[netsniff-ng] [PATCH v2] trafgen: Allow to generate packets to output pcap file
Add trafgen_dev.c module which provides generic way of reading and writing packets to/from networking device or a pcap file. Also allow to handle output pcap file via '-o, --out, --dev' option. It might be useful in future for testing some link protocols which is not easy to capture (e.g. wlan packets) w/o having some special setup. Signed-off-by: Vadim Kochan --- v2: 1) Fixed "Failed ..." -> "Failed to ..." error messages 2) Fixed indentation in dev_io struct at pcap_magic field 3) Removed not needed dev_net_close function 4) Removed spaces in dev_io_ops functions fields trafgen.8| 5 +- trafgen.c| 102 +- trafgen/Makefile | 1 + trafgen_dev.c| 258 +++ trafgen_dev.h| 49 +++ trafgen_l2.c | 4 + trafgen_l3.c | 8 +- trafgen_proto.c | 50 ++- trafgen_proto.h | 6 +- 9 files changed, 391 insertions(+), 92 deletions(-) create mode 100644 trafgen_dev.c create mode 100644 trafgen_dev.h diff --git a/trafgen.8 b/trafgen.8 index fd9788a..50deacf 100644 --- a/trafgen.8 +++ b/trafgen.8 @@ -74,8 +74,9 @@ It is also possible to specify PCAP file with .pcap extension via -i,--in option by default packets will be sent at rate considering timestamp from PCAP file which might be reset via -b/-t options. .PP -.SS -o , -d , --out , --dev -Defines the outgoing networking device such as eth0, wlan0 and others. +.SS -o , -d , --out , --dev +Defines the outgoing networking device such as eth0, wlan0 and others or +a pcap file. .PP .SS -p, --cpp Pass the packet configuration to the C preprocessor before reading it into diff --git a/trafgen.c b/trafgen.c index b25760f..ecc7d02 100644 --- a/trafgen.c +++ b/trafgen.c @@ -57,6 +57,7 @@ #include "csum.h" #include "trafgen_proto.h" #include "pcap_io.h" +#include "trafgen_dev.h" enum shaper_type { SHAPER_NONE, @@ -79,6 +80,8 @@ struct shaper { struct ctx { bool rand, rfraw, jumbo_support, verbose, smoke_test, enforce, qdisc_path; size_t reserve_size; + struct dev_io *dev_out; + struct dev_io *dev_in; unsigned long num; unsigned int cpus; uid_t uid; gid_t gid; @@ -145,7 +148,6 @@ static const char *copyright = "Please report bugs to device), - }; if (ctx->num > 0) num = ctx->num; @@ -688,8 +685,7 @@ static void xmit_slowpath_or_die(struct ctx *ctx, unsigned int cpu, unsigned lon while (likely(sigint == 0 && num > 0 && plen > 0)) { packet_apply_dyn_elements(i); retry: - ret = sendto(sock, packets[i].payload, packets[i].len, 0, -(struct sockaddr *) &saddr, sizeof(saddr)); + ret = dev_io_write(ctx->dev_out, packets[i].payload, packets[i].len); if (unlikely(ret < 0)) { if (errno == ENOBUFS) { sched_yield(); @@ -745,15 +741,16 @@ retry: static void xmit_fastpath_or_die(struct ctx *ctx, unsigned int cpu, unsigned long orig_num) { - int ifindex = device_ifindex(ctx->device); + int ifindex = dev_io_ifindex_get(ctx->dev_out); uint8_t *out = NULL; unsigned int it = 0; unsigned long num = 1, i = 0; - size_t size = ring_size(ctx->device, ctx->reserve_size); + size_t size = ring_size(dev_io_name_get(ctx->dev_out), ctx->reserve_size); struct ring tx_ring; struct frame_map *hdr; struct timeval start, end, diff; unsigned long long tx_bytes = 0, tx_packets = 0; + int sock = dev_io_fd_get(ctx->dev_out); set_sock_prio(sock, 512); @@ -938,69 +935,37 @@ static void xmit_packet_precheck(struct ctx *ctx, unsigned int cpu) } } -static void pcap_load_packets(const char *path) +static void pcap_load_packets(struct dev_io *dev) { - const struct pcap_file_ops *pcap_io = pcap_ops[PCAP_OPS_SG]; - uint32_t link_type, magic; - pcap_pkthdr_t phdr; + struct timespec tstamp; size_t buf_len; uint8_t *buf; - int ret; - int fd; - - fd = open(path, O_RDONLY | O_LARGEFILE | O_NOATIME); - if (fd < 0 && errno == EPERM) - fd = open_or_die(path, O_RDONLY | O_LARGEFILE); - if (fd < 0) - panic("Cannot open file %s! %s.