rpms/tcpflow/devel tcpflow-0.21-color.patch, NONE, 1.1 tcpflow.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
Terje Røsten (terjeros)
fedora-extras-commits at redhat.com
Wed Nov 28 21:06:09 UTC 2007
- Previous message (by thread): rpms/perl-version/devel .cvsignore, 1.8, 1.9 perl-version.spec, 1.9, 1.10 sources, 1.8, 1.9
- Next message (by thread): rpms/perl-Email-MIME/devel .cvsignore, 1.10, 1.11 perl-Email-MIME.spec, 1.10, 1.11 sources, 1.10, 1.11
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: terjeros
Update of /cvs/extras/rpms/tcpflow/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5989/devel
Modified Files:
.cvsignore sources
Added Files:
tcpflow-0.21-color.patch tcpflow.spec
Log Message:
Importing tcpflow
tcpflow-0.21-color.patch:
--- NEW FILE tcpflow-0.21-color.patch ---
+++ tcpflow-0.21/src/main.c
@@ -70,7 +70,9 @@
int max_flows = 0;
int max_desired_fds = 0;
int console_only = 0;
+int suppress_header = 0;
int strip_nonprint = 0;
+int use_color = 0;
char error[PCAP_ERRBUF_SIZE];
@@ -83,7 +85,9 @@
fprintf(stderr, " [-i iface] [-w file] [expression]\n\n");
fprintf(stderr, " -b: max number of bytes per flow to save\n");
fprintf(stderr, " -c: console print only (don't create files)\n");
+ fprintf(stderr, " -C: console print only, but without the display of source/dest header\n");
fprintf(stderr, " -d: debug level; default is %d\n", DEFAULT_DEBUG_LEVEL);
+ fprintf(stderr, " -e: output each flow in alternating colors\n");
fprintf(stderr, " -f: maximum number of file descriptors to use\n");
fprintf(stderr, " -h: print this help message\n");
fprintf(stderr, " -i: network interface on which to listen\n");
@@ -124,7 +128,7 @@
opterr = 0;
- while ((arg = getopt(argc, argv, "b:cd:f:hi:pr:sv")) != EOF) {
+ while ((arg = getopt(argc, argv, "b:cCd:ef:hi:pr:sv")) != EOF) {
switch (arg) {
case 'b':
if ((bytes_per_flow = atoi(optarg)) < 0) {
@@ -134,6 +138,10 @@
DEBUG(10) ("capturing max of %d bytes per flow", bytes_per_flow);
}
break;
+ case 'C':
+ suppress_header = 1;
+ DEBUG(10) ("packet header dump suppressed");
+ /* fall through */
case 'c':
console_only = 1;
DEBUG(10) ("printing packets to console only");
@@ -172,6 +180,10 @@
case 'v':
debug_level = 10;
break;
+ case 'e':
+ use_color = 1;
+ DEBUG(10) ("using colors");
+ break;
default:
DEBUG(1) ("error: unrecognized switch '%c'", optopt);
need_usage = 1;
--- tcpflow-0.21.orig/src/tcpip.c
+++ tcpflow-0.21/src/tcpip.c
@@ -55,8 +55,10 @@
#include "tcpflow.h"
extern int console_only;
+extern int suppress_header;
extern int bytes_per_flow;
extern int strip_nonprint;
+extern int use_color;
/*************************************************************************/
@@ -123,6 +125,7 @@
flow_t this_flow;
u_int tcp_header_len;
tcp_seq seq;
+ flow_state_t *state;
if (length < sizeof(struct tcphdr)) {
DEBUG(6) ("received truncated TCP segment!");
@@ -132,12 +135,6 @@
/* calculate the total length of the TCP header including options */
tcp_header_len = tcp_header->th_off * 4;
- /* return if this packet doesn't have any data (e.g., just an ACK) */
- if (length <= tcp_header_len) {
- DEBUG(50) ("got TCP segment with no data");
- return;
- }
-
/* fill in the flow_t structure with info that identifies this flow */
this_flow.src = src;
this_flow.dst = dst;
@@ -150,15 +147,37 @@
data += tcp_header_len;
length -= tcp_header_len;
+ /* see if we have state about this flow; if not, create it */
+ if ((state = find_flow_state(this_flow)) == NULL) {
+ state = create_flow_state(this_flow, seq);
+ }
+
+ /* Handle empty packets */
