Age | Commit message (Collapse) | Author | Files | Lines |
|
The check_libnf_ct function is implemented in configure, but it was
not executed currently. So from now on invoke it and check for
netfilter's conntrack library.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
We need to have: GEOIP_CITY_EDITION_REV1, GEOIP_CITY_EDITION_REV1_V6,
GEOIP_COUNTRY_EDITION, GEOIP_COUNTRY_EDITION_V6, GEOIP_ASNUM_EDITION,
GEOIP_ASNUM_EDITION_V6. Not all might be available on older versions.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Consolidate all conntrack header includes into conntrack.h as this
is more clean.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
This will of course also lead to the flags getting redirected. Silly me.
While at it also remove the pointless warning flags to cc.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Streamline the Makfile targets by separating the clean targets (which
only affect the build tree) from the uninstall targets (affecting
files installed in the system).
Do this by renaming the 'distclean' target to 'uninstall' and removing
unnecessary aliases. The 'distclean' target serves now as a way to
remove build files and Config. The 'mrproper' will bring the source into
a pristine state as checked out from git.
Summary of the new/changed targets:
clean: remove all build related files (but not Config)
distclean: 'make clean' + remove Config
mrproper: remove all files not in git repository
uninstall: remove all files installed by us from the system, but not
affecting the build environment.
%_uninstall: tool specific uninstall
The following targets were removed:
mostlyclean, realclean and clobber.
Also the target names in the INSTALL file are adjusted.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
This should be 'mailing list' instead of 'mainling list'.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Define CONFIG_OK in the Config file generated in the configure script
and check for it being defined in the Makefile before attempting
anything else. This way we can better inform the user that she needs to
run ./configure first.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Redirect the output of pkg-config to /dev/null so it doesn't clutter the
output of the configure script.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Use ARPHRD_ETHER for the "any" device, so that when typing "netsniff-ng"
without any arguments, ethernet is assumed.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Refactor ctx initialization and destruction into separate handlers.
That is more clean.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Invoke dev->type to pcap linktype mapper in order to write a correct
pcap file header for various link types. Also fix two bugs in pcap
file header parsing and print a warning with the magic link number in
case of an unknown link type.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Various fixes for last commit. Sorry for that.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Do not panic on linktypes that are unknown to us. Just skip the usual
dissector entry point and based on user input, print in hex, ascii, or
hex + ascii.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Add a device_type() method to get the assigned dev->type from the
kernel, and add support for automatic selection of the correct pcap
file header's linktype. This needs to be integrated into the core
code though.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
This adds basic linktype support for netlink "nlmon" devices.
Todo: we sill need to set the correct pcap type on capturing.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
As nlmon's device setup has now been changed to use rtnl link setup,
give a full example on how to setup and teardown nlmon devices.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
As per [1] we now also have an official hw device identifier for
Netlink. Add it to bpfc man page as we can capture from an nlmon
device.
[1] http://patchwork.ozlabs.org/patch/253293/
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Pull in the configure script. From now on, before calling 'make' the
'./configure' script will need to get called.
This is no autotools generated script, but manually written to check for
netsniff-ng's dependencies.
|
|
Actually call some functions in the check program so they will need to
get linked.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Check whether pkg-config and ccache are in the PATH. A missing
pkg-config will cause the configure script to abort with an error. The
presence of ccache is written to Config and used by the Makefile to
conditionally make use of it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Newer versions of GCC expect the linker flags after the object code, so
move the ouput of 'pkg-config --libs ncurses' there to not make the test
fail even if ncurses is present on the system.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
In netsniff-ng, we use tpacketv3 for capturing-only mode. The issue
observed lately is that when using f.e. -n10 or capturing a pcap and
then quitting, the pcap or actually seen number of packets are less
than what the statistics tell us from getsockopt(2).
This is due to the fact that tpacketv3 divides its ring buffer into
blocks of frames. Meaning, while we are traversing block n, the kernel
already fills up block n+1 and following if new packets arrive. While
doing so, it increments packet counters. Thus, when we ^C, we haven't
seen those blocks, so the stats tell us mostly a slightly higher
result. Fix this by adjusting socket stats printing to this fact.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Recently, the nlmon device driver got accepted [1], so that it's now
possible to debug netlink traffic as well.
[1] http://thread.gmane.org/gmane.linux.network/273952
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
ncurses (de-)initialization is duplicated across flowtop and ifpps, so
move it to an own module and use it from both tools.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Check for some more libraries we make use of in the configure step.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Ignore the build config generated by the configure script.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Remove some trailing whitespaces from documentation.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
In order to use an installation of NaCl provided by the distro or by
previous manual installation, provide a configure script which checks
for nacl's presence.
Also check of libnl-genl headers. More checks of the other libraries
depended on by netsniff-ng as well as checks for necessary kernel
headers should be added here too.
The configure script is preliminary and has not yet extensively been
tested on multiple systems.
The concept was inspired by the configure script of trinity and
iproute2.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Mark them as what is to be most expected.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
It's used as such, so therefore make it a bool instead of int.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Add a colophon to the end of each man page.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Use explicit form to initialize array.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Make the code a bit simpler. Also use bool for the syslog_maybe
condition.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Simplify code a bit and mark error paths unlikely.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
If we fail to find the ifindex of a given device, bail out.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Do not necessarily define our own, only in case the Linux one is
not available.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
First destroy spinlocks, then free the encryption and decryption
buffers.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Facilitate allocation and destruction of crypto objects through
common helper functions.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Just some minor whitespacing arrangements.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
This seems to have been corrupted. Must be crypto_box_beforenmbytes.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Simplify curve25519_encode() and curve25519_decode() transforms by making
the code more clear and by introducing macro accessors to nonces.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Simplify the function curve25519_proto_init() and also have minor
cleanups in other related ones.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
No need to prefix them with _buf, this just makes the names longer
and therefore less readable.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Fix the bug in "if (!entry == 0 && errno == ENOENT)" and also do some
cleanups, make the code more readable and remove useless stuff. Used
in curvetun.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
It's ridiculous to have a header comment here.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Mark some error paths as unlikely, and fixup some minor whitespace
issues. Nothing big to see here.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
We should also make this clear from the beginning that one can use
bpfc for seccomps as well. Might be interesting for security
researchers to play around with.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Just add a minor sentence to help stating this.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|