| Age | Commit message (Collapse) | Author | Files | Lines | 
|---|
|  | One might not want to install libnl just for sniffing packets, for
example if netsniff-ng will be compiled on embedded or switch system.
Hide libnl dependend code if CONFIG_LIBNL=0.
In case the `--rfraw' option is used, the user will get a panic
message. In case of netlink messages being sniffed, they will not be
dissected.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Do not needlessly duplicate code between the oui and the lookup module.
Instead, add an additional lookup table for OUIs to the lookup module.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Use sysctl helpers to set /proc/sys/net/core/bpf_jit_enable param.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | Added dissector_sll.c which uses sockaddr_ll to lookup & print
higher L3 layer protocol.
This dissector is mapped by LINKTYPE_LINUX_SLL link type.
Sample output of dissected Netlink & Ethernet packets.
Truncated manually some longer lines by "...":
> nlmon0 20 1434193547s.717131169ns #6
 [ Linux "cooked" Pkt Type 4 (outgoing), If Type 824 (netlink), Addr Len 0, Src (), Proto 0x0 ]
 [ NLMSG Family 0 (routing), Len 20, Type 0x0003 (DONE)...
> wlp3s0 52 1434194181s.436224709ns #9
 [ Linux "cooked" Pkt Type 4 (outgoing), If Type 1 (ether), Addr Len 6, Src (XX:XX:XX:XX:XX:XX), Proto 0x800 ]
 [ IPv4 Addr (XXX.XXX.XXX.XXX => 212.42.76.253), Proto (6), TTL (64), TOS (0), ...
   ), CSum (0x1ef5) is ok ]
	[ Geo (local => Ukraine) ]
 [ TCP Port (45849 => 443 (https)), SN (0x1744209), AN (0x46ca9611), DataOff (8) ...
 [ Chr .....w.Rj).. ]
 [ Hex  XX XX XX XX XX XX XX XX XX XX XX XX ]
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | Dump RTnetlink interface related info with attributes.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | 
|  | Ever since we switched to the hand-crafted ./configure script, support
for cross-compiling the netsniff-ng toolkit was basically broken.
Restore the abaility to cross-compile our tools by making ./configure
consider the CROSS_COMPILE and SYSROOT variables.
Example for cross-compiling on arm:
  $ CROSS_COMPILE=arm-linux-gnueabihf- \
    SYSROOT=/usr/arm-linux-gnueabihf \
    ./configure
  $ make
assuming the cross-compiled libraries (and their respective pkg-config
information) are in /usr/arm-linux-gnueabihf.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | netsniff-ng does not delete created rfmon device in case of
panic (for example  - bad pcap filter expression), so added ability to
add callback func when panic will be happen and delete rfmon device.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Since commit 1cc762a ("lookup: Move UDP/TCP port and Ethernet type
lookup into own module") the netsniff-ng tool is the only one using the
dissector infrastructure. Thus we no longer need to conditionally device
HAVE_DISSECTOR_PROTOS, since netsniff-ng is the only tool defining this.
While at it, also remove the __WITH_PROTOS macro which is checked in
dissector_init_ethernet/dissector_cleanup_ethernet but is defined
nowhere. This will cause the functions to be called from both the
ethernet and ieee80211 dissectors, thus make sure we check the
initialization state before freeing as well.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Up to now, the lookup of TCP/UDP port names and Ethernet types was
tightly integrated with the dissector infrastructure, since it is its
main user. However, flowtop also makes use of the name lookup
functionality without needing the actual dissector infrastructure. Thus,
the basic dissector infrastructure also needs to be linked into flowtop
without actually being used.
Fix this by extracting the port/ethertype lookup into an own module
which can then be used either directly (for flowtop) or as part of the
dissector infrastructure (for netsniff-ng).
This also reverts the quick & dirty fix introduced in commit f3322c6
("flowtop: Include netlink dissector to fix build temporarily").
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Add an initial implementation of a dissector to work on netlink messages
as received from an nlmon device.
