/ short description / longer description / dependencies / status / todo / warning / license / last words /

this page is about     trafcalc
the current version is     1.1
it can be downloaded at     sourceforge
the page was updated on     2003-4-5
SourceForge.net Logo


Short description:

Trafcalc calculates the size of the tcp-payload on a system via packet capturing
and connectiontracking at the user level instead of the ip level.

Longer description:

The program uses a pcap (a library for Packet CAPturing) callback function which
is called for every incoming (tcp) packet.
This function has a database in form of a global linked list of structs to
manage connenctions (adding new, removing old).
If a connection is not found in this database it looks up the user ID for that
connection and adds it to the list.
Then it gets the size of the packet and adds it to the value of the traffic for
that user ID, which is stored in a similar linked list of user IDs.
At the end it writes out all the information at a given interval to /var/log/traffic.

Dependencies:

Trafcalc depends on pcap for packetcapturing.
Version 0.7 was used in development and any newer version should work.
It might depend on gcc as it is not yet tested on other compilers.

Status:

The current status of the project can be considered as beta.
It does what is should do and i got all memory leaks or segfaults out.

Todo:

First of all, adding automake and making sure that it runs on other compilers than gcc.

One thing i definitively want to do is to add the ability to calculate the traffic for
a specific user, pid or program while not bothering with the traffic of all the rest.
I guess this might be done by using the sophisticated pcap filter mechanism but there
are still things to figure out.

Maybe I get this done during the easter hollidays.

Warning:

There are still two things you should know before using this program:
Number one is, the calculations are far from perfect. As the packets come in with
quite some speed and each must be analyzed, it can happen that some get lost.
It might calculate up to 10% fewer than the actual traffic.
Number two is closely related to this and is about CPU time. I've tested it on my
p4 2,4Ghz and it used up to 10% of the CPU rate in ps during a 3MB/s ftp transfer.
So it's probably not a good idea to run this on a 100mbit edonkey server.

License:

Trafcalc is copyrighted since 2003 by me, Mathias Bernhardt (projectsATcyberny.de)
and it is as you allready may have guessed, distributed unter the Gnu GPL.
That means you are welcome to redistribute it and patch it and do several other
work, that i should have done.
(details)

But as I'm doing something good for the world I'm also able to beg for
money/food/etc in a morally legitimated situation.
So if you like this program and also want to do something good for the world
while lacking the ability of writing code, send me money/food/etc ... please! ;-)

Last words:

I wrote this program because i needed something with this function.
Several earlyer attempts where perlscripts that used tcpdump and later the
perl interface to libcap. None of them burned the CPU but they weren't
a real good solution either.

This is also my first c program and i had not the chance to learn programming
at school or at any other institution so it's not really as perfect as i would
like it to be. (take the last 12 words for my English, too)

If you have any practical ideas what to change or how to make it better,
put it into a mail to (projectsATcyberny.de).