Age | Commit message (Collapse) | Author | Files | Lines |
|
Instead of using goto, just check stats if stat() returned 0 and used
ctx->dump_dir afterwards. This makes the logic a bit easier to follow.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
When signal occurs, don't panic on EINTR, rather gracefully return.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
The return value of two calls to poll() are never check, despite the
(unlikely) possibility of them returning an error, fix it by checking
the return value and panic()ing on error.
This issue was discovered using the Coverity scanner.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Since entering/leaving promiscuous mode also is a device specific
function and all users of the `promisc' module also use `dev', integrate
it there. Also rename the functions to have a `device_' prefix like the
other functions in the module.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Fix the following compiler warning that occurs when building with "-W
-Wall -Wextra" by introducing a cast:
netsniff-ng.c: In function ‘walk_t3_block’:
netsniff-ng.c:841:8: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Compiling with "-W -Wall -Wextra" reveals the following warnings in
mac80211.c:
mac80211.c: In function ‘nl80211_init’:
mac80211.c:78:67: warning: unused parameter ‘device’ [-Wunused-parameter]
mac80211.c: In function ‘nl80211_wait_handler’:
mac80211.c:106:48: warning: unused parameter ‘msg’ [-Wunused-parameter]
mac80211.c: In function ‘nl80211_error_handler’:
mac80211.c:115:54: warning: unused parameter ‘nla’ [-Wunused-parameter]
mac80211.c:117:12: warning: unused parameter ‘arg’ [-Wunused-parameter]
mac80211.c: In function ‘nl80211_del_mon_if’:
mac80211.c:181:72: warning: unused parameter ‘device’ [-Wunused-parameter]
Fix them by either marking them as unused (where we need to conform to
library APIs or remove them alltogether (for our own APIs). For the
function leave_rfmon_mac80211() the according users (netsniff-ng and
trafgen) are also changed.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The sll parameter is not used anywhere in the function, so remove it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Those are the last occurences of warnings like:
netsniff-ng.c:697:48: warning: Using plain integer as NULL pointer
netsniff-ng.c:726:48: warning: Using plain integer as NULL pointer
...
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
We have to pass NEED_TCPDUMP_LIKE_FILTER define through gcc as it
otherwise is not possible to let the pcap compiler invoke through
netsniff-ng, but not through astraceroute.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
"-U" has been forgotten to add into shortopts. "--update" works as
expeceted however. So simply add "U".
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
This patch is a bundle of multiple fixes.
1) Fix compilation of astraceroute when HAVE_LIBPCAP=1:
astraceroute doesn't need libpcap, so add an additional
guard/define to bpf.h and bpf_comp.c and netsniff-ng.c.
Also since we generate a config.h file, we do not need
to have this additional compile flag anymore.
2) Fix tstamping.{h,c} to use the configure script instead
of the Makefile. For doing this, also fix the object
inclusion in netsniff-ng/Makefile.
Last but not least, rename __WITH_... into HAVE_... as this
is more clean.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
In order to be able to better track regressions or to give support,
let us track the Git id as well in version information. This makes
the ``--version'' switch actually useful.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Refactor ctx initialization and destruction into separate handlers.
That is more clean.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Invoke dev->type to pcap linktype mapper in order to write a correct
pcap file header for various link types. Also fix two bugs in pcap
file header parsing and print a warning with the magic link number in
case of an unknown link type.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
In netsniff-ng, we use tpacketv3 for capturing-only mode. The issue
observed lately is that when using f.e. -n10 or capturing a pcap and
then quitting, the pcap or actually seen number of packets are less
than what the statistics tell us from getsockopt(2).
This is due to the fact that tpacketv3 divides its ring buffer into
blocks of frames. Meaning, while we are traversing block n, the kernel
already fills up block n+1 and following if new packets arrive. While
doing so, it increments packet counters. Thus, when we ^C, we haven't
seen those blocks, so the stats tell us mostly a slightly higher
result. Fix this by adjusting socket stats printing to this fact.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Until now we didn't check the return value of set_sockopt_hwtimestamp()
and the Coverity scanner complained about it, so use it's return value
to report if timstamping is actually enabled in verbose mode.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Bail out if it should ever fail. Detected by coverty in the
translate_pcap_to_txf() path.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Only close the very first pcap file of multi-pcap files once, and not
once during next_multi_pcap_file and once during exit.
