Age | Commit message (Collapse) | Author | Files | Lines |
|
This work adds packet fanout support to netsniff-ng. Multiple netsniff-ng
instances can join the same fanout group with a particular id in order to
improve scaling.
Based on different fanout disciplines, e.g. distribute to fanout member
by packet hash, round-robin, by arrival cpu, by random, by socket rollover
(if one members socket queue is full, switch to next one, etc), by hardware
queue mapping, traffic can be distributed to one of the fanout members.
Moreover, we also allow the user to specify additional aux arguments, e.g.
whether to defrag incoming traffic for the fanout group or not, and whether
to roll over a socket in case other disciplines than socket rollover have
been used. All that is configurable via command line option.
Signed-off-by: Michał Purzyński <michalpurzynski1@gmail.com>
[ dbkm made some bigger changes to get this upstream ready ]
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
netsniff-ng does not check if monitor device includes radiotap
header which leads to the wrong 802.11 frame parsing.
Tested if the .pcap file is understandable by wireshark and if
dump info is basically correct, but did not test the case when xmit
packets from .pcap file to the output device and from the input device
to the output device.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: whitespace changes]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Make sure we don't print any unnecessary trailing whitespaces to the
trafgen config file when converting from pcap.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
xrealloc() has an additional nmemb argument compared to realloc() for
which it should serve as a wrapper. Since we always call with nmemb = 1,
we might as well remove this argument and thus have xrealloc() conform
to the realloc() function prototype.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
It might be useful to filter out interesting traffic
from input pcap to output pcap file which will contain only
filtered packets:
$ netsniff-ng -i input.pcap -o output.pcap ip src 192.168.1.198
Now it is possible by specifying output pcap file with ".pcap"
extension, otherwise the trafgen file will be generated as by default.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: small wording and whitespace adjustment]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
No need for some of the empty lines, remove them to make the output a
bit denser.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The code to create the next pcap dump file is duplicated for the
HAVE_TPACKET3 and !HAVE_TPACKET3 case. Consolidate the functionality
into a function to reduce code duplication.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
We need to set up the RX ring depending on whether tpacket v3 is
available or not. Otherwise end up setting its structure up for tpacket
v3, even though only tpacket v2 is available. This should fix packet
capturing for tpacket v2 (i.e. corrupted frames in pcap).
Reported-by: Mike Reeves <luke@geekempire.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Save one #ifdef block by moving the tpacket v3 only variable definition
to the block where it is actually used.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The iov_base member of struct iovec is already void *, so there is no
need to cast it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Stick to the usual style of having goto labels not indented.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
If ctx.device_in is NULL after option parsing, it is always set to
"any", which is before this check. Thus, it serves no purpose and can be
removed.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Move the copyright/bug report/license string to an own constant and use
it for the output of help() and version() to avoid duplication and
prevent the strings from getting out of sync. This makes the text
section of netsniff-ng.o slightly smaller:
before:
text data bss dec hex filename
26998 8 68 27074 69c2 netsniff-ng/netsniff-ng.o
after:
text data bss dec hex filename
26582 8 68 26658 6822 netsniff-ng/netsniff-ng.o
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Commit edca6174b09 ("dissector: Restore paket type if capturing from
nlmon device") changed the signature of show_frame_hdr(). The call to
this function was not updated in the !HAVE_TPACKET3 part of netsniff-ng
introduced in commit 97e6f994785c ("netsniff-ng: Restore tpacket v2
capturing"), causing a compile error. Fix this by providing the correct
parameters to show_frame_hdr() also in this case.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Some older systems (e.g. RHEL 6) don't have tpacket v3 available, but
only tpacket v2. However, since commit d8cdc6a ("ring: netsniff-ng:
migrate capture only to TPACKET_V3") we solely rely on tpacket v3 for
capturing packets.
This patch restores the possibility to capture using tpacket v2. For now
this is just a fallback if the configure script doesn't detect tpacket
v3 (and thus HAVE_TPACKET3 isn't set). Thus, on most modern systems this
shouldn't change anything and they will continue using tpacket v3.
