Age | Commit message (Collapse) | Author | Files | Lines |
|
The dissector only needs the LINKTYPE_* #defines from pcap_io.h. Instead
of pulling in this rather large header just for this, move the
LINKTYPE_* #defines to an own header and include it where needed.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
getpagesize()
getpagesize(2) is considered legacy and has been dropped with POSIX.1-2001.
See discussion: https://github.com/netsniff-ng/netsniff-ng/pull/112
Signed-off-by: Christian Wiese <chris@opensde.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
References:
https://github.com/netsniff-ng/netsniff-ng/commit/453f6eb9d79dd5aa2812ef956b22723f0a493086
https://github.com/netsniff-ng/netsniff-ng/pull/112
Signed-off-by: Christian Wiese <chris@opensde.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
This change fixes the use of PREFIX by not hard wiring /usr into the path.
Besides that if no PREFIX is provided by the user, it is set to /usr/local now
which is considered to be the right location for most LSB conforming distros if
the user is compiling from sources to not interfere with the package management
for binary packages which are build using /usr as prefix in most of the cases.
current behavior without setting PREFIX will most likely interfere
with most distro package managers when building from source:
------------------------------------------------------------------------
$ sudo make uninstall
RM /usr/sbin/netsniff-ng
RM /usr/share/man/man8/netsniff-ng.8.gz
RM /usr/sbin/trafgen
RM /usr/share/man/man8/trafgen.8.gz
RM /usr/sbin/astraceroute
RM /usr/share/man/man8/astraceroute.8.gz
RM /usr/sbin/ifpps
RM /usr/share/man/man8/ifpps.8.gz
RM /usr/sbin/bpfc
RM /usr/share/man/man8/bpfc.8.gz
RM /usr/sbin/curvetun
RM /usr/share/man/man8/curvetun.8.gz
------------------------------------------------------------------------
current behavior when setting PREFIX=/usr/local looks kind of weird
because of the hard wired /usr:
------------------------------------------------------------------------
$ sudo make PREFIX=/usr/local uninstall
RM /usr/local/usr/sbin/netsniff-ng
RM /usr/local/usr/share/man/man8/netsniff-ng.8.gz
RM /usr/local/usr/sbin/trafgen
RM /usr/local/usr/share/man/man8/trafgen.8.gz
RM /usr/local/usr/sbin/astraceroute
RM /usr/local/usr/share/man/man8/astraceroute.8.gz
RM /usr/local/usr/sbin/ifpps
RM /usr/local/usr/share/man/man8/ifpps.8.gz
RM /usr/local/usr/sbin/bpfc
RM /usr/local/usr/share/man/man8/bpfc.8.gz
RM /usr/local/usr/sbin/curvetun
RM /usr/local/usr/share/man/man8/curvetun.8.gz
------------------------------------------------------------------------
using the proposed fix without setting PREFIX:
------------------------------------------------------------------------
$ sudo make uninstall
RM /usr/local/sbin/netsniff-ng
RM /usr/local/share/man/man8/netsniff-ng.8.gz
RM /usr/local/sbin/trafgen
RM /usr/local/share/man/man8/trafgen.8.gz
RM /usr/local/sbin/astraceroute
RM /usr/local/share/man/man8/astraceroute.8.gz
RM /usr/local/sbin/ifpps
RM /usr/local/share/man/man8/ifpps.8.gz
RM /usr/local/sbin/bpfc
RM /usr/local/share/man/man8/bpfc.8.gz
RM /usr/local/sbin/curvetun
RM /usr/local/share/man/man8/curvetun.8.gz
------------------------------------------------------------------------
Signed-off-by: Christian Wiese <chris@opensde.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
For Christian Wiese's contributions, add him to AUTHORS.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Add information to INSTALL on how to build with libsodium.
Signed-off-by: Christian Wiese <chris@opensde.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
alternative lib
This way one can simply set an alternative lib like libsodium for
linking the curvetun binary.
The current default linking against libnacl is preserved!
To link curvetun against libsodium you can set NACL_LIB=sodium
Signed-off-by: Christian Wiese <chris@opensde.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
When building against musl libc I encountered following issue:
---------------------------------------------------------------------------
In file included from xmalloc.h:6:0,
from xmalloc.c:17:
built_in.h:181:0: warning: "PAGE_SIZE" redefined [enabled by default]
In file included from /usr/include/limits.h:8:0
---------------------------------------------------------------------------
According to the POSIX standard PAGE_SIZE should be defined in <limits.h> [1]
which is the case with musl libc if for example _GNU_SOURCE or _BSD_SOURCE
are defined which both is the case in netsniff-ng sources.
