summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2015-08-17netsniff-ng: ring: Fix build if tp_vlan_tpid is not available in kernel headerTobias Klauser1-2/+8
The tp_vlan_tpid member of struct tpacket_auxdata was only added in kernel commit a0cdfcf39362 ("packet: deliver VLAN TPID to userspace"). Support building netsniff-ng also against kernel headers from earlier versions. Fixes: 579e8524 ("netsniff-ng: vlan: Show vlan info from tpacket v3") Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-17netsniff-ng: vlan: Show vlan info from tpacket v3Vadim Kochan2-0/+36
Show vlan info (vid, prio & proto) from tpacket struct, in separated line. It might be useful to sniff it in case if vlan reordering is on (which is by default) and physical (vlan underlying) device supports vlan offloading. Meanwhile it uses only v3 tpacket info as location of vlan fields are different between v2 & v3 (v1 does not have it at all), but current code only has possibility to check if v3 is used which is not enough. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [ tk: make print format consistent with VLAN dissector ] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-17netsniff-ng: vlan: Use helpers when parse vlan headerVadim Kochan2-3/+31
Add proto_vlan.h with helpers to parse VLAN fields. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-10AUTHORS: Update contributor list and sort it alphabeticallyTobias Klauser1-17/+22
Add some people to the minor contributors list who were previously missing. Also sort the list alphabetically to make it easier to keep the list up to date. Also move Vadim one position up in the major contributors list according to the current commit count. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-07flowtop: Simplify nfct_is_dns()Tobias Klauser1-13/+8
Instead of creating an additional struct flow_entry on the stack just to use the CP_NFCT macros, call nfct_get_attr_u16() directly. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-07flowtop: Remove tprintf.o from object dependenciesTobias Klauser1-1/+0
The tprintf module isn't used in flowtop, no need to link it in. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-06zsh: netsniff-ng: Add completetion for --cookedTobias Klauser1-0/+1
Commit da8fcdd7 ("netsniff-ng: Add cooked cmdline option.") added the -w/--cooked command line option but didn't add it to the zsh completition. Do so now. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-06flowtop: Show counters in same color as their directionVadim Kochan1-20/+22
Show byte/packet counters in the same colors as their direction: - src in red - dst in blue so it will be easiser to identify them by direction. Also unifed counters printing in one function and changed counters naming similar to other *_src members of flow_entry struct. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: Reverted to using parentheses in printed message] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-06build: travis: Switch from legacy to container based travis buildsTobias Klauser1-3/+13
We should get faster builds by using their new infrastructure. Reference: http://docs.travis-ci.com/user/migrating-from-legacy/ Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-05build: curvetun: link against sysctl.oTobias Geerinckx-Rice1-0/+1
Fixes curvetun build failure due to undefined reference to sysctl_get_int in sock.o. [...] LD curvetun curvetun/sock.o: In function `set_system_socket_mem.part.0': sock.c:(.text+0xc0): undefined reference to `sysctl_set_int' curvetun/sock.o: In function `set_system_socket_memory': sock.c:(.text+0x4dd): undefined reference to `sysctl_get_int' sock.c:(.text+0x505): undefined reference to `sysctl_get_int' sock.c:(.text+0x52e): undefined reference to `sysctl_get_int' sock.c:(.text+0x54f): undefined reference to `sysctl_get_int' collect2: error: ld returned 1 exit status Signed-off-by: Tobias Geerinckx-Rice <tobias.geerinckx.rice@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-04flowtop: Do not insert DNS flows into listVadim Kochan1-9/+20
Just ignore DNS flows instead of insert it and then filter it out by presenter. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-04flowtop: Resolve src host if '-s' option specifiedVadim Kochan1-2/+4
Do not do reverse DNS for src hostname if '-s' option is not specified. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-04flowtop: Don't hide status bar while dumping flowsVadim Kochan1-15/+12
Don't hide status bar line when dumping flows but print "[Collecting flows ...]" on the same line. Really there is no sense to hide this status bar line. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-03netsniff-ng: Do not tune socket memory in pcap read-only modeVadim Kochan1-0/+1
