summaryrefslogtreecommitdiff
path: root/netsniff-ng.c
AgeCommit message (Collapse)AuthorFilesLines
2015-04-21netsniff-ng: add packet fanout supportMichał Purzyński1-5/+49
This work adds packet fanout support to netsniff-ng. Multiple netsniff-ng instances can join the same fanout group with a particular id in order to improve scaling. Based on different fanout disciplines, e.g. distribute to fanout member by packet hash, round-robin, by arrival cpu, by random, by socket rollover (if one members socket queue is full, switch to next one, etc), by hardware queue mapping, traffic can be distributed to one of the fanout members. Moreover, we also allow the user to specify additional aux arguments, e.g. whether to defrag incoming traffic for the fanout group or not, and whether to roll over a socket in case other disciplines than socket rollover have been used. All that is configurable via command line option. Signed-off-by: Michał Purzyński <michalpurzynski1@gmail.com> [ dbkm made some bigger changes to get this upstream ready ] Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-04-13netsniff-ng: Consider radiotap header of monitor devVadim Kochan1-12/+11
netsniff-ng does not check if monitor device includes radiotap header which leads to the wrong 802.11 frame parsing. Tested if the .pcap file is understandable by wireshark and if dump info is basically correct, but did not test the case when xmit packets from .pcap file to the output device and from the input device to the output device. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: whitespace changes] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-03-31netsniff-ng: No trailing whitespaces in generated trafgen config filesTobias Klauser1-1/+4
Make sure we don't print any unnecessary trailing whitespaces to the trafgen config file when converting from pcap. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-02-05xmalloc: Make xrealloc() arguments conform to realloc()Tobias Klauser1-1/+1
xrealloc() has an additional nmemb argument compared to realloc() for which it should serve as a wrapper. Since we always call with nmemb = 1, we might as well remove this argument and thus have xrealloc() conform to the realloc() function prototype. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-01-26netsniff: Allow filter input pcap file to output pcapVadim Kochan1-1/+19
It might be useful to filter out interesting traffic from input pcap to output pcap file which will contain only filtered packets: $ netsniff-ng -i input.pcap -o output.pcap ip src 192.168.1.198 Now it is possible by specifying output pcap file with ".pcap" extension, otherwise the trafgen file will be generated as by default. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: small wording and whitespace adjustment] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-12-12all: Reduce amount of empty liens in usage and version output a bitTobias Klauser1-5/+5
No need for some of the empty lines, remove them to make the output a bit denser. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-10-01netsniff-ng: Combine redundant pcap file rotation logic into functionTobias Klauser1-34/+24
The code to create the next pcap dump file is duplicated for the HAVE_TPACKET3 and !HAVE_TPACKET3 case. Consolidate the functionality into a function to reduce code duplication. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-09-29netsniff-ng: Fix tpacketv2-only capturingTobias Klauser1-1/+1
We need to set up the RX ring depending on whether tpacket v3 is available or not. Otherwise end up setting its structure up for tpacket v3, even though only tpacket v2 is available. This should fix packet capturing for tpacket v2 (i.e. corrupted frames in pcap). Reported-by: Mike Reeves <luke@geekempire.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-09-29netsniff-ng: Move variable definitionTobias Klauser1-3/+2
Save one #ifdef block by moving the tpacket v3 only variable definition to the block where it is actually used. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-09-11netsniff-ng: Remvoe unnecessary cast to void *Tobias Klauser1-2/+1
The iov_base member of struct iovec is already void *, so there is no need to cast it. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-09-11netsniff-ng: Unindent goto labelTobias Klauser1-2/+1
Stick to the usual style of having goto labels not indented. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-09-09netsniff-ng: Remove useless check for ctx.device_inTobias Klauser1-2/+1
If ctx.device_in is NULL after option parsing, it is always set to "any", which is before this check. Thus, it serves no purpose and can be removed. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-09-05netsniff-ng: Don't duplicate copyright/bug report/license stringTobias Klauser1-18/+13