\n", path, strerror(errno)); - - if (pcap_io->init_once_pcap) - pcap_io->init_once_pcap(false); - - ret = pcap_io->pull_fhdr_pcap(fd, &magic, &link_type); - if (ret) - panic("Error reading pcap header!\n"); - - if (pcap_io->prepare_access_pcap) { - ret = pcap_io->prepare_access_pcap(fd, PCAP_MODE_RD, false); - if (re
[netsniff-ng] [PATCH] trafgen: Fix output pcap file name length trimming
Trim output name to IFNAMSIZ only if the output is a networking device, otherwise the following error occured if output name is greater then IFNAMSIZ: ~/src/netsniff-ng$ trafgen -n 1 '{ udp() }' -o /tmp/xx.pcap No networking device or pcap file: /tmp/xx Failed to open output device --- trafgen.c | 2 +- trafgen_dev.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/trafgen.c b/trafgen.c index 6ae0076..b40d362 100644 --- a/trafgen.c +++ b/trafgen.c @@ -1084,7 +1084,7 @@ int main(int argc, char **argv) break; case 'd': case 'o': - ctx.device = xstrndup(optarg, IFNAMSIZ); + ctx.device = xstrdup(optarg); break; case 'H': prio_high = true; diff --git a/trafgen_dev.c b/trafgen_dev.c index cd99a0c..bbe1be8 100644 --- a/trafgen_dev.c +++ b/trafgen_dev.c @@ -174,8 +174,10 @@ struct dev_io *dev_io_open(const char *name, enum dev_io_mode_t mode) struct dev_io *dev = xzmalloc(sizeof(struct dev_io)); if (strstr(name, ".pcap")) { + dev->name = xstrdup(name); dev->ops = &dev_pcap_ops; } else if (device_mtu(name) > 0) { + dev->name = xstrndup(optarg, IFNAMSIZ); dev->ops = &dev_net_ops; } else { fprintf(stderr, "No networking device or pcap file: %s\n", name); @@ -189,7 +191,6 @@ struct dev_io *dev_io_open(const char *name, enum dev_io_mode_t mode) } } - dev->name = xstrdup(name); return dev; }; -- 2.9.3 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] Re: [PATCH] trafgen: Fix output pcap file name length trimming
On Mon, Jun 12, 2017 at 11:38 PM, Vadim Kochan wrote: > Trim output name to IFNAMSIZ only if the output is a networking device, > otherwise the following error occured if output name is greater then > IFNAMSIZ: > > ~/src/netsniff-ng$ trafgen -n 1 '{ udp() }' -o > /tmp/xx.pcap > No networking device or pcap file: /tmp/xx > Failed to open output device > --- > trafgen.c | 2 +- > trafgen_dev.c | 3 ++- > 2 files changed, 3 insertions(+), 2 deletions(-) > > diff --git a/trafgen.c b/trafgen.c > index 6ae0076..b40d362 100644 > --- a/trafgen.c > +++ b/trafgen.c > @@ -1084,7 +1084,7 @@ int main(int argc, char **argv) > break; > case 'd': > case 'o': > - ctx.device = xstrndup(optarg, IFNAMSIZ); > + ctx.device = xstrdup(optarg); > break; > case 'H': > prio_high = true; > diff --git a/trafgen_dev.c b/trafgen_dev.c > index cd99a0c..bbe1be8 100644 > --- a/trafgen_dev.c > +++ b/trafgen_dev.c > @@ -174,8 +174,10 @@ struct dev_io *dev_io_open(const char *name, enum > dev_io_mode_t mode) > struct dev_io *dev = xzmalloc(sizeof(struct dev_io)); > > if (strstr(name, ".pcap")) { > + dev->name = xstrdup(name); > dev->ops = &dev_pcap_ops; > } else if (device_mtu(name) > 0) { > + dev->name = xstrndup(optarg, IFNAMSIZ); > >>>>> Ops, sorry ... too late for fixing ... > dev->ops = &dev_net_ops; > } else { > fprintf(stderr, "No networking device or pcap file: %s\n", > name); > @@ -189,7 +191,6 @@ struct dev_io *dev_io_open(const char *name, enum > dev_io_mode_t mode) > } > } > > - dev->name = xstrdup(name); > return dev; > }; > > -- > 2.9.3 > > -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH v2] trafgen: Fix output pcap file name length trimming
