| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Add new syntax for DNS header generation via 'dns()' proto function.
The fields are supported:
id - 16 bit identifier
qr - message is a query(0) or response(1)
op|oper - specified kind of query
aanswer - authoritative answer flag
trunc - message was truncated flag
rdesired - recursion desired flag
ravail - recursion available flag
zero - reserved for future use
rcode - response code
qdcount - number of entries in question section
ancount - number of entries in answer section
nscount - number of entries in authority section
arcount - number of entries in additional section
Also there are functions to generate DNS sections:
'qry()' function to generate separate query entry:
name - variable domain name
type - type of the query
class - class of the query
'ans()', 'auth()', 'add' functions to generate separate answer,
authoritative, adidditional entry with the same fields layout:
name - variable domain name
type - resource record type
class - class of the data
ttl - time interval that the record may be cached
len - length of data
data - variable length of bytes
All the DNS section entries will be automaticlly sorted by DNS proto API
in the way which is required by DNS header:
query entries
answer entries
authoritative entries
additional entries
'name' field in qry/ans/auth/add functions is automatically converted to
FQDN format if it was specified as "string".
There are also added functions to simplify the way of filling
some often used RR types for using them inside ans/auth/add functions:
addr(ipv4_addr | ipv6_addr) - fills the following RR fields:
len - 4 or 16 depends on IPv4 or IPv6 address was specified
data - is filled with IPv4 or IPv6 address
type - 1 for IPv4 address, 28 - for IPv6
ns(string)
type - 2
cname(string)
type - 5
ptr(string)
type - 12
EXAMPLES:
{
dns(qr=1,
auth(name="ns1", ns("ns1.org")),
ans(name="www.google.com", cname("google.com")),
auth(name="aa", ns("bb")),
qry(name="www.google.com"))
}
{
dns(qr=1, ans(name="www.google.com", addr(1.2.3.4)))
}
{
dns(qr=1, ans(name="www.google.com", addr(1::)))
}
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add trafgen_l7.c module with DNS proto header generation with
support of filling DNS query/answer/authority/additional sections
as sub headers.
Introcuded new concept as 'sub header' which is needed to easy handle
DNS sections which might be added on-demand, and to simplify using
sub-header as regular header with a fields, offset, etc. There is a
parent header which contains array of pointers of sub-headers, and the
array is ordered as they are located in the parent header. The
sub-headers mostly encapsulated by the parent header which 'knows'
the semantic of them. The new proto_hdr->push_sub_header(...) callback
was added to tell the parent header to push the sub-header's fields,
sub-header also may have proto_ops which must be filled by the parent.
This sub-header concept might be used in the future if it will be needed
to support DHCP, WLAN headers.
There are 4 kinds of DNS sub-headers - query, answer, authority,
additional. 'id' of each sub-header is used to only differentiate these
types of sections. These sections have strict order inside DNS header,
and there was added the proto_hdr_move_sub_header(...) to sort them in
required order.
Actually there are only 2 proto_hdr's which describes 4 DNS sections -
query & rrecord, because rrecord covers another 3 - answer, auhority,
additional which have the same layout.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add str2fqdn for converting hostname string into DNS name notation:
www.xxxx.yy.com -> 3www4xxxx2yy3com0
Returned string must be freed after use by the caller.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
It is quite tricky to set field value with a variable length
(i.e. DNS query name), to make it possible the field
needs to be added to header with 'len=0' in that case there
will be no any payload allocation, but only while setting the field
value the packet will be appended with a real length bytes and after
the field needs to be relocated to the right place.
Also add 'len' parameter to *_set_bytes(...) functoins to have better
control over it.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Move scrolling logic to the ui.c module, it requires to have
some data iteration provided in flowtop.c and delegated to ui.c part.
So approach is that now flowtop provides 2 additional callbacks for:
1) Iterate over flows/procs list
2) Draw flow/proc on each iteration which is controlled from ui.c
it allows to unify scrolling logic and delegate it to the ui.c, in the
future it should allow to easy handle press event on selected row and
drow some additional information, or draw a cursor line per selected
row.
