summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2015-06-18linktype: Add LINKTYPE_LINUX_SLL.Vadim Kochan1-0/+1
We need this for cooked header support. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [ dbkm: split out patch ] Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-17netsniff-ng: nlmsg: Print rtnl neigh infoVadim Kochan1-0/+101
Dissect basic rtnl neighbour info. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-13dev: Add device string convertions (addr, dev type)Vadim Kochan3-113/+189
Move device string convertions funcs (device_type2str, device_addr2str) from proto_nlmsg.c to dev.c to use them in other modules. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [ dbkm: minor stylistic fixes ] Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-08netsniff-ng: nlmsg: Fix build for older kernel headersTobias Klauser1-0/+4
IFA_FLAGS and RTPROT_MROUTED might not be defined on older kernel versions (as is evident from the Travis CI build failing [1]). Fix it by conditionally using the two definitions. [1] https://travis-ci.org/netsniff-ng/netsniff-ng/jobs/65887691 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-06-08build: travis: Add libnl-genl-3-dev to install commandTobias Klauser1-1/+1
Since commit 107456c ("netsniff-ng, nlmsg: Dissect rtnl link type messages") netsniff-ng also needs libnl-route-3.0. Install it as well when building on Travis CI. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-06-08INSTALL: Add package libnl-route-3-dev to list of needed Debian packagesTobias Klauser1-3/+3
Since commit 107456c646ab ("netsniff-ng, nlmsg: Dissect rtnl link type messages") netsniff-ng also needs libnl-route-3.0. Add it to the list of packages in the Debian apt-get install line in the INSTALL file. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-06-05netsniff-ng, nlmsg: add further rtnl route type messages to dissectorVadim Kochan3-13/+222
Add some more dissection logic for dumping rtnetlink related infos with attributes. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-01netsniff-ng nlmsg: Dissect rtnl addr type messagesVadim Kochan1-25/+152
Dump RTnetlink address related info with attributes. Additional changes: - print 'Len' info at the end of each attribute. - print new line before each header if packet contains more netlink messages Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-01netsniff-ng, nlmsg: Dissect rtnl link type messagesVadim Kochan2-0/+235
Dump RTnetlink interface related info with attributes. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-05-27netsniff-ng: add example for fanout into man pageDaniel Borkmann1-1/+12
Add an example, so users can easily adapt and move on from that. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-05-21netsniff-ng mac80211: Align country channels infoVadim Kochan1-0/+1
Print each country channel info on separated line to make it more readable: IE: Country (7, Len(66)): Country String: US First Ch Nr: 36, Nr of Ch: 1, Max Transmit Pwr Lvl: 24 First Ch Nr: 40, Nr of Ch: 1, Max Transmit Pwr Lvl: 24 First Ch Nr: 44, Nr of Ch: 1, Max Transmit Pwr Lvl: 24 First Ch Nr: 48, Nr of Ch: 1, Max Transmit Pwr Lvl: 24 First Ch Nr: 52, Nr of Ch: 1, Max Transmit Pwr Lvl: 23 First Ch Nr: 56, Nr of Ch: 1, Max Transmit Pwr Lvl: 23 First Ch Nr: 60, Nr of Ch: 1, Max Transmit Pwr Lvl: 23 First Ch Nr: 64, Nr of Ch: 1, Max Transmit Pwr Lvl: 23 First Ch Nr: 100, Nr of Ch: 1, Max Transmit Pwr Lvl: 24 First Ch Nr: 104, Nr of Ch: 1, Max Transmit Pwr Lvl: 24 First Ch Nr: 108, Nr of Ch: 1, Max Transmit Pwr Lvl: 24 First Ch Nr: 112, Nr of Ch: 1, Max Transmit Pwr Lvl: 24 First Ch Nr: 116, Nr of Ch: 1, Max Transmit Pwr Lvl: 24 First Ch Nr: 132, Nr of Ch: 1, Max Transmit Pwr Lvl: 24 First Ch Nr: 136, Nr of Ch: 1, Max Transmit Pwr Lvl: 24 First Ch Nr: 140, Nr of Ch: 1, Max Transmit Pwr Lvl: 24 First Ch Nr: 149, Nr of Ch: 1, Max Transmit Pwr Lvl: 30 First Ch Nr: 153, Nr of Ch: 1, Max Transmit Pwr Lvl: 30 First Ch Nr: 157, Nr of Ch: 1, Max Transmit Pwr Lvl: 30 First Ch Nr: 161, Nr of Ch: 1, Max Transmit Pwr Lvl: 30 First Ch Nr: 165, Nr of Ch: 1, Max Transmit Pwr Lvl: 30 Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-18netsniff-ng nlmsg: Print multi-part messagesVadim Kochan1-14/+30
Pull & print more netlink messages from one packet which can be sent with MULTI flag. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-11netsniff-ng: Fix typo Unkown -> UnknownKartik Mistry1-2/+2
Fix typo in error message. Signed-off-by: Kartik Mistry <kartik.mistry@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-09netsniff-ng 0.5.9v0.5.9Tobias Klauser1-1/+1
