summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2017-06-02flowtop: Move out stats fields from flow & proc entryVadim Kochan1-41/+41
Move rate, bytes & pkts stats fields from flow & proc entry to separate flow_stat struct. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-06-02trafgen: parser: Add syntax to generate DNS headerVadim Kochan2-0/+217
Add new syntax for DNS header generation via 'dns()' proto function. The fields are supported: id - 16 bit identifier qr - message is a query(0) or response(1) op|oper - specified kind of query aanswer - authoritative answer flag trunc - message was truncated flag rdesired - recursion desired flag ravail - recursion available flag zero - reserved for future use rcode - response code qdcount - number of entries in question section ancount - number of entries in answer section nscount - number of entries in authority section arcount - number of entries in additional section Also there are functions to generate DNS sections: 'qry()' function to generate separate query entry: name - variable domain name type - type of the query class - class of the query 'ans()', 'auth()', 'add' functions to generate separate answer, authoritative, adidditional entry with the same fields layout: name - variable domain name type - resource record type class - class of the data ttl - time interval that the record may be cached len - length of data data - variable length of bytes All the DNS section entries will be automaticlly sorted by DNS proto API in the way which is required by DNS header: query entries answer entries authoritative entries additional entries 'name' field in qry/ans/auth/add functions is automatically converted to FQDN format if it was specified as "string". There are also added functions to simplify the way of filling some often used RR types for using them inside ans/auth/add functions: addr(ipv4_addr | ipv6_addr) - fills the following RR fields: len - 4 or 16 depends on IPv4 or IPv6 address was specified data - is filled with IPv4 or IPv6 address type - 1 for IPv4 address, 28 - for IPv6 ns(string) type - 2 cname(string) type - 5 ptr(string) type - 12 EXAMPLES: { dns(qr=1, auth(name="ns1", ns("ns1.org")), ans(name="www.google.com", cname("google.com")), auth(name="aa", ns("bb")), qry(name="www.google.com")) } { dns(qr=1, ans(name="www.google.com", addr(1.2.3.4))) } { dns(qr=1, ans(name="www.google.com", addr(1::))) } Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-06-02trafgen: l7: Add DNS header generation APIVadim Kochan6-2/+392
Add trafgen_l7.c module with DNS proto header generation with support of filling DNS query/answer/authority/additional sections as sub headers. Introcuded new concept as 'sub header' which is needed to easy handle DNS sections which might be added on-demand, and to simplify using sub-header as regular header with a fields, offset, etc. There is a parent header which contains array of pointers of sub-headers, and the array is ordered as they are located in the parent header. The sub-headers mostly encapsulated by the parent header which 'knows' the semantic of them. The new proto_hdr->push_sub_header(...) callback was added to tell the parent header to push the sub-header's fields, sub-header also may have proto_ops which must be filled by the parent. This sub-header concept might be used in the future if it will be needed to support DHCP, WLAN headers. There are 4 kinds of DNS sub-headers - query, answer, authority, additional. 'id' of each sub-header is used to only differentiate these types of sections. These sections have strict order inside DNS header, and there was added the proto_hdr_move_sub_header(...) to sort them in required order. Actually there are only 2 proto_hdr's which describes 4 DNS sections - query & rrecord, because rrecord covers another 3 - answer, auhority, additional which have the same layout. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-06-02str: Add function for converting string into DNS nameVadim Kochan2-0/+38
Add str2fqdn for converting hostname string into DNS name notation: www.xxxx.yy.com -> 3www4xxxx2yy3com0 Returned string must be freed after use by the caller. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-06-02trafgen: proto: Allow to set field with variable lengthVadim Kochan4-34/+85
