summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2018-05-14man: netsniff-ng: document time formats for -o/--outTobias Klauser1-16/+20
Commit e3e8eea41966 ("netsniff-ng: add date format strings to --out.") introduced the possibility to specify time formats in the -o/--out parameter. Document this in netsniff-ng(8) Updates #158 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2018-05-14netsniff-ng: add date format strings to --outDaniel Roberson1-3/+18
This adds the ability to use date(1)/strftime(3) style format strings when specifying an output file. Example: netsniff-ng --out %Y-%m-%d.pcap ### outputs to 2018-04-20.pcap Fixes #158 Signed-off-by: Daniel Roberson <daniel@planethacker.net> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2018-04-19AUTHORS: add Daniel RobersonTobias Klauser1-0/+1
Add Daniel Roberson for 15f78c073276 ("mausezahn: fix strtok() segfault if s or m are missing") via PR #189 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2018-04-19mausezahn: fix strtok() segfault if s or m are missingDaniel Roberson1-7/+21
The -d flag will result in a segmentation fault if 'm' or 's' are specified without a numeric value. Example: mausezahn -d m ### Results in a crash Signed-off-by: Daniel Roberson <daniel@planethacker.net> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2018-03-08trafgen: support dumping IPv6 protocol header commandTobias Klauser2-0/+44
Support dissecting IPv6 headers into the îp6' trafgen protocol header command. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2018-03-07make: consider $DESTDIR when creating $DATDIRTobias Klauser1-1/+1
Reported-by: @asavah Fixes: 44ceece354c5 ("geoip: store GeoIP files in $(PREFIX)/share by default") Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2018-03-06all: drop fmem{cpy,set}Tobias Klauser10-45/+39
There is no need to explicity use the builtins. According to [1], GCC will recognize mem{cpy,set} as built-in functions, unless the corresponding -fno-builtin-* option is specified (which is not the case for netsniff-ng). [1] https://gcc.gnu.org/onlinedocs/gcc/Other-Builtins.html Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2018-03-06trafgen: fix signedness warning in cleanup_packetsTobias Klauser1-1/+1
This fixes the following GCC warning: trafgen_parser.y: In function ‘cleanup_packets’: trafgen_parser.y:1479:18: warning: comparison between signed and unsigned integer expressions [-Wsign-compare] for (k = 0; k < hdr->sub_headers_count; k++) Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2018-03-06trafgen: don't close dev_out and dev_in in parent processTobias Klauser1-4/+4
They are opened in main_loop which is only executed in the child(ren), so close them there again. This avoids closing the devices twice, which may lead to segfaults. Fixes #188 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2018-03-06geoip: store GeoIP files in $(PREFIX)/share by defaultTobias Klauser3-9/+14
The /etc directory shouldn't contain non-human-readable files. netsniff-ng (when called with the '-U' option) currently installs the GeoIP database files to /etc/netsniff-ng by default. Change this to install them to $(PREFIX)/share/netsniff-ng instead, which is conformant to the FHS [1]. [1] https://wiki.debian.org/FilesystemHierarchyStandard Also create the respective directory in the 'make install' target. Fixes #187 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2018-01-22ring: use xzmalloc_alignedTobias Klauser1-2/+1
Use xzmalloc_aligned instead of open-coding it. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2018-01-22bpf: don't use builtin memset/memcpy in bpf_parse_rulesTobias Klauser1-7/+8
bpf_parse_rules is not called in a fast path, so just use the plain memset/memcpy and let the compiler decide whether they should be replaced. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2018-01-12netsniff-ng: add DCCP supportMarkus Amend4-0/+157
Adds a first rudimentary support for the DCCP protocol. Signed-off-by: Markus Amend <markus.amend@telekom.de> [tk: minor formatting tweaks] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2018-01-05netsniff-ng v0.6.4v0.6.4Tobias Klauser1-2/+2
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-12-19flowtop: Fix use-after-free on filter reloadVadim Kochan1-14/+16
There is missing logic which removes flow entry from related proc's entry while destroying global flows list on filter reloading, hence add common __flow_list_del_entry which handles this logic for both cases - when ct destroyed or filter changed. This is a 2nd fix for issue #183. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-12-18flowtop: change tab title for process tabTobias Klauser1-1/+1
Use plural to match the "Flows" tab and because it usually shows multiple processes. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-12-18flowtop: Use RCU flow deletion from process entryVadim Kochan1-1/+1
Use cds_list_del_rcu for safer deletion flow from the process flow list to prevent possible use-after-free by UI thread when it is refreshing the processes. It may fix the #183 issue. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-12-14trafgen: fix dinc()/ddec() modifiersPaolo Abeni3-15/+5