On my i686 test build the interesting part of <bits/limits.h> which itself
gets included by <limits.h> looks like this:
---------------------------------------------------------------------------
#if defined(_POSIX_SOURCE) || defined(_POSIX_C_SOURCE) \
|| defined(_XOPEN_SOURCE) || defined(_GNU_SOURCE) || defined(_BSD_SOURCE)
#define PAGE_SIZE 4096
#define LONG_BIT 64
#endif
---------------------------------------------------------------------------
Note:
Besides that I noticed that currently getpagesize(2) is used, which is
considered legacy and has been dropped with POSIX.1-2001 [2].
According to getpagesize(2) [2] portable applications should use sysconf(3) [3]
By using getpagesize(2) unconditionally the intention was maybe to always use
the run time configuration value of PAGE_SIZE as returned by the kernel.
At least in the case of musl libc and applying this change this would not be
the case anymore as the static PAGE_SIZE value from the header would be used!
References:
[1] http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/limits.h.html
[2] http://man7.org/linux/man-pages/man2/getpagesize.2.html
[3] http://man7.org/linux/man-pages/man3/sysconf.3.html
Signed-off-by: Christian Wiese <chris@opensde.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
One doesn't need to specify a path for the CROSS_COMPILE option but
a prefix identifying the target architecture.
Signed-off-by: Christian Wiese <chris@opensde.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Document the newly introduced DESTDIR option.
Signed-off-by: Christian Wiese <chris@opensde.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
This is a very cosmetic change but I think it is good to be
standards compliant. The standard defines <poll.h> and not
<sys/poll.h>:
http://pubs.opengroup.org/onlinepubs/009696799/basedefs/poll.h.html
When building against musl libc it silences some annoying cpp
warnings like this:
-----------------------------------------------------------------------
warning: #warning redirecting incorrect #include <sys/poll.h> to <poll.h> [-Wcpp]
-----------------------------------------------------------------------
Signed-off-by: Christian Wiese <chris@opensde.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Just improve the note on tools that are still experimental.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
musl libc doesn't provide the non-standard macros for common mode
bit masks, which other libc implementations like glibc define in
<sys/stat.h>.
Compile time error when building against musl libc:
--------------------------------------------------------------------------
netsniff-ng.c: In function 'read_pcap':
netsniff-ng.c:592:33: error: 'DEFFILEMODE' undeclared (first use in this function)
--------------------------------------------------------------------------
This change improves built_in.h to check if DEFFILEMODE is defined
and if not it defines it to be available internally.
Signed-off-by: Christian Wiese <chris@opensde.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
This change implements support for specifying an alternative
installation destination directory by setting DESTDIR when
calling 'make install'.
Example: make DESTDIR=/alternative-rootfs install
It is particularly useful when cross-compiling and installing
in a dedicated directory where for example the rootfs or a
build sandbox for the target architecture is mounted.
By using DESTDIR you can avoid to mess with PREFIX to include
the alternative installation directory!
Signed-off-by: Christian Wiese <chris@opensde.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
When building against musl libc compiling bails out because of caddr_t not
being declared:
--------------------------------------------------------------------------
link.c: In function 'wireless_sigqual':
link.c:41:24: error: 'caddr_t' undeclared (first use in this function)
--------------------------------------------------------------------------
As caddr_t is declared in <sys/types.h> this header needs to be included.
Signed-off-by: Christian Wiese <chris@opensde.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Linux kernel provides nlmon device (ARPHRD_NETLINK) driver that
can tap on netlink traffic, e.g.:
Setup:
modprobe nlmon
ip link add type nlmon
ip link set nlmon0 up
Capture:
netsniff-ng -i nlmon0 ... (or -i any)
Teardown:
ip link set nlmon0 down
ip link del dev nlmon0
rmmod nlmon
Provide information about the packet direction (user space or kernel
space), so that dissector will show that properly.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
When reading from a pcap in Kuznetsov/netsniff-ng format, we currently do
not fill out sll. Do so so that users can see pkttype and the interface.
Reported-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Heavily reduce the initial ring buffer size for trafgen to just 196KiB,
so that we can heavily reduce the number of cache-misses related to
cache references. People can still overwrite this setting later on via
command line option for their specific architecture if they wish.
Perhaps the RX_RING should be checked as well in netsniff-ng though the
use case there is slightly different.
