2 * traffic-analyzer VFS module. Measure the smb traffic users create
5 * Copyright (C) Holger Hetterich, 2008
6 * Copyright (C) Jeremy Allison, 2008
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
24 /* abstraction for the send_over_network function */
26 enum sock_type {INTERNET_SOCKET = 0, UNIX_DOMAIN_SOCKET};
28 #define LOCAL_PATHNAME "/var/tmp/stadsocket"
30 /* VFS Functions identifier table. In protocol version 2, every vfs */
31 /* function is given a unique id. */
33 /* care for the order here, required for compatibility */
34 /* with protocol version 1. */
39 /* end of protocol version 1 identifiers. */
43 /* Specific data sets for the VFS functions. */
51 /* rw_data used for read/write/pread/pwrite */
58 static int vfs_smb_traffic_analyzer_debug_level = DBGC_VFS;
60 static enum sock_type smb_traffic_analyzer_connMode(vfs_handle_struct *handle)
62 connection_struct *conn = handle->conn;
64 Mode=lp_parm_const_string(SNUM(conn), "smb_traffic_analyzer","mode", \
66 if (strstr(Mode,"unix_domain_socket")) {
67 return UNIX_DOMAIN_SOCKET;
69 return INTERNET_SOCKET;
74 /* Connect to an internet socket */
76 static int smb_traffic_analyzer_connect_inet_socket(vfs_handle_struct *handle,
77 const char *name, uint16_t port)
79 /* Create a streaming Socket */
81 struct addrinfo hints;
82 struct addrinfo *ailist = NULL;
83 struct addrinfo *res = NULL;
87 /* By default make sure it supports TCP. */
88 hints.ai_socktype = SOCK_STREAM;
89 hints.ai_flags = AI_ADDRCONFIG;
91 ret = getaddrinfo(name,
97 DEBUG(3,("smb_traffic_analyzer_connect_inet_socket: "
98 "getaddrinfo failed for name %s [%s]\n",
100 gai_strerror(ret) ));
104 DEBUG(3,("smb_traffic_analyzer: Internet socket mode. Hostname: %s,"
105 "Port: %i\n", name, port));
107 for (res = ailist; res; res = res->ai_next) {
108 struct sockaddr_storage ss;
111 if (!res->ai_addr || res->ai_addrlen == 0) {
116 memcpy(&ss, res->ai_addr, res->ai_addrlen);
118 status = open_socket_out(&ss, port, 10000, &sockfd);
119 if (NT_STATUS_IS_OK(status)) {
125 freeaddrinfo(ailist);
129 DEBUG(1, ("smb_traffic_analyzer: unable to create "
130 "socket, error is %s",
138 /* Connect to a unix domain socket */
140 static int smb_traffic_analyzer_connect_unix_socket(vfs_handle_struct *handle,
143 /* Create the socket to stad */
145 struct sockaddr_un remote;
147 DEBUG(7, ("smb_traffic_analyzer_connect_unix_socket: "
148 "Unix domain socket mode. Using %s\n",
151 if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
152 DEBUG(1, ("smb_traffic_analyzer_connect_unix_socket: "
153 "Couldn't create socket, "
154 "make sure stad is running!\n"));
157 remote.sun_family = AF_UNIX;
158 strlcpy(remote.sun_path, name,
159 sizeof(remote.sun_path));
160 len=strlen(remote.sun_path) + sizeof(remote.sun_family);
161 if (connect(sock, (struct sockaddr *)&remote, len) == -1 ) {
162 DEBUG(1, ("smb_traffic_analyzer_connect_unix_socket: "
163 "Could not connect to "
164 "socket, make sure\nstad is running!\n"));
171 /* Private data allowing shared connection sockets. */
173 struct refcounted_sock {
174 struct refcounted_sock *next, *prev;
178 unsigned int ref_count;
182 /* The marshaller for the protocol version 2. */
183 static char *smb_traffic_analyzer_create_string( struct tm *tm, \
184 int seconds, vfs_handle_struct *handle, \
185 char *username, int count, ... )
194 char *timestr = NULL;
196 /* first create the data that is transfered with any VFS op */
197 len = strlen( username );
198 buf = talloc_asprintf(talloc_tos(),"%04u%s", len, username);
199 len = strlen( handle->conn->connectpath );
200 buf = talloc_asprintf_append( buf, "%04u%s", len, \
201 handle->conn->connectpath );
202 len = strlen( pdb_get_domain(handle->conn->server_info->sam_account) );
203 buf = talloc_asprintf_append( buf, "%04u%s", len, \
204 pdb_get_domain(handle->conn->server_info->sam_account) );
205 timestr = talloc_asprintf(talloc_tos(), \
206 "%04d-%02d-%02d %02d:%02d:%02d.%03d", \
214 len = strlen( timestr );
215 buf = talloc_asprintf_append( buf, "%04u%s", len, timestr);
217 va_start( ap, count );
