summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2014-06-16pkt_buff: Remove unnecessary void castTobias Klauser1-1/+1
lookup_hash() returns void * which does not need to be cast. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-06-13lookup: Move UDP/TCP port and Ethernet type lookup into own moduleTobias Klauser12-154/+182
Up to now, the lookup of TCP/UDP port names and Ethernet types was tightly integrated with the dissector infrastructure, since it is its main user. However, flowtop also makes use of the name lookup functionality without needing the actual dissector infrastructure. Thus, the basic dissector infrastructure also needs to be linked into flowtop without actually being used. Fix this by extracting the port/ethertype lookup into an own module which can then be used either directly (for flowtop) or as part of the dissector infrastructure (for netsniff-ng). This also reverts the quick & dirty fix introduced in commit f3322c6 ("flowtop: Include netlink dissector to fix build temporarily"). Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-06-13build: Mention the download mirrors in the release announcementTobias Klauser1-2/+4
Add mirror.distanz.ch and the source release on github to the download URLs in the release announcement. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-06-13flowtop: Include netlink dissector to fix build temporarilyTobias Klauser2-1/+4
flowtop links in the dissector modules just for the TC/UDP port lookup feature. Since dissector.h now includes libnl headers, we also need to include the libnl CFLAGS for flowtop build and thus also make it depend on libnl. The real fix for this in the future would be to extract the port lookup from dissector_eth.c and the just link in this module into flowtop instead of the entire dissector stuff. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-06-12netsniff-ng 0.5.9-rc1v0.5.9-rc1Tobias Klauser1-3/+3
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-06-04netsniff-ng: proto_nlmsg: Add notice about nlmsg pid fieldTobias Klauser1-1/+7
The port id field of the netlink message header does not necessarily indicate the PID of the receiving process [1] (e.g. in case of multithreaded applications or using multiple sockets). Mention this in a comment. [1] http://www.carisma.slowglass.com/~tgr/libnl/doc/core.html#core_netlink_fundamentals Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-06-04dissector: Restore paket type if capturing from nlmon deviceTobias Klauser2-11/+30
The kernel sets the skb pkttype to PACKET_OUTGOING for all packets being sent through dev_queue_xmit_nit(). However, if capturing packets from an nlmon device, this causes the information on whether the netlink packet was sent to kernel- or userspace (PACKET_KERNEL/PACKET_USER) to be overwritten. A previous attempt by Daniel Borkmann to fix this in kernel space [1] by not overwriting the packet type for netlink packets was not regarded as the proper solution. [1] http://patchwork.ozlabs.org/patch/338612/ Thus, attempt to fix this in userspace by looking at the pid field of the netlink packet, which is always 0 for messages to kernel space [2]. [2] http://www.carisma.slowglass.com/~tgr/libnl/doc/core.html#core_netlink_fundamentals Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-06-02mausezahn: Don't use ternary operator to decide which function to callTobias Klauser1-1/+5
Replace an odd use of the ternary operator with a more readable if/else. This fixes Debian Bug #750077. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-28netsniff-ng: Print process name of the netlink message originTobias Klauser1-0/+19
In the netlink message dissector, use the PID from the header to look up the process name of the sending process. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-28netsniff-ng: Add netlink dissectorTobias Klauser6-0/+133
Add an initial implementation of a dissector to work on netlink messages as received from an nlmon device. Use can use it as follows to monitor netlink traffic to/from the kernel: modprobe nlmon ip link add type nlmon ip link set nlmon0 up netsniff-ng -i nlmon0 ip link set nlmon 0 down ip link del dev nlmon0 rmmod nlmon Fixes: #89 Suggested-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-27build: Allow to build astraceroute and flowtop without GeoIP supportTobias Klauser4-11/+26
Both tools are already prepared to handle NULL return values of the geoip_* lookup functions, so we might as well build them without geoip support if not needed/present. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-27build: Remove unused CONFIG_LIBGEOIPTobias Klauser1-2/+0
If libgeoip is present, CONFIG_GEOIP will be set later on depending on HAVE_LIBGEOIP, we thus don't need to write CONFIG_LIBGEOIP to Config. This symbol isn't used anywhere in the build process. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-27geoip: Pass struct sockaddr_in{,6} as pointer instead of by valueTobias Klauser6-68/+68
