Age | Commit message (Collapse) | Author | Files | Lines |
|
Commit e3e8eea41966 ("netsniff-ng: add date format strings to --out.")
introduced the possibility to specify time formats in the -o/--out
parameter. Document this in netsniff-ng(8)
Updates #158
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
This adds the ability to use date(1)/strftime(3) style format strings
when specifying an output file.
Example:
netsniff-ng --out %Y-%m-%d.pcap ### outputs to 2018-04-20.pcap
Fixes #158
Signed-off-by: Daniel Roberson <daniel@planethacker.net>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add Daniel Roberson for 15f78c073276 ("mausezahn: fix strtok() segfault
if s or m are missing") via PR #189
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The -d flag will result in a segmentation fault if 'm' or 's' are
specified without a numeric value.
Example: mausezahn -d m ### Results in a crash
Signed-off-by: Daniel Roberson <daniel@planethacker.net>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Support dissecting IPv6 headers into the îp6' trafgen protocol header
command.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Reported-by: @asavah
Fixes: 44ceece354c5 ("geoip: store GeoIP files in $(PREFIX)/share by default")
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
There is no need to explicity use the builtins. According to [1], GCC
will recognize mem{cpy,set} as built-in functions, unless the
corresponding -fno-builtin-* option is specified (which is not the case
for netsniff-ng).
[1] https://gcc.gnu.org/onlinedocs/gcc/Other-Builtins.html
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
This fixes the following GCC warning:
trafgen_parser.y: In function ‘cleanup_packets’:
trafgen_parser.y:1479:18: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
for (k = 0; k < hdr->sub_headers_count; k++)
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
They are opened in main_loop which is only executed in the child(ren),
so close them there again. This avoids closing the devices twice, which
may lead to segfaults.
Fixes #188
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The /etc directory shouldn't contain non-human-readable files.
netsniff-ng (when called with the '-U' option) currently installs the
GeoIP database files to /etc/netsniff-ng by default.
Change this to install them to $(PREFIX)/share/netsniff-ng instead,
which is conformant to the FHS [1].
[1] https://wiki.debian.org/FilesystemHierarchyStandard
Also create the respective directory in the 'make install' target.
Fixes #187
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Use xzmalloc_aligned instead of open-coding it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
bpf_parse_rules is not called in a fast path, so just use the plain
memset/memcpy and let the compiler decide whether they should be
replaced.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Adds a first rudimentary support for the DCCP protocol.
Signed-off-by: Markus Amend <markus.amend@telekom.de>
[tk: minor formatting tweaks]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
There is missing logic which removes flow entry from
related proc's entry while destroying global flows list on
filter reloading, hence add common __flow_list_del_entry which
handles this logic for both cases - when ct destroyed or filter
changed.
This is a 2nd fix for issue #183.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Use plural to match the "Flows" tab and because it usually shows
multiple processes.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Use cds_list_del_rcu for safer deletion flow from the process flow
list to prevent possible use-after-free by UI thread when it is
refreshing the processes.
It may fix the #183 issue.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
currently, after dinc(), the valued stored inside the packet is
not in the (min, max) range but in the (0, max - min + 1) range,
'counter->val' should be used instead of 'val'.
Additionally the values computed for ddec() are corrupted, in:
val = (val - counter->inc) % (counter->min - counter->max + 1);
the divider is negative, we should use (counter->max - counter->min + 1)
as in the INC case.
Finally we can avoid the switch statement at update time, inverting
the value of 'counter->inc' for decrement and using a data type wide
enough for the 'inc' field.
v1 -> v2:
- changed 'counter->inc' type to int
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Avoid having a 58 entry array on stack of which only 3 are ever used.
Just look up the short protocol identifier via a good'ol switch.
Fixes Coverity CID 1381806
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
If trafgen is called with the -i option, it currently crashes due to an
NULL pointer dereference. Fix it.
Fixes Coverity CID 1381809
Fixes: 82a3c204c6f1 ("trafgen: Allow send packets from pcap file")
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Fix two resource leaks in trafgen.
Fixes Coverity CID 1381807 and CID 1381811.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
fopencookie(3) is a non-standard GNU extension and some libc
implementations might not provide it (e.g. musl).
Check for fopencookie in the configure script and disable building
curvetun in case the function is not available, as curvetun is the only
tool using fopencookie.
Fixes #174
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The commit 78c13b71e196 ("trafgen: Allow to generate packets
to output pcap file") introduced a regression when output is
a network device and multiple CPU are in use: the packet
socket is created before fork() and thus the socket is shared
among all the processes: all of them except the first will
fail while setting the tx_ring.
Fix it splitting the io open() helper in a create() op,
called before forking, and the open() op called by each process.
