Age | Commit message (Collapse) | Author | Files | Lines |
|
Commit 134a7beb7ab ("mausezahn: re-work configuration file") changed
mausezahn to look for the configuration file in /etc/netsniff-ng. The
filename was intended to be mausezahn.conf not mausezahn.cfg to fit with
the other *.conf file extensions in /etc/netsniff-ng, so change it now.
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> [commit msg edited]
|
|
Commit 2de653340c ("mausezahn: bind to IP address in interactive mode")
introduced mz_listen_addr of size 15 to hold the IP address to bind to.
Since an address can be maximum 15 characters long, this doesn't account
for the terminating '\0'. Fix this by increasing the buffer size to 16.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Adds new option ``-l'' that can be used to set mausezahn's
listen address to bind to an IP of choice. e.g.
mausezahn -l 127.0.0.1 -x
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Follow commit 9ad7f8882097 ("build: astraceroute: Only build ioops with
GeoIP support enabled").
The ioops module is only needed in geoip.o, thus make it dependent on
CONFIG_GEOIP.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The ioops module is only needed in geoip.o, thus make it dependent on
CONFIG_GEOIP.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
/etc/netsniff-ng/mausezahn.conf as mentioned in manual was never read
because code was statically set to mz.cfg in /etc/mausezahn. This patch
simplifies things by using the existing /etc/netsniff-ng directory created
in the default install and still using a single configuration but with a
an easier to remember name e.g. ${tool}.conf.
Example:
$ cat /etc/netsniff-ng/mausezahn.conf
user = testuser
password = testpassword
enable = awesome
Pre-patch:
$ mausezahn -x
Mausezahn accepts incoming Telnet connections on port 25542.
mz: Problems opening config file. Will use defaults
Post-patch:
$ mausezahn -x
Mausezahn accepts incoming Telnet connections on port 25542.
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Building astraceroute fails on EL systems because
TPACKET_V3 is not available. Astraceroute functions
properly without ring_rx.o.
$ cat /etc/redhat-release
CentOS release 6.4 (Final)
Pre-patch:
Building astraceroute:
CC xmalloc.c
CC ioops.c
CC proto_none.c
CC tprintf.c
CC bpf.c
CC str.c
CC sig.c
CC sock.c
CC link.c
CC ring_rx.c
In file included from ring_rx.c:21:
ring_rx.h:25: warning: ‘struct block_desc’ declared inside parameter list
ring_rx.h: In function ‘user_may_pull_from_rx_block’:
ring_rx.h:27: error: dereferencing pointer to incomplete type
ring_rx.h: At top level:
ring_rx.h:35: warning: ‘struct block_desc’ declared inside parameter list
ring_rx.h: In function ‘kernel_may_pull_from_rx_block’:
ring_rx.h:37: error: dereferencing pointer to incomplete type
ring_rx.c: In function ‘destroy_rx_ring’:
ring_rx.c:26: error: ‘TPACKET_V3’ undeclared (first use in this function)
ring_rx.c:26: error: (Each undeclared identifier is reported only once
ring_rx.c:26: error: for each function it appears in.)
ring_rx.c: In function ‘setup_rx_ring_layout’:
ring_rx.c:63: error: dereferencing pointer to incomplete type
ring_rx.c:63: error: dereferencing pointer to incomplete type
ring_rx.c:68: error: ‘struct ring’ has no member named ‘layout3’
ring_rx.c:69: error: ‘struct ring’ has no member named ‘layout3’
ring_rx.c:70: error: ‘struct ring’ has no member named ‘layout3’
ring_rx.c: In function ‘create_rx_ring’:
ring_rx.c:83: error: ‘TPACKET_V3’ undeclared (first use in this function)
ring_rx.c:87: error: ‘struct ring’ has no member named ‘layout3’
ring_rx.c: In function ‘alloc_rx_ring_frames’:
ring_rx.c:118: error: ‘TPACKET_V3’ undeclared (first use in this function)
ring_rx.c:121: error: ‘struct ring’ has no member named ‘layout3’
ring_rx.c:122: error: ‘struct ring’ has no member named ‘layout3’
ring_rx.c: In function ‘sock_rx_net_stats’:
ring_rx.c:147: error: ‘TPACKET_V3’ undeclared (first use in this function)
ring_rx.c:150: error: field ‘k3’ has incomplete type
make: *** [astraceroute/ring_rx.o] Error 1
Post-patch:
Building astraceroute:
CC xmalloc.c
CC ioops.c
CC proto_none.c
CC tprintf.c
CC bpf.c
CC str.c
CC sig.c
CC sock.c
CC link.c
CC ring.c
CC dev.c
CC astraceroute.c
CC geoip.c
LD astraceroute
STRIP astraceroute
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
While writing a puppet manifest to provision netsniff-ng on a server.
I encountered the following shell warnings:
Notice: /Stage[main]/Netsniff_ng::Install/Exec[Install Netsniff-NG]/returns: Building NaCl for arch amd64 on host localhost (grab a coffee, this takes a while) ...