Change the interface to the geoip_* functions to take a pointer to a struct sockaddr_in{,6} instead of the struct itself. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-27flowtop: Constify function parameter in walk_process()Tobias Klauser1-1/+1
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-23netsniff-nf: proto_ipv6: Remove unused #include "csum.h"Tobias Klauser1-1/+0
This module doesn't use the checksum functions, thus we don't need to include csum.h. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-12bpf: Zero out socket filter in bpf_parse_rules()Tobias Klauser2-7/+2
Instead of memsetting the struct sock_filter every time before we call bpf_parse_rules(), do it there directly. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-09ring: Merge common ring_{rx,tx} initialization into own functionTobias Klauser7-78/+39
Instead of having to perform the individual steps to initialize a ring and open coding them in multiple places, provide convenience functions to do all at once. This has the nice side effect of allowing to make most of these *_{rx,tx}_ring() functions static in their respective module. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-09netsniff-ng: Move function scope variablesTobias Klauser1-8/+9
Move some variables from the function scipe to the block where they're used solely. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-09trafgen: Remove unnecessary initialization of ct.reserve_sizeTobias Klauser1-1/+0
It will be set later on depending on command line option (or panic() out) and it is initialized to 0 by a memset() before anyways. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-09netsniff-ng: Remove unnecessary memset of struct pollfdTobias Klauser1-2/+0
rx_poll will be passed to prepare_polling() which already zeros the struct, so no need to do it before. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-09netsniff-ng: Remove unnecessary initialization of struct ctx membersTobias Klauser1-4/+0
These will be set later on depending on command line option (or panic() out) and they're set to 0 by init_ctx() anyways. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-03doc: Fix typos in mausezahn and trafgen manpagesKartik Mistry2-2/+2
Fixed typos in mausezahn.8 and trafgen.8 [tklauser: Slightly edited commit message] Signed-off-by: Kartik Mistry <kartik.mistry@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-03all: Use macros for printf/scanf format specifiersJames McCoy9-55/+62
Any types that are fixed width should use the standard format specifier macros (PRI... for printf-type functions, SCN... for scanf-type functions) to ensure proper data access. Prior to this ifpps was crashing in 32-bit environments due to the following call mvwprintw(screen, (*voff)++, 2, "%s,%s %s (%s%s), t=%lums, cpus=%u%s/%u" " ", uts.release, machine, ifname, drvinf.driver, buff, ms_interval, top_cpus, top_cpus > 0 && top_cpus < cpus ? "+1" : "", cpus); since ms_interval is a uint64_t but %lu expects an unsigned long, which is only 32 bits. Signed-off-by: James McCoy <vega.james@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-30build: Do not add PREFIX to ETCDIRKartik Mistry1-1/+1
This will fix issue of installation of configuration files to /usr/local/etc (or /usr/etc for distribution builds) instead of /etc. [tklauser: extended description a bit] Signed-off-by: Kartik Mistry <kartik.mistry@gmail.com>
2014-04-30netsniff-ng/ring: Make verbose flag boolTobias Klauser5-7/+7
Change type of verbose flag from int to bool. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-30netsniff-ng: Use while() instead of empty forTobias Klauser1-2/+2
Instead of using a foor loop with empty initialization and afterthought, just use a while loop with the same condition. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-30ring: Consistently use size_t to specify ring sizeTobias Klauser7-15/+21
The mm_len member of struct ring is of type size_t, but in the code paths leading to set it, unsigned int is used. In circumstances where unsigned int is 32 bit and size_t is 64 bit, this could lead to an integer overflow, which causes an improper ring size being mmap()'ed in mmap_ring_generic(). In order to prevent this, consistently use size_t to store the ring size, since this is also what mmap() takes as its `length' parameter. This now allows to specify ring sizes larger than 4 GiB for both netsniff-ng and trafgen (fixes #90). Reported-by: Jon Schipp <jonschipp@gmail.com> Reported-by: Michał Purzyński <michalpurzynski1@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-30trafgen: Don't expose -k/--kernel-pull anymore and warn if it still usedTobias Klauser3-9/+3
The -k/--kernel-pull option got useless with commit c139e80 ("trafgen: remove timer-based trigger model"). Instead of entirely removing it and thus possibly breaking people's scripts, still accept it as an option, but warn the user about it. We might want to remove the option in a future release. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-30netsniff-ng: Fix whitespacesTobias Klauser1-3/+3
