| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Binary constants are not C99, but a GCC extension. Moreover, Mohan
reports compilation errors resulting from these constructs when using a
PowerPC cross-compiler. Thus, replace them by the corresponding
hexadecimal constants.
Reported-by: Mohan Kannekanti <mohan.kannekanti@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Commit 76486ece10c6 ("trafgen: add option to not adjust system socket
mem during testrun") introduced the new command line option
-A/--no-sock-mem for trafgen but didn't add it to the zsh completion. Do
it now.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Pushed last commit a bit too fast. The help text described that
the single letter option for "--no-sock-mem" were "-m", which is
wrong the right option is "-A" (only help txt, correct in the code
and manual).
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
|
|
The default behavior of trafgen is to boost the systems default
socket memory limits during a testrun. This behaviour does not
always result in improved performance, because this will stress
the kernels SLAB allocators unnecessary.
Introducing an option "--no-sock-mem" that instruct trafgen
to not perform any socket memory adjustments.
Fixes: #130
Acked-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
|
|
Fixes sparse warnings like the following in some dissectors:
proto_arp.c:158:17: warning: symbol 'arp_ops' was not declared. Should it be static?
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Update oui.conf using oui-update.py
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Fixes the following sparse warnings:
geoip.c:76:30: warning: Using plain integer as NULL pointer
geoip.c:78:30: warning: Using plain integer as NULL pointer
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Instead of defining POLLRDNORM in built_in.h if it isn't provided by
system/kernel headers, define it in ring.h where its only user is. This
way we make sure that <poll.h> is included before checking #ifndef
POLLRDNORM. This fixes the following sparse warning:
/usr/include/bits/poll.h:32:10: warning: preprocessor token POLLRDNORM redefined
built_in.h:378:10: this was the original definition
Also remove the defines for POLLWRNORM and POLLRDHUP which are not used
anywhere in the code.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Similar to the 'make C=1' for the Linux kernel, wire up the sparse
command for our build system in a similar fashion. Use 'make C=1 [tool]'
to check the source files using sparse. Of course, the sparse tool needs
to be installed and available in your $PATH for this to work.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
dissector_eth.h is only used in dissectors which need to manipulate the
eth_lay2 and eth_lay3 hash tables. Remove the include from all
dissectors that don't access them.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
time for real)
Commit 0fab564a98d1 ("netsniff-ng: Properly wrap usage of all tpacket v3
structs") took care of protecting _some_ tpacket v3 structures with
compile error when building with !HAVE_TPACKET3 (reported by Mike
Reeves):
> CC ring_rx.c
> ring_rx.c: In function 'setup_rx_ring_layout':
> ring_rx.c:124: warning: implicit declaration of function 'set_sockopt_tpacket_v3'
> ring_rx.c: In function 'sock_rx_net_stats':
> ring_rx.c:194: error: field 'k3' has incomplete type
> make: *** [netsniff-ng/ring_rx.o] Error 1
Many thanks to Mike for helping me sort out these problems.
Reported-by: Mike Reeves <luke@geekempire.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Commit edca6174b09 ("dissector: Restore paket type if capturing from
nlmon device") changed the signature of show_frame_hdr(). The call to
this function was not updated in the !HAVE_TPACKET3 part of netsniff-ng
introduced in commit 97e6f994785c ("netsniff-ng: Restore tpacket v2
capturing"), causing a compile error. Fix this by providing the correct
parameters to show_frame_hdr() also in this case.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Mike Reeves reports the following compilation error if tpacket v3 is not
available:
> CC ring_rx.c
> ring_rx.c: In function 'alloc_rx_ring_frames':
> ring_rx.c:143: error: 'struct ring' has no member named 'layout3'
> ring_rx.c:144: error: 'struct ring' has no member named 'layout3'
> ring_rx.c: In function 'sock_rx_net_stats':
> ring_rx.c:172: error: field 'k3' has incomplete type
> make: *** [netsniff-ng/ring_rx.o] Error 1
The layout3 member of struct ring is only available for HAVE_TPACKET3.
Thus, wrap all access to it into inline functions defined depending on
wheter HAVE_TPACKET3 is defined.
