summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2016-04-25trafgen: proto: Add IPv6 header generationTobias Klauser8-40/+254
Support for generating simple IPv6 headers using the 'ip6()/ipv6()' trafgen generation function. Fields supported: ver|version Version (default: 6) tc|tclass Traffic class (default: 0) fl|flow Flow Label (default: 0) len|length Payload length (calculated by default) nh|nexthdr Type of next header (default: 0) hl|hoplimit|ttl Hop Limit, TTL (default: 0) sa|saddr Source IPv6 address (default: device address) da|daddr Destination IPv6 address (default: 0:0:0:0:0:0:0:0) Examples: { eth(), ipv6(daddr=1:2:3:4:5:6:7:8) } { ipv6(tc=2, hl=3, daddr=::1) } { eth(), ipv6(nh=58, sa=2001:db8::, da=::1), 128, 0, 0x52, 0x03, 0, 0, 0, 0 } If not explicitely specified, the lower header is initialized as Ethernet. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-04-22man: trafgen: Add example program, rewritten using the trafgen functionsTobias Klauser1-0/+13
Show how the trafgen header generation functions can make a trafgen script much more concise by rewritting Jesper's example using these functions. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-04-22trafgen: proto: Replace panic() with bug() where applicableTobias Klauser3-4/+3
In some cases we use panic() in situations where the error could only happen due to an implementation error. Use bug() there as it is more applicable, as panic() is mainly used to report system call errors. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-04-22build: Always silence the no-op check commandTobias Klauser1-1/+1
There is no point in outputing the true no-op command, as it will only clutter the logs. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-04-22flowtop: man: Add how-to activate conntrack by modprobeVadim Kochan1-0/+8
Add another tip how to activate conntrack mechanism by loading required kernel modules via modprobe. This info might be used to make these modules load automatically at startup. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-04-22flowtop: Simplify flows refresh delayVadim Kochan1-18/+3
Simplify screen refresh logic by removing tricky delay logic which freezes a little key pressing. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-04-22flowtop: Get rid of clear() & refresh() callsVadim Kochan1-7/+6
Don't use refresh() & clear() as we draw entire screen and flows table will be filled with empty rows. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-04-22ui: Print empty rows when clearing tableVadim Kochan2-1/+15
Fill table with empty rows while clearing. It will allow to get rid of clear() & refresh() each time before print the flows list. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-04-22flowtop: Use new UI table API for draw flows listVadim Kochan2-105/+141
Used new UI table API for flows printing to make it more generic. Also it will allow to have same code to dump flows in text mode. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-04-22ui: Implement UI table for flows printingVadim Kochan2-0/+192
Add new module ui.c which is responsible to render different kinds of UI widgets - tables, etc. Implemented generic API for print table-like list of elements. This table API might be used for print flows in curses or text mode. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tk: change bug_on(true) to bug(), whitespace fix] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-04-22list: Add re-defined double-linked list API from liburcuVadim Kochan1-0/+39
Add definitions for list structure & functions without cds_/CDS_ prefix. The purpose of this change is to use such linked-list in sorting or ordering some kind of items (e.g. flowtop - flows, columns). Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-04-22build: travis: Build with and without libGeoIP/zlibTobias Klauser1-1/+5
In order to catch problems with missing libGeoIP/zlib stubs already in Travis CI, use the DISABLE_{GEOIP,ZLIB} variables to the configure script in all possible combinations during the CI build. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-04-22build: configure: Allow to disable support for libgeoip and zlibTobias Klauser2-0/+21
Allow users to explicitely disable linking against libgeoip and zlib, as they are completely optional, e.g: DISABLE_GEOIP=1 ./configure && make DISABLE_ZLIB=1 ./configure && make This change should also help to increase build coverage once we use these options in the Travis CI setup. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-04-22build: configure: Write a comment to config.h for disabled featuresTobias Klauser1-0/+10
When looking at config.h it should be obvious which features were enabled and disabled, so put a comment there in cased they are disabled. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-04-22flowtop: Fix compilation error when build without geoipVadim Kochan1-0/+10
Commit f61f39d ("geoip: Allow to get country 3-code") added new helpers without considering HAVE_GEOIP definition. Fixed by adding dummy functions for get 3-code country name in case if HAVE_GEOIP is not defined. Tested only by manualy disabling HAVE_GEOIP in config.h and geoip.c compilation in Config file. Fixes: f61f39d (geoip: Allow to get country 3-code) Reported-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-04-21trafgen: proto: Inline proto_current_header() into its only callerTobias Klauser1-9/+1
proto_lower_header() is the only caller for proto_current_header() which already checks header_count > 0, so inline proto_current_header() and omit the additional check and a panic() which thus can never be triggered. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-04-18flowtop: Use new colors naming & helpersVadim Kochan1-20/+22
