summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2013-07-03dev: linktype: use ARPHRD_ETHER for "any" deviceDaniel Borkmann1-1/+3
Use ARPHRD_ETHER for the "any" device, so that when typing "netsniff-ng" without any arguments, ethernet is assumed. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-07-03netsniff-ng: ctx: init and destruct methods for ctxDaniel Borkmann1-18/+33
Refactor ctx initialization and destruction into separate handlers. That is more clean. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-07-03pcap: invoke dev->type to pcap linktype mapperDaniel Borkmann2-4/+5
Invoke dev->type to pcap linktype mapper in order to write a correct pcap file header for various link types. Also fix two bugs in pcap file header parsing and print a warning with the magic link number in case of an unknown link type. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-07-03pcap: fix build errorDaniel Borkmann2-4/+12
Various fixes for last commit. Sorry for that. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-07-03dissector: do not panic on unknown hatypeDaniel Borkmann1-2/+5
Do not panic on linktypes that are unknown to us. Just skip the usual dissector entry point and based on user input, print in hex, ascii, or hex + ascii. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-07-03pcap: support for various linktypesDaniel Borkmann3-13/+129
Add a device_type() method to get the assigned dev->type from the kernel, and add support for automatic selection of the correct pcap file header's linktype. This needs to be integrated into the core code though. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-07-03pcap_io: add LINKTYPE_NETLINK for netlink pcapsDaniel Borkmann1-0/+3
This adds basic linktype support for netlink "nlmon" devices. Todo: we sill need to set the correct pcap type on capturing. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-07-03man: netsniff-ng: elaborate on capturing netlink trafficDaniel Borkmann1-3/+15
As nlmon's device setup has now been changed to use rtnl link setup, give a full example on how to setup and teardown nlmon devices. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-29man: bpfc: add netlink arp headerDaniel Borkmann1-0/+1
As per [1] we now also have an official hw device identifier for Netlink. Add it to bpfc man page as we can capture from an nlmon device. [1] http://patchwork.ozlabs.org/patch/253293/ Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-28Merge branch 'config'Tobias Klauser4-2/+254
Pull in the configure script. From now on, before calling 'make' the './configure' script will need to get called. This is no autotools generated script, but manually written to check for netsniff-ng's dependencies.
2013-06-28configure: Improve check for libnl/libnl-genlTobias Klauser1-2/+16
Actually call some functions in the check program so they will need to get linked. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-06-28configure: Check for presence of pkg-config and ccache binariesTobias Klauser2-1/+35
Check whether pkg-config and ccache are in the PATH. A missing pkg-config will cause the configure script to abort with an error. The presence of ccache is written to Config and used by the Makefile to conditionally make use of it. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-06-28configure: Add linker flags for ncursestest to correct positionTobias Klauser1-1/+1
Newer versions of GCC expect the linker flags after the object code, so move the ouput of 'pkg-config --libs ncurses' there to not make the test fail even if ncurses is present on the system. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-06-25netsniff-ng: tpacketv3: 'fix' packet accounting outputDaniel Borkmann3-5/+6
In netsniff-ng, we use tpacketv3 for capturing-only mode. The issue observed lately is that when using f.e. -n10 or capturing a pcap and then quitting, the pcap or actually seen number of packets are less than what the statistics tell us from getsockopt(2). This is due to the fact that tpacketv3 divides its ring buffer into blocks of frames. Meaning, while we are traversing block n, the kernel already fills up block n+1 and following if new packets arrive. While doing so, it increments packet counters. Thus, when we ^C, we haven't seen those blocks, so the stats tell us mostly a slightly higher result. Fix this by adjusting socket stats printing to this fact. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-25man: netsniff-ng: add section about netlink traffic debuggingDaniel Borkmann1-0/+4
Recently, the nlmon device driver got accepted [1], so that it's now possible to debug netlink traffic as well. [1] http://thread.gmane.org/gmane.linux.network/273952 Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-24ifpps, flowtop: Move ncurses init and end to common moduleTobias Klauser6-42/+40
ncurses (de-)initialization is duplicated across flowtop and ifpps, so move it to an own module and use it from both tools. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-06-24configure: Check for tpacket, ncurses, libgeoipTobias Klauser1-1/+100
Check for some more libraries we make use of in the configure step. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-06-24gitignore: Ignore generated ConfigTobias Klauser1-0/+3
Ignore the build config generated by the configure script. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-06-24README, INSTALL: minor: Remove trailing whitespacesTobias Klauser2-4/+4
Remove some trailing whitespaces from documentation. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-06-24configure: Add configure script used to detect NaClTobias Klauser3-1/+103
In order to use an installation of NaCl provided by the distro or by previous manual installation, provide a configure script which checks for nacl's presence. Also check of libnl-genl headers. More checks of the other libraries depended on by netsniff-ng as well as checks for necessary kernel headers should be added here too. The configure script is preliminary and has not yet extensively been tested on multiple systems. The concept was inspired by the configure script of trinity and iproute2. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-06-20dev: mark paths likely/unlikelyDaniel Borkmann1-4/+4
Mark them as what is to be most expected. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-17ioexact: make mayexit a boolDaniel Borkmann2-4/+9
It's used as such, so therefore make it a bool instead of int. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-17man: add colophon to the end of each document.Daniel Borkmann8-0/+32
Add a colophon to the end of each man page. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-17dissector: explicitly init arrayDaniel Borkmann1-10/+9
Use explicit form to initialize array. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-17die: minor: simplify code a bitDaniel Borkmann1-11/+17
