summaryrefslogtreecommitdiff
path: root/netsniff-ng.c
AgeCommit message (Collapse)AuthorFilesLines
2013-07-09all: show git id in --version informationDaniel Borkmann1-2/+4
In order to be able to better track regressions or to give support, let us track the Git id as well in version information. This makes the ``--version'' switch actually useful. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-07-03netsniff-ng: ctx: init and destruct methods for ctxDaniel Borkmann1-18/+33
Refactor ctx initialization and destruction into separate handlers. That is more clean. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-07-03pcap: invoke dev->type to pcap linktype mapperDaniel Borkmann1-1/+2
Invoke dev->type to pcap linktype mapper in order to write a correct pcap file header for various link types. Also fix two bugs in pcap file header parsing and print a warning with the magic link number in case of an unknown link type. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-25netsniff-ng: tpacketv3: 'fix' packet accounting outputDaniel Borkmann1-2/+2
In netsniff-ng, we use tpacketv3 for capturing-only mode. The issue observed lately is that when using f.e. -n10 or capturing a pcap and then quitting, the pcap or actually seen number of packets are less than what the statistics tell us from getsockopt(2). This is due to the fact that tpacketv3 divides its ring buffer into blocks of frames. Meaning, while we are traversing block n, the kernel already fills up block n+1 and following if new packets arrive. While doing so, it increments packet counters. Thus, when we ^C, we haven't seen those blocks, so the stats tell us mostly a slightly higher result. Fix this by adjusting socket stats printing to this fact. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-14netsniff-ng: Report if HW timestamping is enabledTobias Klauser1-1/+3
Until now we didn't check the return value of set_sockopt_hwtimestamp() and the Coverity scanner complained about it, so use it's return value to report if timstamping is actually enabled in verbose mode. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-06-12ioops: misc: add dup{,2}_or_die to ioopsDaniel Borkmann1-4/+4
Bail out if it should ever fail. Detected by coverty in the translate_pcap_to_txf() path. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-12netsniff-ng: walk_t3_block: prevent fd from double closeDaniel Borkmann1-4/+4
Only close the very first pcap file of multi-pcap files once, and not once during next_multi_pcap_file and once during exit. Discovered by Coverty scanner. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-04tstamping: add header file for packet timestampingDaniel Borkmann1-2/+1
Better add a header file for this, so that we do not need to have it in multiple places declared. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-04xutils: eliminate xutils, move rest to epoll2Daniel Borkmann1-1/+0
Finally eliminate xutils.{c,h} and move the rest to epoll2. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-04timer: add time management functionsDaniel Borkmann1-0/+1
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-04sig: add signal handling functionsDaniel Borkmann1-0/+1
Add an extra file for signal handling functions. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-04sock: add socket management functionsDaniel Borkmann1-0/+1
Remove them from xutils, and add them to socket management. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-04proc: move out process specific management functionsDaniel Borkmann1-2/+3
Move them out of xutils, so that we can maintain them separately. Also simplify things a bit. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-04privs: move drop_privileges out of xutilsDaniel Borkmann1-0/+1
Again, also to be able to maintain this more easily. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-04xutils: break out promisc mode functionsDaniel Borkmann1-0/+1
Put them separately for the sake of maintanence. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-04irq: rename device_bind_irq_to_cpu to device_set_irq_affinityDaniel Borkmann1-2/+2
This is more appropriate and consistent with other device irq functions. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-04xio: rename xio to ioops and reduce its includesDaniel Borkmann1-1/+1
Rename xio to ioops (io-ops) and boil its include files down to a minimum. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-04xio: add ioexact operationsDaniel Borkmann1-4/+1
Break this out so that we only need to have sigint non-static where it is really needed. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-04xutils: break out string handling and lockingDaniel Borkmann1-0/+2
Break out all string handling functions and lockme stuff in order to further eliminate the big code blob in xutils, so that it can be easier maintained. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-03netsniff-ng: v3: fix packet accounting on --numDaniel Borkmann1-7/+8
We need to carry frame_count through multiple calls of walk function to account correctly for --num <pkts>. Also, move socket stats printing into rx ring, since it belongs there. Todo: the kernel socket seems to have a different count that what we see. This needs to be fixed one way or the other. Not yet sure what's causing this. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-06-03irq: break out from xutils and save + restoreDaniel Borkmann1-1/+2
Break out IRQ functionality from xutils, simplify it, and save + restore IRQ affinity list. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-05-31netsniff-ng: minor: update help descriptionDaniel Borkmann1-3/+3
Give -J a lower prio in the help option ranking and state that its only for replay or forwarding. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-05-31netsniff-ng: enable jumbo frames on default in tpacket_v3Daniel Borkmann1-4/+4
Since frames are stored more compressed and contiguous, we can also enable jumbo support in pcap dumps by default, since we have no further restrictions in terms of ring buffer frame size. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-05-31ring: netsniff-ng: migrate capture only to TPACKET_V3Daniel Borkmann1-75/+79
