summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2015-07-20Revert "flowtop: Fix hanging while waiting for collector"Vadim Kochan1-1/+1
Vadim says: "This series reverts unnecesseary cond lock when presenter waits for collector to finish its initializing part before do screen initializing, it was added only to do not panic collector when screen is initialized with ncurses so after this shell will be colored." Now screen is cleaned up in panic handler so cond lock is not needed anymore. This reverts commit 3beaa23d4d33b51a392b56f110c8773151ac19cc. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-17flowtop: Indentation fixes for multiline function signaturesTobias Klauser1-3/+3
Align the arguments/parameters on successive lines with the opening parenthesis. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-17flowtop, netsniff-ng: Move process name extraction to own functionTobias Klauser5-17/+27
flowtop and the netsniff-ng's netlink message dissector both need to get the process name for a pid from /proc/<pid>/exe, thus move that functionality to an own function. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-17flowtop: Use strncpy instead of strcatTobias Klauser1-4/+2
Make the path creation a bit more straight-forward. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-17flowtop: Show flow bytes in human readable formatVadim Kochan1-3/+21
Print flow bytes amount in human readable format units (G,M,K). Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: Make bandw2str static, change arg type, formatting] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-17flowtop: Show total numbers of flowsVadim Kochan1-14/+19
Count flows which might be showed and show this number on the top status line. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-17flowtop: Add connection traffic accountingVadim Kochan1-26/+202
Mark each flow if it is visible on the screen to know if it is needed update traffic acct info. Changed to use non blocking recv of nf conntrack events to update traffic accounting. Now nf_conntrack is cloned when new flow entry is added to send dump request which is used to update traffic accounting info (packet, bytes). Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: Formatting changes] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-17flowtop: Refactor walking for each flow node by presenterVadim Kochan1-79/+52
Change code to walk each flow by presenter to look more understandable. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: Revert unnecessary whitespace changes] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-13flowtop: Fix hanging while waiting for collectorVadim Kochan1-1/+1
Fixed issue when flowtop hangs be cause of wrong using pthread cond lockiing, so the lock should be locked first by calling thread before call to pthread_cond_wait. Fixes: 451275470106 ("flowtop: Don't init screen until collector is ready") Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-13flowtop: Fix flows disappearingVadim Kochan1-1/+3
While removing flow which is pointed by 'head' then head is set to NULL and all the list disappears, so fixed by set removing flow next entry to list 'head'. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-13netsniff-ng: minor whitespace formatting fixDaniel Borkmann1-1/+1
Just get this properly aligned. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-07flowtop man: Add note about activating netfilter connection trackingVadim Kochan1-2/+11
Add the same note about using iptables to activate conntrack as it is already described in 'flowtop -h', just to keep it in the man page too. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-01netsniff-ng: dev: Rename device_ifindex_get to __device_ifindexTobias Klauser3-4/+4
Make the function name more in line with the scheme we use for other similar functions: the function prefixed with __ returns a negative error code, the function without prefix panic()'s on error. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-06-30trafgen: Print min packet size in error messageVadim Kochan1-3/+6
Print minimum needed packet size in case if validation error. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-06-29docs: add reference to Travis CIDaniel Borkmann1-0/+4