+ if (length == 0) {
+ /* examine TCP flags for initial TCP handshake segments:
+ * - SYN means that the flow is a client -> server flow
+ * - SYN/ACK means that the flow is a server -> client flow. */
+ if ((state->isn - seq) == 0) {
+ if (IS_SET(tcp_header->th_flags, TH_SYN)
+ && IS_SET(tcp_header->th_flags, TH_ACK))
+ SET_BIT(state->flags, FLOW_DIR_SC);
+ else if (IS_SET(tcp_header->th_flags, TH_SYN))
+ SET_BIT(state->flags, FLOW_DIR_CS);
+ }
+ DEBUG(50) ("got TCP segment with no data");
+ return;
+ }
+
/* strip nonprintable characters if necessary */
if (strip_nonprint)
data = do_strip_nonprint(data, length);
/* store or print the output */
if (console_only) {
- print_packet(this_flow, data, length);
+ print_packet(this_flow, state, data, length);
} else {
- store_packet(this_flow, data, length, seq);
+ store_packet(this_flow, state, data, length, seq,
+ IS_SET(tcp_header->th_flags, TH_SYN));
}
}
@@ -186,27 +205,45 @@
/* print the contents of this packet to the console */
-void print_packet(flow_t flow, const u_char *data, u_int32_t length)
+void print_packet(flow_t flow, flow_state_t *state, const u_char *data,
+ u_int32_t length)
{
- printf("%s: ", flow_filename(flow));
+ int current_color = 0;
+
+ /* Colors: green, blue, red */
+ char *color[3] = { "\033[0;32m", "\033[0;34m", "\033[0;31m" };
+
+ if (use_color) {
+ if (IS_SET(state->flags, FLOW_DIR_CS))
+ current_color = 1;
+ else if (IS_SET(state->flags, FLOW_DIR_SC))
+ current_color = 2;
+ printf("%s", color[current_color]);
+ }
+
+ if (suppress_header == 0)
+ printf("%s: ", flow_filename(flow));
+
fwrite(data, length, 1, stdout);
+
+ if (use_color)
+ printf("\033[0m");
+
putchar('\n');
fflush(stdout);
}
/* store the contents of this packet to its place in its file */
-void store_packet(flow_t flow, const u_char *data, u_int32_t length,
- u_int32_t seq)
+void store_packet(flow_t flow, flow_state_t *state, const u_char *data,
+ u_int32_t length, u_int32_t seq, int syn_set)
{
- flow_state_t *state;
tcp_seq offset;
long fpos;
- /* see if we have state about this flow; if not, create it */
- if ((state = find_flow_state(flow)) == NULL) {
- state = create_flow_state(flow, seq);
- }
+ /* If we got a SYN reset the sequence number */
+ if (syn_set)
+ state->isn = seq - state->pos + 1;
/* if we're done collecting for this flow, return now */
if (IS_SET(state->flags, FLOW_FINISHED))
--- tcpflow-0.21.orig/src/tcpflow.h
+++ tcpflow-0.21/src/tcpflow.h
@@ -82,6 +82,10 @@
#define FLOW_FINISHED (1 << 0)
#define FLOW_FILE_EXISTS (1 << 1)
+/* Direction flags: server to client or client to server. */
+#define FLOW_DIR_SC (1 << 2)
+#define FLOW_DIR_CS (1 << 3)
+
typedef struct flow_state_struct flow_state_t;
@@ -131,9 +135,10 @@
void process_ip(const u_char *data, u_int32_t length);
void process_tcp(const u_char *data, u_int32_t length, u_int32_t src,
u_int32_t dst);
-void print_packet(flow_t flow, const u_char *data, u_int32_t length);
-void store_packet(flow_t flow, const u_char *data, u_int32_t length,
- u_int32_t seq);
+void print_packet(flow_t flow, flow_state_t *state, const u_char *data,
+ u_int32_t length);
+void store_packet(flow_t flow, flow_state_t *state, const u_char *data,
+ u_int32_t length, u_int32_t seq, int syn_set);
u_char *do_strip_nonprint(const u_char *data, u_int32_t length);
/* flow.c */
--- tcpflow-0.21.orig/doc/tcpflow.1.in
+++ tcpflow-0.21/doc/tcpflow.1.in
@@ -6,7 +6,7 @@
.na
.B tcpflow
[\c
-.BI \-chpsv\fR\c
+.BI \-cCehpsv\fR\c
]
[\c
.BI \-b \ max_bytes\fR\c
@@ -62,6 +62,18 @@
.B -s
).
