| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
It looks like http://standards-oui.ieee.org/oui.txt is no longer sorted
by OUI, so do in manually when creating oui.conf. Also, it looks like
the file has been converted to use CRLF line endings, so strip those as
well (and any other trailing whitespaces in the vendor name).
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add the csumudp6 and csumtcp6 helper functions in order to simplify
checksum generation for TCP/UDP packets sent over IPv6.
trafgen example for TCP over IPv6:
{
/* MAC Destination */
fill(0xff, 6),
/* MAC Source */
0x00, 0x02, 0xb3, drnd(3),
/* IPv6 Protocol */
c16(0x86DD),
/* Version, Traffic Class, Flow Label */
0b01100000, c8(0), c16(0),
/* Payload Length */
c16(54),
/* Next Header (TCP) */
c8(6),
/* Hop Limit */
c8(64),
/* Source IPv6 */
0xfe, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xba, 0xac, 0x6f, 0xff, 0xfe, 0xa4, 0x12, 0xe3,
/* Destination IPv6 */
0xfe, 0x80, 0x82, 0x2e, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0xde, 0xff, 0xfe, 0x00, 0x06, 0xde,
/* TCP Source Port */
c16(55042),
/* TCP Destination Port */
c16(55043),
/* TCP Sequence Number */
drnd(4),
/* TCP Ackn. Number */
c32(0),
/* TCP Header length + TCP SYN/ECN Flag */
c16((8 << 12) | (1 << 1) | (1 << 6))
/* Window Size */
c16(16),
/* TCP Checksum (offset IPv6, offset TCP) */
csumtcp6(14, 54),
/* TCP Options */
0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x06,
0x91, 0x68, 0x7d, 0x06, 0x91, 0x68, 0x6f,
/* Data blob */
"foobar!",
}
Suggested-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Make it more readable.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
s/auxillary/auxiliary/
s/noone/no one/
s/todays/today's/
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
All found using codespell.
s/addres/address/
s/noone/no one/
s/endianess/endianness/
s/Successfull/Successful/
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The size of mmaped netlink packet is equals to its frame size, so
may be different from actual size. It can be checked by the next
nlmsg len is 0 or not, and trim it in that case.
Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
It would be better to use NLMSG_HDRLEN instead of sizeof(*hdr)
and not to use NLMSG_PAYLOAD to get payload length, I think.
Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Display them as K->U resp. U->K.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Complete fix for Coverity issue CID 991822, commit 047d69c4e ("curvetun:
Fix issues detected by the Coverity scanner") only fixed one instance of
this issue.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Fix two issues detected by the Coverity scanner (CID 991819 & CID
991822)
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Bail out early if we fail to read the current sysctl variable values for
net/netfilter/nf_conntrack_acct and net/netfilter/nf_conntrack_timestamp
Otherwise we'll not be able restore the previous value on exit/panic.
Moreover, if we fail to read the sysctl file, we usually also lack the
permissions to write it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Fix typo timestampinf -> timestamping
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add short info about timestamping enabling & connection duration time
feature.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: Minor rewordings]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Allow setting start/stop timestamp for new flows by enabling:
/proc/sys/net/netfilter/nf_conntrack_timestamp
on start and resetting it on exit or panic.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: Remove unnecessary cast of void pointer]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Show flow time duration in human readable form.
Originally submitted by Vadim in a slightly different form.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Don't spread the information over too many documents, this is a first
step to consolidate them a bit.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Allow to collect rx stats for multiple pcap mode, by storing
them in separated variables before switch to the next pcap file.
It allows to have the one approach when dump for single or multiple
pcap(s) mode.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
When fixing up a build error introduced by commit 579e8524
("netsniff-ng: vlan: Show vlan info from tpacket v3"), the used
definitions got mixed up and TP_STATUS_VLAN_TPID_VALID ended up not
being checked at all. Fix this up and make the code a bit easier to read
Fixes: 3384ee71 ("netsniff-ng: ring: Fix build if tp_vlan_tpid is not available in kernel header")
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Otherwise we clutter the build log with warnings such as:
tput: No value for $TERM and no -T specified
on head-less CI/build systems (e.g. Debian's buildd).
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Except for some minor saving in disk space, stripping the binaries
doesn't bring any benefits and it might prevent us from getting usable
debugging information even from binaries build with DEBUG not set. Most
distributions will strip the binaries as part of their packaging process
anyhow.
