Age | Commit message (Collapse) | Author | Files | Lines |
|
Linux kernel provides nlmon device (ARPHRD_NETLINK) driver that
can tap on netlink traffic, e.g.:
Setup:
modprobe nlmon
ip link add type nlmon
ip link set nlmon0 up
Capture:
netsniff-ng -i nlmon0 ... (or -i any)
Teardown:
ip link set nlmon0 down
ip link del dev nlmon0
rmmod nlmon
Provide information about the packet direction (user space or kernel
space), so that dissector will show that properly.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
When reading from a pcap in Kuznetsov/netsniff-ng format, we currently do
not fill out sll. Do so so that users can see pkttype and the interface.
Reported-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Heavily reduce the initial ring buffer size for trafgen to just 196KiB,
so that we can heavily reduce the number of cache-misses related to
cache references. People can still overwrite this setting later on via
command line option for their specific architecture if they wish.
Perhaps the RX_RING should be checked as well in netsniff-ng though the
use case there is slightly different.
Before:
Performance counter stats for 'trafgen -i blub -o dummy0 -n100000000':
137,765,493,346 instructions:k # 0.82 insns per cycle
167,438,826,578 cycles:k # 0.000 GHz
59,508,315 branch-misses:k
361 context-switches:k
6 cpu-migrations:k
134,751,541 cache-misses:k # 85.019 % of all cache refs
158,495,358 cache-references:k
755 kmem:kmem_cache_alloc
15.139458202 seconds time elapsed
After:
Performance counter stats for 'trafgen -i blub -o dummy0 -n100000000':
137,889,782,650 instructions:k # 0.92 insns per cycle
150,239,185,971 cycles:k # 0.000 GHz
71,583,573 branch-misses:k
423 context-switches:k
7 cpu-migrations:k
60,239 cache-misses:k # 0.073 % of all cache refs
82,502,468 cache-references:k
740 kmem:kmem_cache_alloc
12.028787964 seconds time elapsed
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
perf reports in mmap case a huge number of kmem_cache_alloc's
which seem to stem from triggering signals from kernel to user
application, against dummy device:
Performance counter stats for 'trafgen -i blub -o dummy0 -n100000000 -k100': <-- mmap case
175,837 kmem:kmem_cache_alloc
14.758900522 seconds time elapsed
Performance counter stats for 'trafgen -i blub -o dummy0 -n100000000 -k100 -t0': <-- non-mmap case
707 kmem:kmem_cache_alloc
15.591667364 seconds time elapsed
It seems not to case significant number of cache-misses, but
it's better to switch to a direct trigger when we cannot fill
new frames anymore. After this patch, we see a similar number
of kmem_cache_alloc's as in the non-mmap case. This basically
renders the kpull interval useless, we can optionally remove
it if we don't care about people's scripts. ;-)
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Update oui.conf using oui-update.py
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
|
|
The entry for -q/--num-probes is duplicated in the zsh completion file
and the description of the first entry doesn't match the option's real
purpose, thus remove it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Fixed typo in astraceroute.* files.
Signed-off-by: Kartik Mistry <kartik.mistry@gmail.com>
|
|
Usage: man --warnings -E UTF-8 -l -Tutf8 -Z foo.8 > /dev/null
Signed-off-by: Kartik Mistry <kartik.mistry@gmail.com>
|
|
In pcap_validate_header() the linktype and the byte-swapped linktype are
currently checked against the supported linktypes. Since the swapped
linktype is always larger than LINKTYPE_MAX, only one of the two tests
was actually done. Make this intention a bit more clear by explicitly
checking only for either the swapped or non-swapped linktype, depending
on whether the pcap magic is swapped.
Also make the error messages a bit more verbose regarding the
major/minor version.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
s/faily/fairly/
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Fix the shell syntax error, introduced in:
commit 11c34c86ca4 (build: Set SHELL make variable to bash if possible)
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
|
|
Until now, we just looked up the vendor string based on the OUI for each
MAC address. Thus, multicast and broadcast addresses were just printed
as "Unknown" which is a bit misleading.
Improve this situation by checking bit 0 of the 1st octet of the address
and by checking for the broadcast address if it is set. If a
multicast/broadcast address is found, the respective string is returned.
In all other cases, the existing OUI lookup is done.