For now this fix contains quite a bit of ugly #ifdefery which should be
cleaned up in the future.
Fixes #76
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Allow to disable hardware time stamping using the command line switch
(-N/--no-hwtimestamp). This might be useful in situations where hardware
time stamps are skewed somehow.
Reference: #129
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The kernel sets the skb pkttype to PACKET_OUTGOING for all packets being
sent through dev_queue_xmit_nit(). However, if capturing packets from an
nlmon device, this causes the information on whether the netlink packet
was sent to kernel- or userspace (PACKET_KERNEL/PACKET_USER) to be
overwritten.
A previous attempt by Daniel Borkmann to fix this in kernel space [1] by
not overwriting the packet type for netlink packets was not regarded as
the proper solution.
[1] http://patchwork.ozlabs.org/patch/338612/
Thus, attempt to fix this in userspace by looking at the pid field of
the netlink packet, which is always 0 for messages to kernel space [2].
[2] http://www.carisma.slowglass.com/~tgr/libnl/doc/core.html#core_netlink_fundamentals
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Instead of memsetting the struct sock_filter every time before we call
bpf_parse_rules(), do it there directly.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Instead of having to perform the individual steps to initialize a ring
and open coding them in multiple places, provide convenience functions
to do all at once. This has the nice side effect of allowing to make
most of these *_{rx,tx}_ring() functions static in their respective
module.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Move some variables from the function scipe to the block where they're
used solely.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
rx_poll will be passed to prepare_polling() which already zeros the
struct, so no need to do it before.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
These will be set later on depending on command line option (or panic()
out) and they're set to 0 by init_ctx() anyways.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Change type of verbose flag from int to bool.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Instead of using a foor loop with empty initialization and afterthought,
just use a while loop with the same condition.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The mm_len member of struct ring is of type size_t, but in the code
paths leading to set it, unsigned int is used. In circumstances where
unsigned int is 32 bit and size_t is 64 bit, this could lead to an
integer overflow, which causes an improper ring size being mmap()'ed in
mmap_ring_generic().
In order to prevent this, consistently use size_t to store the ring
size, since this is also what mmap() takes as its `length' parameter.
This now allows to specify ring sizes larger than 4 GiB for both
netsniff-ng and trafgen (fixes #90).
Reported-by: Jon Schipp <jonschipp@gmail.com>
Reported-by: Michał Purzyński <michalpurzynski1@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Remove some leading/trailing whitespaces.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
These usually only make sense for complex macros which are expanded
moree than once. The label for `out' doesn't make sense anyhow as it is
declared on function level.
Also don't indent the labels, so they're clearer to spot.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
References:
https://github.com/netsniff-ng/netsniff-ng/commit/453f6eb9d79dd5aa2812ef956b22723f0a493086
https://github.com/netsniff-ng/netsniff-ng/pull/112
Signed-off-by: Christian Wiese <chris@opensde.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
When reading from a pcap in Kuznetsov/netsniff-ng format, we currently do
not fill out sll. Do so so that users can see pkttype and the interface.
Reported-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Handle all termination signals that we're allowed to handle (SIGKILL
can't be handled) in order to exit gracefully in any regular termination
case. Without this fix, pcap files written by netsniff-ng might be
corrupted.
Reported-by: Mike Westmacott <mikewestmacott@googlemail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
We shouldn't modify optarg (and thus argv) since it's e.g. used to
display the commandline string in `ps'. Since strtoul() reads until it
encounters the first non-numeric character and ignores the rest, we can
just revert from setting a NULL byte after the numeric part of the
string.
Reported-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
If setting an unsigned long variable, use strtoul() instead of strtol().
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Incorrect usage of "i.e." leads one to believe that replaying is
possible only.
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
If a user accidentially specifies more than one of --mm/--sg/--clrw, the
option specified last will be used - as expected from standard command
line tools. In order to still prevent users from being confused by this,
explicitely display the pcap I/O method used in verbose mode.
In order for the output to be more user-friendly, actually write out the
method names in const char *pcap_ops_group_to_str, which isn't used
anywhere else anyway.
