Subject: pkg/30805: net/tcpflow enhancements
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <j+nbsd@2005.salmi.ch>
List: pkgsrc-bugs
Date: 07/21/2005 15:40:01
>Number: 30805
>Category: pkg
>Synopsis: net/tcpflow enhancements
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Thu Jul 21 15:40:00 +0000 2005
>Originator: Jukka Salmi
>Release: pkgsrc HEAD
>Environment:
System: NetBSD moray.salmi.ch 3.99.7 NetBSD 3.99.7 (MORAY) #0: Tue Jul 19 18:53:08 CEST 2005 build@moray.salmi.ch:/build/nbsd/i386/sys/arch/i386/compile/MORAY i386
Architecture: i386
Machine: i386
>Description:
Using a Debian [1]patch as a template I created a patch which adds some
features to tcpflow:
* reset sequence number if SYN is received
* add `-C' option: console print only, but without the display of
source/dest header
* add `-e' option: use colours when printing to console
[1] http://ftp.debian.org/debian/pool/main/t/tcpflow/tcpflow_0.21-6.diff.gz
>How-To-Repeat:
n/a
>Fix:
The patch is attached and available from
http://salmi.ch/~jukka/patches/pkgsrc/net/tcpflow/patch-tcpflow_0.21-6
diff -ru tcpflow-0.21.orig/doc/tcpflow.1.in tcpflow-0.21/doc/tcpflow.1.in
--- doc/tcpflow.1.in 2001-02-27 00:01:30.000000000 +0100
+++ doc/tcpflow.1.in 2005-07-21 16:37:28.000000000 +0200
@@ -6,7 +6,7 @@
.na
.B tcpflow
[\c
-.BI \-chpsv\fR\c
+.BI \-cCehpsv\fR\c
]
[\c
.BI \-b \ max_bytes\fR\c
@@ -62,6 +62,15 @@
.B -s
).
.TP
+.B \-C
+Console print without the packet source and destination details being printed. Print the contents of packets to stdout as they
+are received, without storing any captured data to files (implies
+.B -s
+).
+.TP
+.B \-e
+When outputting to the console each flow will be output in alternating colours.
+.TP
.B \-d
Debug level. Set the level of debugging messages printed to stderr to
\fIdebug_level\fP. Higher numbers produce more messages.
diff -ru tcpflow-0.21.orig/src/main.c tcpflow-0.21/src/main.c
--- src/main.c 2003-08-07 09:35:24.000000000 +0200
+++ src/main.c 2005-07-21 17:02:01.000000000 +0200
@@ -70,7 +70,9 @@
int max_flows = 0;
int max_desired_fds = 0;
int console_only = 0;
+int supress_header = 0;
int strip_nonprint = 0;
+int use_colour = 0;
char error[PCAP_ERRBUF_SIZE];
@@ -79,11 +81,13 @@
{
fprintf(stderr, "%s version %s by Jeremy Elson <jelson@circlemud.org>\n\n",
PACKAGE, VERSION);
- fprintf(stderr, "usage: %s [-chpsv] [-b max_bytes] [-d debug_level] [-f max_fds]\n", progname);
+ fprintf(stderr, "usage: %s [-cCehpsv] [-b max_bytes] [-d debug_level] [-f max_fds]\n", progname);
fprintf(stderr, " [-i iface] [-w file] [expression]\n\n");
fprintf(stderr, " -b: max number of bytes per flow to save\n");
fprintf(stderr, " -c: console print only (don't create files)\n");
+ fprintf(stderr, " -C: console print only, but without the display of source/dest header\n");
fprintf(stderr, " -d: debug level; default is %d\n", DEFAULT_DEBUG_LEVEL);
+ fprintf(stderr, " -e: use colours when printing to console\n");
fprintf(stderr, " -f: maximum number of file descriptors to use\n");
fprintf(stderr, " -h: print this help message\n");
fprintf(stderr, " -i: network interface on which to listen\n");
@@ -124,7 +128,7 @@
opterr = 0;
- while ((arg = getopt(argc, argv, "b:cd:f:hi:pr:sv")) != EOF) {
+ while ((arg = getopt(argc, argv, "b:cCd:ef:hi:pr:sv")) != EOF) {
