Age | Commit message (Collapse) | Author | Files | Lines |
|
Use strlcpy to copy resolved src/dst hostname.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tk: Remove superflous min() for size argument]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The SI prefix for 1000 is 'k', not 'K' (which is used for 1024 bytes by
some).
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add new -t,--interval option to specify flow refresh interval in
seconds.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tk: Fix type conversion on rate calculation]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Use GB/MB/KB for traffic rate & accounting.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Constify pointers struct flow_entry and struct nf_conntrack where
possible.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The cmdline entry of struct flow_entry is only used to display the
process name using basename() in presenter_screen_do_line(). Instead of
calling basename() everytime just call it once when we read the cmdline
proc entry and store the basename in struct flow_entry. Also rename the
struct member accordingly.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Calculate and display the rate of src/dst bytes and packets. Also change
the refresh time for the flows to 1s so the rate info will not disappear
too quickly.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Bail out early if we fail to read the current sysctl variable values for
net/netfilter/nf_conntrack_acct and net/netfilter/nf_conntrack_timestamp
Otherwise we'll not be able restore the previous value on exit/panic.
Moreover, if we fail to read the sysctl file, we usually also lack the
permissions to write it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Allow setting start/stop timestamp for new flows by enabling:
/proc/sys/net/netfilter/nf_conntrack_timestamp
on start and resetting it on exit or panic.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: Remove unnecessary cast of void pointer]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Show flow time duration in human readable form.
Originally submitted by Vadim in a slightly different form.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Instead of creating an additional struct flow_entry on the stack just to
use the CP_NFCT macros, call nfct_get_attr_u16() directly.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Show byte/packet counters in the same colors as their direction:
- src in red
- dst in blue
so it will be easiser to identify them by direction.
Also unifed counters printing in one function and changed counters
naming similar to other *_src members of flow_entry struct.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: Reverted to using parentheses in printed message]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Just ignore DNS flows instead of insert it and then
filter it out by presenter.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Do not do reverse DNS for src hostname if '-s' option
is not specified.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Don't hide status bar line when dumping flows but
print "[Collecting flows ...]" on the same line.
Really there is no sense to hide this status bar line.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Show bytes/pkts counters per src/dst direction. By default counters
originated from dst are showed. Src counters are showed only if '-s' is
specified.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Get rid of flushing connections which resets all counters.
Use dump whole ipv4/ipv6 connection tables to fullfill the existing
flows, but this needs to use hand-made flow filtering because
nfct_filter does not work when we do NFCT_Q_DUMP.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Rename collector_cb to reflect behaviour such as catching flow events.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Rename ct_dump variable & update_cb function so they reflect 'updating'
of a particular flow at runtime.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Move creating nfct filter to separate function to make collector() less
messy.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
There might be new fast connection between flush &
handling new events which can be not handled,
so put flushing connections before loop.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The city_{src,dst}, country_{src,dst} and rev_dns_{src,dst} members of
struct flow_entry have their size defined at compile time, so perform
the equal size checks at compile time as well.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Seems it was caused by specifying all netfilter groups
when flushing connections.
Used separated nfct instance w/o netfilter groups to
flush ipv4/ipv6 connections.
More info can be fetched from the issue item on github:
https://github.com/netsniff-ng/netsniff-ng/issues/145
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
'G' should be printed when bytes > 1000000000 but
it was printed with 'M' prefix which was caused
by missing 'else'.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Replace n & tmp variables to more understandable prev & next.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Rename tcp -> is_tcp param and change it to bool.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Convert int -> bool as parameter.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Use bool as return type in flow_entry_get_extended_is_dns(...) func.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Only 0/1 are used as return values, change to type bool.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Use a switch statement instead of looking up a valid state in the
*_states_show bool arrays in presenter_flow_wrong_state(). This makes
the code a bit easier to read.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Just assign a default value of false and override it with true if the
checks go through.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Moved sysctl get/set funcs from flowtop to separated sysctl module.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Follow-up of commit 9a89c1d813fb ("Revert "flowtop: Fix hanging
while waiting for collector"") which both address the clean up
in the panic handler.
This reverts commit 451275470106024f106a310a5af050b3ca046a4f.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Align the arguments/parameters on successive lines with the opening
parenthesis.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
flowtop and the netsniff-ng's netlink message dissector both need to get
the process name for a pid from /proc/<pid>/exe, thus move that
functionality to an own function.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Make the path creation a bit more straight-forward.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Print flow bytes amount in human readable format units (G,M,K).
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: Make bandw2str static, change arg type, formatting]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Count flows which might be showed and show this number
on the top status line.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Mark each flow if it is visible on the screen to know if it is needed
update traffic acct info.
Changed to use non blocking recv of nf conntrack events to update
traffic accounting.
Now nf_conntrack is cloned when new flow entry is added to send dump
request which is used to update traffic accounting info (packet, bytes).
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: Formatting changes]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Change code to walk each flow by presenter to look more understandable.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: Revert unnecessary whitespace changes]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
While removing flow which is pointed by 'head' then head is set to
NULL and all the list disappears, so fixed by set removing flow next
entry to list 'head'.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
In case if main thread already initialized screen but then collector
called panic, the process exits but console stays with the same colored
screen and shifted shell prompt.
Fixed by adding conditional variable locking.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
No need for some of the empty lines, remove them to make the output a
bit denser.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Try to convert the directory entry name to an unsigned integer with
strtoul() instead of using strspn() to determine if a proc entry is a
PID. If it is a valid PID (i.e. strtoul returned a value != 0), we can
directly use it to pass into walk_process() and there set
flow_entry->proc_num.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Instead of testing three skip conditions for every entry, make use of
the short-circuit evaluation of the boolean OR operator to only test as
few conditions as necessary.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Move the copyright/bug report/license string to an own constant and use
it for the output of help() and version() to avoid duplication and
prevent the strings from getting out of sync. This makes the text
section of flowtop.o slightly smaller:
before:
text data bss dec hex filename
15601 4 48 15653 3d25 flowtop/flowtop.o
after:
text data bss dec hex filename
15228 4 48 15280 3bb0 flowtop/flowtop.o
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Follow commit 9ad7f8882097 ("build: astraceroute: Only build ioops with
GeoIP support enabled").
The ioops module is only needed in geoip.o, thus make it dependent on
CONFIG_GEOIP.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Up to now, the lookup of TCP/UDP port names and Ethernet types was
tightly integrated with the dissector infrastructure, since it is its
main user. However, flowtop also makes use of the name lookup
functionality without needing the actual dissector infrastructure. Thus,
the basic dissector infrastructure also needs to be linked into flowtop
without actually being used.
Fix this by extracting the port/ethertype lookup into an own module
which can then be used either directly (for flowtop) or as part of the
dissector infrastructure (for netsniff-ng).
This also reverts the quick & dirty fix introduced in commit f3322c6
("flowtop: Include netlink dissector to fix build temporarily").
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Change the interface to the geoip_* functions to take a pointer to a
struct sockaddr_in{,6} instead of the struct itself.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|