summaryrefslogtreecommitdiff
path: root/flowtop.c
AgeCommit message (Collapse)AuthorFilesLines
2016-04-18flowtop: Change flows layout to 1-row viewVadim Kochan1-200/+191
Changed flows list layout to look more a top-like output with header and in 1 line. When -s option is specified then layout changes to 2 lines view including with src peer info and dst under it on next line. Also shortified flow state names to allocate less space. Removed presenter_get_port be cause ports are printed for both peers separately. The flow duration time is printed in very short form in one of the units: XXd - days XXh - hours XXm - minutes XXs - seconds the reason is that it is enough to have actually generic understanding about flow time in the biggest time unit. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-01-12flowtop: Use one nfct handle for dump & refresh flowsVadim Kochan1-13/+1
Simplify dump & flows refreshing via one nfct handle, which is enough. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-01-12flowtop: Use single function to update flow entryVadim Kochan1-51/+33
There is no need to have 2 separate handlers for the flow updating, so use the one which was used for flow refreshing. Significant change is that a new flow entry will be not added during update (i.e. on NFCT_T_UPDATE events) if it was not found in the list. But this case shoud never happen as there will always be an NFCT_T_NEW event before an NFCT_T_UPDATE event. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-12-21flowtop: Refresh flows if filter was changed while flows loadingVadim Kochan1-2/+2
Reset do_reload_flows flag before dump flows. It allows to change filter state more dynamically Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-12-21flowtop: Indicate if 'active' flows mode is selectedVadim Kochan1-0/+4
Show 'Active' filter status if 'a' was pressed. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-12-21flowtop: Show selected proto familyVadim Kochan1-9/+18
Show family name in the filter status line. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-11-24flowtop: Add runtime commands to filter flows by protoVadim Kochan1-6/+65
Add U/T/I/D/S runtime commands (same like for command line) to filter flows by UDP/TCP/ICMP/DCCP/SCTP proto. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-11-16flowtop: Add header line with tool name & versionVadim Kochan1-6/+21
Add header bar to be symmetric to the footer. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-11-16lookup: Return const char * from all lookup functionsTobias Klauser1-1/+2
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-11-15lookup: Make lookup type and function names more genericTobias Klauser1-4/+4
It's not only ports we look up, make the names a bit more generic. Preparatory patch before moving OUI lookup to the lookup module. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-11-09flowtop: Simplify toggling of help stateTobias Klauser1-5/+1
No need to use if/else, just toogle it like any other bool. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-11-09flowtop: Add runtime command to show only active flowsVadim Kochan1-9/+20
Add command 'a' to show only active flows with rate > 0 (dst or src). Now 'n->is_visible' means which flow to show by presenter. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-11-09flowtop: Add runtime command to change rate unitsVadim Kochan1-0/+12
Add interactive command 'b' to change rate units to show. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-11-09flowtop: Add runtime command to show help windowVadim Kochan1-25/+90
Show help window by pressing '?' with interactive commands description. Added simple footer bar with help label. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-11-06flowtop: Redraw screen in 1s if no key was pressedVadim Kochan1-2/+16
Seems like screen is updating too frequently which may block some terminals, so lets do it once in 1s but only if no key was pressed. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-11-05flowtop: Calculate flow rate more carefullyVadim Kochan1-5/+9
Make rate calculation more carefully by checking previous & current bytes/pkts counter. Do calculation only if update time passed >= 1s. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-11-04flowtop: Show rate in yellow colorVadim Kochan1-2/+8
It is easier to differentiate bytes/pkts counters with rate counters if to use different colors. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-11-04flowtop: Rename enum flow_entry_direction to flow_directionVadim Kochan1-16/+16
Rename flow_entry_direction to flow_direction, which is a bit shorter and change the enum value names to be in upper case. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-11-04flowtop: Handle return value of gettimeofday()Tobias Klauser1-2/+2
Handle non-zero return values by exiting flowtop like we do in the other tools. This fixes Coverity warnings CID 1338093 and CID 1338092. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-29flowtop: Fix missing --no-geoip option in usage outputVadim Kochan1-0/+1
Add G,--no-geoip to the usage output. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-28all: Change reporting bugs emailVadim Kochan1-1/+1
Replace bugs@netsniff-ng.com with netsniff-ng@googlegroups.com which is used in REPORTING-BUGS file. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-28flowtop: Add command-line option to show rates in bitsVadim Kochan1-5/+24
Add -b,--bits command line option to show rates in bits/s instead of bytes/s. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-27flowtop: Use strlcpy instead of memcpy to copy stringsTobias Klauser1-14/+10
Make sure we always terminate the strings with '\0'. Also only set the first byte to '\0' instead of memset()ing the entire buffer in case no city/country is returned. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-27flowtop: Use bool for show_src optionTobias Klauser1-3/+4
Use boolean false/true for show_src option value. This makes the handling of on/off parameters more consistent. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-27flowtop: Add command-line option to disable GeoIP lookupVadim Kochan1-5/+14
Add option -G,--no-geoip which allows to disable GeoIP lookup. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tk: Minor wording tweaks] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-27flowtop: Add command-line option to disable hostname lookupVadim Kochan1-2/+26
Add option -n,--no-dns which allows to disable hostname lookup. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tk: Minor wording tweaks] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-27flowtop: Fix src hostname showed with garbageVadim Kochan1-6/+3