It is quite tricky to set field value with a variable length (i.e. DNS query name), to make it possible the field needs to be added to header with 'len=0' in that case there will be no any payload allocation, but only while setting the field value the packet will be appended with a real length bytes and after the field needs to be relocated to the right place. Also add 'len' parameter to *_set_bytes(...) functoins to have better control over it. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-30flowtop: Improve and unify up/down scrollingVadim Kochan3-92/+157
Move scrolling logic to the ui.c module, it requires to have some data iteration provided in flowtop.c and delegated to ui.c part. So approach is that now flowtop provides 2 additional callbacks for: 1) Iterate over flows/procs list 2) Draw flow/proc on each iteration which is controlled from ui.c it allows to unify scrolling logic and delegate it to the ui.c, in the future it should allow to easy handle press event on selected row and drow some additional information, or draw a cursor line per selected row. Also fixed case when down scrolling was bigger that printed rows, not it is handled by ui part. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-23AUTHORS: add Baruch SiachTobias Klauser1-0/+1
Add Baruch for commits 4de312bce77d ("flowtop: take PKG_CONFIG into account for libnetfilter_conntrack") and 95f6019a2060 ("proc.h: add missing headers"). Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-23proc.h: add missing headersBaruch Siach1-0/+1
ino_t and pid_t require stat.h and types.h, respectively. Fixes the following build failure with musl libc: In file included from cpp.c:7:0: proc.h:11:31: error: unknown type name =E2=80=98ino_t=E2=80=99 extern int proc_find_by_inode(ino_t ino, char *cmdline, size_t len, pid_t = *pid); ^ proc.h:11:69: error: unknown type name =E2=80=98pid_t=E2=80=99 extern int proc_find_by_inode(ino_t ino, char *cmdline, size_t len, pid_t = *pid); ^ proc.h:12:25: error: unknown type name =E2=80=98pid_t=E2=80=99 extern bool proc_exists(pid_t pid); ^ Signed-off-by: Baruch Siach <baruch@tkos.co.il> [tk: complementary fix to commit a9f4431e0a20] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-23flowtop: take PKG_CONFIG into account for libnetfilter_conntrackBaruch Siach1-1/+1
Use $PKG_CONFIG to determine the linker flags for libnetfilter_conntrack. This fixes static link failure like the following: LD flowtop .../usr/x86_64-buildroot-linux-musl/sysroot/usr/lib/../lib64/libnetfilter_conntrack.a(main.o): In function `nfct_open_nfnl': main.c:(.text+0x52): undefined reference to `nfnl_subsys_open' main.c:(.text+0x69): undefined reference to `nfnl_subsys_close' main.c:(.text+0x87): undefined reference to `nfnl_subsys_open' main.c:(.text+0xa3): undefined reference to `nfnl_subsys_close' .../usr/x86_64-buildroot-linux-musl/sysroot/usr/lib/../lib64/libnetfilter_conntrack.a(main.o): In function `nfct_open': main.c:(.text+0xc9): undefined reference to `nfnl_open' main.c:(.text+0xf0): undefined reference to `nfnl_close' ... Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-15trafgen: parser: Use proto_field_set_xxx where it is possibleVadim Kochan3-7/+12
Use proto_field_set_xxx(field, ...) instead of proto_hdr_field_set_xxx(hdr, fid, ...) to be more generic and do not depend on 'hdr' variable. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-12trafgen: disable NLS in the parserTobias Klauser1-2/+0
There is no point in having the parser show translated error messages while the rest of the program does only show them in English. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-12bpfc: disable NLS in the parserTobias Klauser1-2/+0
There is no point in having the parser show translated error messages while the rest of the program does only show them in English. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-12built_in: don't redefine memcpy/memsetTobias Klauser3-9/+4
Redefining memset/memcpy causes problems when building with fortified headers on Alpine Linux. Instead of uncoditionally defining these, explicitely use fmemcpy/fmemset in performance critical paths and otherwise let the compiler decide about optimizations. Fixes #173 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-10all: use <net/*> headers instead of <linux/*> where possibleTobias Klauser5-6/+19
The musl libc headers redefine some of the structs in linux/if_arp.h and linux/if_ether.h, leading to compilation errors. Fix those by using the libc provided versions of these headers and provide compatibility defines for those that aren't present in older glibc versions. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-03geoip: adjust geoip{4,6}_{city,region}_name prototypes for !HAVE_GEOIPTobias Klauser1-4/+4
