On 2015-10-24 at 16:38:10 +0200, Vadim Kochan <[email protected]> wrote: > From: Vadim Kochan <[email protected]> > > Perform lookup inode by dst port too if remote traffic represented as > src flow, so in case if lookup by src port failed then choose > inode matched by dst port. > > Signed-off-by: Vadim Kochan <[email protected]> > --- > flowtop.c | 37 +++++++++++++++++++++---------------- > 1 file changed, 21 insertions(+), 16 deletions(-) > > diff --git a/flowtop.c b/flowtop.c > index 6aa0a6e..f36e8fe 100644 > --- a/flowtop.c > +++ b/flowtop.c > @@ -503,40 +503,50 @@ static void walk_processes(struct flow_entry *n) > closedir(dir); > } > > -static int get_port_inode(uint16_t port, int proto, bool is_ip6) > +static void flow_entry_find_process(struct flow_entry *n) > { > - int ret = -ENOENT; > + int src_inode = 0, dst_inode = 0; > char path[128], buff[1024]; > FILE *proc; > > memset(path, 0, sizeof(path)); > snprintf(path, sizeof(path), "/proc/net/%s%s", > - l4proto2str[proto], is_ip6 ? "6" : ""); > + l4proto2str[n->l4_proto], n->l3_proto == AF_INET6 ? "6" : ""); > > proc = fopen(path, "r"); > if (!proc) > - return -EIO; > + return; > > + /* Here we try to find process's socket inode by src port, at the same > + * time we try to do it by dst port too which will be choosen in case > + * if src port inode will be not found, this is needed in case if the > + * 1st flow's packet will be originated from the remote server so then > + * local host will be represented as dst flow. > + */ > memset(buff, 0, sizeof(buff)); > - > while (fgets(buff, sizeof(buff), proc) != NULL) { > - int inode = 0; > unsigned int lport = 0; > + int inode = 0; > > buff[sizeof(buff) - 1] = 0; > if (sscanf(buff, "%*u: %*X:%X %*X:%*X %*X %*X:%*X %*X:%*X " > "%*X %*u %*u %u", &lport, &inode) == 2) { > - if ((uint16_t) lport == port) { > - ret = inode; > + > + if ((uint16_t) lport == n->port_src) { > + src_inode = inode; > break; > + } else if ((uint16_t) lport == n->port_dst) { > + dst_inode = inode;
Shouldn't we break here as well? -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
