ongrep

A cleaned up fork of ngrep for OpenBSD
git clone git://git.sgregoratto.me/ongrep
Log | Files | Refs | README | LICENSE
commit 49a5ee9ac8780be916b54087c79ab3a882760147
parent 95038b92897b6ef17997d7e0b8e904b509c0ae66
Author: Jordan Ritter <jpr5@darkridge.com>
Date:   Wed,  6 Sep 2017 15:56:19 -0700

Always count matches, and emit total upon exit

For long-running sessions the number will wrap back to 0, but I see no
harm in that vs. trying to make a 64bit number work across all the
supported platforms.  They all overflow in the end.

Also no longer emits pcap_stats on exit; pcap_stat manpage basically
says the entire structure is unreliable across platforms.  "May or may
not be useful", is what it should say.  Instead we emit ngrep's stats,
so as not to cause confusion by visibly exiting with a consistent
mismatch between ngrep vs. PCAP stats.

Credit to @rwhalb in #5 for the suggestion.

Diffstat:

Mngrep.c | 17++++++++---------


1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/ngrep.c b/ngrep.c
@@ -1002,8 +1002,7 @@ int8_t re_match_func(unsigned char *data, uint32_t len, uint16_t *mindex, uint16
     }
 #endif
 
-    if (max_matches)
-        matches++;
+    matches++;
 
     if (match_after && keep_matching != match_after)
         keep_matching = match_after;
@@ -1020,8 +1019,7 @@ int8_t bin_match_func(unsigned char *data, uint32_t len, uint16_t *mindex, uint1
 
     while (i <= stop)
         if (!memcmp(data+(i++), bin_data, match_len)) {
-            if (max_matches)
-                matches++;
+            matches++;
 
             if (match_after && keep_matching != match_after)
                 keep_matching = match_after;
@@ -1036,8 +1034,7 @@ int8_t bin_match_func(unsigned char *data, uint32_t len, uint16_t *mindex, uint1
 }
 
 int8_t blank_match_func(unsigned char *data, uint32_t len, uint16_t *mindex, uint16_t *msize) {
-    if (max_matches)
-        matches++;
+    matches++;
 
     *mindex = 0;
     *msize  = 0;
@@ -1468,9 +1465,11 @@ void clean_exit(int32_t sig) {
 
     if (bin_data)          free(bin_data);
 
-    if (quiet < 1 && sig >= 0 && !read_file
-     && pd && !pcap_stats(pd, &s))
-        printf("%u received, %u dropped\n", s.ps_recv, s.ps_drop);
+    /* We used to report pcap_stats; but PCAP manpage says pcap_stats "may or
+       may not" be accurate. So useless. :-( And confusing for a user to see
+       counts not match what ngrep thinks. */
+    if (quiet < 1 && sig >= 0 && !read_file)
+        printf("%u received, %u matched\n", seen_frames, matches);
 
     if (pd)           pcap_close(pd);
     if (pd_dumppcap)  pcap_close(pd_dumppcap);