Subject: pkg/30805: net/tcpflow enhancements
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <j+nbsd@2005.salmi.ch>
List: pkgsrc-bugs
Date: 07/21/2005 15:40:01
>Number:         30805
>Category:       pkg
>Synopsis:       net/tcpflow enhancements
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu Jul 21 15:40:00 +0000 2005
>Originator:     Jukka Salmi
>Release:        pkgsrc HEAD
>Environment:
System: NetBSD moray.salmi.ch 3.99.7 NetBSD 3.99.7 (MORAY) #0: Tue Jul 19 18:53:08 CEST 2005 build@moray.salmi.ch:/build/nbsd/i386/sys/arch/i386/compile/MORAY i386
Architecture: i386
Machine: i386
>Description:
Using a Debian [1]patch as a template I created a patch which adds some
features to tcpflow:
	* reset sequence number if SYN is received
	* add `-C' option: console print only, but without the display of
	  source/dest header
	* add `-e' option: use colours when printing to console

[1] http://ftp.debian.org/debian/pool/main/t/tcpflow/tcpflow_0.21-6.diff.gz
>How-To-Repeat:
n/a
>Fix:
The patch is attached and available from
http://salmi.ch/~jukka/patches/pkgsrc/net/tcpflow/patch-tcpflow_0.21-6

diff -ru tcpflow-0.21.orig/doc/tcpflow.1.in tcpflow-0.21/doc/tcpflow.1.in
--- doc/tcpflow.1.in	2001-02-27 00:01:30.000000000 +0100
+++ doc/tcpflow.1.in	2005-07-21 16:37:28.000000000 +0200
@@ -6,7 +6,7 @@
 .na
 .B tcpflow
 [\c
-.BI \-chpsv\fR\c
+.BI \-cCehpsv\fR\c
 ]
 [\c
 .BI \-b \ max_bytes\fR\c
@@ -62,6 +62,15 @@
 .B -s
 ).
 .TP
+.B \-C
+Console print without the packet source and destination details being printed.  Print the contents of packets to stdout as they
+are received, without storing any captured data to files (implies
+.B -s
+).
+.TP
+.B \-e
+When outputting to the console each flow will be output in alternating colours.
+.TP
 .B \-d
 Debug level.  Set the level of debugging messages printed to stderr to
 \fIdebug_level\fP.  Higher numbers produce more messages.
diff -ru tcpflow-0.21.orig/src/main.c tcpflow-0.21/src/main.c
--- src/main.c	2003-08-07 09:35:24.000000000 +0200
+++ src/main.c	2005-07-21 17:02:01.000000000 +0200
@@ -70,7 +70,9 @@
 int max_flows = 0;
 int max_desired_fds = 0;
 int console_only = 0;
+int supress_header = 0;
 int strip_nonprint = 0;
+int use_colour = 0;
 
 char error[PCAP_ERRBUF_SIZE];
 
@@ -79,11 +81,13 @@
 {
   fprintf(stderr, "%s version %s by Jeremy Elson <jelson@circlemud.org>\n\n",
 		 PACKAGE, VERSION);
-  fprintf(stderr, "usage: %s [-chpsv] [-b max_bytes] [-d debug_level] [-f max_fds]\n", progname);
+  fprintf(stderr, "usage: %s [-cCehpsv] [-b max_bytes] [-d debug_level] [-f max_fds]\n", progname);
   fprintf(stderr, "          [-i iface] [-w file] [expression]\n\n");
   fprintf(stderr, "        -b: max number of bytes per flow to save\n");
   fprintf(stderr, "        -c: console print only (don't create files)\n");
+  fprintf(stderr, "        -C: console print only, but without the display of source/dest header\n");
   fprintf(stderr, "        -d: debug level; default is %d\n", DEFAULT_DEBUG_LEVEL);
+  fprintf(stderr, "        -e: use colours when printing to console\n");
   fprintf(stderr, "        -f: maximum number of file descriptors to use\n");
   fprintf(stderr, "        -h: print this help message\n");
   fprintf(stderr, "        -i: network interface on which to listen\n");
@@ -124,7 +128,7 @@
 
   opterr = 0;
 
