| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
If the file open fails with O_NOATIME option then try to open it w/o
this option in case if the user does not have enough prvileges to use
O_NOATIME.
It fixes the case when user made pcap file in sudo mode but after it
should still use sudo to read it because of setting O_NOATIME option
requires higher privileges.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Create PF_PACKET socket with proto=0 which does not setup packet handler
and will not capture packets until bind() will be invoked.
Also replaced pf_tx_socket by pf_socket as these funcs became the same,
as proto arg is set to 0.
Suggested-by: Daniel Borkmann <borkmann@iogearbox.net>
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Print 'Family' and 'Type' (considering family) fields in less mode.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Vadim has contributed numerous improvements and bug fixes for
netsniff-ng and hopefully continues to do so. Move him to the major
contributors section in the AUTHORS file.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Automatic new line indentation can break terminal ESC color sequence by
inserting new line within it.
Fixed by considering that color ESC sequence is not closed
by 'm' and only after it is closed - print new line with spaces.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tk: add comments]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Commit a37101161784 ("dissectors: ethernet: Handle multicast/broadcast
addresses properly") introduced handling of multicast/broadcast
addresses in string translation, but only for the verbose mode. Also
print these strings instead of "Unknown" in less mode.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Rename xxx_panic_func(s) to xxx_panic_handler(s) which is more
understandable than 'func'.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
In commit d312a25879d5 ("netsniff-ng nlmsg: Print netlink protocol
name"), the struct protocol member of struct pkt_buff was renamed to
handler to account for the newly added proto field. However, the
corresponding function pkt_set_proto wasn't renamed which is a bit
counter-intuitive. Fix this by renaming the member again, this time to
dissector (as I don't consider handler a particulary meaningful name)
and adjust the set function's name accordingly.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Fixed case when rfmon mac80211 created device remains after trafgen
failed (for ex. - incorrect cfg file), so just delete it when panic
occured.
Also made panic handlers invoking per process and only once.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
As Probe Response frame is very similar to Beacon
(except some IEs which are identified dynamically)
so lets just use the same func to dissect it.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Print nlmsg type name for rtnetlink messages.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tk: ifdef guards for RTM_NEWNETCONF and RTMNEWMDB, other minor fixes]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
If only a header file is changed, the corresponding module is not
rebuilt. Thus, add a rule to make module build depend on the header file
as well (where applicable) to circumvent this effect.
Note: This will still not necessarily catch every dependency between
modules, source and header files.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Change the position of the packet number in the packet header output
such that we don't print two spaces between timestamp and number if no
timestamp source is available.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Print 'IE:' prefix before each mgmt IE parameter which
should be more readable and it allows easy identify next element
while the listing the big one:
Also removed 1 TAB in "HT Capabilities" fields.
P mon0 288 1430230360s.696547150ns
[ Radiotap Version (0), Length (26), Flags (0x0000482f) ]
[ 802.11 Frame Control (0x0080)]
[ Proto Version (0), Type (0, Management), Duration (0),
Destination (ff:ff:ff:ff:ff:ff)
Source (00:00:00:00:01:13) => (XEROX CORPORATION:00:01:13)
BSSID (00:00:00:00:01:13) => (XEROX CORPORATION:00:01:13)
Fragmentnr. (0), Seqnr. (2844). Subtype (8, Beacon) ]
[ Subtype Beacon: Timestamp 0x0000000021ac5c5c, Beacon Interval (0.102400s)
ment;)
IE: SSID (0, Len (6)): 000114
IE: Supp. Rates (1, Len (8)): 1(B) 2(B) 5.5(B) 11(B) 18 24(B) 4 22
IE: DSSS Param Set (3, Len(1)): Current Channel: 1
IE: TIM (5, Len(4)): DTIM Count: 0, DTIM Period: 1
IE: ERP (42, Len(1)): Non ERP Present (0), Use Protection (0)
IE: Reserved (47, Len (1)): Data 0x00
IE:Failed to dissect Subtype ]
Yeah ... 'IE:' is also printed before 'Failed to dissect Subtype',
which just indicates that rest IE params were not identified.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Show the packet number as part of the dissector output.