Make the return type make the functions for HAVE_GEOIP. This fixes GCC's -Wdiscarded-qualifiers warnings when building without geoip support. Fixes: 8fd19eefa46b ("geoip: Fix memory leak when using GeoIPRecord") Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-03proc: include headers to get definitions for ino_t and pid_tTobias Klauser1-0/+2
Include <unistd.h> and <sys/types.h> in the header already as the declarations for proc_find_by_inode(...) and proc_exists(...) use ino_t and pid_t, respectively. Fixes: 1edfb2409d15 ("flowtop: Move & refactor walk_processes() to proc.c") Fixes: 1df0f481922a ("flowtop: Add process UI tab entry") Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-03make: use sed instead of perl to extract lex/yacc prefixTobias Klauser1-2/+2
Perl is not available on certain distributions by default (e.g. Alpine Linux). In order to avoid depending on perl just to extract the lex/yacc prefix, use sed instead which should be available almost everywhere. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-04-12netsniff-ng: remove unnecessary zeroing of packet counters in init_ctx()Tobias Klauser1-6/+0
The struct ctx in initialized using memset(ctx, 0, sizeof(*ctx) in init_ctx(), so there is no need to zero these members again. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-04-11netsniff-ng v0.6.3v0.6.3Tobias Klauser1-2/+2
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-03-06netsniff-ng: nlmsg: Drop dissection of GENL_ID_GENERATE typeTobias Klauser1-3/+9
After kernel commit a07ea4d9941a ("genetlink: no longer support using static family IDs"), GENL_ID_GENERATE is no longer exposed to userspace (and actually should never have been). Change the genl nlmsg dissector to only consider the nlctrl family and the two other static family IDs needed for workarounds. All other family IDs are considered dynamically generated. Fixes #171 Reported-by: Jaroslav Škarvada <jskarvad@redhat.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-03-02dev: Fix buffer overflow in device_addr2str()Tobias Klauser1-11/+3
If the passed buffer is too small to contain an address of length alen (i.e. during fuzzing), we overflow the buffer due to blen being decremented below 0, which gets wrapped around to a really large value when passed as the size argument to snprintf(). Fix it by incorporating the changes to iproute2 ll_addr_n2a() where the issue was fixed in commit f63ed3e62989 ("lib/ll_addr: improve ll_addr_n2a() a bit"). Fixes #170 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-02-09trafgen: parser: Rename bytes -> macVadim Kochan2-7/+7
Rename <bytes> token member to <mac> as it is used only for MAC address parsing, for dynamic sized bytes array we have <str>. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-02-09build: Don't show echo commands in verbose modeTobias Klauser2-8/+20
When building with 'make Q=' the echo commands used for the quiet mode are still output, making it hard to read for humans. Instead, disable the echo command completely if the $(Q) build variable is not set. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-02-09make: Fix spelling yaac -> yaccTobias Klauser7-7/+7
The parser generator's name is yacc, not yaac. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-02-09trafgen: man: Add description with pcap file for -i, --in optionVadim Kochan1-1/+4
Update -i, --in option with pcap file as input parameter. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-02-09trafgen: Allow send packets from pcap fileVadim Kochan4-35/+140
Add ability to send packets from pcap file if it has ".pcap" extension via "-i,--in" option. By default packet sending is delayed considering original packets timestamps if no rate or delay is specified via -b/-t options. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-02-09pcap_io: Add function to get packet timestampVadim Kochan1-0/+53
Add pcap_get_tstamp(...) function to get packet's timestamp considering different packet types & bytes order. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-02-06trafgen: l3: Make possible to send frames via tun deviceVadim Kochan3-3/+19
tun interface does not have Ethernet header so lets push Ethernet header only if device supports this. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-02-06geoip: Fix memory leak when using GeoIPRecordVadim Kochan6-33/+141
