Re: [netsniff-ng] A few Gbit/sec to disk

2014-05-05 Thread Tobias Klauser
On 2014-04-30 at 21:20:03 +0200, Michal Purzynski michalpurzyns...@gmail.com wrote: There's a fix now in the master branch of netsniff-ng.git [1]. Can you confirm that this fixes the issue for you? Does it influence the losslessness of your setup if you specify large ring sizes? [1]

[netsniff-ng] netsniff-ng 0.5.9-rc1

2014-06-12 Thread Tobias Klauser
): git tag -v v0.5.9-rc1 Major high-level changes since the last release are: 1) Add a rudimenatry netlink message dissector to netsniff-ng, from Tobias Klauser. 2) Use printf/scanf format specifiers for fixed width types (fixing a crash of ifpps in 32 bit environments), from James McCoy 3

Re: [netsniff-ng] netsniff-ng 0.5.9-rc1

2014-06-13 Thread Tobias Klauser
On 2014-06-12 at 16:46:42 +0200, Tobias Klauser tklau...@distanz.ch wrote: In the interest of getting back to more regular and more frequent releases, here goes the first release candidate for the netsniff-ng toolkit. It's nothing too spectacular, mostly bugfixes and cleanups - see

[netsniff-ng] netsniff-ng 0.5.9-rc2

2014-06-16 Thread Tobias Klauser
port and ethertype lookup from dissector into own module, thus making flowtop no longer depend on the dissector modules. This fixes flowtop build which was broken in v0.5.9-rc1. By Tobias Klauser. Contributions since last release: 8 Tobias Klauser Git changelog since last release

Re: [netsniff-ng] tcpdump capture delays and dropped packets

2014-07-18 Thread Tobias Klauser
On 2014-07-18 at 15:09:55 +0200, 'peter' via netsniff-ng netsniff-ng@googlegroups.com wrote: hi, im looking for a way to automate packet generation for traffic shaper testing. found a testfile online and modified it a bit, only source/destination ip are valid for the interface ...the

[netsniff-ng] Re: [RFC] trafgen: Alloc cpus regarding to number of packets

2015-03-30 Thread Tobias Klauser
On 2015-03-24 at 12:20:39 +0100, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Trafgen uses all the online cpus even if number of packets specified by -n is less than numbers of selected cpus. Such behaviour leads to issues: - trafgen re-calculates number

Re: [netsniff-ng] Re: [PATCH] mz cli: Make pcap init funcs thread safer

2015-03-30 Thread Tobias Klauser
On 2015-03-30 at 11:54:40 +0200, Vadim Kochan vadi...@gmail.com wrote: On Sun, Mar 22, 2015 at 01:48:50PM +0200, Vadim Kochan wrote: From: Vadim Kochan vadi...@gmail.com mz fails start in cli mode and prints each time different pcap errors: $ mz -x -V fatal flex scanner

[netsniff-ng] Re: [PATCH] trafgen: Alloc cpus according to specified number of packets

2015-03-31 Thread Tobias Klauser
On 2015-03-31 at 11:29:58 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Trafgen uses all the online cpus even if number of packets specified by -n is less than numbers of selected cpus. Such behaviour leads to issues: - trafgen re-calculates number

Re: [netsniff-ng] [PATCH] mz: Dont bind to dev if help was specified

2015-02-20 Thread Tobias Klauser
On 2015-02-20 at 12:39:07 +0100, Vadim Kochan vadi...@gmail.com wrote: Fixed warnings: Warning: [lookupdev.c get_dev_params()] Cannot open socket! when specify help for packet type: # mz -t tcp help Also fixes delayed output of the same command if user is root. Signed-off-by:

Re: [netsniff-ng] [PATCH] flowtop: Print error cause if errno is set when panic

2015-03-23 Thread Tobias Klauser
On 2015-03-21 at 22:58:17 +0100, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Signed-off-by: Vadim Kochan vadi...@gmail.com Applied, thank you Vadim! -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe

[netsniff-ng] Re: [PATCH] mac80211: Check existing of generated monX device

2015-04-20 Thread Tobias Klauser
On 2015-04-17 at 21:04:21 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Fixed case when netsniff fails if there is already existing monX device while generating. Signed-off-by: Vadim Kochan vadi...@gmail.com Applied. Thanks Vadim! -- You received this

Re: [netsniff-ng] [PATCH] iosched: Print error cause if setting io prio failed

2015-04-22 Thread Tobias Klauser
On 2015-04-22 at 16:07:29 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Add error cause message when ioprio_setpid fails. Signed-off-by: Vadim Kochan vadi...@gmail.com Applied, thanks! -- You received this message because you are subscribed to the

Re: [netsniff-ng] [PATCH] netsniff-ng: Dont set IO prio when reading pcap file

2015-04-22 Thread Tobias Klauser
On 2015-04-22 at 18:26:11 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com It allows to read pcap file for users who have no permissions to set process IO prio. Signed-off-by: Vadim Kochan vadi...@gmail.com Applied with Daniel's Acked-by. Thanks a lot