219 arg = va_arg( ap, char * );
220 /* protocol v2 sends a four byte string */
221 /* as a header to each block, including */
222 /* the numbers of bytes to come in the */
225 buf = talloc_asprintf_append( buf, "%04u%s", len, arg);
229 /* now create the protocol v2 header. */
231 str = talloc_asprintf_append( str, "V2,%017u%s", len, buf);
232 DEBUG(10, ("smb_traffic_analyzer_create_string: %s\n",str));
236 static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle,
238 enum vfs_id vfs_operation )
240 struct refcounted_sock *rf_sock = NULL;
243 struct tm *tm = NULL;
246 char *username = NULL;
247 const char *anon_prefix = NULL;
248 const char *total_anonymization = NULL;
249 const char *protocol_version = NULL;
253 SMB_VFS_HANDLE_GET_DATA(handle, rf_sock, struct refcounted_sock, return);
255 if (rf_sock == NULL || rf_sock->sock == -1) {
256 DEBUG(1, ("smb_traffic_analyzer_send_data: socket is "
262 tv_sec = convert_timespec_to_time_t(convert_timeval_to_timespec(tv));
263 tm = localtime(&tv_sec);
267 seconds=(float) (tv.tv_usec / 1000);
269 /* check if anonymization is required */
271 total_anonymization=lp_parm_const_string(SNUM(handle->conn),"smb_traffic_analyzer",
272 "total_anonymization", NULL);
274 anon_prefix=lp_parm_const_string(SNUM(handle->conn),"smb_traffic_analyzer",\
275 "anonymize_prefix", NULL );
276 if (anon_prefix!=NULL) {
277 if (total_anonymization!=NULL) {
278 username = talloc_asprintf(talloc_tos(),
282 username = talloc_asprintf(talloc_tos(),
286 handle->conn->server_info->sanitized_username ) );
290 username = handle->conn->server_info->sanitized_username;
297 protocol_version = lp_parm_const_string(SNUM(handle->conn),
298 "smb_traffic_analyzer",
299 "protocol_version", NULL );
301 if ( protocol_version == NULL || strcmp( protocol_version,"V1") == 0) {
303 struct rw_data *s_data = (struct rw_data *) data;
305 /* in case of protocol v1, ignore any vfs operations */
306 /* except read,pread,write,pwrite, and set the "Write" */
307 /* bool accordingly. */
309 if ( vfs_operation > vfs_id_pwrite ) return;
311 if ( vfs_operation <= vfs_id_pread ) Write=false;
314 str = talloc_asprintf(talloc_tos(),
315 "V1,%u,\"%s\",\"%s\",\"%c\",\"%s\",\"%s\","
316 "\"%04d-%02d-%02d %02d:%02d:%02d.%03d\"\n",
317 (unsigned int) s_data->len,
319 pdb_get_domain(handle->conn->server_info->sam_account),
321 handle->conn->connectpath,
330 } else if ( strcmp( protocol_version, "V2") == 0) {
332 switch( vfs_operation ) {
334 struct mkdir_data *s_data = \
335 (struct mkdir_data *) data;
336 str = smb_traffic_analyzer_create_string( tm, \
337 seconds, handle, username, \
339 talloc_asprintf( talloc_tos(), "%u", \
341 talloc_asprintf( talloc_tos(), "%u", \
345 DEBUG(1, ("smb_traffic_analyzer: error! "
346 "wrong VFS operation id detected!\n"));
351 DEBUG(1, ("smb_traffic_analyzer_send_data_socket: "
352 "error, unkown protocol given!\n"));
357 DEBUG(1, ("smb_traffic_analyzer_send_data: "
358 "unable to create string to send!\n"));
364 DEBUG(10, ("smb_traffic_analyzer_send_data_socket: sending %s\n",
366 if (write_data(rf_sock->sock, str, len) != len) {
367 DEBUG(1, ("smb_traffic_analyzer_send_data_socket: "
368 "error sending data to socket!\n"));
373 static struct refcounted_sock *sock_list;
375 static void smb_traffic_analyzer_free_data(void **pptr)
377 struct refcounted_sock *rf_sock = *(struct refcounted_sock **)pptr;
378 if (rf_sock == NULL) {
381 rf_sock->ref_count--;
382 if (rf_sock->ref_count != 0) {
385 if (rf_sock->sock != -1) {
386 close(rf_sock->sock);
388 DLIST_REMOVE(sock_list, rf_sock);
389 TALLOC_FREE(rf_sock);
392 static int smb_traffic_analyzer_connect(struct vfs_handle_struct *handle,
396 connection_struct *conn = handle->conn;
397 enum sock_type st = smb_traffic_analyzer_connMode(handle);
398 struct refcounted_sock *rf_sock = NULL;
399 const char *name = (st == UNIX_DOMAIN_SOCKET) ? LOCAL_PATHNAME :
400 lp_parm_const_string(SNUM(conn),
401 "smb_traffic_analyzer",
402 "host", "localhost");
403 uint16_t port = (st == UNIX_DOMAIN_SOCKET) ? 0 :