Also fixed case when down scrolling was bigger that printed rows, not
it is handled by ui part.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add Baruch for commits 4de312bce77d ("flowtop: take PKG_CONFIG into
account for libnetfilter_conntrack") and 95f6019a2060 ("proc.h: add
missing headers").
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
ino_t and pid_t require stat.h and types.h, respectively. Fixes the following
build failure with musl libc:
In file included from cpp.c:7:0:
proc.h:11:31: error: unknown type name =E2=80=98ino_t=E2=80=99
extern int proc_find_by_inode(ino_t ino, char *cmdline, size_t len, pid_t =
*pid);
^
proc.h:11:69: error: unknown type name =E2=80=98pid_t=E2=80=99
extern int proc_find_by_inode(ino_t ino, char *cmdline, size_t len, pid_t =
*pid);
^
proc.h:12:25: error: unknown type name =E2=80=98pid_t=E2=80=99
extern bool proc_exists(pid_t pid);
^
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
[tk: complementary fix to commit a9f4431e0a20]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Use $PKG_CONFIG to determine the linker flags for libnetfilter_conntrack. This
fixes static link failure like the following:
LD flowtop
.../usr/x86_64-buildroot-linux-musl/sysroot/usr/lib/../lib64/libnetfilter_conntrack.a(main.o): In function `nfct_open_nfnl':
main.c:(.text+0x52): undefined reference to `nfnl_subsys_open'
main.c:(.text+0x69): undefined reference to `nfnl_subsys_close'
main.c:(.text+0x87): undefined reference to `nfnl_subsys_open'
main.c:(.text+0xa3): undefined reference to `nfnl_subsys_close'
.../usr/x86_64-buildroot-linux-musl/sysroot/usr/lib/../lib64/libnetfilter_conntrack.a(main.o): In function `nfct_open':
main.c:(.text+0xc9): undefined reference to `nfnl_open'
main.c:(.text+0xf0): undefined reference to `nfnl_close'
...
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Use proto_field_set_xxx(field, ...) instead of
proto_hdr_field_set_xxx(hdr, fid, ...) to be more generic and do not
depend on 'hdr' variable.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
There is no point in having the parser show translated error messages
while the rest of the program does only show them in English.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
There is no point in having the parser show translated error messages
while the rest of the program does only show them in English.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Redefining memset/memcpy causes problems when building with fortified
headers on Alpine Linux. Instead of uncoditionally defining these,
explicitely use fmemcpy/fmemset in performance critical paths and
otherwise let the compiler decide about optimizations.
Fixes #173
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The musl libc headers redefine some of the structs in linux/if_arp.h and
linux/if_ether.h, leading to compilation errors. Fix those by using the
libc provided versions of these headers and provide compatibility
defines for those that aren't present in older glibc versions.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Make the return type make the functions for HAVE_GEOIP. This fixes GCC's
-Wdiscarded-qualifiers warnings when building without geoip support.
Fixes: 8fd19eefa46b ("geoip: Fix memory leak when using GeoIPRecord")
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Include <unistd.h> and <sys/types.h> in the header already as the
declarations for proc_find_by_inode(...) and proc_exists(...) use ino_t
and pid_t, respectively.
Fixes: 1edfb2409d15 ("flowtop: Move & refactor walk_processes() to proc.c")
Fixes: 1df0f481922a ("flowtop: Add process UI tab entry")
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Perl is not available on certain distributions by default (e.g. Alpine
Linux). In order to avoid depending on perl just to extract the lex/yacc
prefix, use sed instead which should be available almost everywhere.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The struct ctx in initialized using memset(ctx, 0, sizeof(*ctx) in
init_ctx(), so there is no need to zero these members again.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
After kernel commit a07ea4d9941a ("genetlink: no longer support using
static family IDs"), GENL_ID_GENERATE is no longer exposed to userspace
(and actually should never have been). Change the genl nlmsg dissector
to only consider the nlctrl family and the two other static family IDs
needed for workarounds. All other family IDs are considered dynamically
generated.