Trim output name to IFNAMSIZ only if the output is a networking device, otherwise the following error occured if output name is greater then IFNAMSIZ: ~/src/netsniff-ng$ trafgen -n 1 '{ udp() }' -o /tmp/xx.pcap No networking device or pcap file: /tmp/xx Failed to open output device --- v2: Fixed stupid copy-paste of xtrsndup-ing device name trafgen.c | 2 +- trafgen_dev.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/trafgen.c b/trafgen.c index 6ae0076..b40d362 100644 --- a/trafgen.c +++ b/trafgen.c @@ -1084,7 +1084,7 @@ int main(int argc, char **argv) break; case 'd': case 'o': - ctx.device = xstrndup(optarg, IFNAMSIZ); + ctx.device = xstrdup(optarg); break; case 'H': prio_high = true; diff --git a/trafgen_dev.c b/trafgen_dev.c index cd99a0c..80e7481 100644 --- a/trafgen_dev.c +++ b/trafgen_dev.c @@ -174,8 +174,10 @@ struct dev_io *dev_io_open(const char *name, enum dev_io_mode_t mode) struct dev_io *dev = xzmalloc(sizeof(struct dev_io)); if (strstr(name, ".pcap")) { + dev->name = xstrdup(name); dev->ops = &dev_pcap_ops; } else if (device_mtu(name) > 0) { + dev->name = xstrndup(name, IFNAMSIZ); dev->ops = &dev_net_ops; } else { fprintf(stderr, "No networking device or pcap file: %s\n", name); @@ -189,7 +191,6 @@ struct dev_io *dev_io_open(const char *name, enum dev_io_mode_t mode) } } - dev->name = xstrdup(name); return dev; }; -- 2.9.3 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] trafgen: Delegate creation of rfraw to dev_io API
Simplify a bit of creation rfraw device by delegating it to the dev_io API, also in case the output device is pcap file the --rfraw option sets the link type to ieee80211 radio tap. Signed-off-by: Vadim Kochan --- trafgen.8 | 3 ++- trafgen.c | 25 + trafgen_dev.c | 36 +++- trafgen_dev.h | 4 +++- 4 files changed, 49 insertions(+), 19 deletions(-) diff --git a/trafgen.8 b/trafgen.8 index 50deacf..67aaaf9 100644 --- a/trafgen.8 +++ b/trafgen.8 @@ -98,7 +98,8 @@ a bigger memory footprint for the ring buffer. In case the output networking device is a wireless device, it is possible with trafgen to turn this into monitor mode and create a mon device that trafgen will be transmitting on instead of wlan, for instance. This enables trafgen -to inject raw 802.11 frames. +to inject raw 802.11 frames. In case if the output is a pcap file the link type +is set to 127 (ieee80211 radio tap). .PP .SS -s , --smoke-test In case this option is enabled, trafgen will perform a smoke test. In other diff --git a/trafgen.c b/trafgen.c index 6ae0076..3929734 100644 --- a/trafgen.c +++ b/trafgen.c @@ -45,7 +45,6 @@ #include "lockme.h" #include "privs.h" #include "proc.h" -#include "mac80211.h" #include "ioops.h" #include "irq.h" #include "config.h" @@ -85,7 +84,7 @@ struct ctx { unsigned long num; unsigned int cpus; uid_t uid; gid_t gid; - char *device, *device_trans, *rhost; + char *device, *rhost; struct sockaddr_in dest; struct shaper sh; char *packet_str; @@ -1022,7 +1021,7 @@ static unsigned int generate_srand_seed(void) static void on_panic_del_rfmon(void *arg) { - leave_rfmon_mac80211(arg); + dev_io_close(arg); } int