Re: [netsniff-ng] [PATCH] netsniff-ng nlmsg: Print netlink protocol name

2015-04-27 Thread Tobias Klauser
On 2015-04-24 at 18:14:35 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com nlmsg proto handler can't identify Netlink protocol from nlmsghdr, so sockaddr_ll can be used to get it. Also renamed [proto - handler] member in pkt_buff struct, which is more

Re: [netsniff-ng] [PATCH] netsniff-ng mac80211: Print HT Capabilities more structurd

2015-04-27 Thread Tobias Klauser
On 2015-04-23 at 10:38:16 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com [...] Signed-off-by: Vadim Kochan vadi...@gmail.com Applied, thanks. -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe from

Re: [netsniff-ng] Re: [PATCH] netsniff-ng: Show packet number

2015-04-27 Thread Tobias Klauser
On 2015-04-25 at 09:07:35 +0200, Vadim Kochan vadi...@gmail.com wrote: On Thu, Apr 23, 2015 at 02:24:16PM +0300, Vadim Kochan wrote: static inline void __show_frame_hdr(uint8_t *packet, size_t len, int linktype, struct sockaddr_ll *s_ll, void *raw_hdr, -

Re: [netsniff-ng] [PATCH] netsniff-ng mac80211: Print probe request IEs info

2015-05-02 Thread Tobias Klauser
On 2015-04-27 at 17:49:32 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com As probe request frame consist only with IE params so just do a similar print of these params as it was done for beacon. Also using mgmt_{func}_dissect naming for mgmt frame

Re: [netsniff-ng] [PATCH] netsniff-ng mac80211: Print IE prefix before param

2015-05-02 Thread Tobias Klauser
On 2015-04-28 at 16:56:02 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Print 'IE:' prefix before each mgmt IE parameter which should be more readable and it allows easy identify next element while the listing the big one: Also removed 1 TAB in HT

Re: [netsniff-ng] [PATCH v2] netsniff-ng: Show packet number

2015-05-02 Thread Tobias Klauser
On 2015-04-27 at 20:36:08 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com wlp3s0 107 1430159373s.693002029ns (#5) [ Eth MAC (6c:88:14:ac:51:e4 = 10:fe:ed:90:22:12), Proto (0x0800, IPv4) ] Signed-off-by: Vadim Kochan vadi...@gmail.com Applied, thanks!

Re: [netsniff-ng] [PATCH] netsniff-ng: Fix capturing extra packets from other dev

2015-05-02 Thread Tobias Klauser
On 2015-04-29 at 21:18:24 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com It might be related to the issue #73 noticed by Jon Schipp jonsch...@gmail.com where he pointed that netsniff-ng captures some extra packets. I observed this issue when I

Re: [netsniff-ng] [PATCH] netsniff-ng mac80211: Print probe response frame

2015-05-04 Thread Tobias Klauser
On 2015-05-02 at 22:07:13 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com As Probe Response frame is very similar to Beacon (except some IEs which are identified dynamically) so lets just use the same func to dissect it. Signed-off-by: Vadim Kochan

Re: [netsniff-ng] [PATCH] trafgen: Del rfmon mac80211 device on panic

2015-05-04 Thread Tobias Klauser
On 2015-05-03 at 10:14:07 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Fixed case when rfmon mac80211 created device remains after trafgen failed (for ex. - incorrect cfg file), so just delete it when panic occured. Also made panic handlers invoking

Re: [netsniff-ng] [PATCH] netsniff-ng nlmsg: Print family type in less mode

2015-05-05 Thread Tobias Klauser
On 2015-05-05 at 12:29:24 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Print 'Family' and 'Type' (considering family) fields in less mode. Signed-off-by: Vadim Kochan vadi...@gmail.com Applied, thanks. -- You received this message because you are

Re: [netsniff-ng] [PATCH] netsniff-ng nlmsg: Print more fields in less mode

2015-05-05 Thread Tobias Klauser
On 2015-05-04 at 11:32:33 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Print similar header fields in less mode as it is done in full mode. In my opinion it's fine as it is now and I'd like to keep the *_less outputs as sparse as possible. If the user

Re: [netsniff-ng] [PATCH] die: Rename panic func - panic handler

2015-05-05 Thread Tobias Klauser
On 2015-05-04 at 10:11:21 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Rename xxx_panic_func(s) to xxx_panic_handler(s) which is more understandable than 'func'. Signed-off-by: Vadim Kochan vadi...@gmail.com Applied now, thanks. -- You received this

Re: [netsniff-ng] [PATCH] netsniff-ng nlmsg: Print more fields in less mode

2015-05-05 Thread Tobias Klauser
On 2015-05-05 at 11:43:03 +0200, Vadim Kochan vadi...@gmail.com wrote: On Tue, May 05, 2015 at 11:20:42AM +0200, Tobias Klauser wrote: On 2015-05-04 at 11:32:33 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Print similar header fields in less mode

Re: [netsniff-ng] tprintf breaks color terminal sequence

2015-05-05 Thread Tobias Klauser
On 2015-05-04 at 19:16:39 +0200, Vadim Kochan vadi...@gmail.com wrote: Hi, In less mode (netsniff-ng -i dev --less) the color ESC terminal sequences can be broken by automatic indentation made in tprintf.c: __tprint_flush which can add spaces or new line within of this sequence.