Reported-by: Mike Reeves <luke@geekempire.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Instead of having #ifdef HAVE_TPACKET3 spread all over the code,
encapsulate the functionality depending on it inside inline functions:
the existing is_tpacket_v3() introduced in commit 5bc19d0b84d0
("netsniff-ng: Only use TPACKET_V3 if HAVE_TPACKET3 is defined") and the
newly introduced get_ring_layout_size() to get the ring layout size
depending on the tpacket version available and the version actually in
use.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
TPACKET_V3 is not defined if tpacket v3 is not available, thus make its
use conditional on HAVE_TPACKET3. Wrap the check for TPACKET_V3 in
ring_rx in an inline function which always returns false if
HAVE_TPACKET3 is not defined.
Reported-by: Mike Reeves <luke@geekempire.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
It's supposed to be LINKTYPE_NETLINK, not AF_NETLINK as otherwise
the pkt_type fixup cannot be done correctly.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Some older systems (e.g. RHEL 6) don't have tpacket v3 available, but
only tpacket v2. However, since commit d8cdc6a ("ring: netsniff-ng:
migrate capture only to TPACKET_V3") we solely rely on tpacket v3 for
capturing packets.
This patch restores the possibility to capture using tpacket v2. For now
this is just a fallback if the configure script doesn't detect tpacket
v3 (and thus HAVE_TPACKET3 isn't set). Thus, on most modern systems this
shouldn't change anything and they will continue using tpacket v3.
For now this fix contains quite a bit of ugly #ifdefery which should be
cleaned up in the future.
Fixes #76
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Allow to disable hardware time stamping using the command line switch
(-N/--no-hwtimestamp). This might be useful in situations where hardware
time stamps are skewed somehow.
Reference: #129
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Github shows 33 commits for me:
https://github.com/netsniff-ng/netsniff-ng/graphs/contributors
$ git shortlog | grep -i jon
Jon Schipp (29):
jonschipp (1):
Not sure what the difference is here, but this one will make 31 based
on git shortlog (I hope that's not cheating) :) Otherwise I can wait.
And I believe I have a few commits from the old history (is this still
up somewhere?). I think it used to be on the cryptoism site.
Signed-off-by: Jon Schipp <jschipp@illinois.edu>
Acked-by: Daniel Borkmann <borkmann@iogearbox.net>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Consistently vse the __packed macro defined in built_in.h instead of
__attribute__((packed)) in all dissectors (and the entire code base for
that matter).
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Specify the listen-addr for the CLI in /etc/netsniff-ng/mausezahn.conf
and remove the message, "mz: device not given, will use eth0" since
we're listening by IP, rather than interface now, and this shows continues
to show.
$ grep listen-addr /etc/netsniff-ng/mausezahn.conf
listen-addr = 127.0.0.1
$ mausezahn -V -x
mz: device eth0 got assigned 10.0.2.15 and is a possible candidate.
mz: device lo got assigned 127.0.0.1 (loopback)
Opening config file /etc/netsniff-ng/mausezahn.conf...
...
Mausezahn accepts incoming Telnet connections on 127.0.0.1:25542.
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
This documents two more configuration file options that can be used.
One, automops, is in the development phase (not compiled by default),
and the other one, management-only, is usable. It prevents a user from
using a network interface to pass data traffic with the intention that
the interface is used for machine managment (remote control).
$ cat /etc/netsniff-ng/mausezahn.conf
user = mzadmin
password = better-password
management-only = eth0
automops = /path/to/an/automops-file.xml
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Specify the port for the CLI in /etc/netsniff-ng/mausezahn.conf like so:
$ grep port /etc/netsniff-ng/mausezahn.conf
port = 65000
$ mausezahn -V -x -l 127.0.0.1
Mausezahn 0.40 - (C) 2007-2010 by Herbert Haas - http://www.perihel.at/sec/mz/
Use at your own risk and responsibility!
-- Verbose mode --
...
Opening config file /etc/netsniff-ng/mausezahn.conf...
...
Mausezahn accepts incoming Telnet connections on 127.0.0.1:65000.
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
[tklauser: Fixed whitespace issues for patch to apply cleanly]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Tobias pointed out and fixed in commit 9ef1dd15551f ("mausezahn:
Increase buffer size for listen address string") that the buffer isn't
log enough to hold the null terminator character. The declaration of the
buffer in cli.h was missed though.
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> [commit msg edited]
|
|
Commit 134a7beb7ab ("mausezahn: re-work configuration file") changed
mausezahn to look for the configuration file in /etc/netsniff-ng. The
filename was intended to be mausezahn.conf not mausezahn.cfg to fit with
the other *.conf file extensions in /etc/netsniff-ng, so change it now.