In the future we might extend this mechanism to look up well-known
multicast addresses.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
We don't need the file open to allocate the buffer so open it just
before it's used for the first time.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Update OUI entries using oui-update.py
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
This header is actually only needed in dissector_eth and
dissector_80211, so remove the other users accordingly.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
get_sockopt_tpacket is never used in the "raw" version and the wrapper
does no additional checking anyway, so get rid of it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
On Debian/Ubuntu systems, /bin/sh is /bin/dash which doesn't understand
the -e option to the `echo' builtin. Thus the build output looks
something like the following:
Building netsniff-ng toolkit (0.5.8-rc5+) for x86_64-linux-gnu:
Building netsniff-ng:
-e CC dissector.c
-e CC dissector_eth.c
-e CC dissector_80211.c
...
Prevent this by setting SHELL to /bin/bash if it exists on the system,
otherwise stick to /bin/sh.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Handle all termination signals that we're allowed to handle (SIGKILL
can't be handled) in order to exit gracefully in any regular termination
case.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Handle all termination signals that we're allowed to handle (SIGKILL
can't be handled) in order to exit gracefully in any regular termination
case.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Handle all termination signals that we're allowed to handle (SIGKILL
can't be handled) in order to exit gracefully in any regular termination
case.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Handle all termination signals that we're allowed to handle (SIGKILL
can't be handled) in order to exit gracefully in any regular termination
case.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Handle all termination signals that we're allowed to handle (SIGKILL
can't be handled) in order to exit gracefully in any regular termination
case. Without this fix, pcap files written by netsniff-ng might be
corrupted.
Reported-by: Mike Westmacott <mikewestmacott@googlemail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Emma was former also one of the maintainer in the old days.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Follow commit bed9b6bb ("netsniff-ng: Don't modify optarg/argv").
We shouldn't modify optarg (and thus argv) since it's e.g. used to
display the commandline string in `ps'. Since strtoul() reads until it
encounters the first non-numeric character and ignores the rest, we can
just revert from setting a NULL byte after the numeric part of the
string.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
For some reason the Debian ncurses version does not
contain a ncurses.pc pkg-config file.
Fix this by echoing "-lncurses" if the command fails:
pkg-config --libs ncurses
This fix will make ifpps compile on Debian Squeeze 6.0.8.
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
|
|
Debian's version of linux/ethtool.h seems to be outdated
and does not contain define SPEED_UNKNOWN, fix this by a
manual define.
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
|
|
Since Linux 3.14, the kernel supports a socket option PACKET_QDISC_BYPASS,
which trafgen enables by default. That allow us to bypass the kernels
normal qdisc (traffic control) layer.
An option -q, --qdisc-path is added to allow enabling the qdisc path
explicity, useful for testing purposes.
This will be avail in kernels >= 3.14 via
commit d346a3fae3 (packet: introduce PACKET_QDISC_BYPASS socket option).
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
|
|
The tool trafgen is used in a pktgen style transmit only scenario.
We discovered a performance bottleneck in the kernel, when
running trafgen, where the kernel stalled on a lock in
packet_rcv(). This call is unnecessary for trafgen given its
transmit only nature.
This packet_rcv() call can, easily be avoided by instructing the
RAW/PF_PACKET socket, to not listen to any protocols (by passing
protocol argument zero, when creating the socket).
The performance gain is huge, increasing performance from approx
max 2Mpps to 12Mpps, basically causing trafgen to scale with
the number of CPUs.
Following tests were run on a 2xCPU E5-2650 with Intel 10Gbit/s ixgbe:
Trafgen using sendto() syscall via parameter -t0:
* # CPUs -- *with* -- *without* packet_rcv() call
* 1 CPU == 1,232,244 -- 1,236,144 pkts/sec
* 2 CPUs == 1,592,720 -- 2,593,620 pkts/sec
* 3 CPUs == 1,635,623 -- 3,692,216 pkts/sec
* 4 CPUs == 1,567,768 -- 4,102,866 pkts/sec
* 5 CPUs == 1,700,270 -- 5,151,489 pkts/sec
* 6 CPUs == 1,762,392 -- 6,124,512 pkts/sec
* 7 CPUs == 1,850,139 -- 7,120,496 pkts/sec
* 8 CPUs == 1,770,909 -- 8,058,710 pkts/sec
* 9 CPUs == 1,721,072 -- 8,963,192 pkts/sec
* 10 CPUs == 1,359,157 -- 9,584,535 pkts/sec
* 11 CPUs == 1,175,520 -- 10,498,038 pkts/sec
* 12 CPUs == 1,075,867 -- 11,189,292 pkts/sec
* 13 CPUs == 1,012,602 -- 12,048,836 pkts/sec
* [...]