main(int argc, char **argv) @@ -1282,15 +1281,6 @@ int main(int argc, char **argv) set_system_socket_memory(vals, array_size(vals)); xlockme(); - if (ctx.rfraw) { - ctx.device_trans = xstrdup(ctx.device); - xfree(ctx.device); - - enter_rfmon_mac80211(ctx.device_trans, &ctx.device); - panic_handler_add(on_panic_del_rfmon, ctx.device); - sleep(0); - } - if (ctx.pcap_in) { ctx.dev_in = dev_io_open(ctx.pcap_in, DEV_IO_IN); if (!ctx.dev_in) @@ -1301,6 +1291,13 @@ int main(int argc, char **argv) if (!ctx.dev_out) panic("Failed to open output device\n"); + if (ctx.rfraw) { + if (dev_io_link_type_set(ctx.dev_out, LINKTYPE_IEEE802_11_RADIOTAP)) + panic("Failed to setup rfraw device\n"); + + panic_handler_add(on_panic_del_rfmon, ctx.dev_out); + } + protos_init(ctx.dev_out); if (shaper_is_set(&ctx.sh) || (ctx.dev_in && dev_io_is_pcap(ctx.dev_in)) @@ -1356,9 +1353,6 @@ int main(int argc, char **argv) die(); } - if (ctx.rfraw) - leave_rfmon_mac80211(ctx.device); - if (set_sock_mem) reset_system_socket_memory(vals, array_size(vals)); @@ -1392,7 +1386,6 @@ thread_out: argv_free(cpp_argv); free(ctx.device); - free(ctx.device_trans); free(ctx.rhost); free(confname); free(ctx.packet_str); diff --git a/trafgen_dev.c b/trafgen_dev.c index cd99a0c..46fb897 100644 --- a/trafgen_dev.c +++ b/trafgen_dev.c @@ -16,6 +16,8 @@ #include "xmalloc.h" #include "pcap_io.h" #include "built_in.h" +#include "mac80211.h" +#include "linktype.h" #include "trafgen_dev.h" static int dev_pcap_open(struct dev_io *dev, const char *name, enum dev_io_mode_t mode) @@ -164,9 +166,35 @@ static int dev_net_write(struct dev_io *dev, const uint8_t *buf, size_t len) return sendto(dev->fd, buf, len, 0, (struct sockaddr *) &saddr, sizeof(saddr)); } +static int dev_net_set_link_type(struct dev_io *dev, int link_type) +{ + if (link_type != LINKTYPE_IEEE802_11 && link_type != LINKTYPE_IEEE802_11_RADIOTAP) + return 0; + + dev->trans = xstrdup(dev->name); + xfree(dev->name); + + enter_rfmon_mac80211(dev->trans, &dev->name); + dev->ifindex = __device_ifindex(dev->name); + dev->dev_type = device_type(dev->name); + sleep(0); + + return 0; +} + +static void dev_net_close(struct dev_io *dev) +{ + if (dev->link_type == LINKTYPE_IEEE802_11 || dev->link_type == LINKTYPE_IEEE802_11_RADIOTAP) + leave_rfmon_mac80211(dev->name); + + free(dev->trans); +} + static const struct dev_io_ops dev_net_ops = { .open = dev_net_open, .write = dev_net_write, + .set_link_type = dev_net_set_link_type
[netsniff-ng] [PATCH v2] trafgen: Delegate creation of rfraw to dev_io API
Simplify a bit of creation rfraw device by delegating it to the dev_io API, also in case the output device is pcap file the --rfraw option sets the link type to ieee80211 radio tap. Signed-off-by: Vadim Kochan --- trafgen.8 | 3 ++- trafgen.c | 25 + trafgen_dev.c | 35 ++- trafgen_dev.h | 4 +++- 4 files changed, 48 insertions(+), 19 deletions(-) v2: 1) Removed unneeded sleep() call. diff --git a/trafgen.8 b/trafgen.8 index 50deacf..67aaaf9 100644 --- a/trafgen.8 +++ b/trafgen.8 @@ -98,7 +98,8 @@ a bigger memory footprint for the ring buffer. In case the output networking device is a wireless device, it is possible with trafgen to turn this into monitor mode and create a mon device that trafgen will be transmitting on instead of wlan, for instance. This enables trafgen -to inject raw 802.11 frames. +to inject raw 802.11 frames. In case if the output is a pcap file the link type +is set to 