summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2015-08-03flowtop: Rename collector_cb -> flow_event_cbVadim Kochan1-3/+3
Rename collector_cb to reflect behaviour such as catching flow events. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-03flowtop: Rename ct_dump -> ct_update, dump_cb -> flow_update_cbVadim Kochan1-8/+8
Rename ct_dump variable & update_cb function so they reflect 'updating' of a particular flow at runtime. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-03flowtop: Move filter creating to separate functionVadim Kochan1-16/+18
Move creating nfct filter to separate function to make collector() less messy. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-30sock: Avoid setting negative socket memory valuesTobias Klauser1-1/+1
When getting of the initial values fails in set_system_socket_memory(), we store -1 for the values. Avoid writing these back (and causing an error message) when calling reset_system_socket_memory(). Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-30sock: Don't panic() when sysctl_set_int failsTobias Klauser1-1/+2
Instead print an error message including some more details. netsniff-ng should still remain funcional without the socket sysctl values being set. Suggested-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-30sysctl: Export procfs base path in sysctl.hTobias Klauser2-6/+7
Rename SYS_PATH to SYSCTL_PROC_PATH and make it available in sysctl.h such that it can be used e.g. in error messages. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-30sysctl: Include limits.h instead of linux/limits.hTobias Klauser1-1/+1
Avoid including linux specific headers if possible. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-27flowtop: Fix missing new connections after flushVadim Kochan1-2/+2
There might be new fast connection between flush & handling new events which can be not handled, so put flushing connections before loop. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-27flowtop: Make struct flow_entry member size checks build_bug_on()Tobias Klauser1-3/+3
The city_{src,dst}, country_{src,dst} and rev_dns_{src,dst} members of struct flow_entry have their size defined at compile time, so perform the equal size checks at compile time as well. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-26flowtop: Fix collector stuck while flush IPv6 flowsVadim Kochan1-5/+17
Seems it was caused by specifying all netfilter groups when flushing connections. Used separated nfct instance w/o netfilter groups to flush ipv4/ipv6 connections. More info can be fetched from the issue item on github: https://github.com/netsniff-ng/netsniff-ng/issues/145 Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-26ifpps: Cleanup screen on panicVadim Kochan1-0/+8
Clean up ncurses screen when panic was caused. There will be limitation that error message will be printed on stderr after ncurses cleanup, so it will be needed now to use redirect to error file ... ifpps -d <dev> 2> /tmp/err ... to see error message. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-26ifpps: Fix panic when dev name contains "_"Vadim Kochan1-1/+1
Add match device name with "_" in /proc/net/dev. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-26flowtop: Fix bytes counter print for gigabyteVadim Kochan1-1/+1
'G' should be printed when bytes > 1000000000 but it was printed with 'M' prefix which was caused by missing 'else'. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-26flowtop: Use prev & next vars in flow_list_find_prev_id(...)Vadim Kochan1-6/+6
Replace n & tmp variables to more understandable prev & next. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-26flowtop: Change tcp param to 'bool is_tcp' in presenter_get_port(..)Vadim Kochan1-5/+5
Rename tcp -> is_tcp param and change it to bool. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-26flowtop: Use bool as parameter in get_port_inode(..)Vadim Kochan1-1/+1
Convert int -> bool as parameter. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-26flowtop: Convert bool in flow_entry_get_extended_is_dns(...)Vadim Kochan1-1/+1
Use bool as return type in flow_entry_get_extended_is_dns(...) func. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-23flowtop: Make presenter_flow_wrong_state() return boolTobias Klauser1-8/+6
Only 0/1 are used as return values, change to type bool. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-22flowtop: Replace bool lookup tables by switch statementTobias Klauser1-40/+37
Use a switch statement instead of looking up a valid state in the *_states_show bool arrays in presenter_flow_wrong_state(). This makes the code a bit easier to read. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-21netsniff-ng: dissector_sll: Remove NULL check alltogetherTobias Klauser1-10/+2