Discovered by Coverty scanner.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Better add a header file for this, so that we do not need to have it
in multiple places declared.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Finally eliminate xutils.{c,h} and move the rest to epoll2.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Add an extra file for signal handling functions.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Remove them from xutils, and add them to socket management.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Move them out of xutils, so that we can maintain them separately.
Also simplify things a bit.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Again, also to be able to maintain this more easily.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Put them separately for the sake of maintanence.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
This is more appropriate and consistent with other device irq
functions.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Rename xio to ioops (io-ops) and boil its include files down to a
minimum.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Break this out so that we only need to have sigint non-static where
it is really needed.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Break out all string handling functions and lockme stuff in order
to further eliminate the big code blob in xutils, so that it can
be easier maintained.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
We need to carry frame_count through multiple calls of walk function
to account correctly for --num <pkts>. Also, move socket stats printing
into rx ring, since it belongs there.
Todo: the kernel socket seems to have a different count that what we
see. This needs to be fixed one way or the other. Not yet sure what's
causing this.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Break out IRQ functionality from xutils, simplify it, and
save + restore IRQ affinity list.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Give -J a lower prio in the help option ranking and state that its
only for replay or forwarding.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Since frames are stored more compressed and contiguous, we can also
enable jumbo support in pcap dumps by default, since we have no further
restrictions in terms of ring buffer frame size.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Lets migrate capturing to TPACKET_V3, since it will bring a better
performance due to fewer page cache misses caused by a higher density
of packets, since now they are contigous placed in the ring buffer.
It is said that TPACKET_V3 brings the following benefits:
*) ~15 - 20% reduction in CPU-usage
*) ~20% increase in packet capture rate
*) ~2x increase in packet density
*) Port aggregation analysis
*) Non static frame size to capture entire packet payload
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Prepare TPACKET_V3 for allowing to transparently setting up the
frame structure such that we do not need to change much in the
netsniff-ng/trafgen code.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Prepare setup_rx_ring_layout for both, v2 and v3. Also do some checks
during compile time if offsets stay the same as we operate on different
union mappings.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
The two functions timer_elapsed() and timer_next_dump() both take an
argument which they don't use. Annotate them appropriately using the
__maybe_unused attribute.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Include long version string into tools when called with --version.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Add the __noreturn attribute to all functions which wont return but call
die() themselves to exit().
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Replace "on default" by "by default", make it a bit more clear what the
seed in the -E/--seed option is for and mention exit after display of
information on --version and --help.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Break out the timestamping part of the ring.h file, since it's not
directly related to the {t,r}x_ring. Also inlining doesn't make
sense here.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
For TX this call is completly useless and has no effect whatsoever.
Therefore, remove it. For the RX part, this call makes perfect
sense, not for the other one currently.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
When we're still root, we tell the kernel to lock/protect all current
and future pages in memory so that they will not be swapped out in
case the system uses up too much. Now when we do xzmalloc_aligned(),
it calls internally posix_memalign() that can call mmap(2), thus we
will get an EAGAIN as errno, since we're not root anymore and since
we wanted to touch sth. that belongs to root. Nasty. Fix this up by
only protecting these pages when we do not use -u/-g.
Reported-by: Doug Burks <doug.burks@gmail.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
When using netsniff-ng with dropping priviledges, we have to introduce
another pcap helper function that is called once before we drop the
priviledges. In this function we have to invoke the disc I/O scheduler
policy, because it needs priviledges. Otherwise netsniff-ng will fail
with "Failed to set io prio for pid" on startup, since we're not root
anymore.
Reported-by: Doug Burks <doug.burks@gmail.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
There is actually no reason why netsniff-ng should fail if the NIC is
down at startup. We still can setup everything and already capture at
the time it goes up. This might be useful when replugging cables on
servers, for instance.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
If we unmap TX ring buffers and still have timer shots that trigger
the kernel to traverse the TX_RING, it can send out random crap in
some situations. Prevent this by destroying the timer and flush the
TX_RING first in wait mode.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Before we do calculations on statistics, check if we really got them.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Let us check the return value when the timer triggers a TX flush
request to the kernel. However, ignore the case of BADFS and NOBUFS.
The socket could already have been closed before the timer triggers
in the first case, and in the second, we just let the next timer
continue processing if currently the buffer space is exhausted.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Covertiy detected that when we redirect sdtin/stdout either via
``-i -'' or ``-o -'', we also need to properly close it when it
goes out of scope.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|