Before:
Performance counter stats for 'trafgen -i blub -o dummy0 -n100000000':
137,765,493,346 instructions:k # 0.82 insns per cycle
167,438,826,578 cycles:k # 0.000 GHz
59,508,315 branch-misses:k
361 context-switches:k
6 cpu-migrations:k
134,751,541 cache-misses:k # 85.019 % of all cache refs
158,495,358 cache-references:k
755 kmem:kmem_cache_alloc
15.139458202 seconds time elapsed
After:
Performance counter stats for 'trafgen -i blub -o dummy0 -n100000000':
137,889,782,650 instructions:k # 0.92 insns per cycle
150,239,185,971 cycles:k # 0.000 GHz
71,583,573 branch-misses:k
423 context-switches:k
7 cpu-migrations:k
60,239 cache-misses:k # 0.073 % of all cache refs
82,502,468 cache-references:k
740 kmem:kmem_cache_alloc
12.028787964 seconds time elapsed
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
perf reports in mmap case a huge number of kmem_cache_alloc's
which seem to stem from triggering signals from kernel to user
application, against dummy device:
Performance counter stats for 'trafgen -i blub -o dummy0 -n100000000 -k100': <-- mmap case
175,837 kmem:kmem_cache_alloc
14.758900522 seconds time elapsed
Performance counter stats for 'trafgen -i blub -o dummy0 -n100000000 -k100 -t0': <-- non-mmap case
707 kmem:kmem_cache_alloc
15.591667364 seconds time elapsed
It seems not to case significant number of cache-misses, but
it's better to switch to a direct trigger when we cannot fill
new frames anymore. After this patch, we see a similar number
of kmem_cache_alloc's as in the non-mmap case. This basically
renders the kpull interval useless, we can optionally remove
it if we don't care about people's scripts. ;-)
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Update oui.conf using oui-update.py
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
|
|
The entry for -q/--num-probes is duplicated in the zsh completion file
and the description of the first entry doesn't match the option's real
purpose, thus remove it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Fixed typo in astraceroute.* files.
Signed-off-by: Kartik Mistry <kartik.mistry@gmail.com>
|
|
Usage: man --warnings -E UTF-8 -l -Tutf8 -Z foo.8 > /dev/null
Signed-off-by: Kartik Mistry <kartik.mistry@gmail.com>
|
|
In pcap_validate_header() the linktype and the byte-swapped linktype are
currently checked against the supported linktypes. Since the swapped
linktype is always larger than LINKTYPE_MAX, only one of the two tests
was actually done. Make this intention a bit more clear by explicitly
checking only for either the swapped or non-swapped linktype, depending
on whether the pcap magic is swapped.
Also make the error messages a bit more verbose regarding the
major/minor version.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
s/faily/fairly/
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Fix the shell syntax error, introduced in:
commit 11c34c86ca4 (build: Set SHELL make variable to bash if possible)
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
|
|
Until now, we just looked up the vendor string based on the OUI for each
MAC address. Thus, multicast and broadcast addresses were just printed
as "Unknown" which is a bit misleading.
Improve this situation by checking bit 0 of the 1st octet of the address
and by checking for the broadcast address if it is set. If a
multicast/broadcast address is found, the respective string is returned.
In all other cases, the existing OUI lookup is done.
In the future we might extend this mechanism to look up well-known
multicast addresses.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
We don't need the file open to allocate the buffer so open it just
before it's used for the first time.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Update OUI entries using oui-update.py
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
This header is actually only needed in dissector_eth and
dissector_80211, so remove the other users accordingly.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
get_sockopt_tpacket is never used in the "raw" version and the wrapper
does no additional checking anyway, so get rid of it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
On Debian/Ubuntu systems, /bin/sh is /bin/dash which doesn't understand
the -e option to the `echo' builtin. Thus the build output looks
something like the following:
Building netsniff-ng toolkit (0.5.8-rc5+) for x86_64-linux-gnu:
Building netsniff-ng:
-e CC dissector.c
-e CC dissector_eth.c
-e CC dissector_80211.c
...
Prevent this by setting SHELL to /bin/bash if it exists on the system,
otherwise stick to /bin/sh.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Handle all termination signals that we're allowed to handle (SIGKILL
can't be handled) in order to exit gracefully in any regular termination
case.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Handle all termination signals that we're allowed to handle (SIGKILL
can't be handled) in order to exit gracefully in any regular termination
case.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Handle all termination signals that we're allowed to handle (SIGKILL
can't be handled) in order to exit gracefully in any regular termination
case.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Handle all termination signals that we're allowed to handle (SIGKILL
can't be handled) in order to exit gracefully in any regular termination
case.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Handle all termination signals that we're allowed to handle (SIGKILL
can't be handled) in order to exit gracefully in any regular termination
case. Without this fix, pcap files written by netsniff-ng might be
corrupted.
Reported-by: Mike Westmacott <mikewestmacott@googlemail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Emma was former also one of the maintainer in the old days.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Follow commit bed9b6bb ("netsniff-ng: Don't modify optarg/argv").
We shouldn't modify optarg (and thus argv) since it's e.g. used to
display the commandline string in `ps'. Since strtoul() reads until it
encounters the first non-numeric character and ignores the rest, we can
just revert from setting a NULL byte after the numeric part of the
string.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
For some reason the Debian ncurses version does not
contain a ncurses.pc pkg-config file.
Fix this by echoing "-lncurses" if the command fails:
pkg-config --libs ncurses
This fix will make ifpps compile on Debian Squeeze 6.0.8.