Re: [netsniff-ng] [PATCH] netsniff-ng: Fix color breaking in less mode

2015-05-05 Thread Tobias Klauser
On 2015-05-05 at 09:44:57 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Automatic new line indentation can break terminal ESC color sequence by inserting new line within it. Fixed by considering that color ESC sequence is not closed by 'm' and only

Re: [netsniff-ng] [PATCH v2] netsniff-ng nlmsg: Print multi-part messages

2015-05-18 Thread Tobias Klauser
On 2015-05-18 at 10:36:53 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Pull print more Netlink messages from one packet which can be sent with MULTI flag. Signed-off-by: Vadim Kochan vadi...@gmail.com Thanks! I applied this now. -- You received this

[netsniff-ng] Re: [PATCH] netsniff: Consider radiotap header of monitor dev

2015-04-13 Thread Tobias Klauser
On 2015-04-10 at 10:43:57 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com netsniff does not check if monitor device includes radiotap header which leads to the wrong 802.11 frame parsing. Tested if the .pcap file is understandable by wireshark and if dump

Re: [netsniff-ng] multiple instances of netsniff-ng with AF_PACKET hash fanout

2015-04-13 Thread Tobias Klauser
On 2015-04-11 at 18:59:08 +0200, Michał Purzyński michalpurzyns...@gmail.com wrote: OK, try one. I'm ready to accept heavy artillery fire ;-) Man, it takes a while to find a free letter for getopt. Two new parameters were added: -C cluster id with integer that represents the socket fanout

Re: [netsniff-ng] Re: multiple instances of netsniff-ng with AF_PACKET hash fanout

2015-04-07 Thread Tobias Klauser
On 2015-04-04 at 17:09:33 +0200, Michał Purzyński michalpurzyns...@gmail.com wrote: OOM killed told me I had to give the development VM more memory. I did and the code works - different flows are hashed among two instances. What do you think about the idea (the code is ugly)? If there's a

Re: [netsniff-ng] [PATCH] netsniff-ng nlmsg: Dissect rtnl link type messages

2015-05-19 Thread Tobias Klauser
On 2015-05-19 at 06:42:50 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Dump RTnetlink interface related info with attributes. Signed-off-by: Vadim Kochan vadi...@gmail.com --- netsniff-ng/Makefile | 2 + proto_nlmsg.c| 232

Re: [netsniff-ng] [PATCH] netsniff-ng mac80211: Align country channels info

2015-05-21 Thread Tobias Klauser
On 2015-05-20 at 11:40:14 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Print each country channel info on separated line to make it more readable: IE: Country (7, Len(66)): Country String: US First Ch Nr: 36, Nr of Ch: 1, Max Transmit Pwr Lvl: 24

Re: [netsniff-ng] [RFC] netsniff-ng: Add support of pcap cooked header

2015-05-20 Thread Tobias Klauser
On 2015-05-13 at 11:54:01 +0200, Vadim Kochan vadi...@gmail.com wrote: On Wed, May 13, 2015 at 11:45:16AM +0200, Daniel Borkmann wrote: On 05/13/2015 11:31 AM, Vadim Kochan wrote: On Wed, May 13, 2015 at 11:24:11AM +0200, Daniel Borkmann wrote: On 05/13/2015 11:21 AM, Vadim Kochan wrote:

Re: [netsniff-ng] [RFC] netsniff-ng: Add support of pcap cooked header

2015-05-20 Thread Tobias Klauser
On 2015-05-20 at 16:34:44 +0200, Vadim Kochan vadi...@gmail.com wrote: On Wed, May 20, 2015 at 04:30:30PM +0200, Tobias Klauser wrote: On 2015-05-13 at 11:54:01 +0200, Vadim Kochan vadi...@gmail.com wrote: On Wed, May 13, 2015 at 11:45:16AM +0200, Daniel Borkmann wrote: On 05/13/2015 11

Re: [netsniff-ng] [PATCH] flowtop man: Add note about activate ct by iptables

2015-07-07 Thread Tobias Klauser
On 2015-07-02 at 20:41:20 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Add the same note about using iptables to activate conntrack as it is already described in 'flowtop -h', just to keep it in the man page too. Signed-off-by: Vadim Kochan

[netsniff-ng] [PULL] Pull request for netsniff-ng Debian packaging

2015-08-20 Thread Tobias Klauser
://github.com/tklauser/pkg-netsniff-ng.git for-kartik for you to fetch changes up to 36d6176dcea2de4f1752e402eac7b907507534b5: Use verbose build to make compiler flags visible in buildd logs (2015-08-20 09:14:16 +0200) Tobias Klauser

Re: [netsniff-ng] Can the netsniff-ng limit the number of rotated dump files that get created?

