From 2854f228a7b9aacbb7873b5ba0d474f959ad9605 Mon Sep 17 00:00:00 2001
From: Laurent Ghigonis <laurent@p1sec.com>
Date: Sun, 7 Jul 2013 04:25:45 +0200
Subject: traceroute improvements

* don't group traceroute nodes by address
* put src ip in traceroute glouglou packet
* correctly link nodes in gg_map
---
 gg_map/gg_map.c                   | 55 +++++++++++++++++++++++++--------------
 gg_sniff/pcap.c                   |  7 ++++-
 libglouglou/libggnet.c            | 13 ++++-----
 libglouglou/libggnet.h            |  3 ++-
 libglouglou/libggnet_traceroute.c |  2 ++
 libglouglou/libglouglou.c         |  2 ++
 libglouglou/libglouglou.h         |  2 ++
 7 files changed, 56 insertions(+), 28 deletions(-)

diff --git a/gg_map/gg_map.c b/gg_map/gg_map.c
index 515554d..3fbc329 100644
--- a/gg_map/gg_map.c
+++ b/gg_map/gg_map.c
@@ -261,35 +261,48 @@ _conn_name(u_int32_t addr, u_int8_t pktsize, u_char *fqdn) {
 	egraph_vertice_rename(_egraph, ggnet_node_usrdata_get(n), (char *)fqdn);
 }
 
+static struct ggnet_node *
+_node_link_next(struct ggnet_node *np, struct in_addr *ip)
+{
+	struct ggnet_node *n;
+	Egraph_Vertice *v;
+
+	n = ggnet_node_find(_ggnet, ip);
+	if (!n) {
+		n = ggnet_node_add(_ggnet, ip, 0);
+		v = _node_to_vertice(n);
+		if (v)
+			egraph_vertice_type_set(_egraph, v,
+						"vertice_alt1");
+		else
+			printf("gg_map: ERROR: could not create trace vertice !\n");
+	}
+	ggnet_node_path_link(np, n);
+	return n;
+}
+
 static void
-_conn_trace(u_int32_t addr, u_int8_t hopcount, struct gg_packet *pkt) {
+_conn_trace(u_int32_t addr, u_int32_t src, u_int8_t hopcount, struct gg_packet *pkt) {
 	struct gg_packet_tracehop *h;
-	struct ggnet_node *n, *np;
+	struct ggnet_node *n;
 	struct in_addr ip;
-	Egraph_Vertice *v;
 	int i;
 
-	ip.s_addr = addr;
-	np = ggnet_node_find(_ggnet, &ip);
-	if (!np)
+	ip.s_addr = src;
+	printf("XXX ==== SRC %x\n", src);
+	n = ggnet_node_find(_ggnet, &ip);
+	printf("XXX ==== SRC node %p\n", n);
+	if (!n)
 		return;
+
 	for (i=0; i<hopcount; i++) {
 		h = &pkt->trace_hops[i];
 		ip.s_addr = h->addr;
-		n = ggnet_node_find(_ggnet, &ip);
-		if (!n) {
-			n = ggnet_node_add(_ggnet, &ip);
-			v = _node_to_vertice(n);
-			if (v)
-				egraph_vertice_type_set(_egraph, v,
-							"vertice_alt1");
-			else
-				printf("gg_map: ERROR: could not create trace vertice !\n");
-
-		}
-		ggnet_node_path_link(np, n);
-		np = n;
+		n = _node_link_next(n, &ip);
 	}
+
+	ip.s_addr = addr;
+	n = _node_link_next(n, &ip);
 }
 
 static int
@@ -345,10 +358,12 @@ _cb_packet(struct gg_client *cli, struct gg_packet *pkt)
 			if (_loglevel >= 1) {
 				printf("  type PACKET_TRACE\n");
 				printf("  trace_addr %4x\n", pkt->trace_addr);
+				printf("  trace_src %4x\n", pkt->trace_src);
 				printf("  trace_hopcount %d\n", pkt->trace_hopcount);
 			}
 