Use can use it as follows to monitor netlink traffic to/from the kernel:
  modprobe nlmon
  ip link add type nlmon
  ip link set nlmon0 up
  netsniff-ng -i nlmon0
  ip link set nlmon 0 down
  ip link del dev nlmon0
  rmmod nlmon
Fixes: #89
Suggested-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Since entering/leaving promiscuous mode also is a device specific
function and all users of the `promisc' module also use `dev', integrate
it there. Also rename the functions to have a `device_' prefix like the
other functions in the module.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 
|  | Improve the build system, so that configuration files are installed
per tool basis. Also, introduce post_install targets, so that config
files can be altered in some way, e.g. done by trafgen. Moreover,
move custom targets from Extra to tool-specific Makefiles.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | 
|  | We have to pass NEED_TCPDUMP_LIKE_FILTER define through gcc as it
otherwise is not possible to let the pcap compiler invoke through
netsniff-ng, but not through astraceroute.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | 
|  | To be more consistent with config.h, rename __WITH_PROTOS into
HAVE_DISSECTOR_PROTOS.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | 
|  | To get the normal Makefile a bit cleaner, push the tool specific
build options into <tool>/Makefile.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | 
|  | In netsniff-ng, we only use libz in combination with libgeoip, so if
we lack either one of them, do not link against the other either.
This would be a waste otherwise.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | 
|  | Geoip dependency should not be mandatory as it's not a core part of
netsniff-ng. This also facilitates compilation on platforms where
geoip is not available.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | 
|  | This patch is a bundle of multiple fixes.
1) Fix compilation of astraceroute when HAVE_LIBPCAP=1:
   astraceroute doesn't need libpcap, so add an additional
   guard/define to bpf.h and bpf_comp.c and netsniff-ng.c.
   Also since we generate a config.h file, we do not need
   to have this additional compile flag anymore.
2) Fix tstamping.{h,c} to use the configure script instead
   of the Makefile. For doing this, also fix the object
   inclusion in netsniff-ng/Makefile.
Last but not least, rename __WITH_... into HAVE_... as this
is more clean.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | 
|  | netsniff-ng uses libpcap only for high-level filter compiling.
Thus, let netsniff-ng not "hard-depend" on libpcap, but rather
disable filter compiling in case the user does not want to
install libpcap.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | 
|  | Finally eliminate xutils.{c,h} and move the rest to epoll2.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | 
|  | Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | 
|  | Add an extra file for signal handling functions.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | 
|  | Same here as usual, break out link functions from xutils.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | 
|  | Remove them from xutils, and add them to socket management.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | 
|  | Move them out of xutils, so that we can maintain them separately.
Also simplify things a bit.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | 
|  | Again, also to be able to maintain this more easily.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | 
|  | Move those functions out so that they can be more easily maintained
in its separate file.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | 
|  | Put them separately for the sake of maintanence.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | 
|  | Rename xio to ioops (io-ops) and boil its include files down to a
minimum.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | 
|  | Break out all string handling functions and lockme stuff in order
to further eliminate the big code blob in xutils, so that it can
be easier maintained.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | 
|  | Break this stuff out, for better maintainability and readability.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | 
|  | Break out IRQ functionality from xutils, simplify it, and
save + restore IRQ affinity list.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | 
|  | We do not want to maintain duplicate code, so move this into a separate
file and name those *_generic() helpers.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | 
|  | Break out the timestamping part of the ring.h file, since it's not
directly related to the {t,r}x_ring. Also inlining doesn't make
sense here.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | 
|  | Call pkg-config --cflags and pkg-config --libs to find correct CFLAGS
and LDFLAGS respectively.
Signed-off-by: Peter Stuge <peter@stuge.se>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | 
|  | We decided to get rid of the old Git history and start a new one for
several reasons:
 *) Allow / enforce only high-quality commits (which was not the case
    for many commits in the history), have a policy that is more close
    to the one from the Linux kernel. With high quality commits, we
    mean code that is logically split into commits and commit messages
    that are signed-off and have a proper subject and message body.
    We do not allow automatic Github merges anymore, since they are
    total bullshit. However, we will either cherry-pick your patches
    or pull them manually.
 *) The old archive was about ~27MB for no particular good reason.
    This basically derived from the bad decision that also some PDF
    files where stored there. From this moment onwards, no binary
    objects are allowed to be stored in this repository anymore.
The old archive is not wiped away from the Internet. You will still
be able to find it, e.g. on git.cryptoism.org etc.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch> |