currently, after dinc(), the valued stored inside the packet is not in the (min, max) range but in the (0, max - min + 1) range, 'counter->val' should be used instead of 'val'. Additionally the values computed for ddec() are corrupted, in: val = (val - counter->inc) % (counter->min - counter->max + 1); the divider is negative, we should use (counter->max - counter->min + 1) as in the INC case. Finally we can avoid the switch statement at update time, inverting the value of 'counter->inc' for decrement and using a data type wide enough for the 'inc' field. v1 -> v2: - changed 'counter->inc' type to int Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-10-20astraceroute: use switch instead of lookup table for short proto idcoverity_scanTobias Klauser1-6/+14
Avoid having a 58 entry array on stack of which only 3 are ever used. Just look up the short protocol identifier via a good'ol switch. Fixes Coverity CID 1381806 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-10-20trafgen: fix NULL pointer dereference in -i option parsingTobias Klauser1-5/+3
If trafgen is called with the -i option, it currently crashes due to an NULL pointer dereference. Fix it. Fixes Coverity CID 1381809 Fixes: 82a3c204c6f1 ("trafgen: Allow send packets from pcap file") Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-10-20trafgen: fix resource leaksTobias Klauser2-0/+2
Fix two resource leaks in trafgen. Fixes Coverity CID 1381807 and CID 1381811. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-10-20build: check for fopencookie() in configureTobias Klauser1-9/+42
fopencookie(3) is a non-standard GNU extension and some libc implementations might not provide it (e.g. musl). Check for fopencookie in the configure script and disable building curvetun in case the function is not available, as curvetun is the only tool using fopencookie. Fixes #174 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-09-15trafgen: fix packet socket initialization with multiple CPUsPaolo Abeni3-11/+20
The commit 78c13b71e196 ("trafgen: Allow to generate packets to output pcap file") introduced a regression when output is a network device and multiple CPU are in use: the packet socket is created before fork() and thus the socket is shared among all the processes: all of them except the first will fail while setting the tx_ring. Fix it splitting the io open() helper in a create() op, called before forking, and the open() op called by each process. Fixes: 78c13b71e196 ("trafgen: Allow to generate packets to output pcap file") Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-09-13ifpps: fix unintendet assignmentTobias Klauser1-2/+2
Variable rate is assigned instead of compared in the check of the interval in relation to the line rate. Fix it and at the same time fix the compared against interval value to match the message we show if the condition is fulfilled. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-09-13link: use uint32_t instead of u32Tobias Klauser2-6/+8
Use type uint32_t instead of u32 (which is typedef'ed to uint32_t in built_in.h) in order to avoid confusion wrt. kernel-/user-space types. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-09-13ifpps: use uint32_t instead of u32Tobias Klauser1-4/+4
Use type uint32_t instead of u32 (which is typedef'ed to uint32_t in built_in.h) in order to avoid confusion wrt. kernel-/user-space types. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-09-13dev: only calculate wireless bitrate if necessaryTobias Klauser2-6/+5
Only call wireless_bitrate (and thus the underlying ioctl) if strictly necessary, i.e. ethtool_bitrate returned 0. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-08-10trafgen: Dump proto headers in *.cfg formatVadim Kochan13-42/+460
Added trafgen_dump.c module which dumps headers from packet in .cfg format. Packet is dumped if -o <file>.cfg was specified, it might be useful to specify *.pcap file as input and convert it into .cfg file to edit proto fields in human readable format. To make it possible several main changes were added: 1) packet id is embedded into struct packet.id, and it is updated on each realloc_packet() 2) Added new struct proto_hdr.get_next_proto callback to make possible apply fields of next header. 3) Added new dev_io ops for writting packets into .cfg file, to re-use common dev_io mechsnism for packets dumping. Before dump the default ETH_PROTO fields are applied as first header and then next proto_hdr is identified via .get_next_proto(...) callback. Meanwhile only eth, arp, vlan, ip4, udp, & tcp protos can be dissected into *.cfg format. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-08-10trafgen: dev_io: Change read/write to specify struct packet *Vadim Kochan5-44/+49
Refactor dev_io_ops read & write to specify struct packet *, it may simplify a bit a caller logic. And it allow to keep required members within one struct packet object. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-08-10trafgen: Get packet from proto_hdr if possibleVadim Kochan4-6/+15
Replace using current_packet() by new proto_hdr_packet(hdr) function to obtain packet directly from header. This is more generic and flexible way, because it guarantees that packet really belongs to the header, which in case in current_packet() is not right because it means getting of last allocated packet. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-25AUTHOR: add Zhouyang JiaTobias Klauser1-0/+1