404 atoi( lp_parm_const_string(SNUM(conn),
405 "smb_traffic_analyzer", "port", "9430"));
406 int ret = SMB_VFS_NEXT_CONNECT(handle, service, user);
412 /* Are we already connected ? */
413 for (rf_sock = sock_list; rf_sock; rf_sock = rf_sock->next) {
414 if (port == rf_sock->port &&
415 (strcmp(name, rf_sock->name) == 0)) {
420 /* If we're connected already, just increase the
421 * reference count. */
423 rf_sock->ref_count++;
425 /* New connection. */
426 rf_sock = TALLOC_ZERO_P(NULL, struct refcounted_sock);
427 if (rf_sock == NULL) {
428 SMB_VFS_NEXT_DISCONNECT(handle);
432 rf_sock->name = talloc_strdup(rf_sock, name);
433 if (rf_sock->name == NULL) {
434 SMB_VFS_NEXT_DISCONNECT(handle);
435 TALLOC_FREE(rf_sock);
439 rf_sock->port = port;
440 rf_sock->ref_count = 1;
442 if (st == UNIX_DOMAIN_SOCKET) {
443 rf_sock->sock = smb_traffic_analyzer_connect_unix_socket(handle,
447 rf_sock->sock = smb_traffic_analyzer_connect_inet_socket(handle,
451 if (rf_sock->sock == -1) {
452 SMB_VFS_NEXT_DISCONNECT(handle);
453 TALLOC_FREE(rf_sock);
456 DLIST_ADD(sock_list, rf_sock);
459 /* Store the private data. */
460 SMB_VFS_HANDLE_SET_DATA(handle, rf_sock, smb_traffic_analyzer_free_data,
461 struct refcounted_sock, return -1);
467 static int smb_traffic_analyzer_mkdir(vfs_handle_struct *handle, \
468 const char *path, mode_t mode)
470 struct mkdir_data s_data;
471 s_data.result = SMB_VFS_NEXT_MKDIR(handle, path, mode);
474 DEBUG(10, ("smb_traffic_analyzer_mkdir: MKDIR: %s\n", path));
475 smb_traffic_analyzer_send_data(handle,
478 return s_data.result;
481 static ssize_t smb_traffic_analyzer_read(vfs_handle_struct *handle, \
482 files_struct *fsp, void *data, size_t n)
484 struct rw_data s_data;
486 s_data.len = SMB_VFS_NEXT_READ(handle, fsp, data, n);
487 s_data.filename = fsp->fsp_name->base_name;
488 DEBUG(10, ("smb_traffic_analyzer_read: READ: %s\n", fsp_str_dbg(fsp)));
490 smb_traffic_analyzer_send_data(handle,
497 static ssize_t smb_traffic_analyzer_pread(vfs_handle_struct *handle, \
498 files_struct *fsp, void *data, size_t n, SMB_OFF_T offset)
500 struct rw_data s_data;
502 s_data.len = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
503 s_data.filename = fsp->fsp_name->base_name;
504 DEBUG(10, ("smb_traffic_analyzer_pread: PREAD: %s\n",
507 smb_traffic_analyzer_send_data(handle,
514 static ssize_t smb_traffic_analyzer_write(vfs_handle_struct *handle, \
515 files_struct *fsp, const void *data, size_t n)
517 struct rw_data s_data;
519 s_data.len = SMB_VFS_NEXT_WRITE(handle, fsp, data, n);
520 s_data.filename = fsp->fsp_name->base_name;
521 DEBUG(10, ("smb_traffic_analyzer_write: WRITE: %s\n",
524 smb_traffic_analyzer_send_data(handle,
530 static ssize_t smb_traffic_analyzer_pwrite(vfs_handle_struct *handle, \
531 files_struct *fsp, const void *data, size_t n, SMB_OFF_T offset)
533 struct rw_data s_data;
535 s_data.len = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
536 s_data.filename = fsp->fsp_name->base_name;
537 DEBUG(10, ("smb_traffic_analyzer_pwrite: PWRITE: %s\n", \
540 smb_traffic_analyzer_send_data(handle,
546 static struct vfs_fn_pointers vfs_smb_traffic_analyzer_fns = {
547 .connect_fn = smb_traffic_analyzer_connect,
548 .vfs_read = smb_traffic_analyzer_read,
549 .pread = smb_traffic_analyzer_pread,
550 .write = smb_traffic_analyzer_write,
551 .pwrite = smb_traffic_analyzer_pwrite,
552 .mkdir = smb_traffic_analyzer_mkdir
555 /* Module initialization */
557 NTSTATUS vfs_smb_traffic_analyzer_init(void)
559 NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
560 "smb_traffic_analyzer",
561 &vfs_smb_traffic_analyzer_fns);
563 if (!NT_STATUS_IS_OK(ret)) {
567 vfs_smb_traffic_analyzer_debug_level =
568 debug_add_class("smb_traffic_analyzer");
570 if (vfs_smb_traffic_analyzer_debug_level == -1) {
571 vfs_smb_traffic_analyzer_debug_level = DBGC_VFS;
572 DEBUG(1, ("smb_traffic_analyzer_init: Couldn't register custom"
573 "debugging class!\n"));
575 DEBUG(3, ("smb_traffic_analyzer_init: Debug class number of"
576 "'smb_traffic_analyzer': %d\n", \
577 vfs_smb_traffic_analyzer_debug_level));