Suggested-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The struct stat is filled by the call to stat(2) in the next line, so
there is no need to explicitely set it to 0 before.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Instead of using goto, just check stats if stat() returned 0 and used
ctx->dump_dir afterwards. This makes the logic a bit easier to follow.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
When signal occurs, don't panic on EINTR, rather gracefully return.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
The return value of two calls to poll() are never check, despite the
(unlikely) possibility of them returning an error, fix it by checking
the return value and panic()ing on error.
This issue was discovered using the Coverity scanner.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Since entering/leaving promiscuous mode also is a device specific
function and all users of the `promisc' module also use `dev', integrate
it there. Also rename the functions to have a `device_' prefix like the
other functions in the module.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Fix the following compiler warning that occurs when building with "-W
-Wall -Wextra" by introducing a cast:
netsniff-ng.c: In function ‘walk_t3_block’:
netsniff-ng.c:841:8: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Compiling with "-W -Wall -Wextra" reveals the following warnings in
mac80211.c:
mac80211.c: In function ‘nl80211_init’:
mac80211.c:78:67: warning: unused parameter ‘device’ [-Wunused-parameter]
mac80211.c: In function ‘nl80211_wait_handler’:
mac80211.c:106:48: warning: unused parameter ‘msg’ [-Wunused-parameter]
mac80211.c: In function ‘nl80211_error_handler’:
mac80211.c:115:54: warning: unused parameter ‘nla’ [-Wunused-parameter]
mac80211.c:117:12: warning: unused parameter ‘arg’ [-Wunused-parameter]
mac80211.c: In function ‘nl80211_del_mon_if’:
mac80211.c:181:72: warning: unused parameter ‘device’ [-Wunused-parameter]
Fix them by either marking them as unused (where we need to conform to
library APIs or remove them alltogether (for our own APIs). For the
function leave_rfmon_mac80211() the according users (netsniff-ng and
trafgen) are also changed.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The sll parameter is not used anywhere in the function, so remove it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Those are the last occurences of warnings like:
netsniff-ng.c:697:48: warning: Using plain integer as NULL pointer
netsniff-ng.c:726:48: warning: Using plain integer as NULL pointer
...
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
We have to pass NEED_TCPDUMP_LIKE_FILTER define through gcc as it
otherwise is not possible to let the pcap compiler invoke through
netsniff-ng, but not through astraceroute.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
"-U" has been forgotten to add into shortopts. "--update" works as
expeceted however. So simply add "U".
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
This patch is a bundle of multiple fixes.
1) Fix compilation of astraceroute when HAVE_LIBPCAP=1:
astraceroute doesn't need libpcap, so add an additional
guard/define to bpf.h and bpf_comp.c and netsniff-ng.c.
Also since we generate a config.h file, we do not need
to have this additional compile flag anymore.
2) Fix tstamping.{h,c} to use the configure script instead
of the Makefile. For doing this, also fix the object
inclusion in netsniff-ng/Makefile.
Last but not least, rename __WITH_... into HAVE_... as this
is more clean.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
In order to be able to better track regressions or to give support,
let us track the Git id as well in version information. This makes
the ``--version'' switch actually useful.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Refactor ctx initialization and destruction into separate handlers.
That is more clean.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Invoke dev->type to pcap linktype mapper in order to write a correct
pcap file header for various link types. Also fix two bugs in pcap
file header parsing and print a warning with the magic link number in
case of an unknown link type.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
In netsniff-ng, we use tpacketv3 for capturing-only mode. The issue
observed lately is that when using f.e. -n10 or capturing a pcap and
then quitting, the pcap or actually seen number of packets are less
than what the statistics tell us from getsockopt(2).
This is due to the fact that tpacketv3 divides its ring buffer into
blocks of frames. Meaning, while we are traversing block n, the kernel
already fills up block n+1 and following if new packets arrive. While
doing so, it increments packet counters. Thus, when we ^C, we haven't
seen those blocks, so the stats tell us mostly a slightly higher
result. Fix this by adjusting socket stats printing to this fact.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|