Add a doc where a link to Travis CI can be found. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-29netsniff-ng: nlmsg: Define NTF_* constants if not provided by kernel headersTobias Klauser1-2/+20
NTF_SELF and NTF_MASTER might not be defined on older kernel versions (as is e.g. the case in the Travis CI build failing [1]). Fix this by conditionally defining all NTF_* constants. [1] https://travis-ci.org/netsniff-ng/netsniff-ng/jobs/68779130 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-06-29make: Create containing directories for manpages if not existentTobias Klauser1-1/+1
When installing to the default DESTDIR /usr/local with non existent /usr/local/share/man/man8 (or any subpath of it), the installation of manpages fails with e.g. install: cannot create regular file `/usr/local/share/man/man8/netsniff-ng.8.gz': No such file or directory make: *** [netsniff-ng_do_install] Error 1 Thus, create any leading, non-existent directories by using the INST instead of the INSTX command which will call install -d on the path. Reported-by: James Burnett <James.Burnett@geant.org> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-06-20netsniff-ng: Add dissector for Linux "cooked" packetsVadim Kochan10-13/+153
Added dissector_sll.c which uses sockaddr_ll to lookup & print higher L3 layer protocol. This dissector is mapped by LINKTYPE_LINUX_SLL link type. Sample output of dissected Netlink & Ethernet packets. Truncated manually some longer lines by "...": > nlmon0 20 1434193547s.717131169ns #6 [ Linux "cooked" Pkt Type 4 (outgoing), If Type 824 (netlink), Addr Len 0, Src (), Proto 0x0 ] [ NLMSG Family 0 (routing), Len 20, Type 0x0003 (DONE)... > wlp3s0 52 1434194181s.436224709ns #9 [ Linux "cooked" Pkt Type 4 (outgoing), If Type 1 (ether), Addr Len 6, Src (XX:XX:XX:XX:XX:XX), Proto 0x800 ] [ IPv4 Addr (XXX.XXX.XXX.XXX => 212.42.76.253), Proto (6), TTL (64), TOS (0), ... ), CSum (0x1ef5) is ok ] [ Geo (local => Ukraine) ] [ TCP Port (45849 => 443 (https)), SN (0x1744209), AN (0x46ca9611), DataOff (8) ... [ Chr .....w.Rj).. ] [ Hex XX XX XX XX XX XX XX XX XX XX XX XX ] Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-20pcap_io: add cooked mode supportDaniel Borkmann2-37/+172
Originally submitted by Vadim in a different form, he wrote: Use Linux "cooked" header for Netlink interface automatically or as replacement of L2 header if "--cooked" option is specified: http://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL.html 'Cooked headers' makes sense to use for default or nsec pcap types which does not contain protocol info. Added new LINKTYPE_LINUX_SLL which indicates pcap file with Linux "cooked" header as L2 layer header. This pcap file is compatible with Wireshark's "cooked" header & vice-versa. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-18pcap_io: add sockaddr_ll to pcap_llVadim Kochan1-0/+30
Add relevant structure and conversion functions in both directions. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [ dbkm: split out patch ] Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-18netsniff-ng: Add cooked cmdline option.Vadim Kochan3-32/+77
Add a --cooked option that we later on use for capturing in cooked header. For now, this only captures with a dgram packet socket, but the remaining logic will follow up. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [ dbkm: split out patch ] Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-18sock: Add dgram socket creation.Daniel Borkmann2-0/+22
LINKTYPE_LINUX_SLL needs datagram packet sockets. We'll need this function at a later point in time. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-18linktype: Add LINKTYPE_LINUX_SLL.Vadim Kochan1-0/+1
We need this for cooked header support. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [ dbkm: split out patch ] Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-17netsniff-ng: nlmsg: Print rtnl neigh infoVadim Kochan1-0/+101
Dissect basic rtnl neighbour info. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-13dev: Add device string convertions (addr, dev type)Vadim Kochan3-113/+189
Move device string convertions funcs (device_type2str, device_addr2str) from proto_nlmsg.c to dev.c to use them in other modules. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [ dbkm: minor stylistic fixes ] Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-08netsniff-ng: nlmsg: Fix build for older kernel headersTobias Klauser1-0/+4
