| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
After kernel commit a07ea4d9941a ("genetlink: no longer support using
static family IDs"), GENL_ID_GENERATE is no longer exposed to userspace
(and actually should never have been). Change the genl nlmsg dissector
to only consider the nlctrl family and the two other static family IDs
needed for workarounds. All other family IDs are considered dynamically
generated.
Fixes #171
Reported-by: Jaroslav Škarvada <jskarvad@redhat.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
If the passed buffer is too small to contain an address of length alen
(i.e. during fuzzing), we overflow the buffer due to blen being
decremented below 0, which gets wrapped around to a really large value
when passed as the size argument to snprintf().
Fix it by incorporating the changes to iproute2 ll_addr_n2a() where the
issue was fixed in commit f63ed3e62989 ("lib/ll_addr: improve
ll_addr_n2a() a bit").
Fixes #170
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Rename <bytes> token member to <mac> as it is used only for MAC
address parsing, for dynamic sized bytes array we have <str>.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
When building with 'make Q=' the echo commands used for the quiet mode
are still output, making it hard to read for humans.
Instead, disable the echo command completely if the $(Q) build variable
is not set.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The parser generator's name is yacc, not yaac.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Update -i, --in option with pcap file as input parameter.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add ability to send packets from pcap file if it has
".pcap" extension via "-i,--in" option.
By default packet sending is delayed considering original
packets timestamps if no rate or delay is specified via -b/-t options.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add pcap_get_tstamp(...) function to get packet's timestamp considering
different packet types & bytes order.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
tun interface does not have Ethernet header so lets push Ethernet
header only if device supports this.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
GeoIP_record_by_ipnum{,_v6} returns allocated pointer to
GeoIPRecord with allocated city, region & postal_code which is
not freed after the call.
Fixed by xstrdup-ing required GeoIPRecord member (city/region) and
after calling GeoIPRecord_delete to free the geoip record.
Of course it is needed to also free obtained city/region in netsniff-ng,
astraceroute & flowtop tools.
Fixes #169
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
While fixing the issue with getting of IPv4 address from device,
the setting of default src IPv4/IPv6 addresses was moved from
hdr->header_init(...) callback to hdr->packet_finish(...), but
packet_finish(...) is called in the following order:
udp_hdr->packet_finish() - UDP csum calculation over IPv4/6 pseudo header
ip4_hdr->packet_finish() - setting default src IPv4 address from dev
...
So src IPv4/6 address will be set after UDP/TCP csum calculation which
is wrong, so fixed issue by moving it to the hdr->header_init(...) stage
as it was before the c4e07d5142c8.
Fixes: c4e07d5142c8 ("trafgen: l3: Support interface without IP address")
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add process UI tab entry to show flows statistics per pid.
Also changed flow_entry which now has pointer to new struct proc_entry
object which contains process related info.
On each 1 second refresh proc_entry is checked if it exists by checking
/proc/<pid> path, and is deleted if there is no any flows related to it
(flows_count is 0), if the process exists then dst & src rates info is
zeroed and summed from the all related flows which are in the
proc_entry->flows list.
The bytes & pkts amount info is collected during all the time process
exists.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add ui_tab API to create ui tab control to switch between
different ui tables which may contain different aggregated
info per unique pid/port/proto/dst/src.
Meanwhile there is only 1 ui tab entry for flows table.
Added some missing cds_list_{next,prev,last}_entry functions
into urcu-list-compat.h header.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Use the cds_list_* types and macros directly instead of redefining them.
This makes it clear that we're not using the Linux kernel implementation
of list_head but the one from urcu.
Also make sure _LGPL_SOURCE is defined everywhere the urcu
functionality is used, such that we get the statically linkable version
with reduced overhead.
Reference: https://lwn.net/Articles/573424/#qq2answer
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
list.h provides generic Linux-like linked list API which also supports
RCU list operations.
Also additionally was removed the spinlock which is not needed for
RCU-list operations, for the list_del_rcu(...) case it is needed
additionally call call_rcu(...) before free the flow entry.
Because of full RCU support now flows are freed after grace-period
(after presenter leaves RCU lock) via calling call_rcu(), because
of that for the new entries we return NFCT_CB_STOLEN to tell conntrack
API do not automatically free received nfct_conntrack object, it will be
freed by us via call_rcu(...) therefor no need to use nfct_clone(n).
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The rules mpls_expr and icmpv6_proto are missing a terminating
semicolon. Even though bison seems to accept the rules this way, make
them consistent with all the others in the file.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Use halfdelay(1) to poll keyboard input with delay in 1 tenth of second
and get rid of custom usleep(...) using.
With this approach (it is also used in htop tool) the key events are more
sensitive to user inputs.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add short note about field offset syntax with an example.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Exclude .git* files and .travis.yml from release packages created using
git archive.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Extend proto field expression to:
proto_field[{index}:{len}] = {func}
which allows to specify function on the field offset via index
and value length (default is 1 - 1 byte). This rule is optional.
It was needed to keep of proto_field's copies in packet_dyn->fields
instead of original fields which allows to scpecify different functions
on the different parts of same field, also the copy of original
proto_field allows to set custom length/pkt_offset which makes such
field behave as virtual sub-field of the original one with different
length/pkt_offset but point to the same piece of header.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Used IPv6 pattern from nftables project [1] to match valid only IPv6
address to do not mess with MAC or other syntax patterns with ':' symbol.
