[Ntop-dev] [patch] Final working scanTimedoutTCPSessions patch

Tue, 23 Apr 2002 14:54:11 -0700 

Hi

So, this patch lets ntop scan for timedout tcp sessions again and 
export correct netflow data. It ran stable for >24h so no multithreading
problems and exports 99.99% the amount of bytes that our cisco does, too.

Please note, that I used lowered timeout values, don't know if it would
make sense to change them in upstream. Maybe I increase them a bit myself,
too:

#define SESSION_SCAN_DELAY        10        /* 60 secs */
#define IDLE_HOST_PURGE_TIMEOUT  60    /*   30 minutes */
#define IDLE_SESSION_TIMEOUT     20    /*   10 minutes */

The .diff is agains the CVS from 3 days ago (don't like to update as it's
running so well now...)

The only thing that could really improved now is that UDP has no kind 
of "sessions" although with a reasonable low timeout this could be
archived, too, and would lead to a lower flow export rate. Just for the
TODO list :)

bye,

-christian-

-- 
Christian Hammers    WESTEND GmbH - Aachen und Dueren     Tel 0241/701333-0
[EMAIL PROTECTED]     Internet & Security for Professionals    Fax 0241/911879
          WESTEND ist CISCO Systems Partner - Authorized Reseller

diff -r -u ntop-current/ntop/globals-core.h ntop-westend/ntop/globals-core.h
--- ntop-current/ntop/globals-core.h    Mon Apr 15 13:52:25 2002
+++ ntop-westend/ntop/globals-core.h    Mon Apr 15 13:52:51 2002
@@ -164,6 +164,7 @@
 extern void* updateHostTrafficStatsThptLoop(void* notUsed);
 extern void *updateDBHostsTrafficLoop(void* notUsed);
 extern void *scanIdleLoop(void *notUsed);
+extern void *scanIdleSessionsLoop(void *notUsed);
 extern void createPortHash();
 #ifndef WIN32
 extern void *periodicLsofLoop(void *notUsed);
diff -r -u ntop-current/ntop/ntop.c ntop-westend/ntop/ntop.c
--- ntop-current/ntop/ntop.c    Mon Apr 15 13:52:27 2002
+++ ntop-westend/ntop/ntop.c    Tue Apr 16 17:45:26 2002
@@ -118,6 +118,17 @@
         traceEvent(TRACE_INFO, "1) %d\n", numPkts++);
       */
     }
+
+    myGlobals.actTime = time(NULL);
+    if(myGlobals.nextSessionTimeoutScan < myGlobals.actTime) {
+      /* It's time to check for timeout sessions */
+      traceEvent(TRACE_INFO, "scanTimedoutTCPSessions()");
+      scanTimedoutTCPSessions(i);
+      myGlobals.nextSessionTimeoutScan = myGlobals.actTime+SESSION_SCAN_DELAY;
+    }
+
+
   }
 
   return(NULL);
diff -r -u ntop-current/ntop/pbuf.c ntop-westend/ntop/pbuf.c
--- ntop-current/ntop/pbuf.c    Mon Apr 15 13:52:27 2002
+++ ntop-westend/ntop/pbuf.c    Mon Apr 15 13:52:53 2002
@@ -891,7 +891,7 @@
        if((!myGlobals.borderSnifferMode) || nonFullyRemoteSession) {
          theSession = handleTCPSession(h, (off & 0x3fff), tp.th_win,
                                        srcHostIdx, sport, dstHostIdx,
-                                       dport, length, &tp, tcpDataLength,
+                                       dport, ntohs(ip.ip_len), &tp, tcpDataLength,
                                        theData, actualDeviceId);
          if(theSession == NULL)
            isPassiveSession = 0;
diff -r -u ntop-current/ntop/sessions.c ntop-westend/ntop/sessions.c
--- ntop-current/ntop/sessions.c        Mon Apr 15 13:52:36 2002
+++ ntop-westend/ntop/sessions.c        Wed Apr 17 11:16:59 2002
@@ -328,24 +329,28 @@
   {
     char buf[32], buf1[32];
 
-    traceEvent(TRACE_INFO, "Session terminated: %s:%d<->%s:%d (# sessions = %d)",
+    traceEvent(TRACE_INFO, "Session terminated: %s:%d<->%s:%d (last=%d)(# sessions = 
+%d)",
               _intoa(sessionToPurge->initiatorRealIp, buf, sizeof(buf)), 
sessionToPurge->sport,
               _intoa(sessionToPurge->remotePeerRealIp, buf1, sizeof(buf1)), 
sessionToPurge->dport,
+              sessionToPurge->lastSeen,
               myGlobals.device[actualDeviceId].numTcpSessions);
   }
 #endif
 
   free(sessionToPurge); /* No inner pointers to free */
 }
+#undef TRACE_TRAFFIC_INFO /* #42# */
 
 /* ************************************ */
 
-#ifndef MULTITHREADED
+/* #ifndef MULTITHREADED */
+#define DEBUG 1
 void scanTimedoutTCPSessions(int actualDeviceId) {
   u_int idx, i;
+  u_int freeSessionCount =0;
 
 #ifdef DEBUG
-  traceEvent(TRACE_INFO, "Called scanTimedoutTCPSessions\n");
+  traceEvent(TRACE_INFO, "scanTimedoutTCPSessions working on device %d (%d 
+Sessions)\n", actualDeviceId, myGlobals.device[actualDeviceId].numTotSessions);
 #endif
 
   for(idx=0; idx<myGlobals.device[actualDeviceId].numTotSessions; idx++) {
@@ -389,13 +394,14 @@
 
          if(myGlobals.device[actualDeviceId].tcpSession[idx] == 
             myGlobals.device[actualDeviceId].tcpSession[idx]->next) {
-           myGlobals.device[actualDeviceId].tcpSession[idx]->next = NULL;
 #ifdef DEBUG
            traceEvent(TRACE_WARNING, "Patched problem on idx %d", idx);
 #endif
+           myGlobals.device[actualDeviceId].tcpSession[idx]->next = NULL;
          }
        }
 
+       freeSessionCount++; /* #42# */
        freeSession(thisSession, actualDeviceId);
       }
 
@@ -406,8 +412,14 @@
       }
     } /* while */
   } /* end for */
+
+#ifdef DEBUG
+  traceEvent(TRACE_INFO, "scanTimedoutTCPSessions: freed %u sessions\n", 
+freeSessionCount);
+#endif
+
 }
-#endif /* MULTITHREADED */
+#undef DEBUG /* #42# */
+/* #42# #endif MULTITHREADED */
 
 /* ************************************ */

Reply via email to