Use new colors definitions via enum variables instead of numbers which helps to undrerstand better which kind of color is used. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-04-18screen: Add helpers to easy use color by nameVadim Kochan1-0/+17
Added macros which allow easy specify color pair like: INIT_COLOR(YELLOW, BLACK); COLOR(YELLOW, BLACK); COLOR_ON(YELLOW, BLACK); by calculating pair id via generic formula. Added shorter color names via new enum. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-04-18flowtop: Add display option to show src infoVadim Kochan1-9/+11
Add 's' key option to toggle source peer info at runtime, behaviour is the same like for '-s' command line option. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-04-18flowtop: Change flows layout to 1-row viewVadim Kochan1-200/+191
Changed flows list layout to look more a top-like output with header and in 1 line. When -s option is specified then layout changes to 2 lines view including with src peer info and dst under it on next line. Also shortified flow state names to allocate less space. Removed presenter_get_port be cause ports are printed for both peers separately. The flow duration time is printed in very short form in one of the units: XXd - days XXh - hours XXm - minutes XXs - seconds the reason is that it is enough to have actually generic understanding about flow time in the biggest time unit. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-04-18geoip: Allow to get country 3-codeVadim Kochan2-0/+16
Add func to get country code-3 name by IPv4/6 address Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-04-17AUTHORS: Add Arch3y for his contributionTobias Klauser1-0/+1
Add Arch3y for a0f448c and f5ae2cd (PR #156). Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-04-17build: fix compilation warnings with _GNU_SOURCEarch3y3-4/+9
Fix the following warnings when building with glibc>=2.20: proc.c:1:0: warning: "_GNU_SOURCE" redefined ioops.c:1:0: warning: "_GNU_SOURCE" redefined xmalloc.c:8:0: warning: "_GNU_SOURCE" redefined Signed-off-by: Arch3y <arch3y@archstrike.org> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-04-17build: Define _DEFAULT_SOURCE to fix compilation warnings with glibc>=2.20arch3y2-0/+2
Fixes depracation issues for glibc>=2.20 if we define _BSD_SOURCE we must also define _DEFAULT_SOURCE as well from tprintf.c warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE" from astraceroute.c warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE" Signed-off-by: Arch3y <arch3y@archstrike.org> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-03-29AUTHORS: Add Tommy for his contributionTobias Klauser1-0/+1
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-03-29mausezahn: Allow IPv6 ranges to be specified for source and dest addressesTommy Beadle5-34/+444
This allows a user to pass a range of IPv6 addresses, either like: fec0:5000::1-fec0:5000::100 or in CIDR notation: fec0:5000::0/112 These can be used for the -A and/or -B command-line options. The largest range that can be used is a /64. In other words, if using CIDR notation, the masklen must be <= 128 and >= 64. Signed-off-by: Tommy Beadle <tbeadle@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-03-22netsniff-ng v0.6.1v0.6.1Tobias Klauser1-2/+2
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-02-23trafgen: man: Add description for 'mpls()' functionVadim Kochan1-2/+27
Add syntax & fields description for 'mpls()' function, also: 1) add line break for VLAN header notes 2) fix ip -> ipv4 in UDP echo example 3) consistent spelling of EtherType Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-02-23trafgen: parser: Add syntax for MPLS header creatingVadim Kochan2-1/+40
Add 'mpls()' function for creating MPLS header with parameters: lbl|label MPLS label last Indicates the last label on MPLS stack tc|tclass|exp Traffic Class (TC) ttl TTL (Time To Live) Currently only unicast MPLS is supported, but multicast might be set via 'eth()' function. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-02-23trafgen: l2: Add MPLS header generationVadim Kochan3-0/+40
Add support for MPLS header creating with fields: Label, TClass, Bottom-Stack, TTL By default S-field is set to 1 (last label), but resets to 0 if lower MPLS header is added. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-02-23trafgen: proto: Fix bad field maskingVadim Kochan1-4/+20
Current logic does OR of existing field value & shift-masked specified value, which is not enough as 0s bits from the specified value will be not set (be cause of OR), so fixed it by reseting original field value by AND with reverted field mask, in otherwords - bits part of original field value is reset to 0s and only after OR-ed with specified shift-masked value. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-02-03built_in: Include stddef.h to avoid redefinition of offsetof() macroTobias Klauser1-1/+2
The stddef.h header might define the offsetof() macro unconditionally, leading to the macro being redefined if built_in.h is included _before_ stddef.h. This will lead sparse to complain as follows: /usr/lib/gcc/x86_64-linux-gnu/4.8//include/stddef.h:413:9: warning: preprocessor token offsetof redefined ./built_in.h:151:10: this was the original definition Fix this by explicitly including stddef.h in built_in.h Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-02-03trafgen: proto: Make proto_current_header() staticTobias Klauser2-2/+1
After commit 88b359d2aa7e ("trafgen: proto: Simplify getting lower protocol after init") proto_current_header() is no longer used outside trafgen_proto.c, so make it static. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-02-02trafgen: man: Add help for VLAN header functionVadim Kochan1-0/+29
Add usage, syntax & parameters description for 'vlan()' function. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-02-02trafgen: parser: Add syntax for VLAN header creatingVadim Kochan2-0/+49
