Age | Commit message (Collapse) | Author | Files | Lines |
|
The mm_len member of struct ring is of type size_t, but in the code
paths leading to set it, unsigned int is used. In circumstances where
unsigned int is 32 bit and size_t is 64 bit, this could lead to an
integer overflow, which causes an improper ring size being mmap()'ed in
mmap_ring_generic().
In order to prevent this, consistently use size_t to store the ring
size, since this is also what mmap() takes as its `length' parameter.
This now allows to specify ring sizes larger than 4 GiB for both
netsniff-ng and trafgen (fixes #90).
Reported-by: Jon Schipp <jonschipp@gmail.com>
Reported-by: Michał Purzyński <michalpurzynski1@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Remove some leading/trailing whitespaces.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
These usually only make sense for complex macros which are expanded
moree than once. The label for `out' doesn't make sense anyhow as it is
declared on function level.
Also don't indent the labels, so they're clearer to spot.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
References:
https://github.com/netsniff-ng/netsniff-ng/commit/453f6eb9d79dd5aa2812ef956b22723f0a493086
https://github.com/netsniff-ng/netsniff-ng/pull/112
Signed-off-by: Christian Wiese <chris@opensde.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
When reading from a pcap in Kuznetsov/netsniff-ng format, we currently do
not fill out sll. Do so so that users can see pkttype and the interface.
Reported-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Handle all termination signals that we're allowed to handle (SIGKILL
can't be handled) in order to exit gracefully in any regular termination
case. Without this fix, pcap files written by netsniff-ng might be
corrupted.
Reported-by: Mike Westmacott <mikewestmacott@googlemail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
We shouldn't modify optarg (and thus argv) since it's e.g. used to
display the commandline string in `ps'. Since strtoul() reads until it
encounters the first non-numeric character and ignores the rest, we can
just revert from setting a NULL byte after the numeric part of the
string.
Reported-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
If setting an unsigned long variable, use strtoul() instead of strtol().
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Incorrect usage of "i.e." leads one to believe that replaying is
possible only.
Signed-off-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
If a user accidentially specifies more than one of --mm/--sg/--clrw, the
option specified last will be used - as expected from standard command
line tools. In order to still prevent users from being confused by this,
explicitely display the pcap I/O method used in verbose mode.
In order for the output to be more user-friendly, actually write out the
method names in const char *pcap_ops_group_to_str, which isn't used
anywhere else anyway.
Suggested-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The struct stat is filled by the call to stat(2) in the next line, so
there is no need to explicitely set it to 0 before.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Instead of using goto, just check stats if stat() returned 0 and used
ctx->dump_dir afterwards. This makes the logic a bit easier to follow.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
When signal occurs, don't panic on EINTR, rather gracefully return.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
The return value of two calls to poll() are never check, despite the
(unlikely) possibility of them returning an error, fix it by checking
the return value and panic()ing on error.
This issue was discovered using the Coverity scanner.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Since entering/leaving promiscuous mode also is a device specific
function and all users of the `promisc' module also use `dev', integrate
it there. Also rename the functions to have a `device_' prefix like the
other functions in the module.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Fix the following compiler warning that occurs when building with "-W
-Wall -Wextra" by introducing a cast:
netsniff-ng.c: In function ‘walk_t3_block’:
netsniff-ng.c:841:8: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Compiling with "-W -Wall -Wextra" reveals the following warnings in
mac80211.c:
mac80211.c: In function ‘nl80211_init’:
mac80211.c:78:67: warning: unused parameter ‘device’ [-Wunused-parameter]
mac80211.c: In function ‘nl80211_wait_handler’:
mac80211.c:106:48: warning: unused parameter ‘msg’ [-Wunused-parameter]
mac80211.c: In function ‘nl80211_error_handler’:
mac80211.c:115:54: warning: unused parameter ‘nla’ [-Wunused-parameter]
mac80211.c:117:12: warning: unused parameter ‘arg’ [-Wunused-parameter]
mac80211.c: In function ‘nl80211_del_mon_if’:
mac80211.c:181:72: warning: unused parameter ‘device’ [-Wunused-parameter]
Fix them by either marking them as unused (where we need to conform to
library APIs or remove them alltogether (for our own APIs). For the
function leave_rfmon_mac80211() the according users (netsniff-ng and
trafgen) are also changed.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The sll parameter is not used anywhere in the function, so remove it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Those are the last occurences of warnings like:
netsniff-ng.c:697:48: warning: Using plain integer as NULL pointer
netsniff-ng.c:726:48: warning: Using plain integer as NULL pointer
...