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> [commit msg edited]
|
|
Commit 2de653340c ("mausezahn: bind to IP address in interactive mode")
introduced mz_listen_addr of size 15 to hold the IP address to bind to.
Since an address can be maximum 15 characters long, this doesn't account
for the terminating '\0'. Fix this by increasing the buffer size to 16.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Adds new option ``-l'' that can be used to set mausezahn's
listen address to bind to an IP of choice. e.g.
mausezahn -l 127.0.0.1 -x
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Follow commit 9ad7f8882097 ("build: astraceroute: Only build ioops with
GeoIP support enabled").
The ioops module is only needed in geoip.o, thus make it dependent on
CONFIG_GEOIP.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The ioops module is only needed in geoip.o, thus make it dependent on
CONFIG_GEOIP.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
/etc/netsniff-ng/mausezahn.conf as mentioned in manual was never read
because code was statically set to mz.cfg in /etc/mausezahn. This patch
simplifies things by using the existing /etc/netsniff-ng directory created
in the default install and still using a single configuration but with a
an easier to remember name e.g. ${tool}.conf.
Example:
$ cat /etc/netsniff-ng/mausezahn.conf
user = testuser
password = testpassword
enable = awesome
Pre-patch:
$ mausezahn -x
Mausezahn accepts incoming Telnet connections on port 25542.
mz: Problems opening config file. Will use defaults
Post-patch:
$ mausezahn -x
Mausezahn accepts incoming Telnet connections on port 25542.
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Building astraceroute fails on EL systems because
TPACKET_V3 is not available. Astraceroute functions
properly without ring_rx.o.
$ cat /etc/redhat-release
CentOS release 6.4 (Final)
Pre-patch:
Building astraceroute:
CC xmalloc.c
CC ioops.c
CC proto_none.c
CC tprintf.c
CC bpf.c
CC str.c
CC sig.c
CC sock.c
CC link.c
CC ring_rx.c
In file included from ring_rx.c:21:
ring_rx.h:25: warning: ‘struct block_desc’ declared inside parameter list
ring_rx.h: In function ‘user_may_pull_from_rx_block’:
ring_rx.h:27: error: dereferencing pointer to incomplete type
ring_rx.h: At top level:
ring_rx.h:35: warning: ‘struct block_desc’ declared inside parameter list
ring_rx.h: In function ‘kernel_may_pull_from_rx_block’:
ring_rx.h:37: error: dereferencing pointer to incomplete type
ring_rx.c: In function ‘destroy_rx_ring’:
ring_rx.c:26: error: ‘TPACKET_V3’ undeclared (first use in this function)
ring_rx.c:26: error: (Each undeclared identifier is reported only once
ring_rx.c:26: error: for each function it appears in.)
ring_rx.c: In function ‘setup_rx_ring_layout’:
ring_rx.c:63: error: dereferencing pointer to incomplete type
ring_rx.c:63: error: dereferencing pointer to incomplete type
ring_rx.c:68: error: ‘struct ring’ has no member named ‘layout3’
ring_rx.c:69: error: ‘struct ring’ has no member named ‘layout3’
ring_rx.c:70: error: ‘struct ring’ has no member named ‘layout3’
ring_rx.c: In function ‘create_rx_ring’:
ring_rx.c:83: error: ‘TPACKET_V3’ undeclared (first use in this function)
ring_rx.c:87: error: ‘struct ring’ has no member named ‘layout3’
ring_rx.c: In function ‘alloc_rx_ring_frames’:
ring_rx.c:118: error: ‘TPACKET_V3’ undeclared (first use in this function)
ring_rx.c:121: error: ‘struct ring’ has no member named ‘layout3’
ring_rx.c:122: error: ‘struct ring’ has no member named ‘layout3’
ring_rx.c: In function ‘sock_rx_net_stats’:
ring_rx.c:147: error: ‘TPACKET_V3’ undeclared (first use in this function)
ring_rx.c:150: error: field ‘k3’ has incomplete type
make: *** [astraceroute/ring_rx.o] Error 1
Post-patch:
Building astraceroute:
CC xmalloc.c
CC ioops.c
CC proto_none.c
CC tprintf.c
CC bpf.c
CC str.c
CC sig.c
CC sock.c
CC link.c
CC ring.c
CC dev.c
CC astraceroute.c
CC geoip.c
LD astraceroute
STRIP astraceroute
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
While writing a puppet manifest to provision netsniff-ng on a server.