Fixes #171
Reported-by: Jaroslav Škarvada <jskarvad@redhat.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
If the passed buffer is too small to contain an address of length alen
(i.e. during fuzzing), we overflow the buffer due to blen being
decremented below 0, which gets wrapped around to a really large value
when passed as the size argument to snprintf().
Fix it by incorporating the changes to iproute2 ll_addr_n2a() where the
issue was fixed in commit f63ed3e62989 ("lib/ll_addr: improve
ll_addr_n2a() a bit").
Fixes #170
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Rename <bytes> token member to <mac> as it is used only for MAC
address parsing, for dynamic sized bytes array we have <str>.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
When building with 'make Q=' the echo commands used for the quiet mode
are still output, making it hard to read for humans.
Instead, disable the echo command completely if the $(Q) build variable
is not set.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The parser generator's name is yacc, not yaac.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Update -i, --in option with pcap file as input parameter.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add ability to send packets from pcap file if it has
".pcap" extension via "-i,--in" option.
By default packet sending is delayed considering original
packets timestamps if no rate or delay is specified via -b/-t options.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add pcap_get_tstamp(...) function to get packet's timestamp considering
different packet types & bytes order.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
tun interface does not have Ethernet header so lets push Ethernet
header only if device supports this.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
GeoIP_record_by_ipnum{,_v6} returns allocated pointer to
GeoIPRecord with allocated city, region & postal_code which is
not freed after the call.
Fixed by xstrdup-ing required GeoIPRecord member (city/region) and
after calling GeoIPRecord_delete to free the geoip record.
Of course it is needed to also free obtained city/region in netsniff-ng,
astraceroute & flowtop tools.
Fixes #169
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
While fixing the issue with getting of IPv4 address from device,
the setting of default src IPv4/IPv6 addresses was moved from
hdr->header_init(...) callback to hdr->packet_finish(...), but
packet_finish(...) is called in the following order:
udp_hdr->packet_finish() - UDP csum calculation over IPv4/6 pseudo header
ip4_hdr->packet_finish() - setting default src IPv4 address from dev
...
So src IPv4/6 address will be set after UDP/TCP csum calculation which
is wrong, so fixed issue by moving it to the hdr->header_init(...) stage
as it was before the c4e07d5142c8.
Fixes: c4e07d5142c8 ("trafgen: l3: Support interface without IP address")
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add process UI tab entry to show flows statistics per pid.
Also changed flow_entry which now has pointer to new struct proc_entry
object which contains process related info.
On each 1 second refresh proc_entry is checked if it exists by checking
/proc/<pid> path, and is deleted if there is no any flows related to it
(flows_count is 0), if the process exists then dst & src rates info is
zeroed and summed from the all related flows which are in the
proc_entry->flows list.
The bytes & pkts amount info is collected during all the time process
exists.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add ui_tab API to create ui tab control to switch between
different ui tables which may contain different aggregated
info per unique pid/port/proto/dst/src.
Meanwhile there is only 1 ui tab entry for flows table.
Added some missing cds_list_{next,prev,last}_entry functions
into urcu-list-compat.h header.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Use the cds_list_* types and macros directly instead of redefining them.
This makes it clear that we're not using the Linux kernel implementation
of list_head but the one from urcu.
Also make sure _LGPL_SOURCE is defined everywhere the urcu
functionality is used, such that we get the statically linkable version
with reduced overhead.
Reference: https://lwn.net/Articles/573424/#qq2answer
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
list.h provides generic Linux-like linked list API which also supports
RCU list operations.
Also additionally was removed the spinlock which is not needed for
RCU-list operations, for the list_del_rcu(...) case it is needed
additionally call call_rcu(...) before free the flow entry.