Lets migrate capturing to TPACKET_V3, since it will bring a better performance due to fewer page cache misses caused by a higher density of packets, since now they are contigous placed in the ring buffer. It is said that TPACKET_V3 brings the following benefits: *) ~15 - 20% reduction in CPU-usage *) ~20% increase in packet capture rate *) ~2x increase in packet density *) Port aggregation analysis *) Non static frame size to capture entire packet payload Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-05-31ring: setup frame structure for v2/v3 in a generic wayDaniel Borkmann1-4/+4
Prepare TPACKET_V3 for allowing to transparently setting up the frame structure such that we do not need to change much in the netsniff-ng/trafgen code. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-05-30ring: prepare setup_rx_ring_layout for support in v2/v3Daniel Borkmann1-2/+2
Prepare setup_rx_ring_layout for both, v2 and v3. Also do some checks during compile time if offsets stay the same as we operate on different union mappings. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-05-30netsniff-ng: Add __maybe_unused attribute to timer functionsTobias Klauser1-3/+2
The two functions timer_elapsed() and timer_next_dump() both take an argument which they don't use. Annotate them appropriately using the __maybe_unused attribute. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-05-23make: include build nameDaniel Borkmann1-1/+1
Include long version string into tools when called with --version. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-05-17netsniff-ng: Add __noreturn attribute to exiting functionsTobias Klauser1-2/+2
Add the __noreturn attribute to all functions which wont return but call die() themselves to exit(). Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-05-15man: trafgen: Minor fixesTobias Klauser1-1/+1
Replace "on default" by "by default", make it a bit more clear what the seed in the -E/--seed option is for and mention exit after display of information on --version and --help. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-05-13ring: break out timestamping since not directly relatedDaniel Borkmann1-0/+2
Break out the timestamping part of the ring.h file, since it's not directly related to the {t,r}x_ring. Also inlining doesn't make sense here. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-04-23netsniff-ng: remove set_sockopt_hwtimestamp callDaniel Borkmann1-1/+0
For TX this call is completly useless and has no effect whatsoever. Therefore, remove it. For the RX part, this call makes perfect sense, not for the other one currently. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-04-11netsniff-ng: mlock: only lock current and future pages when rootDaniel Borkmann1-2/+4
When we're still root, we tell the kernel to lock/protect all current and future pages in memory so that they will not be swapped out in case the system uses up too much. Now when we do xzmalloc_aligned(), it calls internally posix_memalign() that can call mmap(2), thus we will get an EAGAIN as errno, since we're not root anymore and since we wanted to touch sth. that belongs to root. Nasty. Fix this up by only protecting these pages when we do not use -u/-g. Reported-by: Doug Burks <doug.burks@gmail.com> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-04-09pcap_io: introduce init_once helper that is called with priviledgesDaniel Borkmann1-0/+9
When using netsniff-ng with dropping priviledges, we have to introduce another pcap helper function that is called once before we drop the priviledges. In this function we have to invoke the disc I/O scheduler policy, because it needs priviledges. Otherwise netsniff-ng will fail with "Failed to set io prio for pid" on startup, since we're not root anymore. Reported-by: Doug Burks <doug.burks@gmail.com> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-04-06netsniff-ng: also capture if NIC is currently downDaniel Borkmann1-5/+0
There is actually no reason why netsniff-ng should fail if the NIC is down at startup. We still can setup everything and already capture at the time it goes up. This might be useful when replugging cables on servers, for instance. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-03-28ring: purge timer before we unmap tx ring buffersDaniel Borkmann1-0/+19
If we unmap TX ring buffers and still have timer shots that trigger the kernel to traverse the TX_RING, it can send out random crap in some situations. Prevent this by destroying the timer and flush the TX_RING first in wait mode. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-03-16netsniff-ng: if we cannot get intermediate pcap statistics, panicDaniel Borkmann1-1/+5
Before we do calculations on statistics, check if we really got them. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-03-16netsniff-ng trafgen: check return value of pull_and_flush_ringDaniel Borkmann1-1/+12
Let us check the return value when the timer triggers a TX flush request to the kernel. However, ignore the case of BADFS and NOBUFS. The socket could already have been closed before the timer triggers in the first case, and in the second, we just let the next timer continue processing if currently the buffer space is exhausted. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-03-16netsniff-ng: do not leak file descriptors on exitDaniel Borkmann1-9/+6
Covertiy detected that when we redirect sdtin/stdout either via ``-i -'' or ``-o -'', we also need to properly close it when it goes out of scope. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
2013-03-15all: import netsniff-ng 0.5.8-rc0 sourceDaniel Borkmann1-0/+1369
We decided to get rid of the old Git history and start a new one for several reasons: *) Allow / enforce only high-quality commits (which was not the case for many commits in the history), have a policy that is more close to the one from the Linux kernel. With high quality commits, we mean code that is logically split into commits and commit messages that are signed-off and have a proper subject and message body. We do not allow automatic Github merges anymore, since they are total bullshit. However, we will either cherry-pick your patches or pull them manually. *) The old archive was about ~27MB for no particular good reason. This basically derived from the bad decision that also some PDF files where stored there. From this moment onwards, no binary objects are allowed to be stored in this repository anymore. The old archive is not wiped away from the Internet. You will still be able to find it, e.g. on git.cryptoism.org etc. Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>