[netsniff-ng] netsniff-ng 0.5.8-rc4

2013-10-07 Thread Tobias Klauser
in CSV mode (-o) to ifpps, from Jon Schipp, Daniel Borkmann and Tobias Klauser. 2) Extensions to the bpfc grammar (GNU style register prefix and '#' as number prefix), from Daniel Borkmann. Contributions since last release: 17 Tobias Klauser 9 Daniel Borkmann 5 Jon Schipp

[netsniff-ng] netsniff-ng 0.5.8-rc5

2013-12-23 Thread Tobias Klauser
Tobias Klauser 4 Jesper Dangaard Brouer 3 Daniel Borkmann 2 Jon Schipp 1 Teguh Git changelog since last release: Tobias Klauser (6): build: Create GPG signatures as part of release target netsniff-ng: Use strtoul() instead of strtol() for unsigned long

Re: [netsniff-ng] Mmap pcap file corruption on interrupt other than sigint

2014-02-21 Thread Tobias Klauser
Hi Mike Thanks for your report. On 2014-02-07 at 16:24:16 +0100, Mike Westmacott mikewestmac...@googlemail.com wrote: Hi I've found that due to the event handling netsniff-ng will not flush mmap pcaps properly if receiving anything other than a sigint. You can reproduce the problem with

[netsniff-ng] netsniff-ng 0.5.8

2014-04-29 Thread Tobias Klauser
interface/device. From Jesper Dangaard Brouer. 3) Fixes all over the place to make netsniff-ng build against the musl libc. Contributed by Christian Wiese. 4) Build system improvements. From Christian Wiese, Daniel Borkmann, Jesper Dangaard Brouer and Tobias Klauser. 5) Proper handling

Re: [netsniff-ng] A few Gbit/sec to disk

2014-04-30 Thread Tobias Klauser
On 2014-04-30 at 04:54:37 +0200, Jon Schipp jonsch...@gmail.com wrote: On Thu, Apr 17, 2014 at 4:59 PM, Michał Purzyński michalpurzyns...@gmail.com wrote: Hello. I'm trying to write to disk between 3-7Gbit/sec (traffic changes a lot). Netsniff-ng is dropping packets, at least that is

Re: [netsniff-ng] A few Gbit/sec to disk

2014-04-30 Thread Tobias Klauser
On 2014-04-17 at 23:59:22 +0200, Michał Purzyński michalpurzyns...@gmail.com wrote: Hello. I'm trying to write to disk between 3-7Gbit/sec (traffic changes a lot). Netsniff-ng is dropping packets, at least that is what statistics say. Hardware and software details: 2 x E5-2620 64GB

Re: [netsniff-ng] A few Gbit/sec to disk

2014-05-05 Thread Tobias Klauser
On 2014-04-30 at 21:20:03 +0200, Michal Purzynski michalpurzyns...@gmail.com wrote: There's a fix now in the master branch of netsniff-ng.git [1]. Can you confirm that this fixes the issue for you? Does it influence the losslessness of your setup if you specify large ring sizes? [1]

Re: [netsniff-ng] A few Gbit/sec to disk

2014-05-06 Thread Tobias Klauser
On 2014-05-05 at 22:22:01 +0200, Michal Purzynski michalpurzyns...@gmail.com wrote: Same story. root@nsm1:~# ./netsniff-ng -i eth2 -o /nsm/sensor_data/nsm1-eth2/dailylogs/2014-04-30/ --user 2551 --group 2551 -s --prefix snort.log. --verbose --ring-size 5GiB --interval 1500MiB --mmap

[netsniff-ng] netsniff-ng 0.5.9-rc1

2014-06-12 Thread Tobias Klauser
): git tag -v v0.5.9-rc1 Major high-level changes since the last release are: 1) Add a rudimenatry netlink message dissector to netsniff-ng, from Tobias Klauser. 2) Use printf/scanf format specifiers for fixed width types (fixing a crash of ifpps in 32 bit environments), from James McCoy 3

Re: [netsniff-ng] netsniff-ng 0.5.9-rc1

2014-06-13 Thread Tobias Klauser
On 2014-06-12 at 16:46:42 +0200, Tobias Klauser tklau...@distanz.ch wrote: In the interest of getting back to more regular and more frequent releases, here goes the first release candidate for the netsniff-ng toolkit. It's nothing too spectacular, mostly bugfixes and cleanups - see

[netsniff-ng] netsniff-ng 0.5.9-rc2

2014-06-16 Thread Tobias Klauser
port and ethertype lookup from dissector into own module, thus making flowtop no longer depend on the dissector modules. This fixes flowtop build which was broken in v0.5.9-rc1. By Tobias Klauser. Contributions since last release: 8 Tobias Klauser Git changelog since last release

Re: [netsniff-ng] tcpdump capture delays and dropped packets

2014-07-18 Thread Tobias Klauser
On 2014-07-18 at 15:09:55 +0200, 'peter' via netsniff-ng netsniff-ng@googlegroups.com wrote: hi, im looking for a way to automate packet generation for traffic shaper testing. found a testfile online and modified it a bit, only source/destination ip are valid for the interface ...the