Move the copyright/bug report/license string to an own constant and use it for the output of help() and version() to avoid duplication and prevent the strings from getting out of sync. This makes the text section of netsniff-ng.o slightly smaller: before: text data bss dec hex filename 26998 8 68 27074 69c2 netsniff-ng/netsniff-ng.o after: text data bss dec hex filename 26582 8 68 26658 6822 netsniff-ng/netsniff-ng.o Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-08-14netsniff-ng: Use correct parameters to show_frame_hdr()Tobias Klauser1-1/+2
Commit edca6174b09 ("dissector: Restore paket type if capturing from nlmon device") changed the signature of show_frame_hdr(). The call to this function was not updated in the !HAVE_TPACKET3 part of netsniff-ng introduced in commit 97e6f994785c ("netsniff-ng: Restore tpacket v2 capturing"), causing a compile error. Fix this by providing the correct parameters to show_frame_hdr() also in this case. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-08-14netsniff-ng: Restore tpacket v2 capturingTobias Klauser1-1/+71
Some older systems (e.g. RHEL 6) don't have tpacket v3 available, but only tpacket v2. However, since commit d8cdc6a ("ring: netsniff-ng: migrate capture only to TPACKET_V3") we solely rely on tpacket v3 for capturing packets. This patch restores the possibility to capture using tpacket v2. For now this is just a fallback if the configure script doesn't detect tpacket v3 (and thus HAVE_TPACKET3 isn't set). Thus, on most modern systems this shouldn't change anything and they will continue using tpacket v3. For now this fix contains quite a bit of ugly #ifdefery which should be cleaned up in the future. Fixes #76 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-08-12netsniff-ng: Add command line option to disable hardware time stampingTobias Klauser1-5/+13
Allow to disable hardware time stamping using the command line switch (-N/--no-hwtimestamp). This might be useful in situations where hardware time stamps are skewed somehow. Reference: #129 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-06-04dissector: Restore paket type if capturing from nlmon deviceTobias Klauser1-4/+8
The kernel sets the skb pkttype to PACKET_OUTGOING for all packets being sent through dev_queue_xmit_nit(). However, if capturing packets from an nlmon device, this causes the information on whether the netlink packet was sent to kernel- or userspace (PACKET_KERNEL/PACKET_USER) to be overwritten. A previous attempt by Daniel Borkmann to fix this in kernel space [1] by not overwriting the packet type for netlink packets was not regarded as the proper solution. [1] http://patchwork.ozlabs.org/patch/338612/ Thus, attempt to fix this in userspace by looking at the pid field of the netlink packet, which is always 0 for messages to kernel space [2]. [2] http://www.carisma.slowglass.com/~tgr/libnl/doc/core.html#core_netlink_fundamentals Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-12bpf: Zero out socket filter in bpf_parse_rules()Tobias Klauser1-7/+0
Instead of memsetting the struct sock_filter every time before we call bpf_parse_rules(), do it there directly. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-09ring: Merge common ring_{rx,tx} initialization into own functionTobias Klauser1-31/+4
Instead of having to perform the individual steps to initialize a ring and open coding them in multiple places, provide convenience functions to do all at once. This has the nice side effect of allowing to make most of these *_{rx,tx}_ring() functions static in their respective module. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-09netsniff-ng: Move function scope variablesTobias Klauser1-8/+9
Move some variables from the function scipe to the block where they're used solely. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-09netsniff-ng: Remove unnecessary memset of struct pollfdTobias Klauser1-2/+0
rx_poll will be passed to prepare_polling() which already zeros the struct, so no need to do it before. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-09netsniff-ng: Remove unnecessary initialization of struct ctx membersTobias Klauser1-4/+0
These will be set later on depending on command line option (or panic() out) and they're set to 0 by init_ctx() anyways. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-30netsniff-ng/ring: Make verbose flag boolTobias Klauser1-3/+3
Change type of verbose flag from int to bool. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-30netsniff-ng: Use while() instead of empty forTobias Klauser1-2/+2
Instead of using a foor loop with empty initialization and afterthought, just use a while loop with the same condition. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-30ring: Consistently use size_t to specify ring sizeTobias Klauser1-4/+8