Notice: /Stage[main]/Netsniff_ng::Install/Exec[Install Netsniff-NG]/returns: ./nacl_build.sh: line 41: cd: /root/netsniff-ng/curvetun: No such file or directory
Notice: /Stage[main]/Netsniff_ng::Install/Exec[Install Netsniff-NG]/returns: NaCl lib path /root/nacl/nacl-20110221/build/localhost/lib/amd64
Notice: /Stage[main]/Netsniff_ng::Install/Exec[Install Netsniff-NG]/returns: NaCl include path /root/nacl/nacl-20110221/build/localhost/include/amd64
Notice: /Stage[main]/Netsniff_ng::Install/Exec[Install Netsniff-NG]/returns: ./nacl_build.sh: line 49: ./nacl_path.sh: No such file or directory
They went away after I applied this patch.
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Add a wrapper for calloc which checks for integer overflows in the
calculation of the size to allocate.
Use xcalloc to allocate an array of objects instead of calculating the
size ourselves, which might cause an integer overflow.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Get rid of unnecessary blank lines between the URLs.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Since commit 1cc762a ("lookup: Move UDP/TCP port and Ethernet type
lookup into own module") the netsniff-ng tool is the only one using the
dissector infrastructure. Thus we no longer need to conditionally device
HAVE_DISSECTOR_PROTOS, since netsniff-ng is the only tool defining this.
While at it, also remove the __WITH_PROTOS macro which is checked in
dissector_init_ethernet/dissector_cleanup_ethernet but is defined
nowhere. This will cause the functions to be called from both the
ethernet and ieee80211 dissectors, thus make sure we check the
initialization state before freeing as well.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
lookup_hash() returns void * which does not need to be cast.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Up to now, the lookup of TCP/UDP port names and Ethernet types was
tightly integrated with the dissector infrastructure, since it is its
main user. However, flowtop also makes use of the name lookup
functionality without needing the actual dissector infrastructure. Thus,
the basic dissector infrastructure also needs to be linked into flowtop
without actually being used.
Fix this by extracting the port/ethertype lookup into an own module
which can then be used either directly (for flowtop) or as part of the
dissector infrastructure (for netsniff-ng).
This also reverts the quick & dirty fix introduced in commit f3322c6
("flowtop: Include netlink dissector to fix build temporarily").
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add mirror.distanz.ch and the source release on github to the download
URLs in the release announcement.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
flowtop links in the dissector modules just for the TC/UDP port lookup
feature. Since dissector.h now includes libnl headers, we also need to
include the libnl CFLAGS for flowtop build and thus also make it depend
on libnl.
The real fix for this in the future would be to extract the port lookup
from dissector_eth.c and the just link in this module into flowtop
instead of the entire dissector stuff.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The port id field of the netlink message header does not necessarily
indicate the PID of the receiving process [1] (e.g. in case of
multithreaded applications or using multiple sockets). Mention this in
a comment.
[1] http://www.carisma.slowglass.com/~tgr/libnl/doc/core.html#core_netlink_fundamentals
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The kernel sets the skb pkttype to PACKET_OUTGOING for all packets being
sent through dev_queue_xmit_nit(). However, if capturing packets from an
nlmon device, this causes the information on whether the netlink packet
was sent to kernel- or userspace (PACKET_KERNEL/PACKET_USER) to be
overwritten.
A previous attempt by Daniel Borkmann to fix this in kernel space [1] by
not overwriting the packet type for netlink packets was not regarded as
the proper solution.
[1] http://patchwork.ozlabs.org/patch/338612/
Thus, attempt to fix this in userspace by looking at the pid field of
the netlink packet, which is always 0 for messages to kernel space [2].
[2] http://www.carisma.slowglass.com/~tgr/libnl/doc/core.html#core_netlink_fundamentals
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Replace an odd use of the ternary operator with a more readable if/else.
This fixes Debian Bug #750077.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
In the netlink message dissector, use the PID from the header to look up
the process name of the sending process.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add an initial implementation of a dissector to work on netlink messages
as received from an nlmon device.
Use can use it as follows to monitor netlink traffic to/from the kernel:
modprobe nlmon
ip link add type nlmon
ip link set nlmon0 up
netsniff-ng -i nlmon0
ip link set nlmon 0 down
ip link del dev nlmon0
rmmod nlmon
Fixes: #89
Suggested-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Both tools are already prepared to handle NULL return values of the
geoip_* lookup functions, so we might as well build them without geoip
support if not needed/present.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
If libgeoip is present, CONFIG_GEOIP will be set later on depending on
HAVE_LIBGEOIP, we thus don't need to write CONFIG_LIBGEOIP to Config.