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
|
|
Debian's version of linux/ethtool.h seems to be outdated
and does not contain define SPEED_UNKNOWN, fix this by a
manual define.
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
|
|
Since Linux 3.14, the kernel supports a socket option PACKET_QDISC_BYPASS,
which trafgen enables by default. That allow us to bypass the kernels
normal qdisc (traffic control) layer.
An option -q, --qdisc-path is added to allow enabling the qdisc path
explicity, useful for testing purposes.
This will be avail in kernels >= 3.14 via
commit d346a3fae3 (packet: introduce PACKET_QDISC_BYPASS socket option).
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
|
|
The tool trafgen is used in a pktgen style transmit only scenario.
We discovered a performance bottleneck in the kernel, when
running trafgen, where the kernel stalled on a lock in
packet_rcv(). This call is unnecessary for trafgen given its
transmit only nature.
This packet_rcv() call can, easily be avoided by instructing the
RAW/PF_PACKET socket, to not listen to any protocols (by passing
protocol argument zero, when creating the socket).
The performance gain is huge, increasing performance from approx
max 2Mpps to 12Mpps, basically causing trafgen to scale with
the number of CPUs.
Following tests were run on a 2xCPU E5-2650 with Intel 10Gbit/s ixgbe:
Trafgen using sendto() syscall via parameter -t0:
* # CPUs -- *with* -- *without* packet_rcv() call
* 1 CPU == 1,232,244 -- 1,236,144 pkts/sec
* 2 CPUs == 1,592,720 -- 2,593,620 pkts/sec
* 3 CPUs == 1,635,623 -- 3,692,216 pkts/sec
* 4 CPUs == 1,567,768 -- 4,102,866 pkts/sec
* 5 CPUs == 1,700,270 -- 5,151,489 pkts/sec
* 6 CPUs == 1,762,392 -- 6,124,512 pkts/sec
* 7 CPUs == 1,850,139 -- 7,120,496 pkts/sec
* 8 CPUs == 1,770,909 -- 8,058,710 pkts/sec
* 9 CPUs == 1,721,072 -- 8,963,192 pkts/sec
* 10 CPUs == 1,359,157 -- 9,584,535 pkts/sec
* 11 CPUs == 1,175,520 -- 10,498,038 pkts/sec
* 12 CPUs == 1,075,867 -- 11,189,292 pkts/sec
* 13 CPUs == 1,012,602 -- 12,048,836 pkts/sec
* [...]
* 20 CPUs == 1,030,446 -- 11,202,449 pkts/sec
Trafgen using mmap() TX tpacket_v2 (default)
* # CPUs -- *with* -- *without* packet_rcv() call
* 1 CPU == 920,682 -- 927,984 pkts/sec
* 2 CPUs == 1,607,940 -- 2,061,406 pkts/sec
* 3 CPUs == 1,668,488 -- 2,979,463 pkts/sec
* 4 CPUs == 1,423,066 -- 3,169,565 pkts/sec
* 5 CPUs == 1,507,708 -- 3,910,756 pkts/sec
* 6 CPUs == 1,555,616 -- 4,625,844 pkts/sec
* 7 CPUs == 1,560,961 -- 5,298,441 pkts/sec
* 8 CPUs == 1,596,092 -- 6,000,465 pkts/sec
* 9 CPUs == 1,575,139 -- 6,722,130 pkts/sec
* 10 CPUs == 1,311,676 -- 7,114,202 pkts/sec
* 11 CPUs == 1,157,650 -- 7,859,399 pkts/sec
* 12 CPUs == 1,060,366 -- 8,491,004 pkts/sec
* 13 CPUs == 1,012,956 -- 9,269,761 pkts/sec
* [...]
* 20 CPUs == 955,716 -- 8,653,947 pkts/sec
It is fairly strange that the mmap() version runs slower than the
sendto() version. This is likely another performance problem related
to mmap() which seems worth fixing.
Note, that the mmap() version speed can be improved by reducing the
default --ring-size to around 1-2 MiB. But this does not fix general
trend with mmap() performance.
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
|
|
Also make these options available to trafgen.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Check the return value of system() when invoking CPP in the BPF
parser and bail out in case of an error.
This fixes the following compiler warning:
trafgen_parser.y:598:9: warning: ignoring return value of ‘system’, declared with attribute warn_unused_result [-Wunused-result]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Check the return value of system() when invoking CPP in the BPF parser
and bail out in case of an error.
This fixes the following compiler warning:
bpf_parser.y:754:9: warning: ignoring return value of ‘system’, declared with attribute warn_unused_result [-Wunused-result]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
When viewing the bpfc man page I noticed a mistake saying that the BPF
compiler included in the pcap library is the *only* compiler. I changed
it to say the *only other* compiler since bpfc is also a BPF compiler.
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|