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-08build: Explicitly mention last release in announcement messageTobias Klauser1-1/+1
In the list of major changes since the last release, explicitly mention which version the last release refers to. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-07docs: REPORTING-BUGS: Mention the github issue trackerTobias Klauser1-1/+5
Add the URL to our Github issue tracker to REPORTING-BUGS. Also fix a typo while at it. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-07authors: Fix Daniel's emailVadim Kochan1-3/+3
Use actual Daniel's <daniel@iogearbox.net> email. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [ -dbkm: also moved Tobias one up while we're at it as he got more contribs ] Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-05-07netsniff-ng: add comment wrt NOATIME and fix whitespaceDaniel Borkmann1-1/+5
Just add a comment to the reader, so that it's obvious. The second condition could have been spared in case of open_or_die(), but it's nothing critical and the extra indent can be spared instead. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-05-07netsniff-ng: Open pcap w/o O_NOATIME on 2nd tryVadim Kochan1-1/+6
If the file open fails with O_NOATIME option then try to open it w/o this option in case if the user does not have enough prvileges to use O_NOATIME. It fixes the case when user made pcap file in sudo mode but after it should still use sudo to read it because of setting O_NOATIME option requires higher privileges. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-06sock: Fix capturing extra packets from other devVadim Kochan3-12/+2
Create PF_PACKET socket with proto=0 which does not setup packet handler and will not capture packets until bind() will be invoked. Also replaced pf_tx_socket by pf_socket as these funcs became the same, as proto arg is set to 0. Suggested-by: Daniel Borkmann <borkmann@iogearbox.net> Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-05netsniff-ng nlmsg: Print family & type in less modeVadim Kochan1-3/+5
Print 'Family' and 'Type' (considering family) fields in less mode. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-05docs: authors: Move Vadim to major contributorsTobias Klauser1-1/+1
Vadim has contributed numerous improvements and bug fixes for netsniff-ng and hopefully continues to do so. Move him to the major contributors section in the AUTHORS file. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-05tprintf: Fix color breaking in less modeVadim Kochan1-1/+12
Automatic new line indentation can break terminal ESC color sequence by inserting new line within it. Fixed by considering that color ESC sequence is not closed by 'm' and only after it is closed - print new line with spaces. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tk: add comments] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-05dissectors: ethernet: Display multicast/broadcast also in less modeTobias Klauser1-7/+4
Commit a37101161784 ("dissectors: ethernet: Handle multicast/broadcast addresses properly") introduced handling of multicast/broadcast addresses in string translation, but only for the verbose mode. Also print these strings instead of "Unknown" in less mode. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-05die: Rename *_panic_func to *_panic_handlerVadim Kochan4-8/+8
Rename xxx_panic_func(s) to xxx_panic_handler(s) which is more understandable than 'func'. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-04netsniff-ng: Rename protocol dissector member of struct pkt_buffTobias Klauser15-38/+38
In commit d312a25879d5 ("netsniff-ng nlmsg: Print netlink protocol name"), the struct protocol member of struct pkt_buff was renamed to handler to account for the newly added proto field. However, the corresponding function pkt_set_proto wasn't renamed which is a bit counter-intuitive. Fix this by renaming the member again, this time to dissector (as I don't consider handler a particulary meaningful name) and adjust the set function's name accordingly. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-04trafgen: Delete rfmon mac80211 device on panicVadim Kochan2-9/+24
Fixed case when rfmon mac80211 created device remains after trafgen failed (for ex. - incorrect cfg file), so just delete it when panic occured. Also made panic handlers invoking per process and only once. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-04netsniff-ng mac80211: Print probe response frameVadim Kochan1-1/+2