[netsniff-ng] netsniff-ng 0.5.9-rc3

2014-08-13 Thread Tobias Klauser
to netsniff-ng, allowing to disable hardware time stamping (as it might lead to skewed timestamps in recorded PCAPs, see https://github.com/netsniff-ng/netsniff-ng/issues/129). From Tobias Klauser. Contributions since last release: 12 Jon Schipp 7 Tobias Klauser Git changelog

Re: [netsniff-ng] Libnl-3.0 Troubles

2014-08-14 Thread Tobias Klauser
On 2014-08-14 at 05:40:28 +0200, Jon Schipp jonsch...@gmail.com wrote: Looks like there's already a ticket and Tobias has worked on it but it's not in the master branch: https://github.com/netsniff-ng/netsniff-ng/commit/8ee8de21f88da0627c5db80b2d3787853c9aa84e Yes, I somehow lost track of that

Re: [netsniff-ng] Libnl-3.0 Troubles

2014-08-14 Thread Tobias Klauser
On 2014-08-14 at 14:30:44 +0200, Mike Reeves l...@geekempire.com wrote: Ok configure didn't freak out on me but when I go to make I get the following: CC ring_rx.c ring_rx.c: In function 'destroy_rx_ring': ring_rx.c:26: error: 'TPACKET_V3' undeclared (first use in this function)

Re: [netsniff-ng] Libnl-3.0 Troubles

2014-08-14 Thread Tobias Klauser
On 2014-08-14 at 15:18:18 +0200, Mike Reeves l...@geekempire.com wrote: CC ring_rx.c ring_rx.c: In function 'alloc_rx_ring_frames': ring_rx.c:143: error: 'struct ring' has no member named 'layout3' ring_rx.c:144: error: 'struct ring' has no member named 'layout3' ring_rx.c: In function

Re: [netsniff-ng] Cross-Compilation issues with powerpc

2014-08-25 Thread Tobias Klauser
. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. From 98b22bf75a217430e27785c288a0dbc0c71706c5 Mon Sep 17 00:00:00 2001 From: Tobias Klauser tklau...@distanz.ch Date: Mon

Re: [netsniff-ng] [PATCH] netsniff: Allow filter input pcap file to output pcap

2015-01-26 Thread Tobias Klauser
On 2015-01-24 at 14:37:09 +0100, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com It might be useful to filter out interesting traffic from input pcap to output pcap file which will contain only filtered packets: $ netsniff-ng -i input.pcap -o output.pcap ip

[netsniff-ng] Re: [RFC] trafgen: Alloc cpus regarding to number of packets

2015-03-30 Thread Tobias Klauser
On 2015-03-24 at 12:20:39 +0100, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Trafgen uses all the online cpus even if number of packets specified by -n is less than numbers of selected cpus. Such behaviour leads to issues: - trafgen re-calculates number

Re: [netsniff-ng] Re: [PATCH] mz cli: Make pcap init funcs thread safer

2015-03-30 Thread Tobias Klauser
On 2015-03-30 at 11:54:40 +0200, Vadim Kochan vadi...@gmail.com wrote: On Sun, Mar 22, 2015 at 01:48:50PM +0200, Vadim Kochan wrote: From: Vadim Kochan vadi...@gmail.com mz fails start in cli mode and prints each time different pcap errors: $ mz -x -V fatal flex scanner

[netsniff-ng] Re: [PATCH] trafgen: Alloc cpus according to specified number of packets

2015-03-31 Thread Tobias Klauser
On 2015-03-31 at 11:29:58 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Trafgen uses all the online cpus even if number of packets specified by -n is less than numbers of selected cpus. Such behaviour leads to issues: - trafgen re-calculates number

Re: [netsniff-ng] [PATCH] mz: Allow to print packet types by '-t help'

2015-03-02 Thread Tobias Klauser
On 2015-02-23 at 13:11:57 +0100, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Changed to print packet types by '-t help' earlier bofore mz will try to identify link device to bind. Applied now, thanks. -- You received this message because you are subscribed to

Re: [netsniff-ng] [PATCH] mz: Dont bind to dev if help was specified

2015-02-20 Thread Tobias Klauser
On 2015-02-20 at 12:39:07 +0100, Vadim Kochan vadi...@gmail.com wrote: Fixed warnings: Warning: [lookupdev.c get_dev_params()] Cannot open socket! when specify help for packet type: # mz -t tcp help Also fixes delayed output of the same command if user is root. Signed-off-by:

Re: [netsniff-ng] [PATCH] flowtop: Print error cause if errno is set when panic

2015-03-23 Thread Tobias Klauser
On 2015-03-21 at 22:58:17 +0100, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Signed-off-by: Vadim Kochan vadi...@gmail.com Applied, thank you Vadim! -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe

[netsniff-ng] Re: [PATCH] netsniff: Dump basic radiotap header info

2015-04-21 Thread Tobias Klauser
On 2015-04-20 at 13:51:40 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Please always add a short description, even if it's restating what subject already says. I added one for this. Also please note that the tool is called netsniff-ng, not netsniff ;-)