If someone really wants stripped binaries as a result of the netsniff-ng
build, they could still add '-s' to CFLAGS or call strip manually.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
s/coul/could/
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Otherwise nacl will not get picked up when cross-compiling.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
This fixes the following errors when running configure e.g. inside the
OpenEmbedded environment:
./configure: line 23: [: too many arguments
./configure: line 24: [: i586-oe-linux-ld: binary operator expected
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The tp_vlan_tpid member of struct tpacket_auxdata was only added in
kernel commit a0cdfcf39362 ("packet: deliver VLAN TPID to userspace").
Support building netsniff-ng also against kernel headers from earlier
versions.
Fixes: 579e8524 ("netsniff-ng: vlan: Show vlan info from tpacket v3")
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Show vlan info (vid, prio & proto) from tpacket struct, in separated
line. It might be useful to sniff it in case if vlan reordering is on
(which is by default) and physical (vlan underlying) device supports
vlan offloading.
Meanwhile it uses only v3 tpacket info as location of vlan fields are
different between v2 & v3 (v1 does not have it at all), but current code
only has possibility to check if v3 is used which is not enough.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[ tk: make print format consistent with VLAN dissector ]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add proto_vlan.h with helpers to parse VLAN fields.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add some people to the minor contributors list who were previously
missing. Also sort the list alphabetically to make it easier to keep the
list up to date.
Also move Vadim one position up in the major contributors list according
to the current commit count.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Instead of creating an additional struct flow_entry on the stack just to
use the CP_NFCT macros, call nfct_get_attr_u16() directly.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The tprintf module isn't used in flowtop, no need to link it in.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Commit da8fcdd7 ("netsniff-ng: Add cooked cmdline option.") added the
-w/--cooked command line option but didn't add it to the zsh
completition. Do so now.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Show byte/packet counters in the same colors as their direction:
- src in red
- dst in blue
so it will be easiser to identify them by direction.
Also unifed counters printing in one function and changed counters
naming similar to other *_src members of flow_entry struct.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: Reverted to using parentheses in printed message]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
We should get faster builds by using their new infrastructure.
Reference: http://docs.travis-ci.com/user/migrating-from-legacy/
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Fixes curvetun build failure due to undefined reference to
sysctl_get_int in sock.o.
[...]
LD curvetun
curvetun/sock.o: In function `set_system_socket_mem.part.0':
sock.c:(.text+0xc0): undefined reference to `sysctl_set_int'
curvetun/sock.o: In function `set_system_socket_memory':
sock.c:(.text+0x4dd): undefined reference to `sysctl_get_int'
sock.c:(.text+0x505): undefined reference to `sysctl_get_int'
sock.c:(.text+0x52e): undefined reference to `sysctl_get_int'
sock.c:(.text+0x54f): undefined reference to `sysctl_get_int'
collect2: error: ld returned 1 exit status
Signed-off-by: Tobias Geerinckx-Rice <tobias.geerinckx.rice@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Just ignore DNS flows instead of insert it and then
filter it out by presenter.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Do not do reverse DNS for src hostname if '-s' option
is not specified.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Don't hide status bar line when dumping flows but
print "[Collecting flows ...]" on the same line.
Really there is no sense to hide this status bar line.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
If a non-privileged user opens a pcap file then netsniff-ng tries to setup
socket memory which causes warnings about failing because of permissions.
So don't tune socket memory in pcap-read-only mode.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add some explanation about traffic counters enabling via
sysctl and its limitation.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: Reword some sentences]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Show bytes/pkts counters per src/dst direction. By default counters
originated from dst are showed. Src counters are showed only if '-s' is
specified.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Get rid of flushing connections which resets all counters.
Use dump whole ipv4/ipv6 connection tables to fullfill the existing
flows, but this needs to use hand-made flow filtering because
nfct_filter does not work when we do NFCT_Q_DUMP.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Rename collector_cb to reflect behaviour such as catching flow events.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Rename ct_dump variable & update_cb function so they reflect 'updating'
of a particular flow at runtime.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Move creating nfct filter to separate function to make collector() less
messy.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
When getting of the initial values fails in set_system_socket_memory(),
we store -1 for the values. Avoid writing these back (and causing an
error message) when calling reset_system_socket_memory().
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Instead print an error message including some more details. netsniff-ng
should still remain funcional without the socket sysctl values being
set.
Suggested-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Rename SYS_PATH to SYSCTL_PROC_PATH and make it available in sysctl.h
such that it can be used e.g. in error messages.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Avoid including linux specific headers if possible.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
There might be new fast connection between flush &
handling new events which can be not handled,
so put flushing connections before loop.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The city_{src,dst}, country_{src,dst} and rev_dns_{src,dst} members of
struct flow_entry have their size defined at compile time, so perform
the equal size checks at compile time as well.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