Fixes: 78c13b71e196 ("trafgen: Allow to generate packets to output pcap file")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Variable rate is assigned instead of compared in the check of the
interval in relation to the line rate. Fix it and at the same time fix
the compared against interval value to match the message we show if the
condition is fulfilled.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Use type uint32_t instead of u32 (which is typedef'ed to uint32_t in
built_in.h) in order to avoid confusion wrt. kernel-/user-space types.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Use type uint32_t instead of u32 (which is typedef'ed to uint32_t in
built_in.h) in order to avoid confusion wrt. kernel-/user-space types.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Only call wireless_bitrate (and thus the underlying ioctl) if strictly
necessary, i.e. ethtool_bitrate returned 0.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Added trafgen_dump.c module which dumps headers from packet
in .cfg format. Packet is dumped if -o <file>.cfg was specified,
it might be useful to specify *.pcap file as input and convert it
into .cfg file to edit proto fields in human readable format.
To make it possible several main changes were added:
1) packet id is embedded into struct packet.id, and
it is updated on each realloc_packet()
2) Added new struct proto_hdr.get_next_proto callback
to make possible apply fields of next header.
3) Added new dev_io ops for writting packets into .cfg file,
to re-use common dev_io mechsnism for packets dumping.
Before dump the default ETH_PROTO fields are applied as first header and
then next proto_hdr is identified via .get_next_proto(...) callback.
Meanwhile only eth, arp, vlan, ip4, udp, & tcp protos can be dissected
into *.cfg format.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Refactor dev_io_ops read & write to specify struct packet *,
it may simplify a bit a caller logic. And it allow to keep
required members within one struct packet object.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Replace using current_packet() by new proto_hdr_packet(hdr)
function to obtain packet directly from header. This is more
generic and flexible way, because it guarantees that packet really
belongs to the header, which in case in current_packet() is not right
because it means getting of last allocated packet.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add Zhouyang jia for commit 9f87a7b3aa (PR #180).
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Mausezahn will crash when given wrong payload file, e.g., "$./mausezahn
-f wrong_file". This patch fixes the segmentation fault by adding
error-handling code to fopen.
Signed-off-by: Zhouyang Jia <jiazhouyang09@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Simplify a bit of creation rfraw device by delegating it to the dev_io
API, also in case the output device is pcap file the --rfraw option
sets the link type to ieee80211 radio tap.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
|
|
Change the invalid --b option in one of the examples listed in the help
to --bind-cpu.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
pull_and_flush_tx_ring_wait() in the exit path of xmit_fastpath_or_die()
might return with errno ENOBUFS (due to the other CPU's processes
concurrent access) but will eventually suceed. Thus retry
pull_and_flush_tx_ring_wait() as in the main loop of
xmit_fastpath_or_die().
Fixes #175
Reported-by: Eduardo Miravalls Sierra
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Trim output name to IFNAMSIZ only if the output is a networking device,
otherwise the following error occured if output name is greater then
IFNAMSIZ:
$ trafgen -n 1 '{ udp() }' -o /tmp/xxxxxxxxxxxxxx.pcap
No networking device or pcap file: /tmp/xxxxxxxxxx
Failed to open output device
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add trafgen_dev.c module which provides generic way of
reading and writing packets to/from networking device or a pcap file.
Also allow to handle output pcap file via '-o, --out, --dev' option.
It might be useful in future for testing some link protocols which is
not easy to capture (e.g. wlan packets) w/o having some special setup.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: fix whitespace issues]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Move rate, bytes & pkts stats fields from flow & proc entry
to separate flow_stat struct.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add new syntax for DNS header generation via 'dns()' proto function.
The fields are supported:
id - 16 bit identifier
qr - message is a query(0) or response(1)
op|oper - specified kind of query
aanswer - authoritative answer flag
trunc - message was truncated flag
rdesired - recursion desired flag
ravail - recursion available flag
zero - reserved for future use
rcode - response code
qdcount - number of entries in question section
ancount - number of entries in answer section
nscount - number of entries in authority section
arcount - number of entries in additional section
Also there are functions to generate DNS sections:
'qry()' function to generate separate query entry:
name - variable domain name
type - type of the query
class - class of the query
'ans()', 'auth()', 'add' functions to generate separate answer,
authoritative, adidditional entry with the same fields layout:
name - variable domain name
type - resource record type
class - class of the data
ttl - time interval that the record may be cached
len - length of data
data - variable length of bytes
All the DNS section entries will be automaticlly sorted by DNS proto API
in the way which is required by DNS header:
query entries
answer entries
authoritative entries
additional entries
'name' field in qry/ans/auth/add functions is automatically converted to
FQDN format if it was specified as "string".
