| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Make sure params is always NULL-terminated as strncpy() doesn't
guarantee this.
Closes #134
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
netsniff-ng does not delete created rfmon device in case of
panic (for example - bad pcap filter expression), so added ability to
add callback func when panic will be happen and delete rfmon device.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Print the basic radiotap header information in the 80211_mac_hdr
dissector.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: removed printing of binary representation of flags]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Commit f43bbe9e895a ("mac80211: Check existence of generated monX
device") broke starting netsniff-ng w/o any arguments, that is,
sniffing on "any" device. The test in device_ifindex() should be
index < 0.
Fixes: f43bbe9e895a ("mac80211: Check existence of generated monX device")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Add Michal for commit f00d4d54f28 ("netsniff-ng: add packet fanout
support").
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
This work adds packet fanout support to netsniff-ng. Multiple netsniff-ng
instances can join the same fanout group with a particular id in order to
improve scaling.
Based on different fanout disciplines, e.g. distribute to fanout member
by packet hash, round-robin, by arrival cpu, by random, by socket rollover
(if one members socket queue is full, switch to next one, etc), by hardware
queue mapping, traffic can be distributed to one of the fanout members.
Moreover, we also allow the user to specify additional aux arguments, e.g.
whether to defrag incoming traffic for the fanout group or not, and whether
to roll over a socket in case other disciplines than socket rollover have
been used. All that is configurable via command line option.
Signed-off-by: Michał Purzyński <michalpurzynski1@gmail.com>
[ dbkm made some bigger changes to get this upstream ready ]
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
For commit 319840b83b70 ("trafgen: disable timer slack").
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Fix then case when netsniff-ng fails if there is already an existing
monX device while generating one.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
netsniff-ng does not check if monitor device includes radiotap
header which leads to the wrong 802.11 frame parsing.
Tested if the .pcap file is understandable by wireshark and if
dump info is basically correct, but did not test the case when xmit
packets from .pcap file to the output device and from the input device
to the output device.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: whitespace changes]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add printing libnl error message like:
nl80211 returned with error (-23): Object type does not match cache
instead of:
nl80211 returned with error -23
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add the warn_unused_result GCC function attribute to all allocation
functions in xmalloc.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Commit 6c5d0caf3b7c ("netsniff-ng: Fix process name when sniffing nlmon
device") fixed the problem of not NULL-terminating the readlink() result
buffer by initializing the entire buffer with '\0'.
Switch to the more common and better readable idiom of explicitely
writing a NULL byte after the readlink result string to make this more
obvious. Also change the buffer size to PATH_MAX.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
While sniffing nlmon device the process name can be
printed with non-letter characters because readlink does not
put line ending '\0'
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Trafgen uses all the online CPUs even if the number of packets specified
by -n is less than the number of selected CPUs. Such behaviour leads to
issues:
- trafgen re-calculates number of packets per CPU which
leads to rounding it to 0 then no packets will be sent.
- trafgen might send more packets than specified by -n because
of using all the online cpus.
Fixed by taking min(#CPUs, #packets) as the number of CPUs if a number
of packets is specified by -n.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: moved code and added explanatory comment]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Make sure we don't print any unnecessary trailing whitespaces to the
trafgen config file when converting from pcap.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
We no longer ship example trafgen config files. Instead, mention the
netsniff-ng conversion facility.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Otherwise we get
Cmds:19: warning: undefined variable `C'
during `make coverity'.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
mz fails to start in cli mode and prints each time different pcap errors:
$ mz -x -V
fatal flex scanner internal error--end of buffer missed
rx_arp: [ERROR] Error calling pcap_compile
or simply shuts down. Sometimes it successfully gets up.
Seems some initialization pcap functions are not thread safer.
Fixed by using mutex locking before entering pcap_loop()
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
In case if main thread already initialized screen but then collector
called panic, the process exits but console stays with the same colored
screen and shifted shell prompt.
Fixed by adding conditional variable locking.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Changed to print packet types by '-t help' earlier before mz will try to
identify link device to bind.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: whitespace cleanup and minor commit message adjustments]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
It's always initialized on declaration in the individual dissectors, so
make it const.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Fixed warnings:
Warning: [lookupdev.c get_dev_params()] Cannot open socket!
when specify help for packet type:
# mz -t tcp help
Also fixes delayed output of the same command if user is root.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
xrealloc() has an additional nmemb argument compared to realloc() for
which it should serve as a wrapper. Since we always call with nmemb = 1,
we might as well remove this argument and thus have xrealloc() conform
to the realloc() function prototype.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
If realloc() is passed NULL as its first argument, it behaves like
malloc(), so the check for ptr begin NULL is not necessary
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
I have no enough arguments for this fix but it
fixes the failing of geoip updating.
Seems "shutdown(..)" closes socket too early.
So shutdown(...) is removed and added "Connection: close"
http header which says http server to close connection after
response will be sent.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
linux has default time slack of 50 usec, which means that trafgen
'gap' option is unable to precisely control delays.