Example:
> wlp3s0 107 1430159373s.693002029ns (#5)
[ Eth MAC (6c:88:14:ac:51:e4 => 10:fe:ed:90:22:12), Proto (0x0800, IPv4) ]
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
As probe request frame consist only with IE params so just
do a similar print of these params as it was done for beacon.
Also using mgmt_{func}_dissect naming for mgmt frame dissectors.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
After all it's round robin mode.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Instead of just reproducing the macro name, provide a little more
information (as given in the comments next to the definitions in
linux/netlink.h)
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Netlink messages don't use the term `family' instead of `protocol', so
stick to it when printing dissected information.
Also, functions with the `nl_' prefix are used by libnl, so in order to
not confuse it with libnl functions, rename nl_proto2str() to
nlmsg_family2str()
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The link type is handled as uint32_t in the rest of the code base so use
that type here as well.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
nlmsg proto handler can't identify Netlink protocol from nlmsghdr, so
sockaddr_ll can be used to get it.
Also renamed [proto -> handler] member in pkt_buff struct, which is more
understandable.
Example:
>U nlmon0 4756 1429891435s.14505747ns
[ NLMSG Proto 0 (RTNETLINK), Len 1160, Type 0x0010 (0x10), Flags 0x0002 (MULTI), Seq-Nr 1429891436, PID 31613 ]
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: Handle usage of NETLINK_SOCK_DIAG with pre 3.10 kernel
headers, fix nl_proto2str() return value, formatting changes]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Now it looks like:
[ Subtype Beacon: Timestamp 0x0000000074c5c180, Beacon Interval (0.102400s), Capabilities (0x431 <-> ESS; Privacy; Short Preamble; Short Slot Time;)
Parameters:
SSID (0, Len (6)): D07F82
Supp. Rates (1, Len (8)): 1(B) 2(B) 5.5(B) 11(B) 6(B) 9 12(B) 18
DSSS Param Set (3, Len(1)): Current Channel: 1
TIM (5, Len(4)): DTIM Count: 0, DTIM Period: 3, Bitmap Control: 0, Partial Virtual Bitmap: 0x00
Country (7, Len(6)): Country String: US First Ch Nr: 1, Nr of Ch: 11, Max Transmit Pwr Lvl: 30
ERP (42, Len(1)): Non ERP Present (0), Use Protection (0), Barker Preamble Mode (0), Reserved (0x00000)
Ext Support Rates (50, Len(4)): 24 36 48 54
HT Capabilities (45, Len(26)):
Info:
LDCP Cod Cap (1)
Supp Ch Width Set (1)
SM Pwr Save(3)
HT-Greenfield (0)
Short GI for 20/40 MHz (1/1)
Tx/Rx STBC (0/0)
HT-Delayed Block Ack (0)
Max A-MSDU Len (0)
DSSS/CCK Mode in 40 MHz (1)
Res (0x0)
Forty MHz Intol (0)
L-SIG TXOP Protection Supp (0)
[...]
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Allow to send SIGHUP to a running netsniff-ng process, causing it to
prematurely rotate the output PCAP when the output device (-o/--out) is
a directory. The rotating interval (time/file size) will be reset.
Suggested by dcode in #140
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Update oui.conf using oui-update.py
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Ever since we switched to the hand-crafted ./configure script, support
for cross-compiling the netsniff-ng toolkit was basically broken.
Restore the abaility to cross-compile our tools by making ./configure
consider the CROSS_COMPILE and SYSROOT variables.
Example for cross-compiling on arm:
$ CROSS_COMPILE=arm-linux-gnueabihf- \
SYSROOT=/usr/arm-linux-gnueabihf \
./configure
$ make
assuming the cross-compiled libraries (and their respective pkg-config
information) are in /usr/arm-linux-gnueabihf.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The libnl3 examples [1] use <netlink/netlink.h> etc. and since
pkg-config returns the paths including the libnl3 path component, we
should specify our include paths relative to these ones, not
/usr/include.