I encountered the following shell warnings:
Notice: /Stage[main]/Netsniff_ng::Install/Exec[Install Netsniff-NG]/returns: Building NaCl for arch amd64 on host localhost (grab a coffee, this takes a while) ...
Notice: /Stage[main]/Netsniff_ng::Install/Exec[Install Netsniff-NG]/returns: ./nacl_build.sh: line 41: cd: /root/netsniff-ng/curvetun: No such file or directory
Notice: /Stage[main]/Netsniff_ng::Install/Exec[Install Netsniff-NG]/returns: NaCl lib path /root/nacl/nacl-20110221/build/localhost/lib/amd64
Notice: /Stage[main]/Netsniff_ng::Install/Exec[Install Netsniff-NG]/returns: NaCl include path /root/nacl/nacl-20110221/build/localhost/include/amd64
Notice: /Stage[main]/Netsniff_ng::Install/Exec[Install Netsniff-NG]/returns: ./nacl_build.sh: line 49: ./nacl_path.sh: No such file or directory
They went away after I applied this patch.
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Add a wrapper for calloc which checks for integer overflows in the
calculation of the size to allocate.
Use xcalloc to allocate an array of objects instead of calculating the
size ourselves, which might cause an integer overflow.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Get rid of unnecessary blank lines between the URLs.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Since commit 1cc762a ("lookup: Move UDP/TCP port and Ethernet type
lookup into own module") the netsniff-ng tool is the only one using the
dissector infrastructure. Thus we no longer need to conditionally device
HAVE_DISSECTOR_PROTOS, since netsniff-ng is the only tool defining this.
While at it, also remove the __WITH_PROTOS macro which is checked in
dissector_init_ethernet/dissector_cleanup_ethernet but is defined
nowhere. This will cause the functions to be called from both the
ethernet and ieee80211 dissectors, thus make sure we check the
initialization state before freeing as well.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
lookup_hash() returns void * which does not need to be cast.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Up to now, the lookup of TCP/UDP port names and Ethernet types was
tightly integrated with the dissector infrastructure, since it is its
main user. However, flowtop also makes use of the name lookup
functionality without needing the actual dissector infrastructure. Thus,
the basic dissector infrastructure also needs to be linked into flowtop
without actually being used.
Fix this by extracting the port/ethertype lookup into an own module
which can then be used either directly (for flowtop) or as part of the
dissector infrastructure (for netsniff-ng).
This also reverts the quick & dirty fix introduced in commit f3322c6
("flowtop: Include netlink dissector to fix build temporarily").
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add mirror.distanz.ch and the source release on github to the download
URLs in the release announcement.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
flowtop links in the dissector modules just for the TC/UDP port lookup
feature. Since dissector.h now includes libnl headers, we also need to
include the libnl CFLAGS for flowtop build and thus also make it depend
on libnl.
The real fix for this in the future would be to extract the port lookup
from dissector_eth.c and the just link in this module into flowtop
instead of the entire dissector stuff.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The port id field of the netlink message header does not necessarily
indicate the PID of the receiving process [1] (e.g. in case of
multithreaded applications or using multiple sockets). Mention this in
a comment.
[1] http://www.carisma.slowglass.com/~tgr/libnl/doc/core.html#core_netlink_fundamentals
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The kernel sets the skb pkttype to PACKET_OUTGOING for all packets being
sent through dev_queue_xmit_nit(). However, if capturing packets from an
nlmon device, this causes the information on whether the netlink packet
was sent to kernel- or userspace (PACKET_KERNEL/PACKET_USER) to be
overwritten.
A previous attempt by Daniel Borkmann to fix this in kernel space [1] by
not overwriting the packet type for netlink packets was not regarded as
the proper solution.
[1] http://patchwork.ozlabs.org/patch/338612/
Thus, attempt to fix this in userspace by looking at the pid field of
the netlink packet, which is always 0 for messages to kernel space [2].
[2] http://www.carisma.slowglass.com/~tgr/libnl/doc/core.html#core_netlink_fundamentals
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Replace an odd use of the ternary operator with a more readable if/else.
This fixes Debian Bug #750077.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
In the netlink message dissector, use the PID from the header to look up
the process name of the sending process.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