2015-08-20 Thread Tobias Klauser
Hi Ivan On 2015-08-18 at 12:14:36 +0200, Ivan Cheng ivancheng2...@gmail.com wrote: Hi Expects, Can the netsniff-ng support below feature which is extracted from the tcpdump manpage: -W Used in conjunction with the -C option, this will limit the number of files created to the

Re: [netsniff-ng] [RFC] netsniff-ng: Show total rx stats for multi pcap mode

2015-08-20 Thread Tobias Klauser
On 2015-08-17 at 21:17:15 +0200, Vadim Kochan vadi...@gmail.com wrote: Allow to collect rx stats for multiple pcap mode, by storing them in separated variables before switch to the next pcap file. It allows to have the one approach when dump for single or multiple pcap(s) mode.

Re: [netsniff-ng] Re: [PULL] Pull request for netsniff-ng Debian packaging

2015-08-20 Thread Tobias Klauser
On 2015-08-20 at 09:49:26 +0200, Kartik Mistry kartik.mis...@gmail.com wrote: On Thu, Aug 20, 2015 at 12:59 PM, Tobias Klauser tklau...@distanz.ch wrote: I made some minor changes to the Debian packaging of netsniff-ng, based off the repo at git://anonscm.debian.org/collab-maint/netsniff

[netsniff-ng] [PATCH 1/3] Remove cmake from Build-Depends

2015-08-20 Thread Tobias Klauser
netsniff-ng no longer uses cmake as its build system Signed-off-by: Tobias Klauser tklau...@distanz.ch --- debian/changelog | 7 +++ debian/control | 1 - 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 3943ff4..9a3665c 100644

[netsniff-ng] [PATCH 3/3] Use verbose build to make compiler flags visible in buildd logs

2015-08-20 Thread Tobias Klauser
Signed-off-by: Tobias Klauser tklau...@distanz.ch --- debian/changelog | 2 ++ debian/rules | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index b6b8ce1..e545be8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,8

[netsniff-ng] Re: [PATCH 0/2] netsniff-ng: vlan: Print vlan info from tpacket v3 struct

2015-08-17 Thread Tobias Klauser
On 2015-08-16 at 23:21:29 +0200, Vadim Kochan vadi...@gmail.com wrote: It might be useful to sniff for vlan header info which might be not injected into packet if reordering is on and if physical device supports VLAN offloading. But these fields are kept in skb and are stored in tpacket v2/v3

Re: [netsniff-ng] Can we specify the packet length during capturing the traffic?

2015-08-24 Thread Tobias Klauser
Hi Ivan On 2015-08-21 at 05:20:33 +0200, Ivan Cheng ivancheng2...@gmail.com wrote: Hi Experts, Can we specify the packet length during capturing the traffic? This feature allows us to just save the protocol information without user data. It can avoid the save sensitive user data and

Re: [netsniff-ng] RE: Installation error - netsniff-ng-0.5.9 / Debian 7.8

2015-06-29 Thread Tobias Klauser
On 2015-06-24 at 09:10:01 +0200, James Burnett james.burn...@geant.org wrote: To update: If I manually create the /usr/local/share/man/man8/ folder, it installs fine. Thanks for the follow up. I think the problem is that our install rule doesn't create the directories and as they didn't seem

Re: [netsniff-ng] [RFC v2 00/10] trafgen: Build protocol packet via command line

2015-06-30 Thread Tobias Klauser
On 2015-06-30 at 11:41:04 +0200, Daniel Borkmann borkm...@iogearbox.net wrote: On 06/29/2015 02:58 AM, Vadim Kochan wrote: Hi, This is the 1-st try version of how I see the protocol generation API for the trafgen util as mz replacement (at least for better performance). I am sending

Re: [netsniff-ng] [RFC v2 00/10] trafgen: Build protocol packet via command line

2015-06-30 Thread Tobias Klauser
On 2015-06-30 at 12:31:50 +0200, Vadim Kochan vadi...@gmail.com wrote: On Tue, Jun 30, 2015 at 11:41:04AM +0200, Daniel Borkmann wrote: On 06/29/2015 02:58 AM, Vadim Kochan wrote: Hi, This is the 1-st try version of how I see the protocol generation API for the trafgen util as mz

Re: [netsniff-ng] [RFC v2 00/10] trafgen: Build protocol packet via command line

2015-06-30 Thread Tobias Klauser
On 2015-06-30 at 12:00:55 +0200, Vadim Kochan vadi...@gmail.com wrote: On Tue, Jun 30, 2015 at 11:41:04AM +0200, Daniel Borkmann wrote: On 06/29/2015 02:58 AM, Vadim Kochan wrote: Hi, This is the 1-st try version of how I see the protocol generation API for the trafgen util as mz

Re: [netsniff-ng] [PATCH] trafgen: Print min packet size in error message

2015-06-30 Thread Tobias Klauser
On 2015-06-27 at 11:03:25 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Print minimum needed packet size in case if validation error. Applied, thanks Vadim! -- You received this message because you are subscribed to the Google Groups netsniff-ng group.