Use strlcpy to copy resolved src/dst hostname. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tk: Remove superflous min() for size argument] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-26flowtop: Fix short form unit of kilobytes from KB to kBTobias Klauser1-2/+2
The SI prefix for 1000 is 'k', not 'K' (which is used for 1024 bytes by some). Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-26flowtop: Add option for flow refresh intervalVadim Kochan1-4/+15
Add new -t,--interval option to specify flow refresh interval in seconds. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tk: Fix type conversion on rate calculation] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-26flowtop: Change traffic amount unit namesVadim Kochan1-8/+8
Use GB/MB/KB for traffic rate & accounting. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-23flowtop: Constify pointer function parametersTobias Klauser1-12/+12
Constify pointers struct flow_entry and struct nf_conntrack where possible. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-23flowtop: Store basename of cmdline in struct flow_entryTobias Klauser1-5/+8
The cmdline entry of struct flow_entry is only used to display the process name using basename() in presenter_screen_do_line(). Instead of calling basename() everytime just call it once when we read the cmdline proc entry and store the basename in struct flow_entry. Also rename the struct member accordingly. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-23flowtop: Show flow rate of bytes & packetsVadim Kochan1-6/+75
Calculate and display the rate of src/dst bytes and packets. Also change the refresh time for the flows to 1s so the rate info will not disappear too quickly. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-09-07flowtop: Don't attempt to set sysctl values if initial read failsTobias Klauser1-0/+2
Bail out early if we fail to read the current sysctl variable values for net/netfilter/nf_conntrack_acct and net/netfilter/nf_conntrack_timestamp Otherwise we'll not be able restore the previous value on exit/panic. Moreover, if we fail to read the sysctl file, we usually also lack the permissions to write it. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-09-03flowtop: Enable flow timestamp on startVadim Kochan1-9/+36
Allow setting start/stop timestamp for new flows by enabling: /proc/sys/net/netfilter/nf_conntrack_timestamp on start and resetting it on exit or panic. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: Remove unnecessary cast of void pointer] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-09-03flowtop: Show flow time durationTobias Klauser1-0/+33
Show flow time duration in human readable form. Originally submitted by Vadim in a slightly different form. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-07flowtop: Simplify nfct_is_dns()Tobias Klauser1-13/+8
Instead of creating an additional struct flow_entry on the stack just to use the CP_NFCT macros, call nfct_get_attr_u16() directly. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-06flowtop: Show counters in same color as their directionVadim Kochan1-20/+22
Show byte/packet counters in the same colors as their direction: - src in red - dst in blue so it will be easiser to identify them by direction. Also unifed counters printing in one function and changed counters naming similar to other *_src members of flow_entry struct. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: Reverted to using parentheses in printed message] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-04flowtop: Do not insert DNS flows into listVadim Kochan1-9/+20
Just ignore DNS flows instead of insert it and then filter it out by presenter. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-04flowtop: Resolve src host if '-s' option specifiedVadim Kochan1-2/+4
Do not do reverse DNS for src hostname if '-s' option is not specified. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-04flowtop: Don't hide status bar while dumping flowsVadim Kochan1-15/+12
Don't hide status bar line when dumping flows but print "[Collecting flows ...]" on the same line. Really there is no sense to hide this status bar line. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-03flowtop: Show counters by directionVadim Kochan1-15/+25
Show bytes/pkts counters per src/dst direction. By default counters originated from dst are showed. Src counters are showed only if '-s' is specified. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-03flowtop: Get rid of flushing flows by dumping ipv4/ipv6 tablesVadim Kochan1-30/+122
Get rid of flushing connections which resets all counters. Use dump whole ipv4/ipv6 connection tables to fullfill the existing flows, but this needs to use hand-made flow filtering because nfct_filter does not work when we do NFCT_Q_DUMP. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-03flowtop: Rename collector_cb -> flow_event_cbVadim Kochan1-3/+3
Rename collector_cb to reflect behaviour such as catching flow events. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-03flowtop: Rename ct_dump -> ct_update, dump_cb -> flow_update_cbVadim Kochan1-8/+8
Rename ct_dump variable & update_cb function so they reflect 'updating' of a particular flow at runtime. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-08-03flowtop: Move filter creating to separate functionVadim Kochan1-16/+18
Move creating nfct filter to separate function to make collector() less messy. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-27flowtop: Fix missing new connections after flushVadim Kochan1-2/+2
There might be new fast connection between flush & handling new events which can be not handled, so put flushing connections before loop. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-27flowtop: Make struct flow_entry member size checks build_bug_on()Tobias Klauser1-3/+3
The city_{src,dst}, country_{src,dst} and rev_dns_{src,dst} members of struct flow_entry have their size defined at compile time, so perform the equal size checks at compile time as well. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-26flowtop: Fix collector stuck while flush IPv6 flowsVadim Kochan1-5/+17
Seems it was caused by specifying all netfilter groups when flushing connections. Used separated nfct instance w/o netfilter groups to flush ipv4/ipv6 connections. More info can be fetched from the issue item on github: https://github.com/netsniff-ng/netsniff-ng/issues/145 Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-07-26flowtop: Fix bytes counter print for gigabyteVadim Kochan1-1/+1
'G' should be printed when bytes > 1000000000 but it was printed with 'M' prefix which was caused by missing 'else'. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>