The check for pkt being NULL is not needed since the packet is allocated in dissector_entry_point() and panic()'s if the allocation fails. pkt->sll is also guaranteed to be non-NULL by all call sites of dissector_entry_point(). This is the proper fix for CIDs 1312074 and 1312075. Noticed-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-21netsniff-ng: dissector_sll: Fix indentation and typoTobias Klauser1-7/+7
Fix indentation for multiline function calls and correct a typo in the same area. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-21netsniff-ng: dissector_sll: Fix potential NULL dereferenceTobias Klauser1-4/+6
pkt is dereferenced before it is checked. Move the dereference after the the check. Detected by the Coverity Scanner (CID 1312074 & 1312075). Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-21flowtop: Simplify assignment of flow_entry->is_visibleTobias Klauser1-9/+7
Just assign a default value of false and override it with true if the checks go through. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-20dev: device_set_flags: also dump errorDaniel Borkmann1-1/+1
We currently don't dump the actual error message whereas we should allow the user to identify a problem more easily. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-20sock: Use sysctl helpers to access /proc/sys/ paramsVadim Kochan3-32/+11
Use helpers from sysctl.c module to set sock memory params via /proc/sys/net/core. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-20bpf: Use sysctl helpers to enable bpf jit compilerVadim Kochan4-12/+5
Use sysctl helpers to set /proc/sys/net/core/bpf_jit_enable param. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-20sysctl: Add sysctl module with /proc/sys helpersVadim Kochan4-54/+76
Moved sysctl get/set funcs from flowtop to separated sysctl module. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-20Revert "flowtop: Don't init screen until collector is ready"Vadim Kochan2-40/+0
Follow-up of commit 9a89c1d813fb ("Revert "flowtop: Fix hanging while waiting for collector"") which both address the clean up in the panic handler. This reverts commit 451275470106024f106a310a5af050b3ca046a4f. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-20Revert "flowtop: Fix hanging while waiting for collector"Vadim Kochan1-1/+1
Vadim says: "This series reverts unnecesseary cond lock when presenter waits for collector to finish its initializing part before do screen initializing, it was added only to do not panic collector when screen is initialized with ncurses so after this shell will be colored." Now screen is cleaned up in panic handler so cond lock is not needed anymore. This reverts commit 3beaa23d4d33b51a392b56f110c8773151ac19cc. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-17flowtop: Indentation fixes for multiline function signaturesTobias Klauser1-3/+3
Align the arguments/parameters on successive lines with the opening parenthesis. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-17flowtop, netsniff-ng: Move process name extraction to own functionTobias Klauser5-17/+27
flowtop and the netsniff-ng's netlink message dissector both need to get the process name for a pid from /proc/<pid>/exe, thus move that functionality to an own function. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-17flowtop: Use strncpy instead of strcatTobias Klauser1-4/+2
Make the path creation a bit more straight-forward. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-17flowtop: Show flow bytes in human readable formatVadim Kochan1-3/+21
Print flow bytes amount in human readable format units (G,M,K). Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: Make bandw2str static, change arg type, formatting] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-17flowtop: Show total numbers of flowsVadim Kochan1-14/+19
Count flows which might be showed and show this number on the top status line. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-17flowtop: Add connection traffic accountingVadim Kochan1-26/+202
Mark each flow if it is visible on the screen to know if it is needed update traffic acct info. Changed to use non blocking recv of nf conntrack events to update traffic accounting. Now nf_conntrack is cloned when new flow entry is added to send dump request which is used to update traffic accounting info (packet, bytes). Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: Formatting changes] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-17flowtop: Refactor walking for each flow node by presenterVadim Kochan1-79/+52
Change code to walk each flow by presenter to look more understandable. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: Revert unnecessary whitespace changes] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-13flowtop: Fix hanging while waiting for collectorVadim Kochan1-1/+1
Fixed issue when flowtop hangs be cause of wrong using pthread cond lockiing, so the lock should be locked first by calling thread before call to pthread_cond_wait. Fixes: 451275470106 ("flowtop: Don't init screen until collector is ready") Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-13flowtop: Fix flows disappearingVadim Kochan1-1/+3