[1] http://www.infradead.org/~tgr/libnl/doc/core.html#_linking_to_this_library
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
In order to be able to set the (sort of) standard command variables CC,
LD etc. from configure via Config, rename the silent LD command variable
to LDQ, in accordance with the existing CCQ.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Currently, when building with DISTRO=0 we optimize for the build host's
architecture by default. This is not compatible with cross-compiling.
Remove the DISTRO flag and only build with -O2 and no -march/-mtune
flags by default.
Support for specifying optimization flags via configure script will be
added in a follow-up patch.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add completions for the three new options.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Properly document the new knobs for doing packet socket's fanout, i.e.
that is, --fanout-group/--fanout-type/--fanout-opts.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
It allows to read pcap file for users who have no permissions to set
process IO prio.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Acked-by: Daniel Borkmann <borkmann@iogearbox.net>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Changed to use ctx->gid when call getgid() on init_ctx. Before we were
overwriting ctx->uid which clearly is an error.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add error cause message when ioprio_setpid fails.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Prevent a NULL pointer dereference if (for whatever reason) pkt_pull
returns NULL.
This issue was discovered using the Coverity scanner.
Fixes: 9278bb65 ("netsniff-ng: Dump basic radiotap header info")
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
If the ioctl() fails, the socket still needs to be closed instead of
returning directly.
This issue was discovered using the Coverity scanner.
Fixes: f43bbe9 ("mac80211: Check existence of generated monX device")
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
ifname not changed inside the function, so make it const.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Make sure params is always NULL-terminated as strncpy() doesn't
guarantee this.
Closes #134
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
netsniff-ng does not delete created rfmon device in case of
panic (for example - bad pcap filter expression), so added ability to
add callback func when panic will be happen and delete rfmon device.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Print the basic radiotap header information in the 80211_mac_hdr
dissector.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: removed printing of binary representation of flags]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Commit f43bbe9e895a ("mac80211: Check existence of generated monX
device") broke starting netsniff-ng w/o any arguments, that is,
sniffing on "any" device. The test in device_ifindex() should be
index < 0.
Fixes: f43bbe9e895a ("mac80211: Check existence of generated monX device")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Add Michal for commit f00d4d54f28 ("netsniff-ng: add packet fanout
support").
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
This work adds packet fanout support to netsniff-ng. Multiple netsniff-ng
instances can join the same fanout group with a particular id in order to
improve scaling.
Based on different fanout disciplines, e.g. distribute to fanout member
by packet hash, round-robin, by arrival cpu, by random, by socket rollover
(if one members socket queue is full, switch to next one, etc), by hardware
queue mapping, traffic can be distributed to one of the fanout members.
Moreover, we also allow the user to specify additional aux arguments, e.g.
whether to defrag incoming traffic for the fanout group or not, and whether
to roll over a socket in case other disciplines than socket rollover have
been used. All that is configurable via command line option.
Signed-off-by: Michał Purzyński <michalpurzynski1@gmail.com>
[ dbkm made some bigger changes to get this upstream ready ]
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
For commit 319840b83b70 ("trafgen: disable timer slack").
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Fix then case when netsniff-ng fails if there is already an existing
monX device while generating one.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
netsniff-ng does not check if monitor device includes radiotap
header which leads to the wrong 802.11 frame parsing.
Tested if the .pcap file is understandable by wireshark and if
dump info is basically correct, but did not test the case when xmit
packets from .pcap file to the output device and from the input device
to the output device.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: whitespace changes]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add printing libnl error message like:
nl80211 returned with error (-23): Object type does not match cache
instead of:
nl80211 returned with error -23
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add the warn_unused_result GCC function attribute to all allocation
functions in xmalloc.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Commit 6c5d0caf3b7c ("netsniff-ng: Fix process name when sniffing nlmon
device") fixed the problem of not NULL-terminating the readlink() result
buffer by initializing the entire buffer with '\0'.
Switch to the more common and better readable idiom of explicitely
writing a NULL byte after the readlink result string to make this more
obvious. Also change the buffer size to PATH_MAX.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
While sniffing nlmon device the process name can be
printed with non-letter characters because readlink does not
put line ending '\0'
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
