Age | Commit message (Collapse) | Author | Files | Lines |
|
References:
https://github.com/netsniff-ng/netsniff-ng/commit/453f6eb9d79dd5aa2812ef956b22723f0a493086
https://github.com/netsniff-ng/netsniff-ng/pull/112
Signed-off-by: Christian Wiese <chris@opensde.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
When building against musl libc I encountered following issue:
---------------------------------------------------------------------------
In file included from xmalloc.h:6:0,
from xmalloc.c:17:
built_in.h:181:0: warning: "PAGE_SIZE" redefined [enabled by default]
In file included from /usr/include/limits.h:8:0
---------------------------------------------------------------------------
According to the POSIX standard PAGE_SIZE should be defined in <limits.h> [1]
which is the case with musl libc if for example _GNU_SOURCE or _BSD_SOURCE
are defined which both is the case in netsniff-ng sources.
On my i686 test build the interesting part of <bits/limits.h> which itself
gets included by <limits.h> looks like this:
---------------------------------------------------------------------------
#if defined(_POSIX_SOURCE) || defined(_POSIX_C_SOURCE) \
|| defined(_XOPEN_SOURCE) || defined(_GNU_SOURCE) || defined(_BSD_SOURCE)
#define PAGE_SIZE 4096
#define LONG_BIT 64
#endif
---------------------------------------------------------------------------
Note:
Besides that I noticed that currently getpagesize(2) is used, which is
considered legacy and has been dropped with POSIX.1-2001 [2].
According to getpagesize(2) [2] portable applications should use sysconf(3) [3]
By using getpagesize(2) unconditionally the intention was maybe to always use
the run time configuration value of PAGE_SIZE as returned by the kernel.
At least in the case of musl libc and applying this change this would not be
the case anymore as the static PAGE_SIZE value from the header would be used!
References:
[1] http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/limits.h.html
[2] http://man7.org/linux/man-pages/man2/getpagesize.2.html
[3] http://man7.org/linux/man-pages/man3/sysconf.3.html
Signed-off-by: Christian Wiese <chris@opensde.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
musl libc doesn't provide the non-standard macros for common mode
bit masks, which other libc implementations like glibc define in
<sys/stat.h>.
Compile time error when building against musl libc:
--------------------------------------------------------------------------
netsniff-ng.c: In function 'read_pcap':
netsniff-ng.c:592:33: error: 'DEFFILEMODE' undeclared (first use in this function)
--------------------------------------------------------------------------
This change improves built_in.h to check if DEFFILEMODE is defined
and if not it defines it to be available internally.
Signed-off-by: Christian Wiese <chris@opensde.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Linux kernel provides nlmon device (ARPHRD_NETLINK) driver that
can tap on netlink traffic, e.g.:
Setup:
modprobe nlmon
ip link add type nlmon
ip link set nlmon0 up
Capture:
netsniff-ng -i nlmon0 ... (or -i any)
Teardown:
ip link set nlmon0 down
ip link del dev nlmon0
rmmod nlmon
Provide information about the packet direction (user space or kernel
space), so that dissector will show that properly.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Since Linux 3.14, the kernel supports a socket option PACKET_QDISC_BYPASS,
which trafgen enables by default. That allow us to bypass the kernels
normal qdisc (traffic control) layer.
An option -q, --qdisc-path is added to allow enabling the qdisc path
explicity, useful for testing purposes.
This will be avail in kernels >= 3.14 via
commit d346a3fae3 (packet: introduce PACKET_QDISC_BYPASS socket option).
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
|
|
Introduce non-typechecking versions of min_t() and max_t() and use them
where a cast would be needed.
The macros were taken from the Linux Kernel, release under GPL v2.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Some 3.x kernel versions seem not to ship yet the definition of
ARPHRD_IEEE802154_MONITOR. Add it into built_in.h to let the
tools build.
Reported-by: Pablo Henrique <phenrique@gmail.com>
Reported-by: Tobias Kalbitz <tobias.kalbitz@gmail.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Various fixes for last commit. Sorry for that.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Remove header comments where appropriate. And also clean up colorize
a bit.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Prepare setup_rx_ring_layout for both, v2 and v3. Also do some checks
during compile time if offsets stay the same as we operate on different
union mappings.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
It rather belongs to built_in.h, and not here.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
There are people with machines containing far more than 32 CPUs. In
their case ifpps didn't work until now because of a limitation to 32
CPUs.
Rework ifpps to support an arbitrary number of CPUs. In order to still
remain within the display space, if more than 10 (TOP_CPUS) CPUs are
available, only the 10 top hitting (in terms of usr and sys time or irqs
respectively) are displayed.
Suggested-by: Daniel Borkmann <borkmann@iogearbox.net>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
This can be used to mark functions which will call exit() by themselves.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Now, with PF_PACKET's extension, we can see what kind of sw/hw
timestamp is being reported to us [1]. Thus, report it in the
dissector.
[1] http://thread.gmane.org/gmane.linux.network/266878/
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
We decided to get rid of the old Git history and start a new one for
several reasons:
*) Allow / enforce only high-quality commits (which was not the case
for many commits in the history), have a policy that is more close
to the one from the Linux kernel. With high quality commits, we
mean code that is logically split into commits and commit messages
that are signed-off and have a proper subject and message body.
We do not allow automatic Github merges anymore, since they are
total bullshit. However, we will either cherry-pick your patches
or pull them manually.
*) The old archive was about ~27MB for no particular good reason.
This basically derived from the bad decision that also some PDF
files where stored there. From this moment onwards, no binary
objects are allowed to be stored in this repository anymore.
The old archive is not wiped away from the Internet. You will still
be able to find it, e.g. on git.cryptoism.org etc.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|