Make the code a bit simpler. Also use bool for the syslog_maybe condition. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-17dev: make paths unlikely, simplify codeDaniel Borkmann1-17/+11
Simplify code a bit and mark error paths unlikely. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-17dev: bail out if ifindex could not be retrievedDaniel Borkmann1-4/+4
If we fail to find the ifindex of a given device, bail out. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15bpf: use Linux' define of BPF_MAXINSNSDaniel Borkmann2-9/+11
Do not necessarily define our own, only in case the Linux one is not available. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15curve: free buffers in reverse order to allocationDaniel Borkmann1-3/+3
First destroy spinlocks, then free the encryption and decryption buffers. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15curve: curve25519_tfm_alloc/curve25519_tfm_free helpersDaniel Borkmann4-40/+53
Facilitate allocation and destruction of crypto objects through common helper functions. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15curve: directly include config.h for FILE_PRIVKEYDaniel Borkmann1-0/+1
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15curve: minor: fix typo in variableDaniel Borkmann2-8/+8
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15curve: minor: fix up formattingDaniel Borkmann1-6/+12
Just some minor whitespacing arrangements. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15curve: fix crypto_box_beforenmbytes lengthDaniel Borkmann1-1/+1
This seems to have been corrupted. Must be crypto_box_beforenmbytes. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15curve: curve25519_encode/curve25519_decode: simplify crypto transformsDaniel Borkmann2-27/+31
Simplify curve25519_encode() and curve25519_decode() transforms by making the code more clear and by introducing macro accessors to nonces. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15curve: simplify curve25519_proto_init and othersDaniel Borkmann5-49/+29
Simplify the function curve25519_proto_init() and also have minor cleanups in other related ones. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15curve: rename encode/decode buffersDaniel Borkmann2-19/+19
No need to prefix them with _buf, this just makes the names longer and therefore less readable. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15cpusched: cleanups, refactoring and fix one bugDaniel Borkmann1-49/+28
Fix the bug in "if (!entry == 0 && errno == ENOENT)" and also do some cleanups, make the code more readable and remove useless stuff. Used in curvetun. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15misc: remove two header commentsDaniel Borkmann2-12/+0
It's ridiculous to have a header comment here. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15bpf: very minor style fixups and paths marked unlikelyDaniel Borkmann1-6/+9
Mark some error paths as unlikely, and fixup some minor whitespace issues. Nothing big to see here. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15docs: readme: also stress bpf seccomp in the README pageDaniel Borkmann1-1/+1
We should also make this clear from the beginning that one can use bpfc for seccomps as well. Might be interesting for security researchers to play around with. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15bpfc: stress that also seccomp-BPF can be generated with bpfcDaniel Borkmann1-1/+3
Just add a minor sentence to help stating this. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15man: bpfc: add example of loadable x86_64 seccomp-BPF filterDaniel Borkmann1-0/+18
Add the example in bpfc code from http://outflux.net/teach-seccomp/ to the man page, so that people can also experiment with seccomp bpf and to demonstrate that there are no limits on bpfc when it comes to this. Actually this code is even more efficient than the one given in the example URL above. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15man: bpf: also mention that bpfc can be used for seccomp-BPFDaniel Borkmann1-10/+14
Seccomp-BPF is used for syscall sandboxing. bpfc can also be used for creating such filters without any problems. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15bpf: add missing decode for poffDaniel Borkmann1-12/+14
When we decode BPF extensions, add the missing opcode for poff. While at it, also remove the '#' prefix, since it's optional in bpfc. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15trafgen: fix checksumming in trafgen example configDaniel Borkmann2-2/+2
Took quite a while to git bisect the cause for the wrong TCP checksum in the -e example. It turned out that commit bf43e1993c7037 ("trafgen: lexer: return original string if no shellcode") "broke" it, since before that commit the TCP checksum from -e example was correct and afterwards not anymore. Well, it didn't break it. What was happening here is that with this fix above, the packet got 1 byte longer since the first character of the example string is not omitted anymore, therefore the checksum got wrong. Fix this by fixing the IP total length of the packet in the -e and man page example. The UDP example from the man page still works well if csumudp() is used, so not affected of this. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15trafgen: check offsets for all kind of csumsDaniel Borkmann1-2/+5
It seems not critical at this point, but lets check it for all offsets here as well, and mark this check as unlikely to happen. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-15trafgen: fix -n1 bug for packet schedulingDaniel Borkmann1-2/+2
In the current situation, it can happen when we set -n1, that no packet at all will be scheduled. This is due to the case that nearbyint() will for e.g. 2 cpus round to 0 each, and since in __correct_global_delta() we only correct a total delta when a particular CPU is allowed to tx packets (means already has a num > 0), then we correct the delta on the first such CPU. Switch to using round(), so that on 0.5 it will be round to the next higher int, and fix the check to >= 0 in __correct_global_delta() so that a CPU could also get a 0 share of packets. I did a couple of tests with different -n params and cpu(..) configs and this seems to fix that. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-14man: trafgen: fix remaining `` occurencesDaniel Borkmann1-23/+23
That's the last man page where `` occurs, so fix this up by making it consistentlt '' as the rest of all man pages. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-14netsniff-ng: Report if HW timestamping is enabledTobias Klauser1-1/+3
Until now we didn't check the return value of set_sockopt_hwtimestamp() and the Coverity scanner complained about it, so use it's return value to report if timstamping is actually enabled in verbose mode. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>