Remove some leading/trailing whitespaces. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-30trafgen: Use strtoul() instead of strtol() for unsigned longTobias Klauser1-1/+1
If setting an unsigned long variable, use strtoul() instead of strtol(). Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-29netsniff-ng 0.5.8v0.5.8Tobias Klauser1-1/+1
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-28netsniff-ng: Remove locally declared labelsTobias Klauser1-13/+4
These usually only make sense for complex macros which are expanded moree than once. The label for `out' doesn't make sense anyhow as it is declared on function level. Also don't indent the labels, so they're clearer to spot. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-27trafgen: performance regression at 10G due to smaller ring buffer sizeJesper Dangaard Brouer1-1/+1
commit c10621e ("trafgen: keep a small initial ring buffer size to reduce cache-misses") reduced default ring buffer size to 196KiB, but on my big machines with 10Gbit/s this size is too small. Increase default ring-size to 512 KiB, yield the best results, without increasing ring buffer size too much, this fixes #120. Single CPU results from my E5-2630 CPU with intel ixgbe/82599. (Cmd: trafgen --cpp --dev eth8 --conf udp_example01.trafgen --cpu 1) * 769,440 pkts/sec -- default ring-size 196 KiB * 1,417,908 pkts/sec -- ring-size 500 KiB Going above CPUs L3 cache size which is (15Mb) * 1,236,580 pkts/sec -- ring-size 20000KiB The mmap'ed ring buffer is now faster than using sendto(). For comparison, not using the ring-buffer, by using option "-t0": * 1,381,364 (with qdisc bypass) And using the qdisc code path in the kernel (enable via parameter "--qdisc-path") * 1,227,772 pkts/sec (with --qdisc-path) Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
2014-04-27build: Also use proper previous tag for people listTobias Klauser1-2/+3
Follow up for commit 311d4376 ("build: Make sure we get the correct previous tag for the changelog"). Move getting the previous tag into an own command and use it where appropriate. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-27conf: oui: update oui.confTobias Klauser1-15/+147
Update oui.conf using oui-update.py Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-27build: Make sure we get the correct previous tag for the changelogTobias Klauser1-1/+1
When going from an -rc release to a stable release (e.g. v0.5.8 ;-) the generated shortlog will not be generated from the latest -rc tag but from the second to last due to the sort order of the tag list: 0.5.5 0.5.6 0.5.7 v0.5.8 <-- newest tag v0.5.8-rc1 v0.5.8-rc2 v0.5.8-rc3 v0.5.8-rc4 v0.5.8-rc5 <-- second newest tag Thus use 'git describe' to get the proper previous tag. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-25ifpps: Fix coding styleTobias Klauser1-4/+6
Fix spacing and move a pointer increment out of the for loop initializer. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-25ifpps: fix matching wrong interface/deviceJesper Dangaard Brouer1-1/+7
There were a bug in ifpps, that would match the first occurance of a device/interface name in /proc/net/dev, because it located the device based on a substring. If the device name were starting with the same characters, e.g. having a device named eth4 and a VLAN device named eth4.100. If specifying --dev eth4, then depending on the order of /proc/net/dev the wrong device could be choosen for stats. (Note kernel does not guarantee the order of devices in proc file) Fix the bug, by matching with a colon ':' appended to the device name, as the kernel proc format prints a ':' behind the device name. Fixes #119 Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
2014-04-22doc: AUTHORS: Add Oliver Smith to contributorsTobias Klauser1-0/+1
Oliver contributed a patch to astraceroute back in August 2013, but he was never properly credited in AUTHORS. Do that now. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-22conf: Use configuration file path from Makefile instead of hardcoded pathsTobias Klauser7-17/+16
Currently, the path to the configuration files is hardcoded to $PREFIX/etc/netsniff-ng. If we want to keep the configuration files outside of prefix (e.g. during development), we need to pass the complete path as specified in $ETCDIRE (and $ETCDIR respectively, which could e.g. be overriden on the command line during build install) as a preprocessor define. This way, we can e.g. install the configuration files to /etc while installing the binaries in /usr/local with: $ make PREFIX=/usr/local ETCDIR=/etc $ make PREFIX=/usr/local ETCDIR=/etc install Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-22bpf: Remove unncessary #include <xmalloc.h> from bpf.hTobias Klauser1-1/+1