* 20 CPUs == 1,030,446 -- 11,202,449 pkts/sec
Trafgen using mmap() TX tpacket_v2 (default)
* # CPUs -- *with* -- *without* packet_rcv() call
* 1 CPU == 920,682 -- 927,984 pkts/sec
* 2 CPUs == 1,607,940 -- 2,061,406 pkts/sec
* 3 CPUs == 1,668,488 -- 2,979,463 pkts/sec
* 4 CPUs == 1,423,066 -- 3,169,565 pkts/sec
* 5 CPUs == 1,507,708 -- 3,910,756 pkts/sec
* 6 CPUs == 1,555,616 -- 4,625,844 pkts/sec
* 7 CPUs == 1,560,961 -- 5,298,441 pkts/sec
* 8 CPUs == 1,596,092 -- 6,000,465 pkts/sec
* 9 CPUs == 1,575,139 -- 6,722,130 pkts/sec
* 10 CPUs == 1,311,676 -- 7,114,202 pkts/sec
* 11 CPUs == 1,157,650 -- 7,859,399 pkts/sec
* 12 CPUs == 1,060,366 -- 8,491,004 pkts/sec
* 13 CPUs == 1,012,956 -- 9,269,761 pkts/sec
* [...]
* 20 CPUs == 955,716 -- 8,653,947 pkts/sec
It is fairly strange that the mmap() version runs slower than the
sendto() version. This is likely another performance problem related
to mmap() which seems worth fixing.
Note, that the mmap() version speed can be improved by reducing the
default --ring-size to around 1-2 MiB. But this does not fix general
trend with mmap() performance.
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
|
|
Also make these options available to trafgen.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Check the return value of system() when invoking CPP in the BPF
parser and bail out in case of an error.
This fixes the following compiler warning:
trafgen_parser.y:598:9: warning: ignoring return value of ‘system’, declared with attribute warn_unused_result [-Wunused-result]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Check the return value of system() when invoking CPP in the BPF parser
and bail out in case of an error.
This fixes the following compiler warning:
bpf_parser.y:754:9: warning: ignoring return value of ‘system’, declared with attribute warn_unused_result [-Wunused-result]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
When viewing the bpfc man page I noticed a mistake saying that the BPF
compiler included in the pcap library is the *only* compiler. I changed
it to say the *only other* compiler since bpfc is also a BPF compiler.
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add LDFLAGS for libtinfo for cases where it is separate from ncurses.
[tklauser: Whitespace fixes in ifpps/Makefile and added patch
description]
Signed-off-by: Teguh <info@egeektronic.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
If we loose carrier, don't bother about panic'ing, but continue sending!
Only exit in case we're doing a smoke test.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Add ability to set IGP in time units in seconds, milliseconds,
microseconds, and nanoseconds by appending a postfix to --gap e.g. --gap
100ms. Also, update the man page and trafgen.zsh to reflect the
changes.
[Fix whitespaces, coding style and minor wording changes -- tklauser]
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Alias output format for tc/xt_bpf.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
We shouldn't modify optarg (and thus argv) since it's e.g. used to
display the commandline string in `ps'. Since strtoul() reads until it
encounters the first non-numeric character and ignores the rest, we can
just revert from setting a NULL byte after the numeric part of the
string.
Reported-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
If setting an unsigned long variable, use strtoul() instead of strtol().
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Create detached ASCII format GPG signatures for the to be released
tarballs.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
We can reuse the omit_header variable to get rid of the existing
variable 'first', which was used to make sure the header gets only
printed once at the beginning.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Otherwise we get a warning when compiling with "-W -Wall".
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Keep the options sorted alphabetically, argument options first.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add the -o/--omit-header option to ZSH autocompletion.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Incorrect usage of "i.e." leads one to believe that replaying is
possible only.
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Removed, word "be", which was seen twice and removed unnecessary comma.
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Manual page entry for option -c|--omit-header.
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|