summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2015-04-27netsniff-ng nlmsg: Print netlink protocol nameVadim Kochan5-18/+61
nlmsg proto handler can't identify Netlink protocol from nlmsghdr, so sockaddr_ll can be used to get it. Also renamed [proto -> handler] member in pkt_buff struct, which is more understandable. Example: >U nlmon0 4756 1429891435s.14505747ns [ NLMSG Proto 0 (RTNETLINK), Len 1160, Type 0x0010 (0x10), Flags 0x0002 (MULTI), Seq-Nr 1429891436, PID 31613 ] Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: Handle usage of NETLINK_SOCK_DIAG with pre 3.10 kernel headers, fix nl_proto2str() return value, formatting changes] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-27-ng mac80211: Print "HT Capabilities" more structurdVadim Kochan1-68/+107
Now it looks like: [ Subtype Beacon: Timestamp 0x0000000074c5c180, Beacon Interval (0.102400s), Capabilities (0x431 <-> ESS; Privacy; Short Preamble; Short Slot Time;) Parameters: SSID (0, Len (6)): D07F82 Supp. Rates (1, Len (8)): 1(B) 2(B) 5.5(B) 11(B) 6(B) 9 12(B) 18 DSSS Param Set (3, Len(1)): Current Channel: 1 TIM (5, Len(4)): DTIM Count: 0, DTIM Period: 3, Bitmap Control: 0, Partial Virtual Bitmap: 0x00 Country (7, Len(6)): Country String: US First Ch Nr: 1, Nr of Ch: 11, Max Transmit Pwr Lvl: 30 ERP (42, Len(1)): Non ERP Present (0), Use Protection (0), Barker Preamble Mode (0), Reserved (0x00000) Ext Support Rates (50, Len(4)): 24 36 48 54 HT Capabilities (45, Len(26)): Info: LDCP Cod Cap (1) Supp Ch Width Set (1) SM Pwr Save(3) HT-Greenfield (0) Short GI for 20/40 MHz (1/1) Tx/Rx STBC (0/0) HT-Delayed Block Ack (0) Max A-MSDU Len (0) DSSS/CCK Mode in 40 MHz (1) Res (0x0) Forty MHz Intol (0) L-SIG TXOP Protection Supp (0) [...] Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-27netsniff-ng: Rotate pcap files prematurely on SIGHUPTobias Klauser2-15/+33
Allow to send SIGHUP to a running netsniff-ng process, causing it to prematurely rotate the output PCAP when the output device (-o/--out) is a directory. The rotating interval (time/file size) will be reset. Suggested by dcode in #140 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-24conf: oui: update oui.confTobias Klauser1-68/+976
Update oui.conf using oui-update.py Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-23build: Restore support for cross-compiling the netsniff-ng toolkitTobias Klauser9-50/+94
Ever since we switched to the hand-crafted ./configure script, support for cross-compiling the netsniff-ng toolkit was basically broken. Restore the abaility to cross-compile our tools by making ./configure consider the CROSS_COMPILE and SYSROOT variables. Example for cross-compiling on arm: $ CROSS_COMPILE=arm-linux-gnueabihf- \ SYSROOT=/usr/arm-linux-gnueabihf \ ./configure $ make assuming the cross-compiled libraries (and their respective pkg-config information) are in /usr/arm-linux-gnueabihf. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-23all: Fix libnl3 include pathTobias Klauser3-7/+7
The libnl3 examples [1] use <netlink/netlink.h> etc. and since pkg-config returns the paths including the libnl3 path component, we should specify our include paths relative to these ones, not /usr/include. [1] http://www.infradead.org/~tgr/libnl/doc/core.html#_linking_to_this_library Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-23build: Rename LD command variable to LDQTobias Klauser2-2/+2
In order to be able to set the (sort of) standard command variables CC, LD etc. from configure via Config, rename the silent LD command variable to LDQ, in accordance with the existing CCQ. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-23build: Remove DISTRO build flag, don't optimize by defaultTobias Klauser3-18/+4
Currently, when building with DISTRO=0 we optimize for the build host's architecture by default. This is not compatible with cross-compiling. Remove the DISTRO flag and only build with -O2 and no -march/-mtune flags by default. Support for specifying optimization flags via configure script will be added in a follow-up patch. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-22zsh: netsniff-ng: add completionsDaniel Borkmann1-0/+3
Add completions for the three new options. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-04-22man: netsniff-ng: document fanout optionsDaniel Borkmann1-0/+25
Properly document the new knobs for doing packet socket's fanout, i.e. that is, --fanout-group/--fanout-type/--fanout-opts. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-04-22netsniff-ng: Don't set IO prio when reading pcap fileVadim Kochan5-10/+13