switch (arg) {
case 'b':
if ((bytes_per_flow = atoi(optarg)) < 0) {
@@ -134,6 +138,10 @@
DEBUG(10) ("capturing max of %d bytes per flow", bytes_per_flow);
}
break;
+ case 'C':
+ supress_header = 1;
+ DEBUG(10) ("packet header dump suppressed");
+ /* fall through */
case 'c':
console_only = 1;
DEBUG(10) ("printing packets to console only");
@@ -148,6 +156,10 @@
DEBUG(1) ("warning: -d flag with 0 debug level '%s'", optarg);
}
break;
+ case 'e':
+ use_colour = 1;
+ DEBUG(10) ("Using colours");
+ break;
case 'f':
if ((max_desired_fds = atoi(optarg)) < (NUM_RESERVED_FDS + 2)) {
DEBUG(1) ("warning: -f flag must be used with argument >= %d",
diff -ru tcpflow-0.21.orig/src/tcpflow.h tcpflow-0.21/src/tcpflow.h
--- src/tcpflow.h 2001-08-08 21:39:40.000000000 +0200
+++ src/tcpflow.h 2005-07-21 16:26:52.000000000 +0200
@@ -133,7 +133,7 @@
u_int32_t dst);
void print_packet(flow_t flow, const u_char *data, u_int32_t length);
void store_packet(flow_t flow, const u_char *data, u_int32_t length,
- u_int32_t seq);
+ u_int32_t seq, int syn_set);
u_char *do_strip_nonprint(const u_char *data, u_int32_t length);
/* flow.c */
diff -ru tcpflow-0.21.orig/src/tcpip.c tcpflow-0.21/src/tcpip.c
--- src/tcpip.c 2001-08-24 07:36:14.000000000 +0200
+++ src/tcpip.c 2005-07-21 16:26:52.000000000 +0200
@@ -55,8 +55,11 @@
#include "tcpflow.h"
extern int console_only;
+extern int supress_header;
extern int bytes_per_flow;
extern int strip_nonprint;
+extern int use_colour;
+
/*************************************************************************/
@@ -133,7 +136,7 @@
tcp_header_len = tcp_header->th_off * 4;
/* return if this packet doesn't have any data (e.g., just an ACK) */
- if (length <= tcp_header_len) {
+ if (length <= tcp_header_len && tcp_header->th_flags != TH_SYN ) {
DEBUG(50) ("got TCP segment with no data");
return;
}
@@ -158,7 +161,7 @@
if (console_only) {
print_packet(this_flow, data, length);
} else {
- store_packet(this_flow, data, length, seq);
+ store_packet(this_flow, data, length, seq, IS_SET(tcp_header->th_flags, TH_SYN));
}
}
@@ -188,8 +191,34 @@
/* print the contents of this packet to the console */
void print_packet(flow_t flow, const u_char *data, u_int32_t length)
{
- printf("%s: ", flow_filename(flow));
+ static int current_colour = 0;
+ char *colour[2] = { "\033[0;34m", // blue
+ "\033[0;31m" }; // red
+
+ if ( use_colour )
+ {
+ printf( "%s", colour[ current_colour ] );
+ if ( current_colour == 1 )
+ {
+ current_colour = 0;
+ }
+ else
+ {
+ current_colour = 1;
+ }
+ }
+
+ if ( supress_header == 0 )
+ {
+ printf("%s: ", flow_filename(flow));
+ }
+
fwrite(data, length, 1, stdout);
+
+ if ( use_colour )
+ {
+ printf("\033[0m");
+ }
putchar('\n');
fflush(stdout);
}
@@ -197,7 +226,7 @@
/* store the contents of this packet to its place in its file */
void store_packet(flow_t flow, const u_char *data, u_int32_t length,
- u_int32_t seq)
+ u_int32_t seq, int syn_set)
{
flow_state_t *state;
tcp_seq offset;
@@ -208,6 +237,12 @@
state = create_flow_state(flow, seq);
}
+ /* If we got a SYN reset the sequence number */
+ if (syn_set)
+ {
+ state->isn = seq - state->pos +1;
+ }
+
/* if we're done collecting for this flow, return now */
if (IS_SET(state->flags, FLOW_FINISHED))
return;