127 (ieee80211 radio tap). .PP .SS -s , --smoke-test In case this option is enabled, trafgen will perform a smoke test. In other diff --git a/trafgen.c b/trafgen.c index 5f3555a..207b680 100644 --- a/trafgen.c +++ b/trafgen.c @@ -45,7 +45,6 @@ #include "lockme.h" #include "privs.h" #include "proc.h" -#include "mac80211.h" #include "ioops.h" #include "irq.h" #include "config.h" @@ -85,7 +84,7 @@ struct ctx { unsigned long num; unsigned int cpus; uid_t uid; gid_t gid; - char *device, *device_trans, *rhost; + char *device, *rhost; struct sockaddr_in dest; struct shaper sh; char *packet_str; @@ -1023,7 +1022,7 @@ static unsigned int generate_srand_seed(void) static void on_panic_del_rfmon(void *arg) { - leave_rfmon_mac80211(arg); + dev_io_close(arg); } int main(int argc, char **argv) @@ -1283,15 +1282,6 @@ int main(int argc, char **argv) set_system_socket_memory(vals, array_size(vals)); xlockme(); - if (ctx.rfraw) { - ctx.device_trans = xstrdup(ctx.device); - xfree(ctx.device); - - enter_rfmon_mac80211(ctx.device_trans, &ctx.device); - panic_handler_add(on_panic_del_rfmon, ctx.device); - sleep(0); - } - if (ctx.pcap_in) { ctx.dev_in = dev_io_open(ctx.pcap_in, DEV_IO_IN); if (!ctx.dev_in) @@ -1302,6 +1292,13 @@ int main(int argc, char **argv) if (!ctx.dev_out) panic("Failed to open output device\n"); + if (ctx.rfraw) { + if (dev_io_link_type_set(ctx.dev_out, LINKTYPE_IEEE802_11_RADIOTAP)) + panic("Failed to setup rfraw device\n"); + + panic_handler_add(on_panic_del_rfmon, ctx.dev_out); + } + protos_init(ctx.dev_out); if (shaper_is_set(&ctx.sh) || (ctx.dev_in && dev_io_is_pcap(ctx.dev_in)) @@ -1357,9 +1354,6 @@ int main(int argc, char **argv) die(); } - if (ctx.rfraw) - leave_rfmon_mac80211(ctx.device); - if (set_sock_mem) reset_system_socket_memory(vals, array_size(vals)); @@ -1393,7 +1387,6 @@ thread_out: argv_free(cpp_argv); free(ctx.device); - free(ctx.device_trans); free(ctx.rhost); free(confname); free(ctx.packet_str); diff --git a/trafgen_dev.c b/trafgen_dev.c index 80e7481..d7f1cd5 100644 --- a/trafgen_dev.c +++ b/trafgen_dev.c @@ -16,6 +16,8 @@ #include "xmalloc.h" #include "pcap_io.h" #include "built_in.h" +#include "mac80211.h" +#include "linktype.h" #include "trafgen_dev.h" static int dev_pcap_open(struct dev_io *dev, const char *name, enum dev_io_mode_t mode) @@ -164,9 +166,34 @@ static int dev_net_write(struct dev_io *dev, const uint8_t *buf, size_t len) return sendto(dev->fd, buf, len, 0, (struct sockaddr *) &saddr, sizeof(saddr)); } +static int dev_net_set_link_type(struct dev_io *dev, int link_type) +{ + if (link_type != LINKTYPE_IEEE802_11 && link_type != LINKTYPE_IEEE802_11_RADIOTAP) + return 0; + + dev->trans = xstrdup(dev->name); + xfree(dev->name); + + enter_rfmon_mac80211(dev->trans, &dev->name); + dev->ifindex = __device_ifindex(dev->name); + dev->dev_type = device_type(dev->name); + + return 0; +} + +static void dev_net_close(struct dev_io *dev) +{ + if (dev->link_type == LINKTYPE_IEEE802_11 || dev->link_type == LINKTYPE_IEEE802_11_RADIOTAP) + leave_rfmon_mac80211(dev->name); + + free(dev->trans); +} + static const struct dev_io_ops dev_net_ops = { .open = dev_net_open, .write = dev_net_write, + .set_link
Re: [netsniff-ng] Segmentation fault of mausezahn