IFA_FLAGS and RTPROT_MROUTED might not be defined on older kernel versions (as is evident from the Travis CI build failing [1]). Fix it by conditionally using the two definitions. [1] https://travis-ci.org/netsniff-ng/netsniff-ng/jobs/65887691 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-06-08build: travis: Add libnl-genl-3-dev to install commandTobias Klauser1-1/+1
Since commit 107456c ("netsniff-ng, nlmsg: Dissect rtnl link type messages") netsniff-ng also needs libnl-route-3.0. Install it as well when building on Travis CI. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-06-08INSTALL: Add package libnl-route-3-dev to list of needed Debian packagesTobias Klauser1-3/+3
Since commit 107456c646ab ("netsniff-ng, nlmsg: Dissect rtnl link type messages") netsniff-ng also needs libnl-route-3.0. Add it to the list of packages in the Debian apt-get install line in the INSTALL file. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-06-05netsniff-ng, nlmsg: add further rtnl route type messages to dissectorVadim Kochan3-13/+222
Add some more dissection logic for dumping rtnetlink related infos with attributes. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-01netsniff-ng nlmsg: Dissect rtnl addr type messagesVadim Kochan1-25/+152
Dump RTnetlink address related info with attributes. Additional changes: - print 'Len' info at the end of each attribute. - print new line before each header if packet contains more netlink messages Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-01netsniff-ng, nlmsg: Dissect rtnl link type messagesVadim Kochan2-0/+235
Dump RTnetlink interface related info with attributes. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-05-27netsniff-ng: add example for fanout into man pageDaniel Borkmann1-1/+12
Add an example, so users can easily adapt and move on from that. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-05-21netsniff-ng mac80211: Align country channels infoVadim Kochan1-0/+1
Print each country channel info on separated line to make it more readable: IE: Country (7, Len(66)): Country String: US First Ch Nr: 36, Nr of Ch: 1, Max Transmit Pwr Lvl: 24 First Ch Nr: 40, Nr of Ch: 1, Max Transmit Pwr Lvl: 24 First Ch Nr: 44, Nr of Ch: 1, Max Transmit Pwr Lvl: 24 First Ch Nr: 48, Nr of Ch: 1, Max Transmit Pwr Lvl: 24 First Ch Nr: 52, Nr of Ch: 1, Max Transmit Pwr Lvl: 23 First Ch Nr: 56, Nr of Ch: 1, Max Transmit Pwr Lvl: 23 First Ch Nr: 60, Nr of Ch: 1, Max Transmit Pwr Lvl: 23 First Ch Nr: 64, Nr of Ch: 1, Max Transmit Pwr Lvl: 23 First Ch Nr: 100, Nr of Ch: 1, Max Transmit Pwr Lvl: 24 First Ch Nr: 104, Nr of Ch: 1, Max Transmit Pwr Lvl: 24 First Ch Nr: 108, Nr of Ch: 1, Max Transmit Pwr Lvl: 24 First Ch Nr: 112, Nr of Ch: 1, Max Transmit Pwr Lvl: 24 First Ch Nr: 116, Nr of Ch: 1, Max Transmit Pwr Lvl: 24 First Ch Nr: 132, Nr of Ch: 1, Max Transmit Pwr Lvl: 24 First Ch Nr: 136, Nr of Ch: 1, Max Transmit Pwr Lvl: 24 First Ch Nr: 140, Nr of Ch: 1, Max Transmit Pwr Lvl: 24 First Ch Nr: 149, Nr of Ch: 1, Max Transmit Pwr Lvl: 30 First Ch Nr: 153, Nr of Ch: 1, Max Transmit Pwr Lvl: 30 First Ch Nr: 157, Nr of Ch: 1, Max Transmit Pwr Lvl: 30 First Ch Nr: 161, Nr of Ch: 1, Max Transmit Pwr Lvl: 30 First Ch Nr: 165, Nr of Ch: 1, Max Transmit Pwr Lvl: 30 Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-18netsniff-ng nlmsg: Print multi-part messagesVadim Kochan1-14/+30
Pull & print more netlink messages from one packet which can be sent with MULTI flag. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-11netsniff-ng: Fix typo Unkown -> UnknownKartik Mistry1-2/+2
Fix typo in error message. Signed-off-by: Kartik Mistry <kartik.mistry@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-09netsniff-ng 0.5.9v0.5.9Tobias Klauser1-1/+1
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-08build: Explicitly mention last release in announcement messageTobias Klauser1-1/+1
In the list of major changes since the last release, explicitly mention which version the last release refers to. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-07docs: REPORTING-BUGS: Mention the github issue trackerTobias Klauser1-1/+5