[netsniff-ng] Re: [PATCH] mac80211: Check existing of generated monX device

2015-04-20 Thread Tobias Klauser
On 2015-04-17 at 21:04:21 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Fixed case when netsniff fails if there is already existing monX device while generating. Signed-off-by: Vadim Kochan vadi...@gmail.com Applied. Thanks Vadim! -- You received this

[netsniff-ng] Re: [PATCH] netsniff: Del rfmon mac80211 dev in case of panic

2015-04-21 Thread Tobias Klauser
On 2015-04-20 at 11:43:08 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com netsniff does not delete created rfmon device in case of panic (for example - bad pcap filter expression), so added ability to add callback func when panic will be happen and delete

Re: [netsniff-ng] [PATCH] iosched: Print error cause if setting io prio failed

2015-04-22 Thread Tobias Klauser
On 2015-04-22 at 16:07:29 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Add error cause message when ioprio_setpid fails. Signed-off-by: Vadim Kochan vadi...@gmail.com Applied, thanks! -- You received this message because you are subscribed to the

Re: [netsniff-ng] [PATCH] netsniff-ng: Seems typo in getting current group id

2015-04-22 Thread Tobias Klauser
On 2015-04-22 at 16:36:50 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Changed to use ctx-gid when call getgid() on init_ctx. Signed-off-by: Vadim Kochan vadi...@gmail.com Nice catch! Thanks a lot Vadim. -- You received this message because you are

Re: [netsniff-ng] [PATCH] netsniff-ng: Dont set IO prio when reading pcap file

2015-04-22 Thread Tobias Klauser
On 2015-04-22 at 18:26:11 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com It allows to read pcap file for users who have no permissions to set process IO prio. Signed-off-by: Vadim Kochan vadi...@gmail.com Applied with Daniel's Acked-by. Thanks a lot

[netsniff-ng] netsniff-ng 0.5.9-rc5

2015-04-22 Thread Tobias Klauser
, wilson, and Tobias Klauser. Contributions since last release: 48 Tobias Klauser 17 Vadim Kochan 4 Daniel Borkmann 1 wilson 1 Tillmann Karras 1 Michał Purzyński 1 Mark Latimer 1 Eric Dumazet Git changelog since last release: Tobias Klauser (48

Re: [netsniff-ng] [PATCH] netsniff-ng nlmsg: Print netlink protocol name

2015-04-27 Thread Tobias Klauser
On 2015-04-24 at 18:14:35 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com nlmsg proto handler can't identify Netlink protocol from nlmsghdr, so sockaddr_ll can be used to get it. Also renamed [proto - handler] member in pkt_buff struct, which is more

Re: [netsniff-ng] [PATCH] netsniff-ng mac80211: Print HT Capabilities more structurd

2015-04-27 Thread Tobias Klauser
On 2015-04-23 at 10:38:16 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com [...] Signed-off-by: Vadim Kochan vadi...@gmail.com It's seems I messed up the subject when applying your change. Sorry about that! -- You received this message because you are

Re: [netsniff-ng] [PATCH] netsniff-ng mac80211: Print HT Capabilities more structurd

2015-04-27 Thread Tobias Klauser
On 2015-04-23 at 10:38:16 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com [...] Signed-off-by: Vadim Kochan vadi...@gmail.com Applied, thanks. -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe from

Re: [netsniff-ng] Re: [PATCH] netsniff-ng: Show packet number

2015-04-27 Thread Tobias Klauser
On 2015-04-25 at 09:07:35 +0200, Vadim Kochan vadi...@gmail.com wrote: On Thu, Apr 23, 2015 at 02:24:16PM +0300, Vadim Kochan wrote: static inline void __show_frame_hdr(uint8_t *packet, size_t len, int linktype, struct sockaddr_ll *s_ll, void *raw_hdr, -

Re: [netsniff-ng] [PATCH] netsniff-ng mac80211: Print probe request IEs info

2015-05-02 Thread Tobias Klauser
On 2015-04-27 at 17:49:32 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com As probe request frame consist only with IE params so just do a similar print of these params as it was done for beacon. Also using mgmt_{func}_dissect naming for mgmt frame

Re: [netsniff-ng] [PATCH] netsniff-ng mac80211: Print IE prefix before param

2015-05-02 Thread Tobias Klauser
On 2015-04-28 at 16:56:02 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Print 'IE:' prefix before each mgmt IE parameter which should be more readable and it allows easy identify next element while the listing the big one: Also removed 1 TAB in HT

Re: [netsniff-ng] [PATCH v2] netsniff-ng: Show packet number

2015-05-02 Thread Tobias Klauser
On 2015-04-27 at 20:36:08 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com wlp3s0 107 1430159373s.693002029ns (#5) [ Eth MAC (6c:88:14:ac:51:e4 = 10:fe:ed:90:22:12), Proto (0x0800, IPv4) ] Signed-off-by: Vadim Kochan vadi...@gmail.com Applied, thanks!