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
We have to pass NEED_TCPDUMP_LIKE_FILTER define through gcc as it
otherwise is not possible to let the pcap compiler invoke through
netsniff-ng, but not through astraceroute.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
"-U" has been forgotten to add into shortopts. "--update" works as
expeceted however. So simply add "U".
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
This patch is a bundle of multiple fixes.
1) Fix compilation of astraceroute when HAVE_LIBPCAP=1:
astraceroute doesn't need libpcap, so add an additional
guard/define to bpf.h and bpf_comp.c and netsniff-ng.c.
Also since we generate a config.h file, we do not need
to have this additional compile flag anymore.
2) Fix tstamping.{h,c} to use the configure script instead
of the Makefile. For doing this, also fix the object
inclusion in netsniff-ng/Makefile.
Last but not least, rename __WITH_... into HAVE_... as this
is more clean.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
In order to be able to better track regressions or to give support,
let us track the Git id as well in version information. This makes
the ``--version'' switch actually useful.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Refactor ctx initialization and destruction into separate handlers.
That is more clean.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Invoke dev->type to pcap linktype mapper in order to write a correct
pcap file header for various link types. Also fix two bugs in pcap
file header parsing and print a warning with the magic link number in
case of an unknown link type.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
In netsniff-ng, we use tpacketv3 for capturing-only mode. The issue
observed lately is that when using f.e. -n10 or capturing a pcap and
then quitting, the pcap or actually seen number of packets are less
than what the statistics tell us from getsockopt(2).
This is due to the fact that tpacketv3 divides its ring buffer into
blocks of frames. Meaning, while we are traversing block n, the kernel
already fills up block n+1 and following if new packets arrive. While
doing so, it increments packet counters. Thus, when we ^C, we haven't
seen those blocks, so the stats tell us mostly a slightly higher
result. Fix this by adjusting socket stats printing to this fact.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Until now we didn't check the return value of set_sockopt_hwtimestamp()
and the Coverity scanner complained about it, so use it's return value
to report if timstamping is actually enabled in verbose mode.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Bail out if it should ever fail. Detected by coverty in the
translate_pcap_to_txf() path.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Only close the very first pcap file of multi-pcap files once, and not
once during next_multi_pcap_file and once during exit.
Discovered by Coverty scanner.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Better add a header file for this, so that we do not need to have it
in multiple places declared.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Finally eliminate xutils.{c,h} and move the rest to epoll2.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Add an extra file for signal handling functions.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Remove them from xutils, and add them to socket management.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Move them out of xutils, so that we can maintain them separately.
Also simplify things a bit.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Again, also to be able to maintain this more easily.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Put them separately for the sake of maintanence.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
This is more appropriate and consistent with other device irq
functions.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Rename xio to ioops (io-ops) and boil its include files down to a
minimum.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Break this out so that we only need to have sigint non-static where
it is really needed.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Break out all string handling functions and lockme stuff in order
to further eliminate the big code blob in xutils, so that it can
be easier maintained.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
We need to carry frame_count through multiple calls of walk function
to account correctly for --num <pkts>. Also, move socket stats printing
into rx ring, since it belongs there.
Todo: the kernel socket seems to have a different count that what we
see. This needs to be fixed one way or the other. Not yet sure what's
causing this.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Break out IRQ functionality from xutils, simplify it, and
save + restore IRQ affinity list.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Give -J a lower prio in the help option ranking and state that its
only for replay or forwarding.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Since frames are stored more compressed and contiguous, we can also
enable jumbo support in pcap dumps by default, since we have no further
restrictions in terms of ring buffer frame size.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Lets migrate capturing to TPACKET_V3, since it will bring a better
performance due to fewer page cache misses caused by a higher density
of packets, since now they are contigous placed in the ring buffer.
It is said that TPACKET_V3 brings the following benefits:
*) ~15 - 20% reduction in CPU-usage
*) ~20% increase in packet capture rate
*) ~2x increase in packet density
*) Port aggregation analysis
*) Non static frame size to capture entire packet payload
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Prepare TPACKET_V3 for allowing to transparently setting up the
frame structure such that we do not need to change much in the
netsniff-ng/trafgen code.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Prepare setup_rx_ring_layout for both, v2 and v3. Also do some checks
during compile time if offsets stay the same as we operate on different
union mappings.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
The two functions timer_elapsed() and timer_next_dump() both take an
argument which they don't use. Annotate them appropriately using the
__maybe_unused attribute.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Include long version string into tools when called with --version.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|