Add the URL to our Github issue tracker to REPORTING-BUGS. Also fix a typo while at it. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-07authors: Fix Daniel's emailVadim Kochan1-3/+3
Use actual Daniel's <daniel@iogearbox.net> email. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [ -dbkm: also moved Tobias one up while we're at it as he got more contribs ] Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-05-07netsniff-ng: add comment wrt NOATIME and fix whitespaceDaniel Borkmann1-1/+5
Just add a comment to the reader, so that it's obvious. The second condition could have been spared in case of open_or_die(), but it's nothing critical and the extra indent can be spared instead. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-05-07netsniff-ng: Open pcap w/o O_NOATIME on 2nd tryVadim Kochan1-1/+6
If the file open fails with O_NOATIME option then try to open it w/o this option in case if the user does not have enough prvileges to use O_NOATIME. It fixes the case when user made pcap file in sudo mode but after it should still use sudo to read it because of setting O_NOATIME option requires higher privileges. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-06sock: Fix capturing extra packets from other devVadim Kochan3-12/+2
Create PF_PACKET socket with proto=0 which does not setup packet handler and will not capture packets until bind() will be invoked. Also replaced pf_tx_socket by pf_socket as these funcs became the same, as proto arg is set to 0. Suggested-by: Daniel Borkmann <borkmann@iogearbox.net> Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-05netsniff-ng nlmsg: Print family & type in less modeVadim Kochan1-3/+5
Print 'Family' and 'Type' (considering family) fields in less mode. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-05docs: authors: Move Vadim to major contributorsTobias Klauser1-1/+1
Vadim has contributed numerous improvements and bug fixes for netsniff-ng and hopefully continues to do so. Move him to the major contributors section in the AUTHORS file. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-05tprintf: Fix color breaking in less modeVadim Kochan1-1/+12
Automatic new line indentation can break terminal ESC color sequence by inserting new line within it. Fixed by considering that color ESC sequence is not closed by 'm' and only after it is closed - print new line with spaces. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tk: add comments] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-05dissectors: ethernet: Display multicast/broadcast also in less modeTobias Klauser1-7/+4
Commit a37101161784 ("dissectors: ethernet: Handle multicast/broadcast addresses properly") introduced handling of multicast/broadcast addresses in string translation, but only for the verbose mode. Also print these strings instead of "Unknown" in less mode. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-05die: Rename *_panic_func to *_panic_handlerVadim Kochan4-8/+8
Rename xxx_panic_func(s) to xxx_panic_handler(s) which is more understandable than 'func'. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-04netsniff-ng: Rename protocol dissector member of struct pkt_buffTobias Klauser15-38/+38
In commit d312a25879d5 ("netsniff-ng nlmsg: Print netlink protocol name"), the struct protocol member of struct pkt_buff was renamed to handler to account for the newly added proto field. However, the corresponding function pkt_set_proto wasn't renamed which is a bit counter-intuitive. Fix this by renaming the member again, this time to dissector (as I don't consider handler a particulary meaningful name) and adjust the set function's name accordingly. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-04trafgen: Delete rfmon mac80211 device on panicVadim Kochan2-9/+24
Fixed case when rfmon mac80211 created device remains after trafgen failed (for ex. - incorrect cfg file), so just delete it when panic occured. Also made panic handlers invoking per process and only once. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-04netsniff-ng mac80211: Print probe response frameVadim Kochan1-1/+2
As Probe Response frame is very similar to Beacon (except some IEs which are identified dynamically) so lets just use the same func to dissect it. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>