Re: [netsniff-ng] [PATCH v2] netsniff-ng nlmsg: Print type for NETLINK_ROUTE

2015-05-02 Thread Tobias Klauser
Sorry for messing around in the code in the meantime, such that you had to redo your patch :( On 2015-04-29 at 01:51:10 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Print nlmsg type name for rtnetlink messages Signed-off-by: Vadim Kochan

Re: [netsniff-ng] [PATCH] netsniff-ng: Fix capturing extra packets from other dev

2015-05-02 Thread Tobias Klauser
On 2015-04-29 at 21:18:24 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com It might be related to the issue #73 noticed by Jon Schipp jonsch...@gmail.com where he pointed that netsniff-ng captures some extra packets. I observed this issue when I

Re: [netsniff-ng] [PATCH] netsniff-ng mac80211: Print probe response frame

2015-05-04 Thread Tobias Klauser
On 2015-05-02 at 22:07:13 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com As Probe Response frame is very similar to Beacon (except some IEs which are identified dynamically) so lets just use the same func to dissect it. Signed-off-by: Vadim Kochan

Re: [netsniff-ng] [PATCH] trafgen: Del rfmon mac80211 device on panic

2015-05-04 Thread Tobias Klauser
On 2015-05-03 at 10:14:07 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Fixed case when rfmon mac80211 created device remains after trafgen failed (for ex. - incorrect cfg file), so just delete it when panic occured. Also made panic handlers invoking

Re: [netsniff-ng] [PATCH] netsniff-ng nlmsg: Print family type in less mode

2015-05-05 Thread Tobias Klauser
On 2015-05-05 at 12:29:24 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Print 'Family' and 'Type' (considering family) fields in less mode. Signed-off-by: Vadim Kochan vadi...@gmail.com Applied, thanks. -- You received this message because you are

Re: [netsniff-ng] [PATCH] netsniff-ng nlmsg: Print more fields in less mode

2015-05-05 Thread Tobias Klauser
On 2015-05-04 at 11:32:33 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Print similar header fields in less mode as it is done in full mode. In my opinion it's fine as it is now and I'd like to keep the *_less outputs as sparse as possible. If the user

Re: [netsniff-ng] [PATCH] netsniff-ng: Fix capturing extra packets from other dev

2015-05-05 Thread Tobias Klauser
On 2015-05-02 at 22:54:50 +0200, Vadim Kochan vadi...@gmail.com wrote: On Sat, May 02, 2015 at 07:00:53PM +0200, Tobias Klauser wrote: On 2015-04-29 at 21:18:24 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com It might be related to the issue #73

Re: [netsniff-ng] [PATCH] die: Rename panic func - panic handler

2015-05-05 Thread Tobias Klauser
On 2015-05-04 at 10:11:21 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Rename xxx_panic_func(s) to xxx_panic_handler(s) which is more understandable than 'func'. Signed-off-by: Vadim Kochan vadi...@gmail.com Applied now, thanks. -- You received this

Re: [netsniff-ng] [PATCH] netsniff-ng nlmsg: Print more fields in less mode

2015-05-05 Thread Tobias Klauser
On 2015-05-05 at 11:43:03 +0200, Vadim Kochan vadi...@gmail.com wrote: On Tue, May 05, 2015 at 11:20:42AM +0200, Tobias Klauser wrote: On 2015-05-04 at 11:32:33 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Print similar header fields in less mode

Re: [netsniff-ng] tprintf breaks color terminal sequence

2015-05-05 Thread Tobias Klauser
On 2015-05-04 at 19:16:39 +0200, Vadim Kochan vadi...@gmail.com wrote: Hi, In less mode (netsniff-ng -i dev --less) the color ESC terminal sequences can be broken by automatic indentation made in tprintf.c: __tprint_flush which can add spaces or new line within of this sequence.

Re: [netsniff-ng] [PATCH] netsniff-ng: Fix color breaking in less mode

2015-05-05 Thread Tobias Klauser
On 2015-05-05 at 09:44:57 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Automatic new line indentation can break terminal ESC color sequence by inserting new line within it. Fixed by considering that color ESC sequence is not closed by 'm' and only

Re: [netsniff-ng] [PATCH] netsniff-ng nlmsg: Print multi-part messages

2015-05-18 Thread Tobias Klauser
On 2015-05-13 at 16:07:06 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Pull print more Netlink messages from one packet which can be sent with MULTI flag. Signed-off-by: Vadim Kochan vadi...@gmail.com --- proto_nlmsg.c | 52

Re: [netsniff-ng] [PATCH v2] netsniff-ng nlmsg: Print multi-part messages

2015-05-18 Thread Tobias Klauser
On 2015-05-18 at 10:36:53 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Pull print more Netlink messages from one packet which can be sent with MULTI flag. Signed-off-by: Vadim Kochan vadi...@gmail.com Thanks! I applied this now. -- You received this

[netsniff-ng] Re: [PATCH] netsniff: Consider radiotap header of monitor dev

2015-04-13 Thread Tobias Klauser
On 2015-04-10 at 10:43:57 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com netsniff does not check if monitor device includes radiotap header which leads to the wrong 802.11 frame parsing. Tested if the .pcap file is understandable by wireshark and if dump