GeoIP_record_by_ipnum{,_v6} returns allocated pointer to GeoIPRecord with allocated city, region & postal_code which is not freed after the call. Fixed by xstrdup-ing required GeoIPRecord member (city/region) and after calling GeoIPRecord_delete to free the geoip record. Of course it is needed to also free obtained city/region in netsniff-ng, astraceroute & flowtop tools. Fixes #169 Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-01-25trafgen: l3: Fix checksum for UDP/TCP protosVadim Kochan1-2/+2
While fixing the issue with getting of IPv4 address from device, the setting of default src IPv4/IPv6 addresses was moved from hdr->header_init(...) callback to hdr->packet_finish(...), but packet_finish(...) is called in the following order: udp_hdr->packet_finish() - UDP csum calculation over IPv4/6 pseudo header ip4_hdr->packet_finish() - setting default src IPv4 address from dev ... So src IPv4/6 address will be set after UDP/TCP csum calculation which is wrong, so fixed issue by moving it to the hdr->header_init(...) stage as it was before the c4e07d5142c8. Fixes: c4e07d5142c8 ("trafgen: l3: Support interface without IP address") Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-01-25flowtop: Add process UI tab entryVadim Kochan3-48/+315
Add process UI tab entry to show flows statistics per pid. Also changed flow_entry which now has pointer to new struct proc_entry object which contains process related info. On each 1 second refresh proc_entry is checked if it exists by checking /proc/<pid> path, and is deleted if there is no any flows related to it (flows_count is 0), if the process exists then dst & src rates info is zeroed and summed from the all related flows which are in the proc_entry->flows list. The bytes & pkts amount info is collected during all the time process exists. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-01-25flowtop: Add tab control to switch between tablesVadim Kochan4-7/+171
Add ui_tab API to create ui tab control to switch between different ui tables which may contain different aggregated info per unique pid/port/proto/dst/src. Meanwhile there is only 1 ui tab entry for flows table. Added some missing cds_list_{next,prev,last}_entry functions into urcu-list-compat.h header. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-01-17list: Remove cds_list_* wrappersTobias Klauser4-62/+26
Use the cds_list_* types and macros directly instead of redefining them. This makes it clear that we're not using the Linux kernel implementation of list_head but the one from urcu. Also make sure _LGPL_SOURCE is defined everywhere the urcu functionality is used, such that we get the statically linkable version with reduced overhead. Reference: https://lwn.net/Articles/573424/#qq2answer Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-01-17flowtop: Replace single linked list by list_head from list.hVadim Kochan1-101/+47
list.h provides generic Linux-like linked list API which also supports RCU list operations. Also additionally was removed the spinlock which is not needed for RCU-list operations, for the list_del_rcu(...) case it is needed additionally call call_rcu(...) before free the flow entry. Because of full RCU support now flows are freed after grace-period (after presenter leaves RCU lock) via calling call_rcu(), because of that for the new entries we return NFCT_CB_STOLEN to tell conntrack API do not automatically free received nfct_conntrack object, it will be freed by us via call_rcu(...) therefor no need to use nfct_clone(n). Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-01-11trafgen: parser: Add terminating ';' to mpls_expr and icmpv6_proto rulesTobias Klauser1-0/+3
The rules mpls_expr and icmpv6_proto are missing a terminating semicolon. Even though bison seems to accept the rules this way, make them consistent with all the others in the file. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-01-05flowtop: Minimize delay via halfdelay(1) functionVadim Kochan1-2/+1
Use halfdelay(1) to poll keyboard input with delay in 1 tenth of second and get rid of custom usleep(...) using. With this approach (it is also used in htop tool) the key events are more sensitive to user inputs. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-01-05man: trafgen: Add short description about field offset usageVadim Kochan1-0/+44
Add short note about field offset syntax with an example. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-12-22gittattributes: Exclude dotfiles from created archivesTobias Klauser2-0/+12
