summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2013-06-15curve: simplify curve25519_proto_init and othersDaniel Borkmann5-49/+29
Simplify the function curve25519_proto_init() and also have minor cleanups in other related ones. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15curve: rename encode/decode buffersDaniel Borkmann2-19/+19
No need to prefix them with _buf, this just makes the names longer and therefore less readable. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15cpusched: cleanups, refactoring and fix one bugDaniel Borkmann1-49/+28
Fix the bug in "if (!entry == 0 && errno == ENOENT)" and also do some cleanups, make the code more readable and remove useless stuff. Used in curvetun. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15misc: remove two header commentsDaniel Borkmann2-12/+0
It's ridiculous to have a header comment here. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15bpf: very minor style fixups and paths marked unlikelyDaniel Borkmann1-6/+9
Mark some error paths as unlikely, and fixup some minor whitespace issues. Nothing big to see here. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15docs: readme: also stress bpf seccomp in the README pageDaniel Borkmann1-1/+1
We should also make this clear from the beginning that one can use bpfc for seccomps as well. Might be interesting for security researchers to play around with. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15bpfc: stress that also seccomp-BPF can be generated with bpfcDaniel Borkmann1-1/+3
Just add a minor sentence to help stating this. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15man: bpfc: add example of loadable x86_64 seccomp-BPF filterDaniel Borkmann1-0/+18
Add the example in bpfc code from http://outflux.net/teach-seccomp/ to the man page, so that people can also experiment with seccomp bpf and to demonstrate that there are no limits on bpfc when it comes to this. Actually this code is even more efficient than the one given in the example URL above. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15man: bpf: also mention that bpfc can be used for seccomp-BPFDaniel Borkmann1-10/+14
Seccomp-BPF is used for syscall sandboxing. bpfc can also be used for creating such filters without any problems. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15bpf: add missing decode for poffDaniel Borkmann1-12/+14
When we decode BPF extensions, add the missing opcode for poff. While at it, also remove the '#' prefix, since it's optional in bpfc. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15trafgen: fix checksumming in trafgen example configDaniel Borkmann2-2/+2
Took quite a while to git bisect the cause for the wrong TCP checksum in the -e example. It turned out that commit bf43e1993c7037 ("trafgen: lexer: return original string if no shellcode") "broke" it, since before that commit the TCP checksum from -e example was correct and afterwards not anymore. Well, it didn't break it. What was happening here is that with this fix above, the packet got 1 byte longer since the first character of the example string is not omitted anymore, therefore the checksum got wrong. Fix this by fixing the IP total length of the packet in the -e and man page example. The UDP example from the man page still works well if csumudp() is used, so not affected of this. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15trafgen: check offsets for all kind of csumsDaniel Borkmann1-2/+5
It seems not critical at this point, but lets check it for all offsets here as well, and mark this check as unlikely to happen. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15trafgen: fix -n1 bug for packet schedulingDaniel Borkmann1-2/+2
In the current situation, it can happen when we set -n1, that no packet at all will be scheduled. This is due to the case that nearbyint() will for e.g. 2 cpus round to 0 each, and since in __correct_global_delta() we only correct a total delta when a particular CPU is allowed to tx packets (means already has a num > 0), then we correct the delta on the first such CPU. Switch to using round(), so that on 0.5 it will be round to the next higher int, and fix the check to >= 0 in __correct_global_delta() so that a CPU could also get a 0 share of packets. I did a couple of tests with different -n params and cpu(..) configs and this seems to fix that. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-14man: trafgen: fix remaining `` occurencesDaniel Borkmann1-23/+23
That's the last man page where `` occurs, so fix this up by making it consistentlt '' as the rest of all man pages. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-14netsniff-ng: Report if HW timestamping is enabledTobias Klauser1-1/+3
Until now we didn't check the return value of set_sockopt_hwtimestamp() and the Coverity scanner complained about it, so use it's return value to report if timstamping is actually enabled in verbose mode. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-06-14conf: oui: run oui-update.py script to update OUI config fileTobias Klauser1-9/+89
Update OUI entries before release. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-06-14die: minor: Remove trailing whitespaceTobias Klauser1-1/+1
Remove a trailing whitespace. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-06-14dissector: lldp: Rework capability printingTobias Klauser1-8/+14
Make printing of capabilities a bit more intuitive by removing the inline post-increment. This should also make the Coverity scanner happy about this particular part. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-06-14sock: Check return value of setsockopt() in set_tcp_nodelay()Tobias Klauser1-2/+5
Check the return value of setsockopt() and panic in case it is not 0, as in the other setsockopt() wrapper functions. This issue was discovered by the Coverity scanner. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-06-14dissector: icmpv6: Fix yet another possible null pointer dereferenceTobias Klauser1-3/+11
THe Coverity scanner discovered yet another possible null pointer dereference. Fix it by checking the return value of pkt_pull(). Also remove some trailing whitespaces in the region. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-06-13flowtop: Remove unnecessary bug_on() and rework presenter_screen_init()Tobias Klauser1-8/+9