Add Zhouyang jia for commit 9f87a7b3aa (PR #180). Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-25mausezahn: fix segmentation faultJia Zhouyang1-0/+8
Mausezahn will crash when given wrong payload file, e.g., "$./mausezahn -f wrong_file". This patch fixes the segmentation fault by adding error-handling code to fopen. Signed-off-by: Zhouyang Jia <jiazhouyang09@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-17trafgen: Delegate creation of rfraw to dev_io APIVadim Kochan4-19/+48
Simplify a bit of creation rfraw device by delegating it to the dev_io API, also in case the output device is pcap file the --rfraw option sets the link type to ieee80211 radio tap. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-04staging: compilation fix with new gccJaroslav Škarvada1-0/+1
Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
2017-06-27netsniff-ng: fix --bind-cpu option in example command lineTobias Klauser1-1/+1
Change the invalid --b option in one of the examples listed in the help to --bind-cpu. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-06-20trafgen: gracefully handle ENOBUFS on tx ring teardownTobias Klauser1-2/+3
pull_and_flush_tx_ring_wait() in the exit path of xmit_fastpath_or_die() might return with errno ENOBUFS (due to the other CPU's processes concurrent access) but will eventually suceed. Thus retry pull_and_flush_tx_ring_wait() as in the main loop of xmit_fastpath_or_die(). Fixes #175 Reported-by: Eduardo Miravalls Sierra Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-06-19trafgen: Fix output pcap file name length trimmingVadim Kochan2-2/+3
Trim output name to IFNAMSIZ only if the output is a networking device, otherwise the following error occured if output name is greater then IFNAMSIZ: $ trafgen -n 1 '{ udp() }' -o /tmp/xxxxxxxxxxxxxx.pcap No networking device or pcap file: /tmp/xxxxxxxxxx Failed to open output device Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-06-09trafgen: Allow to generate packets to output pcap fileVadim Kochan9-92/+391
Add trafgen_dev.c module which provides generic way of reading and writing packets to/from networking device or a pcap file. Also allow to handle output pcap file via '-o, --out, --dev' option. It might be useful in future for testing some link protocols which is not easy to capture (e.g. wlan packets) w/o having some special setup. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: fix whitespace issues] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-06-02flowtop: Move out stats fields from flow & proc entryVadim Kochan1-41/+41
Move rate, bytes & pkts stats fields from flow & proc entry to separate flow_stat struct. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-06-02trafgen: parser: Add syntax to generate DNS headerVadim Kochan2-0/+217
Add new syntax for DNS header generation via 'dns()' proto function. The fields are supported: id - 16 bit identifier qr - message is a query(0) or response(1) op|oper - specified kind of query aanswer - authoritative answer flag trunc - message was truncated flag rdesired - recursion desired flag ravail - recursion available flag zero - reserved for future use rcode - response code qdcount - number of entries in question section ancount - number of entries in answer section nscount - number of entries in authority section arcount - number of entries in additional section Also there are functions to generate DNS sections: 'qry()' function to generate separate query entry: name - variable domain name type - type of the query class - class of the query 'ans()', 'auth()', 'add' functions to generate separate answer, authoritative, adidditional entry with the same fields layout: name - variable domain name type - resource record type class - class of the data ttl - time interval that the record may be cached len - length of data data - variable length of bytes All the DNS section entries will be automaticlly sorted by DNS proto API in the way which is required by DNS header: query entries answer entries authoritative entries additional entries 'name' field in qry/ans/auth/add functions is automatically converted to FQDN format if it was specified as "string". There are also added functions to simplify the way of filling some often used RR types for using them inside ans/auth/add functions: addr(ipv4_addr | ipv6_addr) - fills the following RR fields: len - 4 or 16 depends on IPv4 or IPv6 address was specified data - is filled with IPv4 or IPv6 address type - 1 for IPv4 address, 28 - for IPv6 ns(string) type - 2 cname(string) type - 5 ptr(string) type - 12 EXAMPLES: { dns(qr=1, auth(name="ns1", ns("ns1.org")), ans(name="www.google.com", cname("google.com")), auth(name="aa", ns("bb")), qry(name="www.google.com")) } { dns(qr=1, ans(name="www.google.com", addr(1.2.3.4))) } { dns(qr=1, ans(name="www.google.com", addr(1::))) } Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-06-02trafgen: l7: Add DNS header generation APIVadim Kochan6-2/+392