If a non-privileged user opens a pcap file then netsniff-ng tries to setup socket memory which causes warnings about failing because of permissions. So don't tune socket memory in pcap-read-only mode. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-03man: flowtop: Add notes about enabling traffic accountingVadim Kochan1-2/+18
Add some explanation about traffic counters enabling via sysctl and its limitation. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: Reword some sentences] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-03flowtop: Show counters by directionVadim Kochan1-15/+25
Show bytes/pkts counters per src/dst direction. By default counters originated from dst are showed. Src counters are showed only if '-s' is specified. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-03flowtop: Get rid of flushing flows by dumping ipv4/ipv6 tablesVadim Kochan1-30/+122
Get rid of flushing connections which resets all counters. Use dump whole ipv4/ipv6 connection tables to fullfill the existing flows, but this needs to use hand-made flow filtering because nfct_filter does not work when we do NFCT_Q_DUMP. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-03flowtop: Rename collector_cb -> flow_event_cbVadim Kochan1-3/+3
Rename collector_cb to reflect behaviour such as catching flow events. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-03flowtop: Rename ct_dump -> ct_update, dump_cb -> flow_update_cbVadim Kochan1-8/+8
Rename ct_dump variable & update_cb function so they reflect 'updating' of a particular flow at runtime. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-03flowtop: Move filter creating to separate functionVadim Kochan1-16/+18
Move creating nfct filter to separate function to make collector() less messy. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-30sock: Avoid setting negative socket memory valuesTobias Klauser1-1/+1
When getting of the initial values fails in set_system_socket_memory(), we store -1 for the values. Avoid writing these back (and causing an error message) when calling reset_system_socket_memory(). Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-30sock: Don't panic() when sysctl_set_int failsTobias Klauser1-1/+2
Instead print an error message including some more details. netsniff-ng should still remain funcional without the socket sysctl values being set. Suggested-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-30sysctl: Export procfs base path in sysctl.hTobias Klauser2-6/+7
Rename SYS_PATH to SYSCTL_PROC_PATH and make it available in sysctl.h such that it can be used e.g. in error messages. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-30sysctl: Include limits.h instead of linux/limits.hTobias Klauser1-1/+1
Avoid including linux specific headers if possible. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-27flowtop: Fix missing new connections after flushVadim Kochan1-2/+2
There might be new fast connection between flush & handling new events which can be not handled, so put flushing connections before loop. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-27flowtop: Make struct flow_entry member size checks build_bug_on()Tobias Klauser1-3/+3
The city_{src,dst}, country_{src,dst} and rev_dns_{src,dst} members of struct flow_entry have their size defined at compile time, so perform the equal size checks at compile time as well. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-26flowtop: Fix collector stuck while flush IPv6 flowsVadim Kochan1-5/+17
Seems it was caused by specifying all netfilter groups when flushing connections. Used separated nfct instance w/o netfilter groups to flush ipv4/ipv6 connections. More info can be fetched from the issue item on github: https://github.com/netsniff-ng/netsniff-ng/issues/145 Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-26ifpps: Cleanup screen on panicVadim Kochan1-0/+8
Clean up ncurses screen when panic was caused. There will be limitation that error message will be printed on stderr after ncurses cleanup, so it will be needed now to use redirect to error file ... ifpps -d <dev> 2> /tmp/err ... to see error message. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-26ifpps: Fix panic when dev name contains "_"Vadim Kochan1-1/+1
Add match device name with "_" in /proc/net/dev. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-26flowtop: Fix bytes counter print for gigabyteVadim Kochan1-1/+1
'G' should be printed when bytes > 1000000000 but it was printed with 'M' prefix which was caused by missing 'else'. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-26flowtop: Use prev & next vars in flow_list_find_prev_id(...)Vadim Kochan1-6/+6
Replace n & tmp variables to more understandable prev & next. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-26flowtop: Change tcp param to 'bool is_tcp' in presenter_get_port(..)Vadim Kochan1-5/+5