Re: [netsniff-ng] [PATCH] sock: Fix panic when can't open /proc sock memory file

2015-07-30 Thread Tobias Klauser
On 2015-07-30 at 12:33:35 +0200, Vadim Kochan vadi...@gmail.com wrote: On Thu, Jul 30, 2015 at 11:36:44AM +0200, Tobias Klauser wrote: On 2015-07-30 at 10:55:06 +0200, Vadim Kochan vadi...@gmail.com wrote: On Thu, Jul 30, 2015 at 09:09:13AM +0200, Tobias Klauser wrote: On 2015-07-29

[netsniff-ng] Re: [PATCH] flowtop: Resolve src host if '-s' option specified

2015-08-04 Thread Tobias Klauser
On 2015-08-04 at 01:13:59 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Do not do reverse DNS for src hostname if '-s' option is not specified. Signed-off-by: Vadim Kochan vadi...@gmail.com Applied, thanks. -- You received this message because you are

[netsniff-ng] Re: [PATCH] flowtop: Don't hide status bar while dumping flows

2015-08-04 Thread Tobias Klauser
On 2015-08-04 at 00:52:07 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Don't hide status bar line when dumping flows but print [Collecting flows ...] on the same line. Really there is no sense to hide this status bar line. Signed-off-by: Vadim Kochan

[netsniff-ng] Re: [PATCH v2] flowtop: Do not insert DNS flows into list

2015-08-04 Thread Tobias Klauser
On 2015-08-04 at 07:58:54 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Just ignore DNS flows instead of insert it and then filter it out by presenter. Signed-off-by: Vadim Kochan vadi...@gmail.com This fails to apply on top of your previous patch

[netsniff-ng] Re: [PATCH] flowtop: Show counters by direction

2015-08-03 Thread Tobias Klauser
On 2015-08-01 at 16:42:51 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Show bytes/pkts counters per src/dst direction. By default counters originated from dst are showed. Src counters are showed only if '-s' is specified. Signed-off-by: Vadim Kochan

[netsniff-ng] Re: [PATCH 0/4] flowtop: Use dump connections instead of flush

2015-08-03 Thread Tobias Klauser
On 2015-08-01 at 10:04:05 +0200, Vadim Kochan vadi...@gmail.com wrote: Get rid of flush netfilter connections but instead dump once whole ipv4/ipv6 at beginning. The ugly think is that in case of dump there was added additional manual nfct filter because nfct_filter could not be used when do

[netsniff-ng] Re: [PATCH] netsniff-ng: Do not tune socket memory on pcap read only

2015-08-03 Thread Tobias Klauser
On 2015-08-02 at 14:29:09 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com In case if regular user opens pcap file then netsniff-ng tries to setup socket memory which causes warning about failing because of permissions. So lets do not tune socket memory on

[netsniff-ng] Re: [PATCH] man flowtop: Add notes about traffic accounting enabling

2015-08-03 Thread Tobias Klauser
On 2015-08-01 at 16:51:36 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Add some explanation about traffic counters enabling via sysctl and its limitation. Signed-off-by: Vadim Kochan vadi...@gmail.com Applied with some minor rewordings. Thanks Vadim.

Re: [netsniff-ng] [PATCH] sock: Fix panic when can't open /proc sock memory file

2015-07-30 Thread Tobias Klauser
On 2015-07-29 at 17:07:29 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com In the previous version there was no panic if file does not exist, so lets follow this behaviour. In my opinion the current behavior is fine. These files should exists on any decent

Re: [netsniff-ng] [PATCH] sock: Fix panic when can't open /proc sock memory file

2015-07-30 Thread Tobias Klauser
On 2015-07-30 at 10:55:06 +0200, Vadim Kochan vadi...@gmail.com wrote: On Thu, Jul 30, 2015 at 09:09:13AM +0200, Tobias Klauser wrote: On 2015-07-29 at 17:07:29 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com In the previous version there was no panic

[netsniff-ng] Re: [PATCH] flowtop: Fix missing new connections after flush

2015-07-27 Thread Tobias Klauser
On 2015-07-27 at 00:24:51 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com There might be new fast connection between flush handling new events which can be not handled, so put flushing connections before loop. Signed-off-by: Vadim Kochan

Re: [netsniff-ng] [PATCH v2 0/4] flowtop: Add traffic accounting dump

2015-07-17 Thread Tobias Klauser
On 2015-07-13 at 22:03:05 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Added periodic dump of existing and visible flow to update packets bytes counters. Needs to clone nf_conntrack object for new added flow entry to update counters for this

Re: [netsniff-ng] [PATCH v2 0/4] flowtop: Add traffic accounting dump

2015-07-17 Thread Tobias Klauser
On 2015-07-17 at 13:46:47 +0200, Vadim Kochan vadi...@gmail.com wrote: On Fri, Jul 17, 2015 at 01:42:56PM +0200, Tobias Klauser wrote: On 2015-07-13 at 22:03:05 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Added periodic dump of existing

[netsniff-ng] Re: [RFC] flowtop: Show flow rate of bytes & pkts

2015-10-22 Thread Tobias Klauser
On 2015-10-20 at 19:46:07 +0200, Vadim Kochan wrote: > Calculate & print the rate of src/dst bytes & pkts. > Also changed refresh flows time to 1s so the rate > info will be not disappeared very soon. Looks good to me in general and I like the idea. A few minor comments below.