Only die.h is needed in the header for panic(). Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-22built_in: Remove unnecessary #include <built_in.h> from several headersTobias Klauser4-5/+0
These are not needed in the headers themselves and are pulled in in the .c file where necessary. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-22man: astraceroute: Fix closing quotation markTobias Klauser1-1/+1
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-14dissector: Get rid of header dependency on pcap_io.hTobias Klauser4-24/+35
The dissector only needs the LINKTYPE_* #defines from pcap_io.h. Instead of pulling in this rather large header just for this, move the LINKTYPE_* #defines to an own header and include it where needed. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-12built_in: changed RUNTIME_PAGE_SIZE to use sysconf(_SC_PAGE_SIZE) instead of ↵Christian Wiese1-1/+1
getpagesize() getpagesize(2) is considered legacy and has been dropped with POSIX.1-2001. See discussion: https://github.com/netsniff-ng/netsniff-ng/pull/112 Signed-off-by: Christian Wiese <chris@opensde.org> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2014-04-12built_in: changed to use RUNTIME_PAGE_SIZE instead of PAGE_SIZEChristian Wiese8-15/+13
References: https://github.com/netsniff-ng/netsniff-ng/commit/453f6eb9d79dd5aa2812ef956b22723f0a493086 https://github.com/netsniff-ng/netsniff-ng/pull/112 Signed-off-by: Christian Wiese <chris@opensde.org> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2014-04-12build: fixed PREFIX usageChristian Wiese1-4/+4
This change fixes the use of PREFIX by not hard wiring /usr into the path. Besides that if no PREFIX is provided by the user, it is set to /usr/local now which is considered to be the right location for most LSB conforming distros if the user is compiling from sources to not interfere with the package management for binary packages which are build using /usr as prefix in most of the cases. current behavior without setting PREFIX will most likely interfere with most distro package managers when building from source: ------------------------------------------------------------------------ $ sudo make uninstall RM /usr/sbin/netsniff-ng RM /usr/share/man/man8/netsniff-ng.8.gz RM /usr/sbin/trafgen RM /usr/share/man/man8/trafgen.8.gz RM /usr/sbin/astraceroute RM /usr/share/man/man8/astraceroute.8.gz RM /usr/sbin/ifpps RM /usr/share/man/man8/ifpps.8.gz RM /usr/sbin/bpfc RM /usr/share/man/man8/bpfc.8.gz RM /usr/sbin/curvetun RM /usr/share/man/man8/curvetun.8.gz ------------------------------------------------------------------------ current behavior when setting PREFIX=/usr/local looks kind of weird because of the hard wired /usr: ------------------------------------------------------------------------ $ sudo make PREFIX=/usr/local uninstall RM /usr/local/usr/sbin/netsniff-ng RM /usr/local/usr/share/man/man8/netsniff-ng.8.gz RM /usr/local/usr/sbin/trafgen RM /usr/local/usr/share/man/man8/trafgen.8.gz RM /usr/local/usr/sbin/astraceroute RM /usr/local/usr/share/man/man8/astraceroute.8.gz RM /usr/local/usr/sbin/ifpps RM /usr/local/usr/share/man/man8/ifpps.8.gz RM /usr/local/usr/sbin/bpfc RM /usr/local/usr/share/man/man8/bpfc.8.gz RM /usr/local/usr/sbin/curvetun RM /usr/local/usr/share/man/man8/curvetun.8.gz ------------------------------------------------------------------------ using the proposed fix without setting PREFIX: ------------------------------------------------------------------------ $ sudo make uninstall RM /usr/local/sbin/netsniff-ng RM /usr/local/share/man/man8/netsniff-ng.8.gz RM /usr/local/sbin/trafgen RM /usr/local/share/man/man8/trafgen.8.gz RM /usr/local/sbin/astraceroute RM /usr/local/share/man/man8/astraceroute.8.gz RM /usr/local/sbin/ifpps RM /usr/local/share/man/man8/ifpps.8.gz RM /usr/local/sbin/bpfc RM /usr/local/share/man/man8/bpfc.8.gz RM /usr/local/sbin/curvetun RM /usr/local/share/man/man8/curvetun.8.gz ------------------------------------------------------------------------ Signed-off-by: Christian Wiese <chris@opensde.org> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2014-04-11doc: add Christian to AUTHORS fileDaniel Borkmann1-0/+1
For Christian Wiese's contributions, add him to AUTHORS. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2014-04-11doc: curvetun: add documentation how to use libsodium instead of libnaclChristian Wiese1-1/+19
Add information to INSTALL on how to build with libsodium. Signed-off-by: Christian Wiese <chris@opensde.org> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2014-04-11build: curvetun: add NACL_LIB variable to configure to be able to set an ↵Christian Wiese2-1/+6
alternative lib This way one can simply set an alternative lib like libsodium for linking the curvetun binary. The current default linking against libnacl is preserved! To link curvetun against libsodium you can set NACL_LIB=sodium Signed-off-by: Christian Wiese <chris@opensde.org> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>