Set the process timer slack to the minimum of 1 nsec.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
It might be useful to filter out interesting traffic
from input pcap to output pcap file which will contain only
filtered packets:
$ netsniff-ng -i input.pcap -o output.pcap ip src 192.168.1.198
Now it is possible by specifying output pcap file with ".pcap"
extension, otherwise the trafgen file will be generated as by default.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: small wording and whitespace adjustment]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add following files to ignore list:
astraceroute/astraceroute
bpfc/bpfc
curvetun/curvetun
curvetun/abiname
flowtop/flowtop
ifpps/ifpps
mausezahn/mausezahn
netsniff-ng/netsniff-ng
trafgen/trafgen
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
I have been investigating tools to generate UDP with checksums of
zero for software testing. This is legal in IPv4 but unwise due to
inability to verify the data has not been corrupted.
I found that mausezahn was not able to create these packets due
despite being able to create incorrect UDP checksums. The code does
not distinguish set to zero and unset.
Results as seen by wireshark (UDP checksum verification enabled)
mausezahn eth0 -A 192.168.0.105 -B 192.168.0.104 -t udp "sp=32452,dp=1024" -P Hello
-> UDP checksum is automatically set to the valid value.
mausezahn eth0 -A 192.168.0.105 -B 192.168.0.104 -t udp "sp=32452,dp=1024,udp_sum=1" -P Hello
-> UDP checksum is set to 1 (which is invalid and highlighted by wireshark).
mausezahn eth0 -A 192.168.0.105 -B 192.168.0.104 -t udp "sp=32452,dp=1024,udp_sum=0" -P Hello
-> Before patch the checksum was set to the valid value.
-> After patch the checksum was sent to zero.
Signed-off-by: Mark Latimer <mark.latimer@gmail.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Add error messages which explain the cause of error state of
the socket functions, so it makes message like:
$ ./netsniff-ng/netsniff-ng -i wlp3s0
Creation of PF socket failed: Operation not permitted
more understandable.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
No need for some of the empty lines, remove them to make the output a
bit denser.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tillmann Karras <tilkax@gmail.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
The code to create the next pcap dump file is duplicated for the
HAVE_TPACKET3 and !HAVE_TPACKET3 case. Consolidate the functionality
into a function to reduce code duplication.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Using ccache by default for compilation if it is available on the system
might confuse people and in rare cases also lead to unexpected results.
Thus, from now on the use of ccache for compilation has to explicitely
specified by setting the CCACHE make variable to the name/path of the
ccache binary, i.e. `make CCACHE=ccache'
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The macro is unused and explicit cast should be used anyway.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
We need to set up the RX ring depending on whether tpacket v3 is
available or not. Otherwise end up setting its structure up for tpacket
v3, even though only tpacket v2 is available. This should fix packet
capturing for tpacket v2 (i.e. corrupted frames in pcap).
Reported-by: Mike Reeves <luke@geekempire.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
It's HAVE_TPACKET3, not HAVE_TPACKETV3.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Save one #ifdef block by moving the tpacket v3 only variable definition
to the block where it is actually used.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Use spaces for indentation in the INSTALL file so the dependency listing
are properly aligned in any case. Also reorder the lists slightly.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Use source command to execute the nacl_build.sh script in order to
change parent shell's environment variable needed to find the just built
libnacl.
wilson says:
> As I use "make nacl" to install nacl, the nacl_path.sh would be execute.
> Then NACL_INC_DIR env variable will be set and appended to ~/.bashrc. In
> nacl_build.sh, it used 'source' command to execute nacl_path.sh, however
> the NACL_INC_DIR variable only took effect in this script context, but
> not in the shell I was running.
> I think we need the 'source' command to execute nacl_build.sh so that we
> don't need to restart the shell for further installation.
Signed-off-by: wilson <wilson.wen.chn@gmail.com>
[tklauser: Reformated commit message]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Use the ISO C fixed width types from stdint.h instead of the
self-defined Linux types.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The iov_base member of struct iovec is already void *, so there is no
need to cast it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Stick to the usual style of having goto labels not indented.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Commit 151fd88f7429 ("dissectors: 80211_mac_hdr: Remove usage of binary
constants") removed binary constants in a particular case that was
reported to cause a compile error. However, this module uses binary
constants in some other places. Replace them by hexadecimal constants,
which makes it easier to read and is C99 compatible.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
clang gives the following warning about function meas_type():
proto_80211_mac_hdr.c:1704:1: warning: control may reach end of non-void function [-Wreturn-type]
}
^
Even though this is a false positive (since we check the entire range of
an u8 in the switch/case), fix it by turning the case 13 ... 255 into
default.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Both sparse and clang warn about the initializers overriding previous
initialization of the packet_types array. Since every access of the
packet_types array checks the value for NULL (the default value, since the
array is static) and prints a "?" if it isNULL, we don't need the prior
initialization with "?".
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Currently we ignore the return value of the write() calls to
/proc/sys/net/core/{r,w}mem_{default,max} in set_system_socket_mem().
Better check the return value and notify the user about it.
This also fixes a clang compiler warning about a variable explicitely
assigned to itself.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