[netsniff-ng] Re: [PATCH 2/5] flowtop: Allow disable hostname lookup

2015-10-27 Thread Tobias Klauser
On 2015-10-27 at 01:00:48 +0100, Vadim Kochan wrote: > Added option -n,--no-dns which disables hostname lookup. > > Signed-off-by: Vadim Kochan Applied, thanks. -- You received this message because you are subscribed to the Google Groups "netsniff-ng"

[netsniff-ng] Re: [PATCH 1/5] flowtop: Fix src hostname showed with garbage

2015-10-27 Thread Tobias Klauser
On 2015-10-27 at 10:59:10 +0100, vkochan <vadi...@gmail.com> wrote: > On Tue, Oct 27, 2015 at 10:51:26AM +0100, Tobias Klauser wrote: > > On 2015-10-27 at 01:00:47 +0100, Vadim Kochan <vadi...@gmail.com> wrote: > > > Use strlcpy for copy resolved src/dst hostname. >

[netsniff-ng] Re: [PATCH 4/5] flowtop: Show rate in bits by default but in bytes optionaly

2015-10-27 Thread Tobias Klauser
On 2015-10-27 at 01:00:50 +0100, Vadim Kochan wrote: > Show rate in bits, but allow to show in bytes by -B,--rate-bytes option. I think it should be the other way around, i.e. the default mode shows the rate in bytes and you can switch to bits via command-line option. In my

[netsniff-ng] Re: [PATCH] flowtop: Add command-line option for show rate in bits

2015-10-28 Thread Tobias Klauser
On 2015-10-28 at 06:39:26 +0100, Vadim Kochan wrote: > Add -b,--bits command line option for show rate in bits. > > Signed-off-by: Vadim Kochan Applied, thanks Vadim. -- You received this message because you are subscribed to the Google Groups

[netsniff-ng] Re: [PATCH] all: Change reporting bugs email

2015-10-28 Thread Tobias Klauser
On 2015-10-28 at 08:38:15 +0100, Vadim Kochan wrote: > Replace b...@netsniff-ng.com to netsniff-ng@googlegroups.com > which is used in REPORTING-BUGS file. > > Signed-off-by: Vadim Kochan Applied, thanks. -- You received this message because you are

[netsniff-ng] Re: [PATCH] flowtop: Fix missing --no-geoip option in usage output

2015-10-29 Thread Tobias Klauser
On 2015-10-29 at 05:08:24 +0100, Vadim Kochan wrote: > Add G,--no-geoip to the usage output. > > Signed-off-by: Vadim Kochan Sorry, must have missed it when amending the patch. Thanks a lot for spotting! -- You received this message because you are

[netsniff-ng] Re: [PATCH 4/5] flowtop: Lookup process by dst port too

2015-10-26 Thread Tobias Klauser
On 2015-10-26 at 14:16:09 +0100, vkochan <vadi...@gmail.com> wrote: > On Mon, Oct 26, 2015 at 01:38:41PM +0100, Tobias Klauser wrote: > > On 2015-10-24 at 16:38:10 +0200, Vadim Kochan <vadi...@gmail.com> wrote: > > > From: Vadim Kochan <vadi...@gmail.com> >

[netsniff-ng] Re: [PATCH 3/5] flowtop: Fix src hostname with garbage

2015-10-26 Thread Tobias Klauser
On 2015-10-26 at 15:07:31 +0100, vkochan <vadi...@gmail.com> wrote: > On Mon, Oct 26, 2015 at 01:33:11PM +0100, Tobias Klauser wrote: > > On 2015-10-24 at 16:38:09 +0200, Vadim Kochan <vadi...@gmail.com> wrote: > > > From: Vadim Kochan <vadi...@gmail.com> &g

[netsniff-ng] Re: [PATCH 4/5] flowtop: Lookup process by dst port too

2015-10-26 Thread Tobias Klauser
On 2015-10-26 at 15:33:26 +0100, vkochan <vadi...@gmail.com> wrote: > On Mon, Oct 26, 2015 at 03:26:59PM +0100, Tobias Klauser wrote: > > On 2015-10-26 at 14:16:09 +0100, vkochan <vadi...@gmail.com> wrote: > > > On Mon, Oct 26, 2015 at 01:38:41PM +0100, Tobias Klause

[netsniff-ng] Re: [PATCH 4/5] flowtop: Lookup process by dst port too

2015-10-26 Thread Tobias Klauser
On 2015-10-24 at 16:38:10 +0200, Vadim Kochan wrote: > From: Vadim Kochan > > Perform lookup inode by dst port too if remote traffic represented as > src flow, so in case if lookup by src port failed then choose > inode matched by dst port. > >

[netsniff-ng] Re: [PATCH 5/5] flowtop: Add option for flow refresh interval

2015-10-26 Thread Tobias Klauser
On 2015-10-24 at 16:38:11 +0200, Vadim Kochan wrote: > From: Vadim Kochan > > Add new -t,--interval option to specify flow refresh time in seconds. > > Signed-off-by: Vadim Kochan Applied, thanks. -- You received this message because

[netsniff-ng] Re: [PATCH 3/5] flowtop: Fix src hostname with garbage

2015-10-26 Thread Tobias Klauser
On 2015-10-24 at 16:38:09 +0200, Vadim Kochan wrote: > From: Vadim Kochan > > Add missing reset for src hostname buffer. > > Signed-off-by: Vadim Kochan > --- > flowtop.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > >

[netsniff-ng] Re: [PATCH 2/2] trafgen: Allow to build packet from command line

2015-11-09 Thread Tobias Klauser
On 2015-11-07 at 15:55:16 +0100, Vadim Kochan wrote: > Craft packet direct from command line with same syntax as for conf file. > It might be as first step to extend current syntax with specific proto fields. > > Signed-off-by: Vadim Kochan Nice work,

[netsniff-ng] Re: [PATCH 1/2] str: Add converting cmdline args vector to str

2015-11-09 Thread Tobias Klauser
On 2015-11-07 at 15:55:15 +0100, Vadim Kochan wrote: > Move piece of code which converts cmdline args vector to string > from netsniff-ng.c to str.c as function. > > Signed-off-by: Vadim Kochan Applied with slightly changed function/argument names. Thanks!

[netsniff-ng] Re: [PATCH] netsniff-ng: Allow to specify compiled BPF from stdin

2015-11-10 Thread Tobias Klauser
On 2015-11-10 at 09:18:18 +0100, Vadim Kochan <vadi...@gmail.com> wrote: > On Tue, Nov 10, 2015 at 09:06:17AM +0100, Tobias Klauser wrote: > > On 2015-11-10 at 07:29:12 +0100, Vadim Kochan <vadi...@gmail.com> wrote: > > > Allow read compiled BPF instructions f

[netsniff-ng] Re: [PATCH v2] netsniff-ng: Allow to specify compiled BPF from stdin

2015-11-10 Thread Tobias Klauser
On 2015-11-10 at 09:28:08 +0100, Vadim Kochan wrote: > Allow read compiled BPF instructions from stdin by via '-f -' option. > > Signed-off-by: Vadim Kochan Applied, thanks! -- You received this message because you are subscribed to the Google Groups

[netsniff-ng] Re: [PATCH] netsniff-ng: Allow to specify compiled BPF from stdin

2015-11-10 Thread Tobias Klauser
On 2015-11-10 at 07:29:12 +0100, Vadim Kochan wrote: > Allow read compiled BPF instructions from stdin by via '-f -' option. > > Signed-off-by: Vadim Kochan > --- > bpf.c | 6 +- > netsniff-ng.8 | 5 +++-- > netsniff-ng.c | 2 +- > 3 files

[netsniff-ng] Re: [PATCH] bpfc, trafgen: Do not close stdin when "-" is specified

2015-11-10 Thread Tobias Klauser
On 2015-11-10 at 09:53:33 +0100, Vadim Kochan wrote: > Do not perform fclose for stdin fd. > > Signed-off-by: Vadim Kochan Applied, thanks. -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe

[netsniff-ng] Re: [PATCH 2/2] flowtop: Add runtime commands to show TCP/UDP/DCCP/ICMP/SCTP

2015-11-16 Thread Tobias Klauser
On 2015-11-12 at 07:54:19 +0100, Vadim Kochan wrote: > Now it is possible toggle display TCP/UDP/DCCP/ICMP/SCTP protos > by the same char keys as short command line options - T/U/D/I/S. > > Signed-off-by: Vadim Kochan > --- > flowtop.c | 69 >

[netsniff-ng] Re: [PATCH] bpfc: Do not panic if bpf file is not valid

2015-11-16 Thread Tobias Klauser
On 2015-11-15 at 22:16:37 +0100, Vadim Kochan wrote: > If bpf file is not valid then cpp generated file is not > deleted because panic() func is invoked. > > Signed-off-by: Vadim Kochan Applied, thanks. -- You received this message because you are

[netsniff-ng] Re: [PATCH 2/3] flowtop: Add runtime command to change rate units

2015-11-09 Thread Tobias Klauser
On 2015-11-06 at 23:23:25 +0100, Vadim Kochan wrote: > Add interactive command 'b' to change rate units to show. > > Signed-off-by: Vadim Kochan Applied, thanks Vadim! -- You received this message because you are subscribed to the Google Groups

[netsniff-ng] Re: [PATCH 1/3] flowtop: Add runtime command to show help window

2015-11-09 Thread Tobias Klauser
On 2015-11-06 at 23:23:24 +0100, Vadim Kochan wrote: [...] > +static void draw_help(WINDOW *screen) > +{ > + int col = 0; > + int row = 0; > + int i; > + > + mvaddch(row, col, ACS_ULCORNER); > + mvaddch(rows - row - 2, col, ACS_LLCORNER); > + > +

[netsniff-ng] Re: [PATCH] flowtop: Calc flow rate more carefully

2015-11-05 Thread Tobias Klauser
On 2015-11-04 at 20:42:15 +0100, Vadim Kochan wrote: > Make rate calculation more carefully by checking previous & current > bytes/pkts counter. > > Do calculation only if update time passed >= 1s. > > Signed-off-by: Vadim Kochan Applied, thank you Vadim!