While removing flow which is pointed by 'head' then head is set to NULL and all the list disappears, so fixed by set removing flow next entry to list 'head'. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-13netsniff-ng: minor whitespace formatting fixDaniel Borkmann1-1/+1
Just get this properly aligned. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-07flowtop man: Add note about activating netfilter connection trackingVadim Kochan1-2/+11
Add the same note about using iptables to activate conntrack as it is already described in 'flowtop -h', just to keep it in the man page too. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-01netsniff-ng: dev: Rename device_ifindex_get to __device_ifindexTobias Klauser3-4/+4
Make the function name more in line with the scheme we use for other similar functions: the function prefixed with __ returns a negative error code, the function without prefix panic()'s on error. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-06-30trafgen: Print min packet size in error messageVadim Kochan1-3/+6
Print minimum needed packet size in case if validation error. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-06-29docs: add reference to Travis CIDaniel Borkmann1-0/+4
Add a doc where a link to Travis CI can be found. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-29netsniff-ng: nlmsg: Define NTF_* constants if not provided by kernel headersTobias Klauser1-2/+20
NTF_SELF and NTF_MASTER might not be defined on older kernel versions (as is e.g. the case in the Travis CI build failing [1]). Fix this by conditionally defining all NTF_* constants. [1] https://travis-ci.org/netsniff-ng/netsniff-ng/jobs/68779130 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-06-29make: Create containing directories for manpages if not existentTobias Klauser1-1/+1
When installing to the default DESTDIR /usr/local with non existent /usr/local/share/man/man8 (or any subpath of it), the installation of manpages fails with e.g. install: cannot create regular file `/usr/local/share/man/man8/netsniff-ng.8.gz': No such file or directory make: *** [netsniff-ng_do_install] Error 1 Thus, create any leading, non-existent directories by using the INST instead of the INSTX command which will call install -d on the path. Reported-by: James Burnett <James.Burnett@geant.org> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-06-20netsniff-ng: Add dissector for Linux "cooked" packetsVadim Kochan10-13/+153
Added dissector_sll.c which uses sockaddr_ll to lookup & print higher L3 layer protocol. This dissector is mapped by LINKTYPE_LINUX_SLL link type. Sample output of dissected Netlink & Ethernet packets. Truncated manually some longer lines by "...": > nlmon0 20 1434193547s.717131169ns #6 [ Linux "cooked" Pkt Type 4 (outgoing), If Type 824 (netlink), Addr Len 0, Src (), Proto 0x0 ] [ NLMSG Family 0 (routing), Len 20, Type 0x0003 (DONE)... > wlp3s0 52 1434194181s.436224709ns #9 [ Linux "cooked" Pkt Type 4 (outgoing), If Type 1 (ether), Addr Len 6, Src (XX:XX:XX:XX:XX:XX), Proto 0x800 ] [ IPv4 Addr (XXX.XXX.XXX.XXX => 212.42.76.253), Proto (6), TTL (64), TOS (0), ... ), CSum (0x1ef5) is ok ] [ Geo (local => Ukraine) ] [ TCP Port (45849 => 443 (https)), SN (0x1744209), AN (0x46ca9611), DataOff (8) ... [ Chr .....w.Rj).. ] [ Hex XX XX XX XX XX XX XX XX XX XX XX XX ] Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-20pcap_io: add cooked mode supportDaniel Borkmann2-37/+172
Originally submitted by Vadim in a different form, he wrote: Use Linux "cooked" header for Netlink interface automatically or as replacement of L2 header if "--cooked" option is specified: http://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL.html 'Cooked headers' makes sense to use for default or nsec pcap types which does not contain protocol info. Added new LINKTYPE_LINUX_SLL which indicates pcap file with Linux "cooked" header as L2 layer header. This pcap file is compatible with Wireshark's "cooked" header & vice-versa. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-18pcap_io: add sockaddr_ll to pcap_llVadim Kochan1-0/+30
Add relevant structure and conversion functions in both directions. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [ dbkm: split out patch ] Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-18netsniff-ng: Add cooked cmdline option.Vadim Kochan3-32/+77
Add a --cooked option that we later on use for capturing in cooked header. For now, this only captures with a dgram packet socket, but the remaining logic will follow up. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [ dbkm: split out patch ] Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-18sock: Add dgram socket creation.Daniel Borkmann2-0/+22
LINKTYPE_LINUX_SLL needs datagram packet sockets. We'll need this function at a later point in time. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>