Re: [netsniff-ng] multiple instances of netsniff-ng with AF_PACKET hash fanout

2015-04-13 Thread Tobias Klauser
On 2015-04-11 at 18:59:08 +0200, Michał Purzyński michalpurzyns...@gmail.com wrote: OK, try one. I'm ready to accept heavy artillery fire ;-) Man, it takes a while to find a free letter for getopt. Two new parameters were added: -C cluster id with integer that represents the socket fanout

Re: [netsniff-ng] Re: multiple instances of netsniff-ng with AF_PACKET hash fanout

2015-04-07 Thread Tobias Klauser
On 2015-04-04 at 17:09:33 +0200, Michał Purzyński michalpurzyns...@gmail.com wrote: OOM killed told me I had to give the development VM more memory. I did and the code works - different flows are hashed among two instances. What do you think about the idea (the code is ugly)? If there's a

Re: [netsniff-ng] [PATCH] netsniff-ng nlmsg: Dissect rtnl link type messages

2015-05-19 Thread Tobias Klauser
On 2015-05-19 at 06:42:50 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Dump RTnetlink interface related info with attributes. Signed-off-by: Vadim Kochan vadi...@gmail.com --- netsniff-ng/Makefile | 2 + proto_nlmsg.c| 232

Re: [netsniff-ng] [PATCH] netsniff-ng mac80211: Align country channels info

2015-05-21 Thread Tobias Klauser
On 2015-05-20 at 11:40:14 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Print each country channel info on separated line to make it more readable: IE: Country (7, Len(66)): Country String: US First Ch Nr: 36, Nr of Ch: 1, Max Transmit Pwr Lvl: 24

Re: [netsniff-ng] [RFC] netsniff-ng: Add support of pcap cooked header

2015-05-20 Thread Tobias Klauser
On 2015-05-13 at 11:54:01 +0200, Vadim Kochan vadi...@gmail.com wrote: On Wed, May 13, 2015 at 11:45:16AM +0200, Daniel Borkmann wrote: On 05/13/2015 11:31 AM, Vadim Kochan wrote: On Wed, May 13, 2015 at 11:24:11AM +0200, Daniel Borkmann wrote: On 05/13/2015 11:21 AM, Vadim Kochan wrote:

Re: [netsniff-ng] [RFC] netsniff-ng: Add support of pcap cooked header

2015-05-20 Thread Tobias Klauser
On 2015-05-20 at 16:34:44 +0200, Vadim Kochan vadi...@gmail.com wrote: On Wed, May 20, 2015 at 04:30:30PM +0200, Tobias Klauser wrote: On 2015-05-13 at 11:54:01 +0200, Vadim Kochan vadi...@gmail.com wrote: On Wed, May 13, 2015 at 11:45:16AM +0200, Daniel Borkmann wrote: On 05/13/2015 11

Re: [netsniff-ng] [PATCH] flowtop man: Add note about activate ct by iptables

2015-07-07 Thread Tobias Klauser
On 2015-07-02 at 20:41:20 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Add the same note about using iptables to activate conntrack as it is already described in 'flowtop -h', just to keep it in the man page too. Signed-off-by: Vadim Kochan

[netsniff-ng] [PULL] Pull request for netsniff-ng Debian packaging

2015-08-20 Thread Tobias Klauser
://github.com/tklauser/pkg-netsniff-ng.git for-kartik for you to fetch changes up to 36d6176dcea2de4f1752e402eac7b907507534b5: Use verbose build to make compiler flags visible in buildd logs (2015-08-20 09:14:16 +0200) Tobias Klauser

Re: [netsniff-ng] Can the netsniff-ng limit the number of rotated dump files that get created?

2015-08-20 Thread Tobias Klauser
Hi Ivan On 2015-08-18 at 12:14:36 +0200, Ivan Cheng ivancheng2...@gmail.com wrote: Hi Expects, Can the netsniff-ng support below feature which is extracted from the tcpdump manpage: -W Used in conjunction with the -C option, this will limit the number of files created to the

Re: [netsniff-ng] [RFC] netsniff-ng: Show total rx stats for multi pcap mode

2015-08-20 Thread Tobias Klauser
On 2015-08-17 at 21:17:15 +0200, Vadim Kochan vadi...@gmail.com wrote: Allow to collect rx stats for multiple pcap mode, by storing them in separated variables before switch to the next pcap file. It allows to have the one approach when dump for single or multiple pcap(s) mode.