The screen pointer can never be NULL, since initscr() exits the process in case of an error. Thus the bug_on() check can be omitted. Also rework presenter_screen_init() - where initscr() is called - to return the pointer. This will also silence a Coverity scanner error (even though it isn't actually one). Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-06-13dissector: icmpv6: Fix another possible null pointer dereferenceTobias Klauser1-1/+9
This was missing in the previous commit 8b824423 ("dissector: icmpv6: Fix possible null pointer dereferences"), so fix the possible null pointer dereference now. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-06-13dissector: ip_auth_hdr: Fix possible null pointer dereferenceTobias Klauser1-2/+11
Fix an unconditional dereference of a pkt_pull() return value to prevent dereferencing a null pointer. This was found by the Coverity scanner. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-06-13dissector: icmpv6: Fix possible null pointer dereferencesTobias Klauser1-8/+56
The Coverity scanner found several possible null pointer dereferences in the ICMPv6 dissector. These are all related to not checking the return value of pkt_pull(). Sometimes pkt_pull(()) is called iteratively based on a length value in the encountered packet, so this could possibly be hit in case an invalid packet is crafted accordingly. Fix all by checking the return value of pkt_pull() consistently. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-06-13dissector: eth: Free allocated record if line is skippedTobias Klauser1-2/+6
We would currently leak the record in case we skip a line, fix this by xfree()ing the memory in these cases. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-06-13oui: Free allocated record if line is skippedTobias Klauser1-2/+6
We would currently leak the record in case we skip a line, fix this by xfree()ing the memory in these cases. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-06-13dissector: eth: Make port file parsing more robustTobias Klauser1-4/+11
Follow commit bdb9efef ("oui: Make parsing of oui.conf more robust") and make parsing the upd.conf, tcp.conf and ether.conf files more robust against format flaws. ALso here, in the worst case, we would end up dereferencing a null pointer. The null pointer dereference was found by the Coverity scanner. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-06-13oui: minor: Fix commentsTobias Klauser1-1/+2
Make comments related to skipping of lines a bit clearer. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-06-13Merge branch 'man'Daniel Borkmann1-23/+20
Manual merge was necessary, since Jon and Stephen were both editing the mausezahn.8 man page. Conflicts: mausezahn.8 Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-13mausezahn: man: various updatesJon Schipp1-42/+40
Minor sentence edits to make better readability, removed extra whitespace, removed double-quotes on option ( -t ) to make consistent. Signed-off-by: Jon Schipp <jonschipp@gmail.com> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-12man: mausezahn.8: minor: fix trailing whitespaceDaniel Borkmann1-1/+1
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-12man: improvements to mausezahn.8: CoS (PCP), DEI (CFI)Stephen Wadeley1-1/+2
Signed-off-by: Stephen Wadeley <swadeley@redhat.com> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-12man: improvements to mausezahn.8: No need to mention CST or STP for BPDUStephen Wadeley1-1/+1
Signed-off-by: Stephen Wadeley <swadeley@redhat.com> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-12man: improvements to mausezahn.8: 802.1D not 802.1dStephen Wadeley1-1/+1
Signed-off-by: Stephen Wadeley <swadeley@redhat.com> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-12man: improvements to mausezahn.8, inconsistent use of `` and '' marks.Stephen Wadeley1-32/+32
Signed-off-by: Stephen Wadeley <swadeley@redhat.com> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-12man: improvements to language for mausezahn.8Stephen Wadeley1-94/+94
Signed-off-by: Stephen Wadeley <swadeley@redhat.com> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-12man: curvetun.8: minor: fix typo adressDaniel Borkmann1-1/+1
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-12man: improvements to language for flowtop.8Stephen Wadeley1-5/+5
Signed-off-by: Stephen Wadeley <swadeley@redhat.com> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-12man: improvements to curvetun.8, inconsistent use of `` and '' marks.Stephen Wadeley1-6/+6
Signed-off-by: Stephen Wadeley <swadeley@redhat.com> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-12man: improvements to language for curvetun.8Stephen Wadeley1-39/+39
Signed-off-by: Stephen Wadeley <swadeley@redhat.com> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-12ioops: mark failure path as unlikelyDaniel Borkmann1-9/+8
Just tell GCC that those paths are unexpected. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-12ioops: misc: add dup{,2}_or_die to ioopsDaniel Borkmann6-17/+26
Bail out if it should ever fail. Detected by coverty in the translate_pcap_to_txf() path. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-12netsniff-ng: walk_t3_block: prevent fd from double closeDaniel Borkmann1-4/+4
Only close the very first pcap file of multi-pcap files once, and not once during next_multi_pcap_file and once during exit. Discovered by Coverty scanner. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-12flowtop: set bug if screen is NULLDaniel Borkmann1-0/+2
If this is ever the case, bail out. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-12cpus: let it always return an unsigned int and bail out on errorDaniel Borkmann1-4/+16
In case of an error, just panic, to make sure we always get a val >= 1. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-12stun: close socket before returning in error caseDaniel Borkmann1-2/+5
Do not leak the socket resource when bailing out in error case. Found by the coverty scanner. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-12keypair: add missing include fileDaniel Borkmann1-0/+1
Include curve.h so that it also finds the selftest. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-12stun: memset saddr before bindingDaniel Borkmann1-1/+2
We need to zero out data before we actually do the bind, otherwise uninitialized crap can be in saddr. Found by coverty scanner. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-11man: astraceroute: minor: remove two trailing whitespacesDaniel Borkmann1-2/+2
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-11man: improvements to astraceroute.8, inconsistent use of and ''Stephen Wadeley1-7/+7
Signed-off-by: Stephen Wadeley <swadeley@redhat.com> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>