-  while ((arg = getopt(argc, argv, "b:cd:f:hi:pr:sv")) != EOF) {
+  while ((arg = getopt(argc, argv, "b:cCd:ef:hi:pr:sv")) != EOF) {
     switch (arg) {
     case 'b':
       if ((bytes_per_flow = atoi(optarg)) < 0) {
@@ -134,6 +138,10 @@
 	DEBUG(10) ("capturing max of %d bytes per flow", bytes_per_flow);
       }
       break;
+    case 'C':
+      supress_header = 1;
+      DEBUG(10) ("packet header dump suppressed");
+      /* fall through */
     case 'c':
       console_only = 1;
       DEBUG(10) ("printing packets to console only");
@@ -148,6 +156,10 @@
 	DEBUG(1) ("warning: -d flag with 0 debug level '%s'", optarg);
       }
       break;
+    case 'e':
+      use_colour  = 1;
+      DEBUG(10) ("Using colours");
+      break;
     case 'f':
       if ((max_desired_fds = atoi(optarg)) < (NUM_RESERVED_FDS + 2)) {
 	DEBUG(1) ("warning: -f flag must be used with argument >= %d",
diff -ru tcpflow-0.21.orig/src/tcpflow.h tcpflow-0.21/src/tcpflow.h
--- src/tcpflow.h	2001-08-08 21:39:40.000000000 +0200
+++ src/tcpflow.h	2005-07-21 16:26:52.000000000 +0200
@@ -133,7 +133,7 @@
 		 u_int32_t dst);
 void print_packet(flow_t flow, const u_char *data, u_int32_t length);
 void store_packet(flow_t flow, const u_char *data, u_int32_t length,
-		  u_int32_t seq);
+		  u_int32_t seq, int syn_set);
 u_char *do_strip_nonprint(const u_char *data, u_int32_t length);
 
 /* flow.c */
diff -ru tcpflow-0.21.orig/src/tcpip.c tcpflow-0.21/src/tcpip.c
--- src/tcpip.c	2001-08-24 07:36:14.000000000 +0200
+++ src/tcpip.c	2005-07-21 16:26:52.000000000 +0200
@@ -55,8 +55,11 @@
 #include "tcpflow.h"
 
 extern int console_only;
+extern int supress_header;
 extern int bytes_per_flow;
 extern int strip_nonprint;
+extern int use_colour;
+
 
 /*************************************************************************/
 
@@ -133,7 +136,7 @@
   tcp_header_len = tcp_header->th_off * 4;
 
   /* return if this packet doesn't have any data (e.g., just an ACK) */
-  if (length <= tcp_header_len) {
+  if (length <= tcp_header_len  && tcp_header->th_flags != TH_SYN ) {
     DEBUG(50) ("got TCP segment with no data");
     return;
   }
@@ -158,7 +161,7 @@
   if (console_only) {
     print_packet(this_flow, data, length);
   } else {
-    store_packet(this_flow, data, length, seq);
+    store_packet(this_flow, data, length, seq, IS_SET(tcp_header->th_flags, TH_SYN));
   }
 }
 
@@ -188,8 +191,34 @@
 /* print the contents of this packet to the console */
 void print_packet(flow_t flow, const u_char *data, u_int32_t length)
 {
-  printf("%s: ", flow_filename(flow));
+  static int current_colour = 0;
+  char *colour[2]            = { "\033[0;34m",   // blue
+			 	   "\033[0;31m" }; // red
+
+  if ( use_colour )
+  {
+    printf( "%s", colour[ current_colour ] );
+    if ( current_colour == 1 ) 
+    { 
+      current_colour = 0; 
+    }
+    else
+    {
+      current_colour = 1;
+    }
+  }
+
+  if ( supress_header == 0 )
+  {
+      printf("%s: ", flow_filename(flow));
+  }
+
   fwrite(data, length, 1, stdout);
+
+  if ( use_colour ) 
+  {
+    printf("\033[0m");
+  }
   putchar('\n');
   fflush(stdout);
 }
@@ -197,7 +226,7 @@
 
 /* store the contents of this packet to its place in its file */
 void store_packet(flow_t flow, const u_char *data, u_int32_t length,
-		  u_int32_t seq)
+		  u_int32_t seq, int syn_set)
 {
   flow_state_t *state;
   tcp_seq offset;
@@ -208,6 +237,12 @@
     state = create_flow_state(flow, seq);
   }
 
+  /* If we got a SYN reset the sequence number */
+  if (syn_set) 
+  {
+    state->isn = seq - state->pos +1;
+  }
+
   /* if we're done collecting for this flow, return now */
   if (IS_SET(state->flags, FLOW_FINISHED))
     return;