Re: [netsniff-ng] Re: [PULL] Pull request for netsniff-ng Debian packaging

2015-08-20 Thread Tobias Klauser
On 2015-08-20 at 09:49:26 +0200, Kartik Mistry kartik.mis...@gmail.com wrote: On Thu, Aug 20, 2015 at 12:59 PM, Tobias Klauser tklau...@distanz.ch wrote: I made some minor changes to the Debian packaging of netsniff-ng, based off the repo at git://anonscm.debian.org/collab-maint/netsniff

[netsniff-ng] [PATCH 2/3] Adjust Vcs-Browser path

2015-08-20 Thread Tobias Klauser
Let the Vcs-Browser URL to the cgit interface. Signed-off-by: Tobias Klauser tklau...@distanz.ch --- debian/changelog | 1 + debian/control | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 9a3665c..b6b8ce1 100644 --- a/debian

[netsniff-ng] [PATCH 1/3] Remove cmake from Build-Depends

2015-08-20 Thread Tobias Klauser
netsniff-ng no longer uses cmake as its build system Signed-off-by: Tobias Klauser tklau...@distanz.ch --- debian/changelog | 7 +++ debian/control | 1 - 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 3943ff4..9a3665c 100644

[netsniff-ng] [PATCH 3/3] Use verbose build to make compiler flags visible in buildd logs

2015-08-20 Thread Tobias Klauser
Signed-off-by: Tobias Klauser tklau...@distanz.ch --- debian/changelog | 2 ++ debian/rules | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index b6b8ce1..e545be8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,8

[netsniff-ng] Re: [PATCH 0/2] netsniff-ng: vlan: Print vlan info from tpacket v3 struct

2015-08-17 Thread Tobias Klauser
On 2015-08-16 at 23:21:29 +0200, Vadim Kochan vadi...@gmail.com wrote: It might be useful to sniff for vlan header info which might be not injected into packet if reordering is on and if physical device supports VLAN offloading. But these fields are kept in skb and are stored in tpacket v2/v3

Re: [netsniff-ng] Can we specify the packet length during capturing the traffic?

2015-08-24 Thread Tobias Klauser
Hi Ivan On 2015-08-21 at 05:20:33 +0200, Ivan Cheng ivancheng2...@gmail.com wrote: Hi Experts, Can we specify the packet length during capturing the traffic? This feature allows us to just save the protocol information without user data. It can avoid the save sensitive user data and

Re: [netsniff-ng] RE: Installation error - netsniff-ng-0.5.9 / Debian 7.8

2015-06-29 Thread Tobias Klauser
On 2015-06-24 at 09:10:01 +0200, James Burnett james.burn...@geant.org wrote: To update: If I manually create the /usr/local/share/man/man8/ folder, it installs fine. Thanks for the follow up. I think the problem is that our install rule doesn't create the directories and as they didn't seem

Re: [netsniff-ng] [RFC v2 00/10] trafgen: Build protocol packet via command line

2015-06-30 Thread Tobias Klauser
On 2015-06-30 at 11:41:04 +0200, Daniel Borkmann borkm...@iogearbox.net wrote: On 06/29/2015 02:58 AM, Vadim Kochan wrote: Hi, This is the 1-st try version of how I see the protocol generation API for the trafgen util as mz replacement (at least for better performance). I am sending

Re: [netsniff-ng] [RFC v2 00/10] trafgen: Build protocol packet via command line

2015-06-30 Thread Tobias Klauser
On 2015-06-30 at 12:31:50 +0200, Vadim Kochan vadi...@gmail.com wrote: On Tue, Jun 30, 2015 at 11:41:04AM +0200, Daniel Borkmann wrote: On 06/29/2015 02:58 AM, Vadim Kochan wrote: Hi, This is the 1-st try version of how I see the protocol generation API for the trafgen util as mz

Re: [netsniff-ng] [RFC v2 00/10] trafgen: Build protocol packet via command line

2015-06-30 Thread Tobias Klauser
On 2015-06-30 at 12:00:55 +0200, Vadim Kochan vadi...@gmail.com wrote: On Tue, Jun 30, 2015 at 11:41:04AM +0200, Daniel Borkmann wrote: On 06/29/2015 02:58 AM, Vadim Kochan wrote: Hi, This is the 1-st try version of how I see the protocol generation API for the trafgen util as mz

Re: [netsniff-ng] [PATCH] trafgen: Print min packet size in error message

2015-06-30 Thread Tobias Klauser
On 2015-06-27 at 11:03:25 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Print minimum needed packet size in case if validation error. Applied, thanks Vadim! -- You received this message because you are subscribed to the Google Groups netsniff-ng group.

Re: [netsniff-ng] [PATCH] sock: Fix panic when can't open /proc sock memory file

2015-07-30 Thread Tobias Klauser
On 2015-07-30 at 12:33:35 +0200, Vadim Kochan vadi...@gmail.com wrote: On Thu, Jul 30, 2015 at 11:36:44AM +0200, Tobias Klauser wrote: On 2015-07-30 at 10:55:06 +0200, Vadim Kochan vadi...@gmail.com wrote: On Thu, Jul 30, 2015 at 09:09:13AM +0200, Tobias Klauser wrote: On 2015-07-29

[netsniff-ng] Re: [PATCH] flowtop: Resolve src host if '-s' option specified

2015-08-04 Thread Tobias Klauser
On 2015-08-04 at 01:13:59 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Do not do reverse DNS for src hostname if '-s' option is not specified. Signed-off-by: Vadim Kochan vadi...@gmail.com Applied, thanks. -- You received this message because you are

