-
Notifications
You must be signed in to change notification settings - Fork 19
/
OVERVIEW
100 lines (72 loc) · 3.1 KB
/
OVERVIEW
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
EtherApe Code Overview
======================
Current as of 0.4.2
--------------------------------------------------------------------
Here I'll try to explain the workings of EtherApe, both for new
contributors to have a clearer view of the program and for self
future reference.
0. Index of files
-----------------
etherape.glade
This file has all of the GUI. Use glade to modify it.
src/appdata.h
Declaration of all main data structures.
src/main.c
Parses command line options. Calls initialization
functions of capture and diagram. Loads and saves
configuration. Handles gnome session management.
src/capture.c
Reads packets from the network and keeps track of
information gathered.
src/protocols.c
Functions used to find the protocol stack of a given
packet.
src/dns.c
Asynchronously reverse lookup of ip addresses.
src/resolv.c
Several helper functions, mostly to look up the ethernet
address in /etc/ethers
src/util.c
helper functions for resolv.c
src/diagram.c
Updates the diagram, which is a gnome_canvas widget.
Takes care of statusbar information and node pop-ups.
src/callbacks.c
Handles GUI interaction. Buttons clicked, adjustments
changed, etc.
1. Basic Architecture
---------------------
EtherApe is running on a gtk_look started in main(). There are
two callbacks functions active that execute code. One is a
timeout set each refresh_period to update the diagram on the
screen, update_diagram, and the other is a gdk_input called each
time there is a new packet available in the network, packet_read.
I try to clearly separate code and data structures of data
gathering and presentation. Data gathering is performed in
capture.c and presentation in diagram.c. capture.c is completely
independent from presentation, except for the fact that nodes
and links are updated (deletion of irrelevant packet, nodes and
links; recalculation of traffic averages, main protocol, etc)
only if externally called. node_update and link_update are called
from canvas_node_update and canvas_link_update.
I also try to keep separate the functions in protocols.c, so
that more protocol recognition can be added easily without
further knowledge of the rest of the program. It is used as a
library with a single api: get_packet_prot. Given a pointer to a
packet, it returs a slash tokenized string with the protocol
stack, e.g.: "/ETH_II/IP/TCP/SSH/UNKNOWN/UNKNOWN"
Each time update_diagram is called, it checks to see how
nodes, links and protocols have changed, and the diagram is
updated accordingly.
2. Data Structures
------------------
See appdata.h for the declaration of all data structures. I'll
give a short explanation here of the main ones.
capture.c keeps track of nodes and links using balanced binary
trees. Each item of the tree is identified with a key which is
different for each mode. Each time a packet arrives, get_node_id
is called and it returns whatever constitutes the key. Thus,
creating new modes is as easy as just setting the global
node_id_legth and returning the address. Then you'd only have to
add naming code in fill_names. Look for 'mode' in capture.c
TO BE CONTINUED