This symbol isn't used anywhere in the build process.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Change the interface to the geoip_* functions to take a pointer to a
struct sockaddr_in{,6} instead of the struct itself.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
This module doesn't use the checksum functions, thus we don't need to
include csum.h.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Instead of memsetting the struct sock_filter every time before we call
bpf_parse_rules(), do it there directly.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Instead of having to perform the individual steps to initialize a ring
and open coding them in multiple places, provide convenience functions
to do all at once. This has the nice side effect of allowing to make
most of these *_{rx,tx}_ring() functions static in their respective
module.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Move some variables from the function scipe to the block where they're
used solely.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
It will be set later on depending on command line option (or panic()
out) and it is initialized to 0 by a memset() before anyways.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
rx_poll will be passed to prepare_polling() which already zeros the
struct, so no need to do it before.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
These will be set later on depending on command line option (or panic()
out) and they're set to 0 by init_ctx() anyways.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Fixed typos in mausezahn.8 and trafgen.8
[tklauser: Slightly edited commit message]
Signed-off-by: Kartik Mistry <kartik.mistry@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Any types that are fixed width should use the standard format specifier
macros (PRI... for printf-type functions, SCN... for scanf-type
functions) to ensure proper data access.
Prior to this ifpps was crashing in 32-bit environments due to the
following call
mvwprintw(screen, (*voff)++, 2,
"%s,%s %s (%s%s), t=%lums, cpus=%u%s/%u"
" ", uts.release, machine,
ifname, drvinf.driver, buff, ms_interval, top_cpus,
top_cpus > 0 && top_cpus < cpus ? "+1" : "", cpus);
since ms_interval is a uint64_t but %lu expects an unsigned long, which
is only 32 bits.
Signed-off-by: James McCoy <vega.james@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
This will fix issue of installation of configuration files to
/usr/local/etc (or /usr/etc for distribution builds) instead of /etc.
[tklauser: extended description a bit]
Signed-off-by: Kartik Mistry <kartik.mistry@gmail.com>
|
|
Change type of verbose flag from int to bool.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Instead of using a foor loop with empty initialization and afterthought,
just use a while loop with the same condition.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The mm_len member of struct ring is of type size_t, but in the code
paths leading to set it, unsigned int is used. In circumstances where
unsigned int is 32 bit and size_t is 64 bit, this could lead to an
integer overflow, which causes an improper ring size being mmap()'ed in
mmap_ring_generic().
In order to prevent this, consistently use size_t to store the ring
size, since this is also what mmap() takes as its `length' parameter.
This now allows to specify ring sizes larger than 4 GiB for both
netsniff-ng and trafgen (fixes #90).
Reported-by: Jon Schipp <jonschipp@gmail.com>
Reported-by: Michał Purzyński <michalpurzynski1@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The -k/--kernel-pull option got useless with commit c139e80 ("trafgen:
remove timer-based trigger model"). Instead of entirely removing it and
thus possibly breaking people's scripts, still accept it as an option,
but warn the user about it. We might want to remove the option in a
future release.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Remove some leading/trailing whitespaces.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
If setting an unsigned long variable, use strtoul() instead of strtol().
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
These usually only make sense for complex macros which are expanded
moree than once. The label for `out' doesn't make sense anyhow as it is
declared on function level.
Also don't indent the labels, so they're clearer to spot.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
commit c10621e ("trafgen: keep a small initial ring buffer size to
reduce cache-misses") reduced default ring buffer size to 196KiB,
but on my big machines with 10Gbit/s this size is too small.
Increase default ring-size to 512 KiB, yield the best results,
without increasing ring buffer size too much, this fixes #120.
Single CPU results from my E5-2630 CPU with intel ixgbe/82599.
(Cmd: trafgen --cpp --dev eth8 --conf udp_example01.trafgen --cpu 1)
* 769,440 pkts/sec -- default ring-size 196 KiB
* 1,417,908 pkts/sec -- ring-size 500 KiB
Going above CPUs L3 cache size which is (15Mb)
* 1,236,580 pkts/sec -- ring-size 20000KiB
The mmap'ed ring buffer is now faster than using sendto().
For comparison, not using the ring-buffer, by using option "-t0":
* 1,381,364 (with qdisc bypass)
And using the qdisc code path in the kernel (enable via
parameter "--qdisc-path")
* 1,227,772 pkts/sec (with --qdisc-path)
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
|
|
Follow up for commit 311d4376 ("build: Make sure we get the correct
previous tag for the changelog").
Move getting the previous tag into an own command and use it where
appropriate.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Update oui.conf using oui-update.py
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
When going from an -rc release to a stable release (e.g. v0.5.8 ;-) the
generated shortlog will not be generated from the latest -rc tag but
from the second to last due to the sort order of the tag list:
0.5.5
0.5.6
0.5.7
v0.5.8 <-- newest tag
v0.5.8-rc1
v0.5.8-rc2
v0.5.8-rc3
v0.5.8-rc4
v0.5.8-rc5 <-- second newest tag
Thus use 'git describe' to get the proper previous tag.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|