Because of full RCU support now flows are freed after grace-period
(after presenter leaves RCU lock) via calling call_rcu(), because
of that for the new entries we return NFCT_CB_STOLEN to tell conntrack
API do not automatically free received nfct_conntrack object, it will be
freed by us via call_rcu(...) therefor no need to use nfct_clone(n).
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The rules mpls_expr and icmpv6_proto are missing a terminating
semicolon. Even though bison seems to accept the rules this way, make
them consistent with all the others in the file.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Use halfdelay(1) to poll keyboard input with delay in 1 tenth of second
and get rid of custom usleep(...) using.
With this approach (it is also used in htop tool) the key events are more
sensitive to user inputs.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add short note about field offset syntax with an example.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Exclude .git* files and .travis.yml from release packages created using
git archive.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Extend proto field expression to:
proto_field[{index}:{len}] = {func}
which allows to specify function on the field offset via index
and value length (default is 1 - 1 byte). This rule is optional.
It was needed to keep of proto_field's copies in packet_dyn->fields
instead of original fields which allows to scpecify different functions
on the different parts of same field, also the copy of original
proto_field allows to set custom length/pkt_offset which makes such
field behave as virtual sub-field of the original one with different
length/pkt_offset but point to the same piece of header.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Used IPv6 pattern from nftables project [1] to match valid only IPv6
address to do not mess with MAC or other syntax patterns with ':' symbol.
[1] http://git.netfilter.org/nftables/tree/src/scanner.l
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tk: add refrence to nftables source]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add proto_field_xxx functions to set/get value via specified
proto_field only.
It is good to have such API in case if application needs to set/get
value for some custom proto_field instance.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Rename all proto_field_xxx(...) functions to proto_hdr_field(...).
It is good for 2 reasons:
1) proto_hdr_field_xxx naming is more consistent as
it is related to proto_hdr API.
2) It makes possible to introduce proto_field_xxx API
which will operate only with struct proto_field.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Change __proto_field_set_bytes(...) function to take struct proto_field
instead of doing lookup by hdr & fid.
It is needed to able use this function with some custom
modified struct proto_field (len, pkt_offset).
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Rename field_expr rule to field_value_expr to indicate the rule
relates to field value part in case if there will be added field_expr
rule to describe field expression syntax.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add proc_find_by_inode() in proc.c which finds pid by inode & gets
processe's command line and use it in the flowtop.c instead of
walk_processes().
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Don't add a trailing whitespace to the string returned by argv2str().
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
In the third attempt, finally do the packet slot zeroing correctly. Zero
the struct packet in __init_new_packet_slot() not the struct packet_dyn
in __init_new_counter_slot().
Don't know what hit me yesterday...
Fixes: d6d511ecff24 ("trafgen: proto: Zero out newly allocated struct packet")
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
When using a filter with netsniff-ng without libpcap support, e.g.
$ netsniff-ng --in eth0 tcp or udp
we get the error:
Cannot compile filter tcp or udp
which isn't correct and might be confusing for the user as the intention
wasn't to specify a filter file but a filter string. Correct the error
message accordingly.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
compile_filter() is defined in bpf_parser.y (and thus the generated
parser), no need for a prototype beforehand.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Fix the fat-fingered previous commit which I pushed out too early ;(
Fixes: d6d511ecff24 ("trafgen: proto: Zero out newly allocated struct packet")
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
When allocating a new struct packet, the headers and headers_count
fields are not zeroed and retain whatever value the allocator returned.
Incidentally, this usually seems to have been zero. But on some systems
(e.g. Ubuntu 16.04 with a self-compiled 4.9) it is not and we hit the
following bug_on:
trafgen: trafgen_proto.c:135: proto_header_push: Assertion `!(pkt->headers_count >= 16)' failed.
Fix this by properly zeroing the entire struct packet.
Fixes: e7dd63060e44 ("trafgen: proto: Update field value at runtime")
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