Rename tcp -> is_tcp param and change it to bool. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-26flowtop: Use bool as parameter in get_port_inode(..)Vadim Kochan1-1/+1
Convert int -> bool as parameter. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-26flowtop: Convert bool in flow_entry_get_extended_is_dns(...)Vadim Kochan1-1/+1
Use bool as return type in flow_entry_get_extended_is_dns(...) func. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-23flowtop: Make presenter_flow_wrong_state() return boolTobias Klauser1-8/+6
Only 0/1 are used as return values, change to type bool. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-22flowtop: Replace bool lookup tables by switch statementTobias Klauser1-40/+37
Use a switch statement instead of looking up a valid state in the *_states_show bool arrays in presenter_flow_wrong_state(). This makes the code a bit easier to read. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-21netsniff-ng: dissector_sll: Remove NULL check alltogetherTobias Klauser1-10/+2
The check for pkt being NULL is not needed since the packet is allocated in dissector_entry_point() and panic()'s if the allocation fails. pkt->sll is also guaranteed to be non-NULL by all call sites of dissector_entry_point(). This is the proper fix for CIDs 1312074 and 1312075. Noticed-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-21netsniff-ng: dissector_sll: Fix indentation and typoTobias Klauser1-7/+7
Fix indentation for multiline function calls and correct a typo in the same area. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-21netsniff-ng: dissector_sll: Fix potential NULL dereferenceTobias Klauser1-4/+6
pkt is dereferenced before it is checked. Move the dereference after the the check. Detected by the Coverity Scanner (CID 1312074 & 1312075). Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-21flowtop: Simplify assignment of flow_entry->is_visibleTobias Klauser1-9/+7
Just assign a default value of false and override it with true if the checks go through. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-20dev: device_set_flags: also dump errorDaniel Borkmann1-1/+1
We currently don't dump the actual error message whereas we should allow the user to identify a problem more easily. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-20sock: Use sysctl helpers to access /proc/sys/ paramsVadim Kochan3-32/+11
Use helpers from sysctl.c module to set sock memory params via /proc/sys/net/core. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-20bpf: Use sysctl helpers to enable bpf jit compilerVadim Kochan4-12/+5
Use sysctl helpers to set /proc/sys/net/core/bpf_jit_enable param. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-20sysctl: Add sysctl module with /proc/sys helpersVadim Kochan4-54/+76
Moved sysctl get/set funcs from flowtop to separated sysctl module. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-20Revert "flowtop: Don't init screen until collector is ready"Vadim Kochan2-40/+0
Follow-up of commit 9a89c1d813fb ("Revert "flowtop: Fix hanging while waiting for collector"") which both address the clean up in the panic handler. This reverts commit 451275470106024f106a310a5af050b3ca046a4f. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-20Revert "flowtop: Fix hanging while waiting for collector"Vadim Kochan1-1/+1
Vadim says: "This series reverts unnecesseary cond lock when presenter waits for collector to finish its initializing part before do screen initializing, it was added only to do not panic collector when screen is initialized with ncurses so after this shell will be colored." Now screen is cleaned up in panic handler so cond lock is not needed anymore. This reverts commit 3beaa23d4d33b51a392b56f110c8773151ac19cc. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-17flowtop: Indentation fixes for multiline function signaturesTobias Klauser1-3/+3
Align the arguments/parameters on successive lines with the opening parenthesis. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-17flowtop, netsniff-ng: Move process name extraction to own functionTobias Klauser5-17/+27
flowtop and the netsniff-ng's netlink message dissector both need to get the process name for a pid from /proc/<pid>/exe, thus move that functionality to an own function. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-17flowtop: Use strncpy instead of strcatTobias Klauser1-4/+2
Make the path creation a bit more straight-forward. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-17flowtop: Show flow bytes in human readable formatVadim Kochan1-3/+21
Print flow bytes amount in human readable format units (G,M,K). Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: Make bandw2str static, change arg type, formatting] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>