Age | Commit message (Collapse) | Author | Files | Lines |
|
Mark some error paths as unlikely, and fixup some minor whitespace
issues. Nothing big to see here.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
We should also make this clear from the beginning that one can use
bpfc for seccomps as well. Might be interesting for security
researchers to play around with.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Just add a minor sentence to help stating this.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Add the example in bpfc code from http://outflux.net/teach-seccomp/
to the man page, so that people can also experiment with seccomp
bpf and to demonstrate that there are no limits on bpfc when it
comes to this. Actually this code is even more efficient than the
one given in the example URL above.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Seccomp-BPF is used for syscall sandboxing. bpfc can also be used for
creating such filters without any problems.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
When we decode BPF extensions, add the missing opcode for poff.
While at it, also remove the '#' prefix, since it's optional in
bpfc.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Took quite a while to git bisect the cause for the wrong TCP checksum
in the -e example. It turned out that commit bf43e1993c7037 ("trafgen:
lexer: return original string if no shellcode") "broke" it, since
before that commit the TCP checksum from -e example was correct and
afterwards not anymore. Well, it didn't break it. What was happening
here is that with this fix above, the packet got 1 byte longer since
the first character of the example string is not omitted anymore,
therefore the checksum got wrong. Fix this by fixing the IP total
length of the packet in the -e and man page example. The UDP example
from the man page still works well if csumudp() is used, so not
affected of this.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
It seems not critical at this point, but lets check it for all offsets
here as well, and mark this check as unlikely to happen.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
In the current situation, it can happen when we set -n1, that no packet
at all will be scheduled. This is due to the case that nearbyint() will
for e.g. 2 cpus round to 0 each, and since in __correct_global_delta()
we only correct a total delta when a particular CPU is allowed to tx
packets (means already has a num > 0), then we correct the delta on the
first such CPU. Switch to using round(), so that on 0.5 it will be round
to the next higher int, and fix the check to >= 0 in __correct_global_delta()
so that a CPU could also get a 0 share of packets. I did a couple of tests
with different -n params and cpu(..) configs and this seems to fix that.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
That's the last man page where `` occurs, so fix this up by making it
consistentlt '' as the rest of all man pages.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Until now we didn't check the return value of set_sockopt_hwtimestamp()
and the Coverity scanner complained about it, so use it's return value
to report if timstamping is actually enabled in verbose mode.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Update OUI entries before release.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Remove a trailing whitespace.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Make printing of capabilities a bit more intuitive by removing the
inline post-increment. This should also make the Coverity scanner happy
about this particular part.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Check the return value of setsockopt() and panic in case it is not 0, as
in the other setsockopt() wrapper functions.
This issue was discovered by the Coverity scanner.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
THe Coverity scanner discovered yet another possible null pointer
dereference. Fix it by checking the return value of pkt_pull().
Also remove some trailing whitespaces in the region.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The screen pointer can never be NULL, since initscr() exits the process
in case of an error. Thus the bug_on() check can be omitted.
Also rework presenter_screen_init() - where initscr() is called - to
return the pointer.
This will also silence a Coverity scanner error (even though it isn't
actually one).
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
This was missing in the previous commit 8b824423 ("dissector: icmpv6:
Fix possible null pointer dereferences"), so fix the possible null
pointer dereference now.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Fix an unconditional dereference of a pkt_pull() return value to prevent
dereferencing a null pointer.
This was found by the Coverity scanner.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The Coverity scanner found several possible null pointer dereferences in
the ICMPv6 dissector. These are all related to not checking the return
value of pkt_pull(). Sometimes pkt_pull(()) is called iteratively based
on a length value in the encountered packet, so this could possibly be
hit in case an invalid packet is crafted accordingly.
Fix all by checking the return value of pkt_pull() consistently.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
We would currently leak the record in case we skip a line, fix
this by xfree()ing the memory in these cases.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
We would currently leak the record in case we skip a line, fix this by
xfree()ing the memory in these cases.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Follow commit bdb9efef ("oui: Make parsing of oui.conf more robust") and
make parsing the upd.conf, tcp.conf and ether.conf files more robust
against format flaws. ALso here, in the worst case, we would end up
dereferencing a null pointer.
The null pointer dereference was found by the Coverity scanner.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Make comments related to skipping of lines a bit clearer.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Manual merge was necessary, since Jon and Stephen were both editing
the mausezahn.8 man page.
Conflicts:
mausezahn.8
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Minor sentence edits to make better readability, removed extra whitespace,
removed double-quotes on option ( -t ) to make consistent.
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Signed-off-by: Stephen Wadeley <swadeley@redhat.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Signed-off-by: Stephen Wadeley <swadeley@redhat.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Signed-off-by: Stephen Wadeley <swadeley@redhat.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Signed-off-by: Stephen Wadeley <swadeley@redhat.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Signed-off-by: Stephen Wadeley <swadeley@redhat.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Signed-off-by: Stephen Wadeley <swadeley@redhat.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Signed-off-by: Stephen Wadeley <swadeley@redhat.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Signed-off-by: Stephen Wadeley <swadeley@redhat.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Just tell GCC that those paths are unexpected.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Bail out if it should ever fail. Detected by coverty in the
translate_pcap_to_txf() path.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Only close the very first pcap file of multi-pcap files once, and not
once during next_multi_pcap_file and once during exit.
Discovered by Coverty scanner.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
If this is ever the case, bail out.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
In case of an error, just panic, to make sure we always get a val >= 1.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Do not leak the socket resource when bailing out in error case.
Found by the coverty scanner.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Include curve.h so that it also finds the selftest.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
We need to zero out data before we actually do the bind, otherwise
uninitialized crap can be in saddr.
Found by coverty scanner.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Signed-off-by: Stephen Wadeley <swadeley@redhat.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Signed-off-by: Stephen Wadeley <swadeley@redhat.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Be paraniod and make a selftest.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Move the curve selftest to its own file.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Prevent IRQ affinity restore of lo device, since we do not collect it
and since it doesn't have a IRQ number. This fixes a warning on trafgen
and netsniff-ng when exiting.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|