Age | Commit message (Collapse) | Author | Files | Lines |
|
Changed flows list layout to look more a top-like output
with header and in 1 line. When -s option is specified
then layout changes to 2 lines view including with src peer
info and dst under it on next line.
Also shortified flow state names to allocate less space.
Removed presenter_get_port be cause ports are printed for both peers
separately.
The flow duration time is printed in very short form in one of the
units:
XXd - days
XXh - hours
XXm - minutes
XXs - seconds
the reason is that it is enough to have actually generic understanding
about flow time in the biggest time unit.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Simplify dump & flows refreshing via one nfct handle, which is enough.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
There is no need to have 2 separate handlers for the flow updating, so
use the one which was used for flow refreshing. Significant change is
that a new flow entry will be not added during update (i.e. on
NFCT_T_UPDATE events) if it was not found in the list. But this case
shoud never happen as there will always be an NFCT_T_NEW event before an
NFCT_T_UPDATE event.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Reset do_reload_flows flag before dump flows. It allows to change
filter state more dynamically
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Show 'Active' filter status if 'a' was pressed.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Show family name in the filter status line.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add U/T/I/D/S runtime commands (same like for command line)
to filter flows by UDP/TCP/ICMP/DCCP/SCTP proto.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add header bar to be symmetric to the footer.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
It's not only ports we look up, make the names a bit more generic.
Preparatory patch before moving OUI lookup to the lookup module.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
No need to use if/else, just toogle it like any other bool.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add command 'a' to show only active flows with rate > 0 (dst or src).
Now 'n->is_visible' means which flow to show by presenter.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add interactive command 'b' to change rate units to show.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Show help window by pressing '?' with interactive commands description.
Added simple footer bar with help label.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Seems like screen is updating too frequently which
may block some terminals, so lets do it once in 1s
but only if no key was pressed.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Make rate calculation more carefully by checking previous & current
bytes/pkts counter.
Do calculation only if update time passed >= 1s.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
It is easier to differentiate bytes/pkts counters with rate counters
if to use different colors.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Rename flow_entry_direction to flow_direction, which is a bit shorter
and change the enum value names to be in upper case.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Handle non-zero return values by exiting flowtop like we do in the other
tools.
This fixes Coverity warnings CID 1338093 and CID 1338092.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add G,--no-geoip to the usage output.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Replace bugs@netsniff-ng.com with netsniff-ng@googlegroups.com
which is used in REPORTING-BUGS file.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add -b,--bits command line option to show rates in bits/s instead of
bytes/s.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Make sure we always terminate the strings with '\0'. Also only set the
first byte to '\0' instead of memset()ing the entire buffer in case no
city/country is returned.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Use boolean false/true for show_src option value. This makes the
handling of on/off parameters more consistent.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add option -G,--no-geoip which allows to disable GeoIP lookup.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tk: Minor wording tweaks]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add option -n,--no-dns which allows to disable hostname lookup.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tk: Minor wording tweaks]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Use strlcpy to copy resolved src/dst hostname.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tk: Remove superflous min() for size argument]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The SI prefix for 1000 is 'k', not 'K' (which is used for 1024 bytes by
some).
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add new -t,--interval option to specify flow refresh interval in
seconds.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tk: Fix type conversion on rate calculation]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Use GB/MB/KB for traffic rate & accounting.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Constify pointers struct flow_entry and struct nf_conntrack where
possible.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The cmdline entry of struct flow_entry is only used to display the
process name using basename() in presenter_screen_do_line(). Instead of
calling basename() everytime just call it once when we read the cmdline
proc entry and store the basename in struct flow_entry. Also rename the
struct member accordingly.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Calculate and display the rate of src/dst bytes and packets. Also change
the refresh time for the flows to 1s so the rate info will not disappear
too quickly.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Bail out early if we fail to read the current sysctl variable values for
net/netfilter/nf_conntrack_acct and net/netfilter/nf_conntrack_timestamp
Otherwise we'll not be able restore the previous value on exit/panic.
Moreover, if we fail to read the sysctl file, we usually also lack the
permissions to write it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Allow setting start/stop timestamp for new flows by enabling:
/proc/sys/net/netfilter/nf_conntrack_timestamp
on start and resetting it on exit or panic.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: Remove unnecessary cast of void pointer]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Show flow time duration in human readable form.
Originally submitted by Vadim in a slightly different form.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Instead of creating an additional struct flow_entry on the stack just to
use the CP_NFCT macros, call nfct_get_attr_u16() directly.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Show byte/packet counters in the same colors as their direction:
- src in red
- dst in blue
so it will be easiser to identify them by direction.
Also unifed counters printing in one function and changed counters
naming similar to other *_src members of flow_entry struct.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: Reverted to using parentheses in printed message]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Just ignore DNS flows instead of insert it and then
filter it out by presenter.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Do not do reverse DNS for src hostname if '-s' option
is not specified.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Don't hide status bar line when dumping flows but
print "[Collecting flows ...]" on the same line.
Really there is no sense to hide this status bar line.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Show bytes/pkts counters per src/dst direction. By default counters
originated from dst are showed. Src counters are showed only if '-s' is
specified.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Get rid of flushing connections which resets all counters.
Use dump whole ipv4/ipv6 connection tables to fullfill the existing
flows, but this needs to use hand-made flow filtering because
nfct_filter does not work when we do NFCT_Q_DUMP.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Rename collector_cb to reflect behaviour such as catching flow events.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Rename ct_dump variable & update_cb function so they reflect 'updating'
of a particular flow at runtime.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Move creating nfct filter to separate function to make collector() less
messy.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
There might be new fast connection between flush &
handling new events which can be not handled,
so put flushing connections before loop.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The city_{src,dst}, country_{src,dst} and rev_dns_{src,dst} members of
struct flow_entry have their size defined at compile time, so perform
the equal size checks at compile time as well.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Seems it was caused by specifying all netfilter groups
when flushing connections.
Used separated nfct instance w/o netfilter groups to
flush ipv4/ipv6 connections.
More info can be fetched from the issue item on github:
https://github.com/netsniff-ng/netsniff-ng/issues/145
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
'G' should be printed when bytes > 1000000000 but
it was printed with 'M' prefix which was caused
by missing 'else'.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|