.TP
+.B \-C
+Console print without the packet source and destination details being
+printed. Print the contents of packets to stdout as they are received,
+without storing any captured data to files (implies
+.B -s
+).
+.TP
+.B \-e
+When outputting to the console each flow will be output in different
+colors (blue for client to server flows, red for server to client flows,
+green for undecided flows).
+.TP
.B \-d
Debug level. Set the level of debugging messages printed to stderr to
\fIdebug_level\fP. Higher numbers produce more messages.
--- NEW FILE tcpflow.spec ---
Summary: Network traffic recorder
Name: tcpflow
Version: 0.21
Release: 2%{?dist}
License: GPL+
Group: Applications/Internet
URL: http://www.circlemud.org/~jelson/software/tcpflow/
Source: ftp://ftp.circlemud.org/pub/jelson/%{name}/%{name}-%{version}.tar.gz
# From Debian:
Patch: tcpflow-0.21-color.patch
BuildRequires: libpcap-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%description
tcpflow is a program that captures data transmitted as part of TCP
connections (flows), and stores the data in a way that is convenient
for protocol analysis or debugging. A program like 'tcpdump' shows a
summary of packets seen on the wire, but usually doesn't store the
data that's actually being transmitted. In contrast, tcpflow
reconstructs the actual data streams and stores each flow in a
separate file for later analysis.
%prep
%setup -q
%patch -p1
%{__chmod} 0644 COPYING
%build
%configure
%{__make} %{?_smp_mflags}
%install
%{__rm} -rf %{buildroot}
%{__make} DESTDIR=%{buildroot} INSTALL='install -p' install
%clean
%{__rm} -rf %{buildroot}
%files
%defattr(-, root, root, -)
%doc AUTHORS COPYING ChangeLog NEWS README
%{_bindir}/%{name}
%{_mandir}/man1/%{name}*
%changelog
* Tue Nov 27 2007 Terje Rosten <terje.rosten at ntnu.no> - 0.21-2
- fix license
* Tue Nov 27 2007 Terje Rosten <terje.rosten at ntnu.no> - 0.21-1
- initial package
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/tcpflow/devel/.cvsignore,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- .cvsignore 28 Nov 2007 02:50:53 -0000 1.1
+++ .cvsignore 28 Nov 2007 21:05:36 -0000 1.2
@@ -0,0 +1 @@
+tcpflow-0.21.tar.gz
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/tcpflow/devel/sources,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sources 28 Nov 2007 02:50:53 -0000 1.1
+++ sources 28 Nov 2007 21:05:36 -0000 1.2
@@ -0,0 +1 @@
+45a5aef6f043312315b7f342afc4a9c5 tcpflow-0.21.tar.gz
- Previous message (by thread): rpms/perl-version/devel .cvsignore, 1.8, 1.9 perl-version.spec, 1.9, 1.10 sources, 1.8, 1.9
- Next message (by thread): rpms/perl-Email-MIME/devel .cvsignore, 1.10, 1.11 perl-Email-MIME.spec, 1.10, 1.11 sources, 1.10, 1.11
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list