Exclude .git* files and .travis.yml from release packages created using git archive. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-12-21trafgen: parser: Allow to set function at field offsetVadim Kochan3-67/+136
Extend proto field expression to: proto_field[{index}:{len}] = {func} which allows to specify function on the field offset via index and value length (default is 1 - 1 byte). This rule is optional. It was needed to keep of proto_field's copies in packet_dyn->fields instead of original fields which allows to scpecify different functions on the different parts of same field, also the copy of original proto_field allows to set custom length/pkt_offset which makes such field behave as virtual sub-field of the original one with different length/pkt_offset but point to the same piece of header. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-12-21trafgen: parser: Parse IPv6 address by strict match patternVadim Kochan2-5/+49
Used IPv6 pattern from nftables project [1] to match valid only IPv6 address to do not mess with MAC or other syntax patterns with ':' symbol. [1] http://git.netfilter.org/nftables/tree/src/scanner.l Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tk: add refrence to nftables source] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-12-21trafgen: proto: Add proto field only setters/gettersVadim Kochan2-0/+56
Add proto_field_xxx functions to set/get value via specified proto_field only. It is good to have such API in case if application needs to set/get value for some custom proto_field instance. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-12-21trafgen: proto: Rename proto_field_xxx -> proto_hdr_field_xxxVadim Kochan6-177/+179
Rename all proto_field_xxx(...) functions to proto_hdr_field(...). It is good for 2 reasons: 1) proto_hdr_field_xxx naming is more consistent as it is related to proto_hdr API. 2) It makes possible to introduce proto_field_xxx API which will operate only with struct proto_field. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-12-21trafgen: proto: Change __proto_field_set_bytes(...) to take struct proto_fieldVadim Kochan1-17/+33
Change __proto_field_set_bytes(...) function to take struct proto_field instead of doing lookup by hdr & fid. It is needed to able use this function with some custom modified struct proto_field (len, pkt_offset). Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-12-21trafgen: parser: Rename field_expr -> field_value_expr ruleVadim Kochan1-15/+15
Rename field_expr rule to field_value_expr to indicate the rule relates to field value part in case if there will be added field_expr rule to describe field expression syntax. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-12-19flowtop: Move & refactor walk_processes() to proc.cVadim Kochan3-69/+85
Add proc_find_by_inode() in proc.c which finds pid by inode & gets processe's command line and use it in the flowtop.c instead of walk_processes(). Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-12-16str: Avoid trailing space in string returng by argv2str()Tobias Klauser1-2/+4
Don't add a trailing whitespace to the string returned by argv2str(). Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-12-16trafgen: proto: Zero out the correct packet slotTobias Klauser1-3/+3
In the third attempt, finally do the packet slot zeroing correctly. Zero the struct packet in __init_new_packet_slot() not the struct packet_dyn in __init_new_counter_slot(). Don't know what hit me yesterday... Fixes: d6d511ecff24 ("trafgen: proto: Zero out newly allocated struct packet") Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-12-16bpf: Fix confusing panic() messageTobias Klauser2-2/+2
When using a filter with netsniff-ng without libpcap support, e.g. $ netsniff-ng --in eth0 tcp or udp we get the error: Cannot compile filter tcp or udp which isn't correct and might be confusing for the user as the intention wasn't to specify a filter file but a filter string. Correct the error message accordingly. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-12-16bpfc: Remove unnecessary prototype for compile_filter()Tobias Klauser1-3/+0
compile_filter() is defined in bpf_parser.y (and thus the generated parser), no need for a prototype beforehand. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-12-15trafgen: proto: Add missing braceTobias Klauser1-1/+1
Fix the fat-fingered previous commit which I pushed out too early ;( Fixes: d6d511ecff24 ("trafgen: proto: Zero out newly allocated struct packet") Signed-off-by: Tobias Klauser <tklauser@distanz.ch>