[netsniff-ng] Re: netsniff-ng: pcap to json

2015-11-05 Thread Tobias Klauser
On 2015-11-05 at 12:28:29 +0100, Vadim Kochan wrote: > What do you think if it is a good idea to convert pcap to json by netsniff-ng > ? > I mean to add such feature ... What would be the use case for this? Is there a kind of standardized representation for packets in JSON?

Re: [netsniff-ng] Re: [PATCH 3/6] flowtop: Rename flow_entry_direction enum

2015-11-04 Thread Tobias Klauser
On 2015-11-04 at 17:20:35 +0100, Tobias Klauser <tklau...@distanz.ch> wrote: > On 2015-11-03 at 19:06:49 +0100, Vadim Kochan <vadi...@gmail.com> wrote: > > Renamed flow_entry_direction to flow_direction to be > > little shorter. > > > > Chang

[netsniff-ng] Re: [PATCH 6/6] flowtop: Show rate in yellow color

2015-11-04 Thread Tobias Klauser
On 2015-11-03 at 19:06:52 +0100, Vadim Kochan wrote: > It is easier to differentiate bytes/pkts counters with rate counters > if to use different colors. > > Signed-off-by: Vadim Kochan Applied, thank you! -- You received this message because you are

[netsniff-ng] Re: [PATCH] flowtop: Redraw screen in 1s if no key was pressed

2015-11-06 Thread Tobias Klauser
On 2015-11-05 at 23:07:45 +0100, Vadim Kochan wrote: > Seems like screen is updating too frequently which > may block some terminals, so lets do it once in 1s > but only if no key was pressed. > > Signed-off-by: Vadim Kochan Applied, thanks Vadim. -- You

[netsniff-ng] Re: [PATCH] curvetun: Move copyright text to separate variable

2015-11-06 Thread Tobias Klauser
On 2015-11-05 at 16:38:51 +0100, Vadim Kochan wrote: > Use copyright text from one place when print it in version or help output. > > Signed-off-by: Vadim Kochan Applied, thanks. -- You received this message because you are subscribed to the Google

[netsniff-ng] Re: [PATCH] lookup: Do not panic if conf file does not exist

2015-11-06 Thread Tobias Klauser
On 2015-11-05 at 16:49:29 +0100, Vadim Kochan wrote: > It is not necessary to do not allow run application if > there is no conf file for port resolving, but instead print > message to stderr. Applied, thanks. -- You received this message because you are subscribed to the

Re: [netsniff-ng] Re: [PATCH] build: Check for libnl-route

2015-11-06 Thread Tobias Klauser
On 2015-11-06 at 16:53:02 +0100, Vadim Kochan <vadi...@gmail.com> wrote: > On Fri, Nov 06, 2015 at 04:36:08PM +0100, Tobias Klauser wrote: > > On 2015-11-06 at 15:46:16 +0100, Vadim Kochan <vadi...@gmail.com> wrote: > > > libnl-route is used in netsnif

Re: [netsniff-ng] Re: [PATCH] build: Check for libnl-route

2015-11-06 Thread Tobias Klauser
On 2015-11-06 at 17:06:55 +0100, Vadim Kochan <vadi...@gmail.com> wrote: > On Fri, Nov 06, 2015 at 05:05:38PM +0100, Tobias Klauser wrote: > > On 2015-11-06 at 16:53:02 +0100, Vadim Kochan <vadi...@gmail.com> wrote: > > > On Fri, Nov 06, 2015 at 04:36:08

[netsniff-ng] [ANNOUNCE] netsniff-ng 0.6.0

2015-11-06 Thread Tobias Klauser
additional information. From Vadim Kochan. 4) Helper functions for TCP/UDP checksums in IPv6 trafgen packets and performance improvement in trafgen when using checksums without dynamic data. From Tobias Klauser. n) Various fixes, improvements, cleanups and documentation updates. From Va

[netsniff-ng] Re: About next release date

2015-10-30 Thread Tobias Klauser
Hi Vadim On 2015-10-30 at 09:59:46 +0100, Vadim Kochan wrote: > I'd like to know when you plan to do the next release, actually > I have some plans regarding flowtop which I think might be good to have in > the next release like sorting by rate & probably by received/sent

Re: [netsniff-ng] netlink

2015-10-19 Thread Tobias Klauser
On 2015-10-17 at 11:08:22 +0200, Vadim Kochan wrote: > OK you can get changes from: > https://github.com/vkochan/netsniff-ng/tree/netsniff_print_headers > > I added -z,--headers option, you can find it in usage output. > This option allows the following combinations: > >

Re: [netsniff-ng] netlink

2015-10-19 Thread Tobias Klauser
On 2015-10-15 at 16:14:09 +0200, Geoff Ladwig wrote: > Vadim, > > Thanks for responding. > > I have never found much use for the ASCII output... but would be happy > either way. > > Possibly a --headers options so you can individually select --header, --hex >

Re: [netsniff-ng] netlink

2015-10-19 Thread Tobias Klauser
On 2015-10-19 at 14:09:19 +0200, Geoff Ladwig wrote: > Tobias, > > Either way works for me. > The issue I had was that the only way I could see all the data was with > --hex , but then didn't get the headers- which are pretty handy! Ok, great. Would it be possible

  1   2   3   >