| Age | Commit message (Collapse) | Author | Files | Lines | 
|---|
|  | Use helpers from sysctl.c module to set sock memory params
via /proc/sys/net/core.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | Use sysctl helpers to set /proc/sys/net/core/bpf_jit_enable param.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | Moved sysctl get/set funcs from flowtop to separated sysctl module.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | Follow-up of commit 9a89c1d813fb ("Revert "flowtop: Fix hanging
while waiting for collector"") which both address the clean up
in the panic handler.
This reverts commit 451275470106024f106a310a5af050b3ca046a4f.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | Vadim says:
 "This series reverts unnecesseary cond lock when presenter waits for
  collector to finish its initializing part before do screen initializing,
  it was added only to do not panic collector when screen is initialized
  with ncurses so after this shell will be colored."
Now screen is cleaned up in panic handler so cond lock is not needed
anymore. This reverts commit 3beaa23d4d33b51a392b56f110c8773151ac19cc.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | Align the arguments/parameters on successive lines with the opening
parenthesis.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | flowtop and the netsniff-ng's netlink message dissector both need to get
the process name for a pid from /proc/<pid>/exe, thus move that
functionality to an own function.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Make the path creation a bit more straight-forward.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Print flow bytes amount in human readable format units (G,M,K).
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: Make bandw2str static, change arg type, formatting]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Count flows which might be showed and show this number
on the top status line.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Mark each flow if it is visible on the screen to know if it is needed
update traffic acct info.
Changed to use non blocking recv of nf conntrack events to update
traffic accounting.
Now nf_conntrack is cloned when new flow entry is added to send dump
request which is used to update traffic accounting info (packet, bytes).
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: Formatting changes]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Change code to walk each flow by presenter to look more understandable.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: Revert unnecessary whitespace changes]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Fixed issue when flowtop hangs be cause of wrong using pthread cond
lockiing, so the lock should be locked first by calling thread before
call to pthread_cond_wait.
Fixes: 451275470106 ("flowtop: Don't init screen until collector is ready")
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | While removing flow which is pointed by 'head' then head is set to
NULL and all the list disappears, so fixed by set removing flow next
entry to list 'head'.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | Just get this properly aligned.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | Add the same note about using iptables to activate conntrack as it is
already described in 'flowtop -h', just to keep it in the man page too.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Make the function name more in line with the scheme we use for other
similar functions: the function prefixed with __ returns a negative
error code, the function without prefix panic()'s on error.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Print minimum needed packet size in case if validation error.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Add a doc where a link to Travis CI can be found.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | NTF_SELF and NTF_MASTER might not be defined on older kernel versions (as
is e.g. the case in the Travis CI build failing [1]). Fix this by
conditionally defining all NTF_* constants.
[1] https://travis-ci.org/netsniff-ng/netsniff-ng/jobs/68779130
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | When installing to the default DESTDIR /usr/local with non existent
/usr/local/share/man/man8 (or any subpath of it), the installation
of manpages fails with e.g.
  install: cannot create regular file `/usr/local/share/man/man8/netsniff-ng.8.gz': No such file or directory
  make: *** [netsniff-ng_do_install] Error 1
Thus, create any leading, non-existent directories by using the INST
instead of the INSTX command which will call install -d on the path.
Reported-by: James Burnett <James.Burnett@geant.org>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Added dissector_sll.c which uses sockaddr_ll to lookup & print
higher L3 layer protocol.
This dissector is mapped by LINKTYPE_LINUX_SLL link type.
Sample output of dissected Netlink & Ethernet packets.
Truncated manually some longer lines by "...":
> nlmon0 20 1434193547s.717131169ns #6
 [ Linux "cooked" Pkt Type 4 (outgoing), If Type 824 (netlink), Addr Len 0, Src (), Proto 0x0 ]
 [ NLMSG Family 0 (routing), Len 20, Type 0x0003 (DONE)...
> wlp3s0 52 1434194181s.436224709ns #9
 [ Linux "cooked" Pkt Type 4 (outgoing), If Type 1 (ether), Addr Len 6, Src (XX:XX:XX:XX:XX:XX), Proto 0x800 ]
 [ IPv4 Addr (XXX.XXX.XXX.XXX => 212.42.76.253), Proto (6), TTL (64), TOS (0), ...
   ), CSum (0x1ef5) is ok ]
	[ Geo (local => Ukraine) ]
 [ TCP Port (45849 => 443 (https)), SN (0x1744209), AN (0x46ca9611), DataOff (8) ...
 [ Chr .....w.Rj).. ]
 [ Hex  XX XX XX XX XX XX XX XX XX XX XX XX ]
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | Originally submitted by Vadim in a different form, he wrote:
  Use Linux "cooked" header for Netlink interface automatically or
  as replacement of L2 header if "--cooked" option is specified:
    http://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL.html
  'Cooked headers' makes sense to use for default or nsec pcap
  types which does not contain protocol info.
  Added new LINKTYPE_LINUX_SLL which indicates pcap file with
  Linux "cooked" header as L2 layer header. This pcap file is
  compatible with Wireshark's "cooked" header & vice-versa.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | Add relevant structure and conversion functions in both directions.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[ dbkm: split out patch ]
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | Add a --cooked option that we later on use for capturing in cooked
header. For now, this only captures with a dgram packet socket, but
the remaining logic will follow up.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[ dbkm: split out patch ]
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | LINKTYPE_LINUX_SLL needs datagram packet sockets. We'll need this
function at a later point in time.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | We need this for cooked header support.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[ dbkm: split out patch ]
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | Dissect basic rtnl neighbour info.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | Move device string convertions funcs (device_type2str, device_addr2str)
from proto_nlmsg.c to dev.c to use them in other modules.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[ dbkm: minor stylistic fixes ]
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | IFA_FLAGS and RTPROT_MROUTED might not be defined on older kernel
versions (as is evident from the Travis CI build failing [1]). Fix it by
conditionally using the two definitions.