Add 'vlan()' function to generate VLAN header. Fields supported: tpid|proto Set TPID (Tag Protocol Identifier) (default 0x8100) 1ad Set TPID field as 0x88a8 1q Set TPID field as 0x8100 tci Set TCI (Tag Control Information) (default 0) pcp Set PCP (Priority Code Point) (PCP) (default 0) dei|cfi Set DEI (Drop Eligible Indicator) (default 0) id Set VID (VLAN Identifier) (default 0) Examples: { eth(), vlan(id=1), ipv4() } { vlan(id=1, 1ad), vlan(id=100, pcp=3), ipv4() } Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-02-02trafgen: l2: Add VLAN header generationVadim Kochan3-11/+65
Add generation of VLAN header with supported fields: TPID, DEI/CFI, PCP, VID Changed struct proto_field.offset uint16_t -> int16_t to make TPID offset -2 to point to ether type. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-02-02trafgen: ipv4: Add setting next protocol idVadim Kochan2-20/+26
Move setting lower protocol id field value from UDP & TCP protocols to IPv4 only, so lower layer will know exactly value to set in protocol id field. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-02-02trafgen: eth: Add setting next protocol idVadim Kochan2-4/+24
Move setting next protocol id field from higher protocols (ARP, IPv4) to Ethernet. It makes code little more generic w/o checking each lower protocol and setting specific field id. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-02-02trafgen: proto: Add set_next_proto callback to struct proto_hdrVadim Kochan5-9/+20
Add set_next_proto callback to proto_hdr struct to allow lower protocol set next protocol id by enum proto_id. Extended proto_lower_default_add(...) function to take upper protocol to delegate it's id to lower protocol to set next protocol field. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-02-02trafgen: proto: Simplify getting lower protocol after initVadim Kochan6-19/+16
Change proto_header_init(...) and proto_lower_default_add(...) functions to return struct proto_hdr * to do not call proto_current_header(...) after, so it makes more sense to get struct proto_hdr * right after initializing protocol by id. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-02-02trivial: trafgen: parser: Fix spacingTobias Klauser1-11/+11
Get rid of some unnecessary double spaces to make parsers rules look consistent. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-02-01trafgen: parser: Fix parsing of "prot[o]" field in eth()Tobias Klauser2-3/+7
Commit 2ba202b introduced the [e]type field for specifiying the Ethertype, but at the same time made the existing "prot[o]" field name not work anymore. Fix it by providing a specific parser rule as it cannot be solved in the lexer grammar alone (which will always use the first matching token). Fixes: 2ba202b ("trafgen: parser: Support "etype"/"type" keywords for Ethertype") Reported-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-02-01trafgen: proto: Mark fields parameter to proto_header_fields_add as constTobias Klauser2-6/+7
It's not changed inside the function, so mark it as const. Also adjust the header guards. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-02-01trafgen: parser: Add TCP header generation functionTobias Klauser5-1/+202
Add a function 'tcp()' to generate TCP headers from the trafgen configuration language. Fields supported: sp|sport TCP source port (default 0) dp|dport TCP destination port (default 0) seq Sequence number (default: 0) aseq|ackseq Acknowledgement number (default 0) doff|hlen Header length/data offset (default: 5) cwr Congestion Window Reduced flag (default: 0) ece|ecn ECN-Echo flag (default: 0) urg Urgent flag (default: 0) ack Acknowledgement flag (default: 0) psh Push flag (default: 0) rst Reset flag (default: 0) syn Synchronize flag (default: 0) fin Finish flag (default: 0) win|window Receive window size (default: 0) csum Checksum field (calculated automatically) urgptr Urgent pointer (default: 0) Example (SYN on port 80/http): { tcp(dport=80, syn, window=5840) } Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-01-29trafgen: parser: Rename IPv4 specific types and union membersTobias Klauser2-10/+10
Rename lexer/parser type and union member ip_addr to ip4_addr. This will make it easier to distinguish from IPv6 addresses, to be added an a follow-up patch. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-01-29trafgen: l2: Make needlessly global symbol eth_fields staticTobias Klauser1-1/+1
This fixes the following sparse warning: trafgen_l2.c:13:20: warning: symbol 'eth_fields' was not declared. Should it be static? Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-01-29trafgen: parser: Support "etype"/"type" keywords for EthertypeTobias Klauser6-12/+18
The IEEE 802.3 standard commonly refers to the field specifying the upper layer protocol as Ethertype, not protocol. Thus, also support the keywords "etype" and "type" for this field. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-01-29AUTHORS: Add Erik for his contributionTobias Klauser1-0/+1
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-01-29netsniff-ng: Remove duplicate '=' in assignmentTobias Klauser1-1/+1
Remove a duplicate '=' introduced by me when amending commit 0ae726d ("netsniff-ng: Use time of SIGHUP time when rotating files prematurely"). Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-01-29netsniff-ng: Use time of SIGHUP time when rotating files prematurelyErik Bengtsson1-2/+13
Use the timestamp of the SIGHUP in the file name when rotating file prematurely instead of the file creation date, which might be delayed depending on when the next packet arrives. This should make it a bit easier to synchronize pcap files captures by multiple instances of netsniff-ng on multiple interfaces. Signed-off-by: Erik Bengtsson <e.bengtsson@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>