Age | Commit message (Collapse) | Author | Files | Lines |
|
The tp_vlan_tpid member of struct tpacket_auxdata was only added in
kernel commit a0cdfcf39362 ("packet: deliver VLAN TPID to userspace").
Support building netsniff-ng also against kernel headers from earlier
versions.
Fixes: 579e8524 ("netsniff-ng: vlan: Show vlan info from tpacket v3")
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Show vlan info (vid, prio & proto) from tpacket struct, in separated
line. It might be useful to sniff it in case if vlan reordering is on
(which is by default) and physical (vlan underlying) device supports
vlan offloading.
Meanwhile it uses only v3 tpacket info as location of vlan fields are
different between v2 & v3 (v1 does not have it at all), but current code
only has possibility to check if v3 is used which is not enough.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[ tk: make print format consistent with VLAN dissector ]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add proto_vlan.h with helpers to parse VLAN fields.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add some people to the minor contributors list who were previously
missing. Also sort the list alphabetically to make it easier to keep the
list up to date.
Also move Vadim one position up in the major contributors list according
to the current commit count.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Instead of creating an additional struct flow_entry on the stack just to
use the CP_NFCT macros, call nfct_get_attr_u16() directly.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The tprintf module isn't used in flowtop, no need to link it in.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Commit da8fcdd7 ("netsniff-ng: Add cooked cmdline option.") added the
-w/--cooked command line option but didn't add it to the zsh
completition. Do so now.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Show byte/packet counters in the same colors as their direction:
- src in red
- dst in blue
so it will be easiser to identify them by direction.
Also unifed counters printing in one function and changed counters
naming similar to other *_src members of flow_entry struct.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: Reverted to using parentheses in printed message]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
We should get faster builds by using their new infrastructure.
Reference: http://docs.travis-ci.com/user/migrating-from-legacy/
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Fixes curvetun build failure due to undefined reference to
sysctl_get_int in sock.o.
[...]
LD curvetun
curvetun/sock.o: In function `set_system_socket_mem.part.0':
sock.c:(.text+0xc0): undefined reference to `sysctl_set_int'
curvetun/sock.o: In function `set_system_socket_memory':
sock.c:(.text+0x4dd): undefined reference to `sysctl_get_int'
sock.c:(.text+0x505): undefined reference to `sysctl_get_int'
sock.c:(.text+0x52e): undefined reference to `sysctl_get_int'
sock.c:(.text+0x54f): undefined reference to `sysctl_get_int'
collect2: error: ld returned 1 exit status
Signed-off-by: Tobias Geerinckx-Rice <tobias.geerinckx.rice@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Just ignore DNS flows instead of insert it and then
filter it out by presenter.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Do not do reverse DNS for src hostname if '-s' option
is not specified.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Don't hide status bar line when dumping flows but
print "[Collecting flows ...]" on the same line.
Really there is no sense to hide this status bar line.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
If a non-privileged user opens a pcap file then netsniff-ng tries to setup
socket memory which causes warnings about failing because of permissions.
So don't tune socket memory in pcap-read-only mode.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add some explanation about traffic counters enabling via
sysctl and its limitation.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: Reword some sentences]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Show bytes/pkts counters per src/dst direction. By default counters
originated from dst are showed. Src counters are showed only if '-s' is
specified.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Get rid of flushing connections which resets all counters.
Use dump whole ipv4/ipv6 connection tables to fullfill the existing
flows, but this needs to use hand-made flow filtering because
nfct_filter does not work when we do NFCT_Q_DUMP.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Rename collector_cb to reflect behaviour such as catching flow events.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Rename ct_dump variable & update_cb function so they reflect 'updating'
of a particular flow at runtime.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Move creating nfct filter to separate function to make collector() less
messy.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
When getting of the initial values fails in set_system_socket_memory(),
we store -1 for the values. Avoid writing these back (and causing an
error message) when calling reset_system_socket_memory().
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Instead print an error message including some more details. netsniff-ng
should still remain funcional without the socket sysctl values being
set.
Suggested-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Rename SYS_PATH to SYSCTL_PROC_PATH and make it available in sysctl.h
such that it can be used e.g. in error messages.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Avoid including linux specific headers if possible.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
There might be new fast connection between flush &
handling new events which can be not handled,
so put flushing connections before loop.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The city_{src,dst}, country_{src,dst} and rev_dns_{src,dst} members of
struct flow_entry have their size defined at compile time, so perform
the equal size checks at compile time as well.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Seems it was caused by specifying all netfilter groups
when flushing connections.
Used separated nfct instance w/o netfilter groups to
flush ipv4/ipv6 connections.
More info can be fetched from the issue item on github:
https://github.com/netsniff-ng/netsniff-ng/issues/145
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Clean up ncurses screen when panic was caused. There will be limitation
that error message will be printed on stderr after ncurses cleanup, so
it will be needed now to use redirect to error file ...
ifpps -d <dev> 2> /tmp/err
... to see error message.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Add match device name with "_" in /proc/net/dev.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
'G' should be printed when bytes > 1000000000 but
it was printed with 'M' prefix which was caused
by missing 'else'.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Replace n & tmp variables to more understandable prev & next.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Rename tcp -> is_tcp param and change it to bool.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Convert int -> bool as parameter.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Use bool as return type in flow_entry_get_extended_is_dns(...) func.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Only 0/1 are used as return values, change to type bool.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Use a switch statement instead of looking up a valid state in the
*_states_show bool arrays in presenter_flow_wrong_state(). This makes
the code a bit easier to read.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The check for pkt being NULL is not needed since the packet is allocated
in dissector_entry_point() and panic()'s if the allocation fails.
pkt->sll is also guaranteed to be non-NULL by all call sites of
dissector_entry_point().
This is the proper fix for CIDs 1312074 and 1312075.
Noticed-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Fix indentation for multiline function calls and correct a typo in the
same area.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
pkt is dereferenced before it is checked. Move the dereference after the
the check.
Detected by the Coverity Scanner (CID 1312074 & 1312075).
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Just assign a default value of false and override it with true if the
checks go through.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
We currently don't dump the actual error message whereas we should
allow the user to identify a problem more easily.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Use helpers from sysctl.c module to set sock memory params
via /proc/sys/net/core.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Use sysctl helpers to set /proc/sys/net/core/bpf_jit_enable param.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Moved sysctl get/set funcs from flowtop to separated sysctl module.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Follow-up of commit 9a89c1d813fb ("Revert "flowtop: Fix hanging
while waiting for collector"") which both address the clean up
in the panic handler.
This reverts commit 451275470106024f106a310a5af050b3ca046a4f.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Vadim says:
"This series reverts unnecesseary cond lock when presenter waits for
collector to finish its initializing part before do screen initializing,
it was added only to do not panic collector when screen is initialized
with ncurses so after this shell will be colored."
Now screen is cleaned up in panic handler so cond lock is not needed
anymore. This reverts commit 3beaa23d4d33b51a392b56f110c8773151ac19cc.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Align the arguments/parameters on successive lines with the opening
parenthesis.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
flowtop and the netsniff-ng's netlink message dissector both need to get
the process name for a pid from /proc/<pid>/exe, thus move that
functionality to an own function.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Make the path creation a bit more straight-forward.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Print flow bytes amount in human readable format units (G,M,K).
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: Make bandw2str static, change arg type, formatting]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|