As Probe Response frame is very similar to Beacon (except some IEs which are identified dynamically) so lets just use the same func to dissect it. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-04netsniff-ng nlmsg: Print type for NETLINK_ROUTEVadim Kochan1-2/+88
Print nlmsg type name for rtnetlink messages. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tk: ifdef guards for RTM_NEWNETCONF and RTMNEWMDB, other minor fixes] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-02build: Make module build also depend on header fileTobias Klauser1-0/+3
If only a header file is changed, the corresponding module is not rebuilt. Thus, add a rule to make module build depend on the header file as well (where applicable) to circumvent this effect. Note: This will still not necessarily catch every dependency between modules, source and header files. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-02netsniff-ng: Reorder packet number outputTobias Klauser1-4/+4
Change the position of the packet number in the packet header output such that we don't print two spaces between timestamp and number if no timestamp source is available. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-02netsniff-ng mac80211: Print IE prefix before paramVadim Kochan1-66/+67
Print 'IE:' prefix before each mgmt IE parameter which should be more readable and it allows easy identify next element while the listing the big one: Also removed 1 TAB in "HT Capabilities" fields. P mon0 288 1430230360s.696547150ns [ Radiotap Version (0), Length (26), Flags (0x0000482f) ] [ 802.11 Frame Control (0x0080)] [ Proto Version (0), Type (0, Management), Duration (0), Destination (ff:ff:ff:ff:ff:ff) Source (00:00:00:00:01:13) => (XEROX CORPORATION:00:01:13) BSSID (00:00:00:00:01:13) => (XEROX CORPORATION:00:01:13) Fragmentnr. (0), Seqnr. (2844). Subtype (8, Beacon) ] [ Subtype Beacon: Timestamp 0x0000000021ac5c5c, Beacon Interval (0.102400s) ment;) IE: SSID (0, Len (6)): 000114 IE: Supp. Rates (1, Len (8)): 1(B) 2(B) 5.5(B) 11(B) 18 24(B) 4 22 IE: DSSS Param Set (3, Len(1)): Current Channel: 1 IE: TIM (5, Len(4)): DTIM Count: 0, DTIM Period: 1 IE: ERP (42, Len(1)): Non ERP Present (0), Use Protection (0) IE: Reserved (47, Len (1)): Data 0x00 IE:Failed to dissect Subtype ] Yeah ... 'IE:' is also printed before 'Failed to dissect Subtype', which just indicates that rest IE params were not identified. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-02netsniff-ng: Show packet numberVadim Kochan2-12/+19
Show the packet number as part of the dissector output. Example: > wlp3s0 107 1430159373s.693002029ns (#5) [ Eth MAC (6c:88:14:ac:51:e4 => 10:fe:ed:90:22:12), Proto (0x0800, IPv4) ] Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-02netsniff-ng mac80211: Print probe request IEs infoVadim Kochan1-3/+13
As probe request frame consist only with IE params so just do a similar print of these params as it was done for beacon. Also using mgmt_{func}_dissect naming for mgmt frame dissectors. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-01netsniff-ng: alias lb to rr as wellDaniel Borkmann1-1/+2
After all it's round robin mode. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-04-27netsniff-ng: nlmsg: Make netlink family strings more descriptiveTobias Klauser1-23/+23
Instead of just reproducing the macro name, provide a little more information (as given in the comments next to the definitions in linux/netlink.h) Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-27netsniff-ng: nlmsg: Rename function and dissector fieldTobias Klauser1-3/+3
Netlink messages don't use the term `family' instead of `protocol', so stick to it when printing dissected information. Also, functions with the `nl_' prefix are used by libnl, so in order to not confuse it with libnl functions, rename nl_proto2str() to nlmsg_family2str() Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-27pkt_buff: Change type of link_type fieldTobias Klauser1-1/+1
The link type is handled as uint32_t in the rest of the code base so use that type here as well. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-27netsniff-ng nlmsg: Print netlink protocol nameVadim Kochan5-18/+61
nlmsg proto handler can't identify Netlink protocol from nlmsghdr, so sockaddr_ll can be used to get it. Also renamed [proto -> handler] member in pkt_buff struct, which is more understandable. Example: >U nlmon0 4756 1429891435s.14505747ns [ NLMSG Proto 0 (RTNETLINK), Len 1160, Type 0x0010 (0x10), Flags 0x0002 (MULTI), Seq-Nr 1429891436, PID 31613 ] Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: Handle usage of NETLINK_SOCK_DIAG with pre 3.10 kernel headers, fix nl_proto2str() return value, formatting changes] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-27-ng mac80211: Print "HT Capabilities" more structurdVadim Kochan1-68/+107