[netsniff-ng] Re: [PATCH] flowtop: Don't hide status bar while dumping flows

2015-08-04 Thread Tobias Klauser
On 2015-08-04 at 00:52:07 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Don't hide status bar line when dumping flows but print [Collecting flows ...] on the same line. Really there is no sense to hide this status bar line. Signed-off-by: Vadim Kochan

[netsniff-ng] Re: [PATCH v2] flowtop: Do not insert DNS flows into list

2015-08-04 Thread Tobias Klauser
On 2015-08-04 at 07:58:54 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Just ignore DNS flows instead of insert it and then filter it out by presenter. Signed-off-by: Vadim Kochan vadi...@gmail.com This fails to apply on top of your previous patch

[netsniff-ng] Re: [PATCH v3] flowtop: Do not insert DNS flows into list

2015-08-04 Thread Tobias Klauser
On 2015-08-04 at 10:00:00 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Just ignore DNS flows instead of insert it and then filter it out by presenter. Signed-off-by: Vadim Kochan vadi...@gmail.com Applied, thanks Vadim! -- You received this message

[netsniff-ng] Re: [PATCH] flowtop: Show counters by direction

2015-08-03 Thread Tobias Klauser
On 2015-08-01 at 16:42:51 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Show bytes/pkts counters per src/dst direction. By default counters originated from dst are showed. Src counters are showed only if '-s' is specified. Signed-off-by: Vadim Kochan

[netsniff-ng] Re: [PATCH 0/4] flowtop: Use dump connections instead of flush

2015-08-03 Thread Tobias Klauser
On 2015-08-01 at 10:04:05 +0200, Vadim Kochan vadi...@gmail.com wrote: Get rid of flush netfilter connections but instead dump once whole ipv4/ipv6 at beginning. The ugly think is that in case of dump there was added additional manual nfct filter because nfct_filter could not be used when do

[netsniff-ng] Re: [PATCH] netsniff-ng: Do not tune socket memory on pcap read only

2015-08-03 Thread Tobias Klauser
On 2015-08-02 at 14:29:09 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com In case if regular user opens pcap file then netsniff-ng tries to setup socket memory which causes warning about failing because of permissions. So lets do not tune socket memory on

[netsniff-ng] Re: [PATCH] man flowtop: Add notes about traffic accounting enabling

2015-08-03 Thread Tobias Klauser
On 2015-08-01 at 16:51:36 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Add some explanation about traffic counters enabling via sysctl and its limitation. Signed-off-by: Vadim Kochan vadi...@gmail.com Applied with some minor rewordings. Thanks Vadim.

Re: [netsniff-ng] [PATCH] sock: Fix panic when can't open /proc sock memory file

2015-07-30 Thread Tobias Klauser
On 2015-07-29 at 17:07:29 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com In the previous version there was no panic if file does not exist, so lets follow this behaviour. In my opinion the current behavior is fine. These files should exists on any decent

Re: [netsniff-ng] [PATCH] sock: Fix panic when can't open /proc sock memory file

2015-07-30 Thread Tobias Klauser
On 2015-07-30 at 10:55:06 +0200, Vadim Kochan vadi...@gmail.com wrote: On Thu, Jul 30, 2015 at 09:09:13AM +0200, Tobias Klauser wrote: On 2015-07-29 at 17:07:29 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com In the previous version there was no panic

[netsniff-ng] Re: [PATCH] flowtop: Fix missing new connections after flush

2015-07-27 Thread Tobias Klauser
On 2015-07-27 at 00:24:51 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com There might be new fast connection between flush handling new events which can be not handled, so put flushing connections before loop. Signed-off-by: Vadim Kochan

Re: [netsniff-ng] [PATCH v2 0/4] flowtop: Add traffic accounting dump

2015-07-17 Thread Tobias Klauser
On 2015-07-13 at 22:03:05 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Added periodic dump of existing and visible flow to update packets bytes counters. Needs to clone nf_conntrack object for new added flow entry to update counters for this

Re: [netsniff-ng] [PATCH v2 0/4] flowtop: Add traffic accounting dump

2015-07-17 Thread Tobias Klauser
On 2015-07-17 at 13:46:47 +0200, Vadim Kochan vadi...@gmail.com wrote: On Fri, Jul 17, 2015 at 01:42:56PM +0200, Tobias Klauser wrote: On 2015-07-13 at 22:03:05 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Added periodic dump of existing

[netsniff-ng] Re: [RFC] flowtop: Show flow rate of bytes & pkts

2015-10-22 Thread Tobias Klauser
On 2015-10-20 at 19:46:07 +0200, Vadim Kochan wrote: > Calculate & print the rate of src/dst bytes & pkts. > Also changed refresh flows time to 1s so the rate > info will be not disappeared very soon. Looks good to me in general and I like the idea. A few minor comments below.