The mm_len member of struct ring is of type size_t, but in the code paths leading to set it, unsigned int is used. In circumstances where unsigned int is 32 bit and size_t is 64 bit, this could lead to an integer overflow, which causes an improper ring size being mmap()'ed in mmap_ring_generic(). In order to prevent this, consistently use size_t to store the ring size, since this is also what mmap() takes as its `length' parameter. This now allows to specify ring sizes larger than 4 GiB for both netsniff-ng and trafgen (fixes #90). Reported-by: Jon Schipp <jonschipp@gmail.com> Reported-by: Michał Purzyński <michalpurzynski1@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-30netsniff-ng: Fix whitespacesTobias Klauser1-3/+3
Remove some leading/trailing whitespaces. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-28netsniff-ng: Remove locally declared labelsTobias Klauser1-13/+4
These usually only make sense for complex macros which are expanded moree than once. The label for `out' doesn't make sense anyhow as it is declared on function level. Also don't indent the labels, so they're clearer to spot. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-04-12built_in: changed to use RUNTIME_PAGE_SIZE instead of PAGE_SIZEChristian Wiese1-1/+1
References: https://github.com/netsniff-ng/netsniff-ng/commit/453f6eb9d79dd5aa2812ef956b22723f0a493086 https://github.com/netsniff-ng/netsniff-ng/pull/112 Signed-off-by: Christian Wiese <chris@opensde.org> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2014-04-07pcap_io: fill sll when reading pcapDaniel Borkmann1-2/+2
When reading from a pcap in Kuznetsov/netsniff-ng format, we currently do not fill out sll. Do so so that users can see pkttype and the interface. Reported-by: Flavio Leitner <fbl@redhat.com> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2014-02-21netsniff-ng: Exit gracefully for all possible termination signalsTobias Klauser1-0/+4
Handle all termination signals that we're allowed to handle (SIGKILL can't be handled) in order to exit gracefully in any regular termination case. Without this fix, pcap files written by netsniff-ng might be corrupted. Reported-by: Mike Westmacott <mikewestmacott@googlemail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-10-10netsniff-ng: Don't modify optarg/argvTobias Klauser1-2/+0
We shouldn't modify optarg (and thus argv) since it's e.g. used to display the commandline string in `ps'. Since strtoul() reads until it encounters the first non-numeric character and ignores the rest, we can just revert from setting a NULL byte after the numeric part of the string. Reported-by: Jon Schipp <jonschipp@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-10-10netsniff-ng: Use strtoul() instead of strtol() for unsigned longTobias Klauser1-4/+4
If setting an unsigned long variable, use strtoul() instead of strtol(). Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-10-02netsniff-ng: modify mmap option in usage to be grammatically correctJon Schipp1-1/+1
Incorrect usage of "i.e." leads one to believe that replaying is possible only. Signed-off-by: Jon Schipp <jonschipp@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-09-30netsniff-ng: Display pcap I/O method in verbose modeTobias Klauser1-0/+3
If a user accidentially specifies more than one of --mm/--sg/--clrw, the option specified last will be used - as expected from standard command line tools. In order to still prevent users from being confused by this, explicitely display the pcap I/O method used in verbose mode. In order for the output to be more user-friendly, actually write out the method names in const char *pcap_ops_group_to_str, which isn't used anywhere else anyway. Suggested-by: Jon Schipp <jonschipp@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-09-02netsniff-ng: Remove unnecessary fmemset() of struct statTobias Klauser1-1/+0
The struct stat is filled by the call to stat(2) in the next line, so there is no need to explicitely set it to 0 before. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-08-30netsniff-ng: Simplify dump file creation logicTobias Klauser1-9/+5
Instead of using goto, just check stats if stat() returned 0 and used ctx->dump_dir afterwards. This makes the logic a bit easier to follow. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-08-19netsniff-ng: poll: don't panic on EINTRDaniel Borkmann1-4/+8
When signal occurs, don't panic on EINTR, rather gracefully return. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-08-12netsniff-ng: Check return value of poll()Tobias Klauser1-3/+7
The return value of two calls to poll() are never check, despite the (unlikely) possibility of them returning an error, fix it by checking the return value and panic()ing on error. This issue was discovered using the Coverity scanner. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-08-09dev: Integrate `promisc' module into `dev' moduleTobias Klauser1-5/+5
Since entering/leaving promiscuous mode also is a device specific function and all users of the `promisc' module also use `dev', integrate it there. Also rename the functions to have a `device_' prefix like the other functions in the module. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-08-09netsniff-ng: Fix compiler warningTobias Klauser1-1/+1
