Add -A,--active option to show only active flows with rate > 0.
Signed-off-by: Vadim Kochan <[email protected]>
---
flowtop.8 | 3 +++
flowtop.c | 23 +++++++++++++++++++----
2 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/flowtop.8 b/flowtop.8
index bd636d1..ec691fb 100644
--- a/flowtop.8
+++ b/flowtop.8
@@ -103,6 +103,9 @@ Display ICMP version 4 and version 6 flows.
.SS -S, --sctp
Display SCTP flows.
.PP
+.SS -A, --active
+Display active flows with rate > 0.
+.PP
.SS -n, --no-dns
Don't perform hostname lookup. Only numeric addresses will be shown for flow
endpoints.
diff --git a/flowtop.c b/flowtop.c
index c67b683..ff629ab 100644
--- a/flowtop.c
+++ b/flowtop.c
@@ -132,13 +132,14 @@ static struct sysctl_params_ctx sysctl = { -1, -1 };
static unsigned int interval = 1;
static bool show_src = false;
+static bool show_active_only = false;
static bool resolve_dns = true;
static bool resolve_geoip = true;
static enum rate_units rate_type = RATE_BYTES;
static enum flow_direction flow_dir = FLOW_DIR_DST;
static enum sort_type sort_by = SORT_NONE;
-static const char *short_options = "vhTUsDIS46ut:nGbo:d:";
+static const char *short_options = "vhTUsDISA46ut:nGbo:d:";
static const struct option long_options[] = {
{"ipv4", no_argument, NULL, '4'},
{"ipv6", no_argument, NULL, '6'},
@@ -147,6 +148,7 @@ static const struct option long_options[] = {
{"dccp", no_argument, NULL, 'D'},
{"icmp", no_argument, NULL, 'I'},
{"sctp", no_argument, NULL, 'S'},
+ {"active", no_argument, NULL, 'A'},
{"no-dns", no_argument, NULL, 'n'},
{"no-geoip", no_argument, NULL, 'G'},
{"show-src", no_argument, NULL, 's'},
@@ -285,6 +287,7 @@ static void help(void)
" -D|--dccp Show only DCCP flows\n"
" -I|--icmp Show only ICMP/ICMPv6 flows\n"
" -S|--sctp Show only SCTP flows\n"
+ " -A|--active Show only active flows (with rate > 0)\n"
" -n|--no-dns Don't perform hostname lookup\n"
" -G|--no-geoip Don't perform GeoIP lookup\n"
" -s|--show-src Also show source, not only dest\n"
@@ -1140,7 +1143,7 @@ static void presenter_screen_update(WINDOW *screen,
struct flow_list *fl,
n = rcu_dereference(fl->head);
if (!n)
- mvwprintw(screen, line, 2, "(No active sessions! "
+ mvwprintw(screen, line, 2, "(No sessions! "
"Is netfilter running?)");
for (; n; n = rcu_dereference(n->next)) {
@@ -1316,6 +1319,8 @@ static void flow_list_sort(struct flow_list *fl, struct
flow_entry *n)
{
struct flow_entry *head;
+ if (!n->is_visible)
+ return;
if (sort_by == SORT_NONE)
return;
@@ -1368,6 +1373,14 @@ static void flow_list_sort(struct flow_list *fl, struct
flow_entry *n)
spinlock_unlock(&flow_list.lock);
}
+static void flow_entry_filter(struct flow_entry *n)
+{
+ if (show_active_only && !n->rate_bytes_src && !n->rate_bytes_dst)
+ n->is_visible = false;
+ else
+ n->is_visible = true;
+}
+
static int flow_update_cb(enum nf_conntrack_msg_type type,
struct nf_conntrack *ct, void *data __maybe_unused)
{
@@ -1386,11 +1399,10 @@ static int flow_update_cb(enum nf_conntrack_msg_type
type,
flow_entry_calc_rate(n, ct);
flow_entry_update_time(n);
flow_entry_from_ct(n, ct);
+ flow_entry_filter(n);
flow_list_sort(&flow_list, n);
- n->is_visible = true;
-
return NFCT_CB_CONTINUE;
}
@@ -1640,6 +1652,9 @@ int main(int argc, char **argv)
case 'S':
what_cmd |= INCLUDE_SCTP;
break;
+ case 'A':
+ show_active_only = true;
+ break;
case 's':
show_src = true;
break;
--
2.6.1
--
You received this message because you are subscribed to the Google Groups
"netsniff-ng" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