[1] http://git.netfilter.org/nftables/tree/src/scanner.l
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tk: add refrence to nftables source]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add proto_field_xxx functions to set/get value via specified
proto_field only.
It is good to have such API in case if application needs to set/get
value for some custom proto_field instance.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Rename all proto_field_xxx(...) functions to proto_hdr_field(...).
It is good for 2 reasons:
1) proto_hdr_field_xxx naming is more consistent as
it is related to proto_hdr API.
2) It makes possible to introduce proto_field_xxx API
which will operate only with struct proto_field.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Change __proto_field_set_bytes(...) function to take struct proto_field
instead of doing lookup by hdr & fid.
It is needed to able use this function with some custom
modified struct proto_field (len, pkt_offset).
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Rename field_expr rule to field_value_expr to indicate the rule
relates to field value part in case if there will be added field_expr
rule to describe field expression syntax.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add proc_find_by_inode() in proc.c which finds pid by inode & gets
processe's command line and use it in the flowtop.c instead of
walk_processes().
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Don't add a trailing whitespace to the string returned by argv2str().
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
In the third attempt, finally do the packet slot zeroing correctly. Zero
the struct packet in __init_new_packet_slot() not the struct packet_dyn
in __init_new_counter_slot().
Don't know what hit me yesterday...
Fixes: d6d511ecff24 ("trafgen: proto: Zero out newly allocated struct packet")
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
When using a filter with netsniff-ng without libpcap support, e.g.
$ netsniff-ng --in eth0 tcp or udp
we get the error:
Cannot compile filter tcp or udp
which isn't correct and might be confusing for the user as the intention
wasn't to specify a filter file but a filter string. Correct the error
message accordingly.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
compile_filter() is defined in bpf_parser.y (and thus the generated
parser), no need for a prototype beforehand.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Fix the fat-fingered previous commit which I pushed out too early ;(
Fixes: d6d511ecff24 ("trafgen: proto: Zero out newly allocated struct packet")
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
When allocating a new struct packet, the headers and headers_count
fields are not zeroed and retain whatever value the allocator returned.
Incidentally, this usually seems to have been zero. But on some systems
(e.g. Ubuntu 16.04 with a self-compiled 4.9) it is not and we hit the
following bug_on:
trafgen: trafgen_proto.c:135: proto_header_push: Assertion `!(pkt->headers_count >= 16)' failed.
Fix this by properly zeroing the entire struct packet.
Fixes: e7dd63060e44 ("trafgen: proto: Update field value at runtime")
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Also sightly adjust the description in the usage text.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Verbose mode is a boolean option and is already defined as type bool in
trafgen, so make the corresponding parameter to set_sock_qdisc_bypass()
of type bool too.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Verbose mode is a boolean option, so make the variable and parameters
carrying it of type bool.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
This reverts commit bf0df3ec1875df4b167aedd0fff25e7e56408b6b.
It turns out, just checking for "." in the IPv4 source will prevent the
user from providing an FQDN (which is explicitely allowed and
supported). Also, an FQDN would be a valid argument for the IPv6 source,
so the check for ":" is also not sufficient.
Reference: #166
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Move the sockaddr_in definitions and preparations to the scope where
they're used, i.e. only if geoip is enabled and working.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
All tools (except mausezahn) use getopt_long() and pass a pointer to a
local opt_index variable for the longindex parameter. However, this
variable is never read afterwards.
According to getopt(3) it's perfectly fine to pass NULL as the longindex
parameter instead, so do that.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Currently, mausezahn fails silently if, say the user has specified
IPv6 addresses using `-A` and `-B` but has forgotten the -6
option. Add error handling for this and the (probably uncommon)
reverse case, i.e. v4 src/dst specified, but used with the -6 option.
Signed-off-by: Mandar Gokhale <mandarg@mandarg.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add Ken Wu for commit c4e07d5142 ("trafgen: l3: Support interface
without IP address"), submitted via PR #165
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Move default source address setting to packet_finish so that we do not
need to get the device's address if the source address is set in the
packet. Without this, trafgen does not work with an interface without
address configured. In addition, in the case failing to get the address
for an interface, intead of panic, it now prints a warning and uses a
value of 0.0.0.0.
Signed-off-by: Ken Wu <abawwu@gmail.com>
Reviewed-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
...and remove a superflous whitespace.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Missing definitions don't necessarily mean that certain tools won't be
built. There might just be reduced functionality (e.g. geoip missing
means still all tools will be compiled but they don't perform geoip
lookups).
Clearify the configure warning accordingly.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Use all-nodes link local address for IPv6 when destination is not
specified.
There is a comment that says this should be done anyway. According to
RFC 4291, FF01:0:0:0:0:0:0:1 should be the correct address.
Signed-off-by: Mandar Gokhale <mandarg@mandarg.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
ETH_P_8021AD might be undefined on 2.6.x Linux version (tested
on Ubuntu 10 with 2.6.32 Linux), so lets check and define it.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add Mandar Gokhale for:
c31566c6fa90 ("man: mausezahn: Add -6 option to manpage")
e548da7232d4 ("mausezahn: Typofix & grammar change")
submitted via pull requests #161 and #162.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Closes #162
Signed-off-by: Mandar Gokhale <mandarg@mandarg.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Closes #161
Signed-off-by: Mandar Gokhale <mandarg@mandarg.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