Fix the following compiler warning that occurs when building with "-W -Wall -Wextra" by introducing a cast: netsniff-ng.c: In function ‘walk_t3_block’: netsniff-ng.c:841:8: warning: comparison between signed and unsigned integer expressions [-Wsign-compare] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-08-09mac80211.c: Remove or mark unused function parametersTobias Klauser1-2/+2
Compiling with "-W -Wall -Wextra" reveals the following warnings in mac80211.c: mac80211.c: In function ‘nl80211_init’: mac80211.c:78:67: warning: unused parameter ‘device’ [-Wunused-parameter] mac80211.c: In function ‘nl80211_wait_handler’: mac80211.c:106:48: warning: unused parameter ‘msg’ [-Wunused-parameter] mac80211.c: In function ‘nl80211_error_handler’: mac80211.c:115:54: warning: unused parameter ‘nla’ [-Wunused-parameter] mac80211.c:117:12: warning: unused parameter ‘arg’ [-Wunused-parameter] mac80211.c: In function ‘nl80211_del_mon_if’: mac80211.c:181:72: warning: unused parameter ‘device’ [-Wunused-parameter] Fix them by either marking them as unused (where we need to conform to library APIs or remove them alltogether (for our own APIs). For the function leave_rfmon_mac80211() the according users (netsniff-ng and trafgen) are also changed. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-07-13pcap_io: Remove unused parameter sll from pcap_pkthdr_to_tpacket_hdr()Tobias Klauser1-3/+2
The sll parameter is not used anywhere in the function, so remove it. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-07-13sparse: netsniff-ng, trafgen: fix remaining time(0) warningsDaniel Borkmann1-2/+2
Those are the last occurences of warnings like: netsniff-ng.c:697:48: warning: Using plain integer as NULL pointer netsniff-ng.c:726:48: warning: Using plain integer as NULL pointer ... Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-07-12bpf_comp: pass NEED_TCPDUMP_LIKE_FILTER through gccDaniel Borkmann1-2/+0
We have to pass NEED_TCPDUMP_LIKE_FILTER define through gcc as it otherwise is not possible to let the pcap compiler invoke through netsniff-ng, but not through astraceroute. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-07-11netsniff-ng: fix recognition of -U command line optionDaniel Borkmann1-1/+1
"-U" has been forgotten to add into shortopts. "--update" works as expeceted however. So simply add "U". Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-07-09configure: fix multiple issues in build configurationDaniel Borkmann1-0/+2
This patch is a bundle of multiple fixes. 1) Fix compilation of astraceroute when HAVE_LIBPCAP=1: astraceroute doesn't need libpcap, so add an additional guard/define to bpf.h and bpf_comp.c and netsniff-ng.c. Also since we generate a config.h file, we do not need to have this additional compile flag anymore. 2) Fix tstamping.{h,c} to use the configure script instead of the Makefile. For doing this, also fix the object inclusion in netsniff-ng/Makefile. Last but not least, rename __WITH_... into HAVE_... as this is more clean. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-07-09all: show git id in --version informationDaniel Borkmann1-2/+4
In order to be able to better track regressions or to give support, let us track the Git id as well in version information. This makes the ``--version'' switch actually useful. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-07-03netsniff-ng: ctx: init and destruct methods for ctxDaniel Borkmann1-18/+33
Refactor ctx initialization and destruction into separate handlers. That is more clean. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-07-03pcap: invoke dev->type to pcap linktype mapperDaniel Borkmann1-1/+2
Invoke dev->type to pcap linktype mapper in order to write a correct pcap file header for various link types. Also fix two bugs in pcap file header parsing and print a warning with the magic link number in case of an unknown link type. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-25netsniff-ng: tpacketv3: 'fix' packet accounting outputDaniel Borkmann1-2/+2
In netsniff-ng, we use tpacketv3 for capturing-only mode. The issue observed lately is that when using f.e. -n10 or capturing a pcap and then quitting, the pcap or actually seen number of packets are less than what the statistics tell us from getsockopt(2). This is due to the fact that tpacketv3 divides its ring buffer into blocks of frames. Meaning, while we are traversing block n, the kernel already fills up block n+1 and following if new packets arrive. While doing so, it increments packet counters. Thus, when we ^C, we haven't seen those blocks, so the stats tell us mostly a slightly higher result. Fix this by adjusting socket stats printing to this fact. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>