Now it looks like: [ Subtype Beacon: Timestamp 0x0000000074c5c180, Beacon Interval (0.102400s), Capabilities (0x431 <-> ESS; Privacy; Short Preamble; Short Slot Time;) Parameters: SSID (0, Len (6)): D07F82 Supp. Rates (1, Len (8)): 1(B) 2(B) 5.5(B) 11(B) 6(B) 9 12(B) 18 DSSS Param Set (3, Len(1)): Current Channel: 1 TIM (5, Len(4)): DTIM Count: 0, DTIM Period: 3, Bitmap Control: 0, Partial Virtual Bitmap: 0x00 Country (7, Len(6)): Country String: US First Ch Nr: 1, Nr of Ch: 11, Max Transmit Pwr Lvl: 30 ERP (42, Len(1)): Non ERP Present (0), Use Protection (0), Barker Preamble Mode (0), Reserved (0x00000) Ext Support Rates (50, Len(4)): 24 36 48 54 HT Capabilities (45, Len(26)): Info: LDCP Cod Cap (1) Supp Ch Width Set (1) SM Pwr Save(3) HT-Greenfield (0) Short GI for 20/40 MHz (1/1) Tx/Rx STBC (0/0) HT-Delayed Block Ack (0) Max A-MSDU Len (0) DSSS/CCK Mode in 40 MHz (1) Res (0x0) Forty MHz Intol (0) L-SIG TXOP Protection Supp (0) [...] Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-27netsniff-ng: Rotate pcap files prematurely on SIGHUPTobias Klauser2-15/+33
Allow to send SIGHUP to a running netsniff-ng process, causing it to prematurely rotate the output PCAP when the output device (-o/--out) is a directory. The rotating interval (time/file size) will be reset. Suggested by dcode in #140 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-24conf: oui: update oui.confTobias Klauser1-68/+976
Update oui.conf using oui-update.py Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-23build: Restore support for cross-compiling the netsniff-ng toolkitTobias Klauser9-50/+94
Ever since we switched to the hand-crafted ./configure script, support for cross-compiling the netsniff-ng toolkit was basically broken. Restore the abaility to cross-compile our tools by making ./configure consider the CROSS_COMPILE and SYSROOT variables. Example for cross-compiling on arm: $ CROSS_COMPILE=arm-linux-gnueabihf- \ SYSROOT=/usr/arm-linux-gnueabihf \ ./configure $ make assuming the cross-compiled libraries (and their respective pkg-config information) are in /usr/arm-linux-gnueabihf. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-23all: Fix libnl3 include pathTobias Klauser3-7/+7
The libnl3 examples [1] use <netlink/netlink.h> etc. and since pkg-config returns the paths including the libnl3 path component, we should specify our include paths relative to these ones, not /usr/include. [1] http://www.infradead.org/~tgr/libnl/doc/core.html#_linking_to_this_library Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-23build: Rename LD command variable to LDQTobias Klauser2-2/+2
In order to be able to set the (sort of) standard command variables CC, LD etc. from configure via Config, rename the silent LD command variable to LDQ, in accordance with the existing CCQ. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-23build: Remove DISTRO build flag, don't optimize by defaultTobias Klauser3-18/+4
Currently, when building with DISTRO=0 we optimize for the build host's architecture by default. This is not compatible with cross-compiling. Remove the DISTRO flag and only build with -O2 and no -march/-mtune flags by default. Support for specifying optimization flags via configure script will be added in a follow-up patch. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-22zsh: netsniff-ng: add completionsDaniel Borkmann1-0/+3
Add completions for the three new options. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-04-22man: netsniff-ng: document fanout optionsDaniel Borkmann1-0/+25
Properly document the new knobs for doing packet socket's fanout, i.e. that is, --fanout-group/--fanout-type/--fanout-opts. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-04-22netsniff-ng: Don't set IO prio when reading pcap fileVadim Kochan5-10/+13
It allows to read pcap file for users who have no permissions to set process IO prio. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Acked-by: Daniel Borkmann <borkmann@iogearbox.net> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-22netsniff-ng: Store getgid() result in correct member of struct contextVadim Kochan1-1/+1
Changed to use ctx->gid when call getgid() on init_ctx. Before we were overwriting ctx->uid which clearly is an error. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>