[netsniff-ng] Re: [PATCH 2/5] flowtop: Allow disable hostname lookup

2015-10-27 Thread Tobias Klauser
On 2015-10-27 at 01:00:48 +0100, Vadim Kochan wrote: > Added option -n,--no-dns which disables hostname lookup. > > Signed-off-by: Vadim Kochan Applied, thanks. -- You received this message because you are subscribed to the Google Groups "netsniff-ng"

[netsniff-ng] Re: [PATCH 1/5] flowtop: Fix src hostname showed with garbage

2015-10-27 Thread Tobias Klauser
On 2015-10-27 at 01:00:47 +0100, Vadim Kochan wrote: > Use strlcpy for copy resolved src/dst hostname. > > Signed-off-by: Vadim Kochan > --- > flowtop.c | 9 +++-- > 1 file changed, 3 insertions(+), 6 deletions(-) > > diff --git a/flowtop.c

[netsniff-ng] Re: [PATCH 1/5] flowtop: Fix src hostname showed with garbage

2015-10-27 Thread Tobias Klauser
On 2015-10-27 at 10:59:10 +0100, vkochan <vadi...@gmail.com> wrote: > On Tue, Oct 27, 2015 at 10:51:26AM +0100, Tobias Klauser wrote: > > On 2015-10-27 at 01:00:47 +0100, Vadim Kochan <vadi...@gmail.com> wrote: > > > Use strlcpy for copy resolved src/dst hostname. >

[netsniff-ng] Re: [PATCH 4/5] flowtop: Show rate in bits by default but in bytes optionaly

2015-10-27 Thread Tobias Klauser
On 2015-10-27 at 01:00:50 +0100, Vadim Kochan wrote: > Show rate in bits, but allow to show in bytes by -B,--rate-bytes option. I think it should be the other way around, i.e. the default mode shows the rate in bytes and you can switch to bits via command-line option. In my

[netsniff-ng] Re: [PATCH 5/5] flowtop: Use bool for show_src option

2015-10-27 Thread Tobias Klauser
On 2015-10-27 at 01:00:51 +0100, Vadim Kochan wrote: > Use boolean false/true for show_src option value. > > Signed-off-by: Vadim Kochan > --- > flowtop.c | 7 --- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/flowtop.c

[netsniff-ng] Re: [PATCH 5/5] flowtop: Use bool for show_src option

2015-10-27 Thread Tobias Klauser
On 2015-10-27 at 01:00:51 +0100, Vadim Kochan wrote: > Use boolean false/true for show_src option value. > > Signed-off-by: Vadim Kochan Sorry, I applied this with the wrong author as I didn't properly amend :( -- You received this message because you

[netsniff-ng] Re: [PATCH] flowtop: Add command-line option for show rate in bits

2015-10-28 Thread Tobias Klauser
On 2015-10-28 at 06:39:26 +0100, Vadim Kochan wrote: > Add -b,--bits command line option for show rate in bits. > > Signed-off-by: Vadim Kochan Applied, thanks Vadim. -- You received this message because you are subscribed to the Google Groups

[netsniff-ng] Re: [PATCH] all: Change reporting bugs email

2015-10-28 Thread Tobias Klauser
On 2015-10-28 at 08:38:15 +0100, Vadim Kochan wrote: > Replace b...@netsniff-ng.com to netsniff-ng@googlegroups.com > which is used in REPORTING-BUGS file. > > Signed-off-by: Vadim Kochan Applied, thanks. -- You received this message because you are

[netsniff-ng] Re: [PATCH] flowtop: Fix missing --no-geoip option in usage output

2015-10-29 Thread Tobias Klauser
On 2015-10-29 at 05:08:24 +0100, Vadim Kochan wrote: > Add G,--no-geoip to the usage output. > > Signed-off-by: Vadim Kochan Sorry, must have missed it when amending the patch. Thanks a lot for spotting! -- You received this message because you are

[netsniff-ng] Re: [PATCH 4/5] flowtop: Lookup process by dst port too

2015-10-26 Thread Tobias Klauser
On 2015-10-26 at 14:16:09 +0100, vkochan <vadi...@gmail.com> wrote: > On Mon, Oct 26, 2015 at 01:38:41PM +0100, Tobias Klauser wrote: > > On 2015-10-24 at 16:38:10 +0200, Vadim Kochan <vadi...@gmail.com> wrote: > > > From: Vadim Kochan <vadi...@gmail.com> >

[netsniff-ng] Re: [PATCH 3/5] flowtop: Fix src hostname with garbage

2015-10-26 Thread Tobias Klauser
On 2015-10-26 at 15:07:31 +0100, vkochan <vadi...@gmail.com> wrote: > On Mon, Oct 26, 2015 at 01:33:11PM +0100, Tobias Klauser wrote: > > On 2015-10-24 at 16:38:09 +0200, Vadim Kochan <vadi...@gmail.com> wrote: > > > From: Vadim Kochan <vadi...@gmail.com> &g

[netsniff-ng] Re: [PATCH 4/5] flowtop: Lookup process by dst port too

2015-10-26 Thread Tobias Klauser
On 2015-10-26 at 15:33:26 +0100, vkochan <vadi...@gmail.com> wrote: > On Mon, Oct 26, 2015 at 03:26:59PM +0100, Tobias Klauser wrote: > > On 2015-10-26 at 14:16:09 +0100, vkochan <vadi...@gmail.com> wrote: > > > On Mon, Oct 26, 2015 at 01:38:41PM +0100, Tobias Klause

  1   2   3   4   >