There are also added functions to simplify the way of filling
some often used RR types for using them inside ans/auth/add functions:
addr(ipv4_addr | ipv6_addr) - fills the following RR fields:
len - 4 or 16 depends on IPv4 or IPv6 address was specified
data - is filled with IPv4 or IPv6 address
type - 1 for IPv4 address, 28 - for IPv6
ns(string)
type - 2
cname(string)
type - 5
ptr(string)
type - 12
EXAMPLES:
{
dns(qr=1,
auth(name="ns1", ns("ns1.org")),
ans(name="www.google.com", cname("google.com")),
auth(name="aa", ns("bb")),
qry(name="www.google.com"))
}
{
dns(qr=1, ans(name="www.google.com", addr(1.2.3.4)))
}
{
dns(qr=1, ans(name="www.google.com", addr(1::)))
}
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add trafgen_l7.c module with DNS proto header generation with
support of filling DNS query/answer/authority/additional sections
as sub headers.
Introcuded new concept as 'sub header' which is needed to easy handle
DNS sections which might be added on-demand, and to simplify using
sub-header as regular header with a fields, offset, etc. There is a
parent header which contains array of pointers of sub-headers, and the
array is ordered as they are located in the parent header. The
sub-headers mostly encapsulated by the parent header which 'knows'
the semantic of them. The new proto_hdr->push_sub_header(...) callback
was added to tell the parent header to push the sub-header's fields,
sub-header also may have proto_ops which must be filled by the parent.
This sub-header concept might be used in the future if it will be needed
to support DHCP, WLAN headers.
There are 4 kinds of DNS sub-headers - query, answer, authority,
additional. 'id' of each sub-header is used to only differentiate these
types of sections. These sections have strict order inside DNS header,
and there was added the proto_hdr_move_sub_header(...) to sort them in
required order.
Actually there are only 2 proto_hdr's which describes 4 DNS sections -
query & rrecord, because rrecord covers another 3 - answer, auhority,
additional which have the same layout.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add str2fqdn for converting hostname string into DNS name notation:
www.xxxx.yy.com -> 3www4xxxx2yy3com0
Returned string must be freed after use by the caller.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
It is quite tricky to set field value with a variable length
(i.e. DNS query name), to make it possible the field
needs to be added to header with 'len=0' in that case there
will be no any payload allocation, but only while setting the field
value the packet will be appended with a real length bytes and after
the field needs to be relocated to the right place.
Also add 'len' parameter to *_set_bytes(...) functoins to have better
control over it.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Move scrolling logic to the ui.c module, it requires to have
some data iteration provided in flowtop.c and delegated to ui.c part.
So approach is that now flowtop provides 2 additional callbacks for:
1) Iterate over flows/procs list
2) Draw flow/proc on each iteration which is controlled from ui.c
it allows to unify scrolling logic and delegate it to the ui.c, in the
future it should allow to easy handle press event on selected row and
drow some additional information, or draw a cursor line per selected
row.
Also fixed case when down scrolling was bigger that printed rows, not
it is handled by ui part.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add Baruch for commits 4de312bce77d ("flowtop: take PKG_CONFIG into
account for libnetfilter_conntrack") and 95f6019a2060 ("proc.h: add
missing headers").
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
ino_t and pid_t require stat.h and types.h, respectively. Fixes the following
build failure with musl libc:
In file included from cpp.c:7:0:
proc.h:11:31: error: unknown type name =E2=80=98ino_t=E2=80=99
extern int proc_find_by_inode(ino_t ino, char *cmdline, size_t len, pid_t =
*pid);
^
proc.h:11:69: error: unknown type name =E2=80=98pid_t=E2=80=99
extern int proc_find_by_inode(ino_t ino, char *cmdline, size_t len, pid_t =
*pid);
^
proc.h:12:25: error: unknown type name =E2=80=98pid_t=E2=80=99
extern bool proc_exists(pid_t pid);
^
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
[tk: complementary fix to commit a9f4431e0a20]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Use $PKG_CONFIG to determine the linker flags for libnetfilter_conntrack. This
fixes static link failure like the following:
LD flowtop
.../usr/x86_64-buildroot-linux-musl/sysroot/usr/lib/../lib64/libnetfilter_conntrack.a(main.o): In function `nfct_open_nfnl':
main.c:(.text+0x52): undefined reference to `nfnl_subsys_open'
main.c:(.text+0x69): undefined reference to `nfnl_subsys_close'
main.c:(.text+0x87): undefined reference to `nfnl_subsys_open'
main.c:(.text+0xa3): undefined reference to `nfnl_subsys_close'
.../usr/x86_64-buildroot-linux-musl/sysroot/usr/lib/../lib64/libnetfilter_conntrack.a(main.o): In function `nfct_open':
main.c:(.text+0xc9): undefined reference to `nfnl_open'
main.c:(.text+0xf0): undefined reference to `nfnl_close'
...
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Use proto_field_set_xxx(field, ...) instead of
proto_hdr_field_set_xxx(hdr, fid, ...) to be more generic and do not
depend on 'hdr' variable.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
There is no point in having the parser show translated error messages
while the rest of the program does only show them in English.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
There is no point in having the parser show translated error messages
while the rest of the program does only show them in English.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|