-			_conn_trace(pkt->trace_addr, pkt->trace_hopcount, pkt);
+			_conn_trace(pkt->trace_addr, pkt->trace_src,
+				pkt->trace_hopcount, pkt);
 			break;
 	}
 
diff --git a/gg_sniff/pcap.c b/gg_sniff/pcap.c
index d0b326a..d5e5809 100644
--- a/gg_sniff/pcap.c
+++ b/gg_sniff/pcap.c
@@ -370,10 +370,15 @@ cb_nodetraceroute(struct ggnet *net, struct ggnet_traceroute_req *req)
 	pkt.ver = PACKET_VERSION;
 	pkt.type = PACKET_TRACE;
 	pkt.trace_addr = req->target->ip.addr_ip;
+	pkt.trace_src = req->srcip.addr_ip;
+	printf("XXX oooooooooooooooooo %x\n", pkt.trace_addr);
 	pkt.trace_hopcount = req->hopcount_total;
 	i = 0;
 	TAILQ_FOREACH(h, &req->hops_list, entry) {
-		pkt.trace_hops[i].addr = h->ip.addr_ip;
+		//inet_aton(addr_ntoa(&h->ip), &ip);
+		//pkt.trace_hops[i].addr = ip.s_addr;
+		pkt.trace_hops[i].addr = ntohl(h->ip.addr_ip);
+		printf("XXX ------------------- %x\n", pkt.trace_hops[i].addr);
 		pkt.trace_hops[i].delay = h->delay;
 		pkt.trace_hops[i].loss = h->loss;
 		pkt.trace_hops[i].asn = h->asn;
diff --git a/libglouglou/libggnet.c b/libglouglou/libggnet.c
index 5f9810b..160ac8b 100644
--- a/libglouglou/libggnet.c
+++ b/libglouglou/libggnet.c
@@ -118,7 +118,7 @@ ggnet_free(struct ggnet *net)
 }
 
 struct ggnet_node *
-ggnet_node_add(struct ggnet *net, struct in_addr *addr)
+ggnet_node_add(struct ggnet *net, struct in_addr *addr, int allow_grouping)
 {
 	struct ggnet_node *n;
 
@@ -133,16 +133,17 @@ ggnet_node_add(struct ggnet *net, struct in_addr *addr)
 	n->net = net;
 	n->addr.s_addr = addr->s_addr;
 	n->lastseen = net->time;
+	//n->allow_grouping = allow_grouping; XXX IN PROGRESS why segfault ??
 	LIST_INSERT_HEAD(&net->node_list, n, entry);
 	net->node_count++;
-	if (net->use_grouping)
+	if (net->use_grouping && allow_grouping)
 		nodegroup_set(net, n);
 	if (net->use_dns)
 		n->dns_req = ggnet_dns_reverse(net->ggdns, &n->addr, _cb_dns_reverse, n);
 	if (net->use_traceroute) {
 		struct addr ip;
 		addr_aton(inet_ntoa(*addr), &ip);
-		printf("XXX calling trace on %s\n", inet_ntoa(*addr));
+		printf("XXX calling trace on %x\n", ip.addr_ip);
 		n->traceroute_req = ggnet_traceroute_trace_tcp(net->ggtraceroute, &ip, 80, _cb_traceroute_trace, NULL, n);
 	}
 
@@ -228,7 +229,7 @@ ggnet_conn_add(struct ggnet *net, struct in_addr *src, int src_port,
 	struct ggnet_node *dstnode;
 	int id;
 
-	if (net->debug)
+	// XXX if (net->debug)
 		printf("ggnet_conn_add, %x:%d->%x:%d %d [%d]\n",
 				src->s_addr, src_port, dst->s_addr, dst_port, proto, size);
 
@@ -245,13 +246,13 @@ ggnet_conn_add(struct ggnet *net, struct in_addr *src, int src_port,
 