It allows to read pcap file for users who have no permissions to set process IO prio. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Acked-by: Daniel Borkmann <borkmann@iogearbox.net> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-22netsniff-ng: Store getgid() result in correct member of struct contextVadim Kochan1-1/+1
Changed to use ctx->gid when call getgid() on init_ctx. Before we were overwriting ctx->uid which clearly is an error. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-22iosched: Print error cause if setting io prio failedVadim Kochan1-1/+1
Add error cause message when ioprio_setpid fails. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-21netsniff-ng v0.5.9-rc5v0.5.9-rc5Tobias Klauser1-1/+1
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-21dissectors: 80211_mac_hdr: Check return value of pkt_pullTobias Klauser1-0/+2
Prevent a NULL pointer dereference if (for whatever reason) pkt_pull returns NULL. This issue was discovered using the Coverity scanner. Fixes: 9278bb65 ("netsniff-ng: Dump basic radiotap header info") Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-21dev: Close socket in error path of device_ifindex_get()Tobias Klauser1-2/+3
If the ioctl() fails, the socket still needs to be closed instead of returning directly. This issue was discovered using the Coverity scanner. Fixes: f43bbe9 ("mac80211: Check existence of generated monX device") Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-21ring: Make ifname paramter to ring_size() constTobias Klauser1-1/+1
ifname not changed inside the function, so make it const. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-21mausezahn: Make sure '\0' is written after strncpyTobias Klauser1-2/+3
Make sure params is always NULL-terminated as strncpy() doesn't guarantee this. Closes #134 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-21netsniff-ng: Delete rfmon mac80211 device in case of panicVadim Kochan11-9/+62
netsniff-ng does not delete created rfmon device in case of panic (for example - bad pcap filter expression), so added ability to add callback func when panic will be happen and delete rfmon device. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-21netsniff-ng: Dump basic radiotap header infoVadim Kochan1-0/+5
Print the basic radiotap header information in the 80211_mac_hdr dissector. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: removed printing of binary representation of flags] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-21netsniff-ng: fix snooping on any device when no option is givenDaniel Borkmann1-1/+2
Commit f43bbe9e895a ("mac80211: Check existence of generated monX device") broke starting netsniff-ng w/o any arguments, that is, sniffing on "any" device. The test in device_ifindex() should be index < 0. Fixes: f43bbe9e895a ("mac80211: Check existence of generated monX device") Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-04-21doc: authors: add Michal as contributorDaniel Borkmann1-0/+1
Add Michal for commit f00d4d54f28 ("netsniff-ng: add packet fanout support"). Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-04-21netsniff-ng: add packet fanout supportMichał Purzyński3-7/+102
This work adds packet fanout support to netsniff-ng. Multiple netsniff-ng instances can join the same fanout group with a particular id in order to improve scaling. Based on different fanout disciplines, e.g. distribute to fanout member by packet hash, round-robin, by arrival cpu, by random, by socket rollover (if one members socket queue is full, switch to next one, etc), by hardware queue mapping, traffic can be distributed to one of the fanout members. Moreover, we also allow the user to specify additional aux arguments, e.g. whether to defrag incoming traffic for the fanout group or not, and whether to roll over a socket in case other disciplines than socket rollover have been used. All that is configurable via command line option. Signed-off-by: Michał Purzyński <michalpurzynski1@gmail.com> [ dbkm made some bigger changes to get this upstream ready ] Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-04-21docs: authors: add Eric for his patch contributionDaniel Borkmann1-0/+1
For commit 319840b83b70 ("trafgen: disable timer slack"). Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-04-20mac80211: Check existence of generated monX deviceVadim Kochan3-3/+17