[1] https://travis-ci.org/netsniff-ng/netsniff-ng/jobs/65887691
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Since commit 107456c ("netsniff-ng, nlmsg: Dissect rtnl link type
messages") netsniff-ng also needs libnl-route-3.0. Install it as well
when building on Travis CI.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Since commit 107456c646ab ("netsniff-ng, nlmsg: Dissect rtnl link type
messages") netsniff-ng also needs libnl-route-3.0. Add it to the list of
packages in the Debian apt-get install line in the INSTALL file.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Add some more dissection logic for dumping rtnetlink related infos
with attributes.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | Dump RTnetlink address related info with attributes.
Additional changes:
	- print 'Len' info at the end of each attribute.
	- print new line before each header if packet
		contains more netlink messages
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | Dump RTnetlink interface related info with attributes.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | Add an example, so users can easily adapt and move on from that.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | Print each country channel info on separated line to make it more
readable:
IE: Country (7, Len(66)): Country String: US
	First Ch Nr: 36, Nr of Ch: 1, Max Transmit Pwr Lvl: 24
	First Ch Nr: 40, Nr of Ch: 1, Max Transmit Pwr Lvl: 24
	First Ch Nr: 44, Nr of Ch: 1, Max Transmit Pwr Lvl: 24
	First Ch Nr: 48, Nr of Ch: 1, Max Transmit Pwr Lvl: 24
	First Ch Nr: 52, Nr of Ch: 1, Max Transmit Pwr Lvl: 23
	First Ch Nr: 56, Nr of Ch: 1, Max Transmit Pwr Lvl: 23
	First Ch Nr: 60, Nr of Ch: 1, Max Transmit Pwr Lvl: 23
	First Ch Nr: 64, Nr of Ch: 1, Max Transmit Pwr Lvl: 23
	First Ch Nr: 100, Nr of Ch: 1, Max Transmit Pwr Lvl: 24
	First Ch Nr: 104, Nr of Ch: 1, Max Transmit Pwr Lvl: 24
	First Ch Nr: 108, Nr of Ch: 1, Max Transmit Pwr Lvl: 24
	First Ch Nr: 112, Nr of Ch: 1, Max Transmit Pwr Lvl: 24
	First Ch Nr: 116, Nr of Ch: 1, Max Transmit Pwr Lvl: 24
	First Ch Nr: 132, Nr of Ch: 1, Max Transmit Pwr Lvl: 24
	First Ch Nr: 136, Nr of Ch: 1, Max Transmit Pwr Lvl: 24
	First Ch Nr: 140, Nr of Ch: 1, Max Transmit Pwr Lvl: 24
	First Ch Nr: 149, Nr of Ch: 1, Max Transmit Pwr Lvl: 30
	First Ch Nr: 153, Nr of Ch: 1, Max Transmit Pwr Lvl: 30
	First Ch Nr: 157, Nr of Ch: 1, Max Transmit Pwr Lvl: 30
	First Ch Nr: 161, Nr of Ch: 1, Max Transmit Pwr Lvl: 30
	First Ch Nr: 165, Nr of Ch: 1, Max Transmit Pwr Lvl: 30
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Pull & print more netlink messages from one packet which can be sent
with MULTI flag.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Fix typo in error message.
Signed-off-by: Kartik Mistry <kartik.mistry@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | In the list of major changes since the last release, explicitly mention
which version the last release refers to.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Add the URL to our Github issue tracker to REPORTING-BUGS. Also fix a
typo while at it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Use actual Daniel's <daniel@iogearbox.net> email.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[ -dbkm: also moved Tobias one up while we're at it as he got more contribs ]
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | Just add a comment to the reader, so that it's obvious. The second
condition could have been spared in case of open_or_die(), but it's
nothing critical and the extra indent can be spared instead.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | If the file open fails with O_NOATIME option then try to open it w/o
this option in case if the user does not have enough prvileges to use
O_NOATIME.
It fixes the case when user made pcap file in sudo mode but after it
should still use sudo to read it because of setting O_NOATIME option
requires higher privileges.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Create PF_PACKET socket with proto=0 which does not setup packet handler
and will not capture packets until bind() will be invoked.
Also replaced pf_tx_socket by pf_socket as these funcs became the same,
as proto arg is set to 0.
Suggested-by: Daniel Borkmann <borkmann@iogearbox.net>
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Print 'Family' and 'Type' (considering family) fields in less mode.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Vadim has contributed numerous improvements and bug fixes for
netsniff-ng and hopefully continues to do so. Move him to the major
contributors section in the AUTHORS file.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Automatic new line indentation can break terminal ESC color sequence by
inserting new line within it.
Fixed by considering that color ESC sequence is not closed
by 'm' and only after it is closed - print new line with spaces.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tk: add comments]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Commit a37101161784 ("dissectors: ethernet: Handle multicast/broadcast
addresses properly") introduced handling of multicast/broadcast
addresses in string translation, but only for the verbose mode. Also
print these strings instead of "Unknown" in less mode.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> |