Add trafgen_l7.c module with DNS proto header generation with support of filling DNS query/answer/authority/additional sections as sub headers. Introcuded new concept as 'sub header' which is needed to easy handle DNS sections which might be added on-demand, and to simplify using sub-header as regular header with a fields, offset, etc. There is a parent header which contains array of pointers of sub-headers, and the array is ordered as they are located in the parent header. The sub-headers mostly encapsulated by the parent header which 'knows' the semantic of them. The new proto_hdr->push_sub_header(...) callback was added to tell the parent header to push the sub-header's fields, sub-header also may have proto_ops which must be filled by the parent. This sub-header concept might be used in the future if it will be needed to support DHCP, WLAN headers. There are 4 kinds of DNS sub-headers - query, answer, authority, additional. 'id' of each sub-header is used to only differentiate these types of sections. These sections have strict order inside DNS header, and there was added the proto_hdr_move_sub_header(...) to sort them in required order. Actually there are only 2 proto_hdr's which describes 4 DNS sections - query & rrecord, because rrecord covers another 3 - answer, auhority, additional which have the same layout. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-06-02str: Add function for converting string into DNS nameVadim Kochan2-0/+38
Add str2fqdn for converting hostname string into DNS name notation: www.xxxx.yy.com -> 3www4xxxx2yy3com0 Returned string must be freed after use by the caller. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-06-02trafgen: proto: Allow to set field with variable lengthVadim Kochan4-34/+85
It is quite tricky to set field value with a variable length (i.e. DNS query name), to make it possible the field needs to be added to header with 'len=0' in that case there will be no any payload allocation, but only while setting the field value the packet will be appended with a real length bytes and after the field needs to be relocated to the right place. Also add 'len' parameter to *_set_bytes(...) functoins to have better control over it. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-30flowtop: Improve and unify up/down scrollingVadim Kochan3-92/+157
Move scrolling logic to the ui.c module, it requires to have some data iteration provided in flowtop.c and delegated to ui.c part. So approach is that now flowtop provides 2 additional callbacks for: 1) Iterate over flows/procs list 2) Draw flow/proc on each iteration which is controlled from ui.c it allows to unify scrolling logic and delegate it to the ui.c, in the future it should allow to easy handle press event on selected row and drow some additional information, or draw a cursor line per selected row. Also fixed case when down scrolling was bigger that printed rows, not it is handled by ui part. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-23AUTHORS: add Baruch SiachTobias Klauser1-0/+1
Add Baruch for commits 4de312bce77d ("flowtop: take PKG_CONFIG into account for libnetfilter_conntrack") and 95f6019a2060 ("proc.h: add missing headers"). Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-23proc.h: add missing headersBaruch Siach1-0/+1
ino_t and pid_t require stat.h and types.h, respectively. Fixes the following build failure with musl libc: In file included from cpp.c:7:0: proc.h:11:31: error: unknown type name =E2=80=98ino_t=E2=80=99 extern int proc_find_by_inode(ino_t ino, char *cmdline, size_t len, pid_t = *pid); ^ proc.h:11:69: error: unknown type name =E2=80=98pid_t=E2=80=99 extern int proc_find_by_inode(ino_t ino, char *cmdline, size_t len, pid_t = *pid); ^ proc.h:12:25: error: unknown type name =E2=80=98pid_t=E2=80=99 extern bool proc_exists(pid_t pid); ^ Signed-off-by: Baruch Siach <baruch@tkos.co.il> [tk: complementary fix to commit a9f4431e0a20] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-23flowtop: take PKG_CONFIG into account for libnetfilter_conntrackBaruch Siach1-1/+1
Use $PKG_CONFIG to determine the linker flags for libnetfilter_conntrack. This fixes static link failure like the following: LD flowtop .../usr/x86_64-buildroot-linux-musl/sysroot/usr/lib/../lib64/libnetfilter_conntrack.a(main.o): In function `nfct_open_nfnl': main.c:(.text+0x52): undefined reference to `nfnl_subsys_open' main.c:(.text+0x69): undefined reference to `nfnl_subsys_close' main.c:(.text+0x87): undefined reference to `nfnl_subsys_open' main.c:(.text+0xa3): undefined reference to `nfnl_subsys_close' .../usr/x86_64-buildroot-linux-musl/sysroot/usr/lib/../lib64/libnetfilter_conntrack.a(main.o): In function `nfct_open': main.c:(.text+0xc9): undefined reference to `nfnl_open' main.c:(.text+0xf0): undefined reference to `nfnl_close' ... Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-15trafgen: parser: Use proto_field_set_xxx where it is possibleVadim Kochan3-7/+12
Use proto_field_set_xxx(field, ...) instead of proto_hdr_field_set_xxx(hdr, fid, ...) to be more generic and do not depend on 'hdr' variable. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-12trafgen: disable NLS in the parserTobias Klauser1-2/+0
There is no point in having the parser show translated error messages while the rest of the program does only show them in English. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-05-12bpfc: disable NLS in the parserTobias Klauser1-2/+0
There is no point in having the parser show translated error messages while the rest of the program does only show them in English. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>