 	srcnode = ggnet_node_find(net, src);
 	if (!srcnode)
-		srcnode = ggnet_node_add(net, src);
+		srcnode = ggnet_node_add(net, src, 1);
 	srcnode->used++;
 	if (srcnode->group)
 		srcnode->group->conn_count++;
 	dstnode = ggnet_node_find(net, dst);
 	if (!dstnode)
-		dstnode = ggnet_node_add(net, dst);
+		dstnode = ggnet_node_add(net, dst, 1);
 	dstnode->used++;
 	if (dstnode->group)
 		dstnode->group->conn_count++;
diff --git a/libglouglou/libggnet.h b/libglouglou/libggnet.h
index fecf2bb..95d27d6 100644
--- a/libglouglou/libggnet.h
+++ b/libglouglou/libggnet.h
@@ -52,6 +52,7 @@ struct ggnet_node {
 	struct ggnet_node *path_parent; /* traceroute parent */
 	time_t	 lastseen;
 	int	 used; /* by ggnet_conn */
+	int	 allow_grouping;
 	struct	 ggnet_nodegroup *group; /* XXX for now only one group */
 	char	 fqdn[GGNET_DNSNAME_MAX];
 	struct	 ggnet_dns_req *dns_req;
@@ -137,7 +138,7 @@ void			 ggnet_set_traceroute(struct ggnet *, int, char *,
 					struct ggnet_traceroute_req *));
 void		 	 ggnet_debug_set(struct ggnet *, int);
 void		 	 ggnet_free(struct ggnet *);
-struct ggnet_node	*ggnet_node_add(struct ggnet *, struct in_addr *);
+struct ggnet_node	*ggnet_node_add(struct ggnet *, struct in_addr *, int);
 void			 ggnet_node_del(struct ggnet *, struct ggnet_node *);
 struct ggnet_node	*ggnet_node_find(struct ggnet *, struct in_addr *);
 void			*ggnet_node_usrdata_get(struct ggnet_node *);
diff --git a/libglouglou/libggnet_traceroute.c b/libglouglou/libggnet_traceroute.c
index aca1e32..8c189f0 100644
--- a/libglouglou/libggnet_traceroute.c
+++ b/libglouglou/libggnet_traceroute.c
@@ -221,6 +221,8 @@ ggnet_traceroute_trace(struct ggnet_traceroute *ggtr, struct addr *ip,
 	req->params = params;
 	TAILQ_INIT(&req->hops_list);
 
+	printf("XXX tracing to %s\n", addr_ntoa(&req->target->ip));
+
 	req->run.ev_recv = event_new(ggtr->ev_base,
 			ggtr->pcap_fd, EV_READ, _cb_recv, req);
 	event_add(req->run.ev_recv, NULL);
diff --git a/libglouglou/libglouglou.c b/libglouglou/libglouglou.c
index 9f41313..d17137a 100644
--- a/libglouglou/libglouglou.c
+++ b/libglouglou/libglouglou.c
@@ -569,6 +569,7 @@ pkt_decode(char **buf, int *buf_len)
 			break;
 		case PACKET_TRACE:
 			newpkt.trace_addr = ntohl(pkt->trace_addr);
+			newpkt.trace_src = ntohl(pkt->trace_src);
 			newpkt.trace_hopcount = pkt->trace_hopcount;
 			if (newpkt.trace_hopcount > GG_PKTARG_MAX)
 				invalid("type trace hopcount");
@@ -666,6 +667,7 @@ pkt_encode(struct gg_packet *pkt, struct gg_packet *newpkt)
 			if (pkt->trace_hopcount > GG_PKTARG_MAX)
 				goto invalid;
 			newpkt->trace_addr = htonl(pkt->trace_addr);
+			newpkt->trace_src = htonl(pkt->trace_src);
 			newpkt->trace_hopcount = pkt->trace_hopcount;
 			for (i=0; i<newpkt->trace_hopcount; i++) {
 				newpkt->trace_hops[i].addr = htonl(pkt->trace_hops[i].addr);
diff --git a/libglouglou/libglouglou.h b/libglouglou/libglouglou.h
index ac57595..c5fb252 100644
--- a/libglouglou/libglouglou.h
+++ b/libglouglou/libglouglou.h
@@ -74,6 +74,7 @@ struct __attribute__((packed)) gg_packet {
 		} name;
 		struct __attribute__((packed)) trace {
 			u_int32_t	addr;
+			u_int32_t	src;
 			u_int8_t	hopcount;
 			struct gg_packet_tracehop hops[GG_PKTARG_MAX];
 		} trace;
@@ -106,6 +107,7 @@ struct __attribute__((packed)) gg_packet {
 #define name_len	pdat.name.len
 #define name_fqdn	pdat.name.fqdn
 #define trace_addr	pdat.trace.addr
+#define trace_src	pdat.trace.src
 #define trace_hopcount	pdat.trace.hopcount
 #define trace_hops	pdat.trace.hops
 #define fork_pid pdat.fork.pid
-- 
cgit v1.2.3-59-g8ed1b