump, *stringAction;
     char *timezonestring;
 
@@ -159 +179 @@
     }
 
-    stringTime = timefile("%Y/%m/%d %H:%M:%S", pLog->NextDump);
-
-    fprintf(logfile, "# IPFMv%s %s (%s) -- dump every %ldd%02ld:%02ld:%02ld -- listening on %s\n",
-            VERSION, stringTime, timezonestring,
-            pLog->DumpInterval / (60*60*24),
-            (pLog->DumpInterval / (60*60)) % 24,
-            (pLog->DumpInterval / (60)) % 60,
-            pLog->DumpInterval % 60,
-            device);
+    stringTime = timefile("%Y/%m/%d %H:%M:%S", time(NULL));
+
+    DumpTime = timefile("%Y/%m/%d %H:%M:%S", pLog->NextDump);
+    PrevDump = timefile("%Y/%m/%d %H:%M:%S", pLog->PrevDump);
+    if (pLog->ClearCounter > 1 || pLog->ClearInterval == 0) {
+      stringAction = "dumping";
+    } else {
+      stringAction = "clearing";
+    }
+
+    fprintf(logfile, "# ipfm %s %s at %s (%s)\n",
+            VERSION, stringAction, stringTime, timezonestring);
+    fprintf(logfile, "# Listening on %s\n", device);
+    fprintf(logfile, "# Dump period :  %s -- %s\n",
+            PrevDump, DumpTime);
+
+    if (pLog->ClearInterval != 0) {
+      ClearTime = timefile("%Y/%m/%d %H:%M:%S", pLog->NextClear);
+      PrevClear = timefile("%Y/%m/%d %H:%M:%S", pLog->PrevClear);
+      fprintf(logfile, "# Clear period : %s -- %s\n",
+              PrevClear, ClearTime);
+      xfree(ClearTime);
+      xfree(PrevClear);
+    }
+
+    xfree(DumpTime);
+    xfree(PrevDump);
+    xfree(stringTime);
 
     fprintf(logfile, "# %-33s%15s%15s%15s\n",
@@ -174 +213 @@
             "Out (bytes)",
             "Total (bytes)");
+    
     while (NULL != pLog->Data) {
       DataFormat(pLog, pLog->Data, DataToFile, MAX_DATA_SIZE);
@@ -189 +229 @@
 
     fprintf(logfile, "# end of dump %s\n", stringTime);
-    xfree(stringTime);
     if (1 == pLog->Append) {
       fprintf(logfile, "\n");
     }
+
     fclose(logfile);
+
     /* As under linux, pcap uses atexit to restore non promiscuous mode,
        we use _exit() to avoid unsetting promiscuous mode when the child

trunk/source/filter.h

@@ -58 +58 @@
 };
 
+enum enumTimeStampType { left_clear, right_clear, left_dump, right_dump };
+
 struct AllLogsType {
   struct ipfm_filter *Filter;
@@ -68 +70 @@
   int ReverseLookup;
   int Append;
+  
+  /* right or left Timestamp selector */
+  enum enumTimeStampType TimeStampType;
 
-  unsigned long int NextDump;
+  time_t NextDump;
+  /* PrefDump, PrevClear and NextClear could (most of the time) be calculated
+     when needed , but it's easier to note them when NextDump and ClearCounter
+     are Changed */
+  time_t PrevDump;
+  time_t PrevClear;
+  time_t NextClear;
+  /* Defines the Dump Interval in seconds */
   unsigned long int DumpInterval;
+  /* Used to record in how many dumps the collected data should be cleared */
   unsigned long int ClearCounter;
+  /* Defines every how many dumps the collected data should be cleared */
   unsigned long int ClearInterval;
 

trunk/source/init.c

@@ -185 +185 @@
   pNewLog->Data = NULL;
   pNewLog->DataSize = 0;
+  pNewLog->TimeStampType = DEFAULT_OPTIONS_TIMESTAMP;
   pNewLog->DumpInterval = DEFAULT_OPTIONS_DUMPINTERVAL;
   pNewLog->ClearInterval = DEFAULT_OPTIONS_CLEARINTERVAL;
   pNewLog->ClearCounter = DEFAULT_OPTIONS_CLEARCOUNTER;
+  pNewLog->PrevDump = time(NULL);
+  pNewLog->PrevClear = time(NULL);
   pNewLog->NextDump = ((time(NULL) / DEFAULT_OPTIONS_DUMPINTERVAL) + 1) * DEFAULT_OPTIONS_DUMPINTERVAL;
+  /* NextClear is set afterwards */
   pNewLog->LogFile = xstrdup(DEFAULT_OPTIONS_LOGFILE);
   pNewLog->Sort = DEFAULT_OPTIONS_SORT;
@@ -359 +363 @@
       xfree (pTempLog);
     } else {
-      /* this entry is kept */
+      /* this entry is kept, adjust NextClear */
+      pTempLog->NextClear = pTempLog->NextDump + pTempLog->DumpInterval * (pTempLog->ClearCounter - 1);
+
       pPrevLog = pTempLog;
     }

trunk/source/ipfm.c

@@ -117 +117 @@
   for(;;) {
     p_packet = (struct ip *) getnextippkt();
-    
+
     dofilter(p_packet);
 
     /* Well that's an approximation. I should perhaps use an alarm() */
     for (pTempLog = pAllLogs; NULL != pTempLog; pTempLog = pTempLog->Next) {
+      DEBUG_MSG("time %d nextdump %d delta %d\n", time(NULL), pTempLog->NextDump, pTempLog->NextDump - time(NULL));
       if (time(NULL) > pTempLog->NextDump) {
         data_dump(pTempLog);
         /* Check if we have to clear the logs as well */
-        if (pTempLog->ClearInterval) {
+        if (0 != pTempLog->ClearInterval) {
           pTempLog->ClearCounter--;
           if (0 >= pTempLog->ClearCounter) {
             data_clear(pTempLog);
+            pTempLog->PrevClear = pTempLog->NextDump;
+            pTempLog->NextClear = pTempLog->NextDump + pTempLog->ClearInterval * pTempLog->DumpInterval;
             pTempLog->ClearCounter = pTempLog->ClearInterval;
           }
         }
-        pTempLog->NextDump += pTempLog->DumpInterval;
+        pTempLog->PrevDump = pTempLog->NextDump;
+        pTempLog->NextDump += pTempLog->DumpInterval;
       }
     }