Fix then case when netsniff-ng fails if there is already an existing monX device while generating one. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-13netsniff-ng: Consider radiotap header of monitor devVadim Kochan6-15/+36
netsniff-ng does not check if monitor device includes radiotap header which leads to the wrong 802.11 frame parsing. Tested if the .pcap file is understandable by wireshark and if dump info is basically correct, but did not test the case when xmit packets from .pcap file to the output device and from the input device to the output device. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: whitespace changes] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-10mac80211: Print libnl error message along with error numberVadim Kochan1-1/+2
Add printing libnl error message like: nl80211 returned with error (-23): Object type does not match cache instead of: nl80211 returned with error -23 Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-07xmalloc: Add attribute warn_unused_result to allocation functionsTobias Klauser2-11/+15
Add the warn_unused_result GCC function attribute to all allocation functions in xmalloc. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-07netsniff-ng: Explicitely NULL-terminate readlink() result bufferTobias Klauser1-2/+4
Commit 6c5d0caf3b7c ("netsniff-ng: Fix process name when sniffing nlmon device") fixed the problem of not NULL-terminating the readlink() result buffer by initializing the entire buffer with '\0'. Switch to the more common and better readable idiom of explicitely writing a NULL byte after the readlink result string to make this more obvious. Also change the buffer size to PATH_MAX. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-07netsniff-ng: Fix process name when sniffing nlmon deviceVadim Kochan1-1/+1
While sniffing nlmon device the process name can be printed with non-letter characters because readlink does not put line ending '\0' Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-03-31trafgen: Alloc cpus according to specified number of packetsVadim Kochan1-0/+8
Trafgen uses all the online CPUs even if the number of packets specified by -n is less than the number of selected CPUs. Such behaviour leads to issues: - trafgen re-calculates number of packets per CPU which leads to rounding it to 0 then no packets will be sent. - trafgen might send more packets than specified by -n because of using all the online cpus. Fixed by taking min(#CPUs, #packets) as the number of CPUs if a number of packets is specified by -n. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: moved code and added explanatory comment] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-03-31netsniff-ng: No trailing whitespaces in generated trafgen config filesTobias Klauser1-1/+4
Make sure we don't print any unnecessary trailing whitespaces to the trafgen config file when converting from pcap. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-03-31trafgen: Remove note about trafgen.txf example from help textTobias Klauser1-1/+2
We no longer ship example trafgen config files. Instead, mention the netsniff-ng conversion facility. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-03-31build: Initialize value of $C (sparse checker enable/disable)Tobias Klauser1-0/+1
Otherwise we get Cmds:19: warning: undefined variable `C' during `make coverity'. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-03-30mz: Make access to pcap init functions thread safeVadim Kochan2-5/+18
mz fails to start in cli mode and prints each time different pcap errors: $ mz -x -V fatal flex scanner internal error--end of buffer missed rx_arp: [ERROR] Error calling pcap_compile or simply shuts down. Sometimes it successfully gets up. Seems some initialization pcap functions are not thread safer. Fixed by using mutex locking before entering pcap_loop() Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-03-23flowtop: Print error cause if errno is set when panicVadim Kochan1-5/+5
Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-03-20flowtop: Don't init screen until collector is readyVadim Kochan2-0/+40
In case if main thread already initialized screen but then collector called panic, the process exits but console stays with the same colored screen and shifted shell prompt. Fixed by adding conditional variable locking. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-03-19authors: add Vadim for his contributionsDaniel Borkmann1-0/+1
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2015-03-17mz: Add igmp v1/v2 packet type crafting supportVadim Kochan4-32/+153
Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-03-02mz: Allow to print packet types by '-t help'Vadim Kochan2-69/+71
Changed to print packet types by '-t help' earlier before mz will try to identify link device to bind. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: whitespace cleanup and minor commit message adjustments] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-02-23proto: Make protocol->key member constTobias Klauser1-1/+1
It's always initialized on declaration in the individual dissectors, so make it const. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-02-20mz: Dont bind to dev if help was specifiedVadim Kochan1-6/+12
Fixed warnings: Warning: [lookupdev.c get_dev_params()] Cannot open socket! when specify help for packet type: # mz -t tcp help Also fixes delayed output of the same command if user is root. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-02-05xmalloc: Make xrealloc() arguments conform to realloc()Tobias Klauser6-25/+22
xrealloc() has an additional nmemb argument compared to realloc() for which it should serve as a wrapper. Since we always call with nmemb = 1, we might as well remove this argument and thus have xrealloc() conform to the realloc() function prototype. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-02-05xmalloc: Remove unnecessary NULL check before realloc()Tobias Klauser1-5/+1
If realloc() is passed NULL as its first argument, it behaves like malloc(), so the check for ptr begin NULL is not necessary Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-01-30geoip: Fix update failingVadim Kochan1-5/+5
I have no enough arguments for this fix but it fixes the failing of geoip updating. Seems "shutdown(..)" closes socket too early. So shutdown(...) is removed and added "Connection: close" http header which says http server to close connection after response will be sent. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2015-01-30trafgen: disable timer slackEric Dumazet1-0/+2
linux has default time slack of 50 usec, which means that trafgen 'gap' option is unable to precisely control delays. Set the process timer slack to the minimum of 1 nsec. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2015-01-26netsniff: Allow filter input pcap file to output pcapVadim Kochan2-5/+24
It might be useful to filter out interesting traffic from input pcap to output pcap file which will contain only filtered packets: $ netsniff-ng -i input.pcap -o output.pcap ip src 192.168.1.198 Now it is possible by specifying output pcap file with ".pcap" extension, otherwise the trafgen file will be generated as by default. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: small wording and whitespace adjustment] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-01-12gitignore: Add compiled executablesVadim Kochan1-0/+11
Add following files to ignore list: astraceroute/astraceroute bpfc/bpfc curvetun/curvetun curvetun/abiname flowtop/flowtop ifpps/ifpps mausezahn/mausezahn netsniff-ng/netsniff-ng trafgen/trafgen Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2015-01-11mz: allow for zero udp checksumMark Latimer1-2/+4
I have been investigating tools to generate UDP with checksums of zero for software testing. This is legal in IPv4 but unwise due to inability to verify the data has not been corrupted. I found that mausezahn was not able to create these packets due despite being able to create incorrect UDP checksums. The code does not distinguish set to zero and unset. Results as seen by wireshark (UDP checksum verification enabled) mausezahn eth0 -A 192.168.0.105 -B 192.168.0.104 -t udp "sp=32452,dp=1024" -P Hello -> UDP checksum is automatically set to the valid value. mausezahn eth0 -A 192.168.0.105 -B 192.168.0.104 -t udp "sp=32452,dp=1024,udp_sum=1" -P Hello -> UDP checksum is set to 1 (which is invalid and highlighted by wireshark). mausezahn eth0 -A 192.168.0.105 -B 192.168.0.104 -t udp "sp=32452,dp=1024,udp_sum=0" -P Hello -> Before patch the checksum was set to the valid value. -> After patch the checksum was sent to zero. Signed-off-by: Mark Latimer <mark.latimer@gmail.com> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2015-01-11sock: Add cause message in case of errorVadim Kochan1-9/+9
Add error messages which explain the cause of error state of the socket functions, so it makes message like: $ ./netsniff-ng/netsniff-ng -i wlp3s0 Creation of PF socket failed: Operation not permitted more understandable. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>