Hi Zhouyang Jia, Your fix looks reasonable. Would you please send patch in git-format (you can look at SubmittingPatches file), or send a pull request ? Thanks, Vadim Kochan On Mon, Jul 24, 2017 at 5:08 PM, Zhouyang Jia wrote: > Hi, > > I'm new to netsniff-ng and I find that the component, mausezahn, would > crash if input a wrong payload file, e.g., "$./mausezahn -f wrong_file" > will trigger a segfault. > > I think it would be better if mausezahn could exit gracefully with proper > log messages. Attached please find the patch against version > netsniff-ng-0.6.3. Hopefully, it can solve this problem. > > Best, > Zhouyang > > -- > You received this message because you are subscribed to the Google Groups > "netsniff-ng" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to netsniff-ng+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH 3/3] trafgen: Dump proto headers in *.cfg format
Added trafgen_dump.c module which dumps headers from packet in .cfg format. Packet is dumped if -o .cfg was specified, it might be useful to specify *.pcap file as input and convert it into .cfg file to edit proto fields in human readable format. To make it possible several main changes were added: 1) packet id is embedded into struct packet.id, and it is updated on each realloc_packet() 2) Added new struct proto_hdr.get_next_proto callback to make possible apply fields of next header. 3) Added new dev_io ops for writting packets into .cfg file, to re-use common dev_io mechsnism for packets dumping. Before dump the default ETH_PROTO fields are applied as first header and then next proto_hdr is identified via .get_next_proto(...) callback. Meanwhile only eth, arp, vlan, ip4, udp, & tcp protos can be dissected into *.cfg format. Signed-off-by: Vadim Kochan --- trafgen.8| 4 +- trafgen.c| 54 ++-- trafgen/Makefile | 1 + trafgen_conf.h | 2 + trafgen_dev.c| 36 +++- trafgen_dev.h| 4 +- trafgen_dump.c | 256 +++ trafgen_dump.h | 8 ++ trafgen_l2.c | 33 +++ trafgen_l3.c | 21 - trafgen_parser.y | 5 ++ trafgen_proto.c | 69 +-- trafgen_proto.h | 7 ++ 13 files changed, 458 insertions(+), 42 deletions(-) create mode 100644 trafgen_dump.c create mode 100644 trafgen_dump.h diff --git a/trafgen.8 b/trafgen.8 index 67aaaf9..f720043 100644 --- a/trafgen.8 +++ b/trafgen.8 @@ -74,9 +74,9 @@ It is also possible to specify PCAP file with .pcap extension via -i,--in option by default packets will be sent at rate considering timestamp from PCAP file which might be reset via -b/-t options. .PP -.SS -o , -d , --out , --dev +.SS -o , -d , --out , --dev Defines the outgoing networking device such as eth0, wlan0 and others or -a pcap file. +a *.pcap or *.cfg file. Pcap and configuration files are identified by extension. .PP .SS -p, --cpp Pass the packet configuration to the C preprocessor before reading it into diff --git a/trafgen.c b/trafgen.c index 97ac046..9b54399 100644 --- a/trafgen.c +++ b/trafgen.c @@ -185,31 +185,31 @@ static void __noreturn help(void) puts("http://www.netsniff-ng.org\n\n"; "Usage: trafgen [options] [packet]\n" "Options:\n" -" -i|-c|--in|--conf Packet configuration file/stdin\n" -" -o|-d|--out|--dev Networking device i.e., eth0\n" -" -p|--cpp Run packet config through C preprocessor\n" -" -D|--defineAdd macro/define for C preprocessor\n" -" -J|--jumbo-support Support 64KB super jumbo frames (def: 2048B)\n" -" -R|--rfraw Inject raw 802.11 frames\n" -" -s|--smoke-test Probe if machine survived fuzz-tested packet\n" -" -n|--num Number of packets until exit (def: 0)\n" -" -r|--rand Randomize packet selection (def: round robin)\n" -" -P|--cpusSpecify number of forks(<= CPUs) (def: #CPUs)\n" -" -t|--gap Set approx. interpacket gap (s/ms/us/ns, def: us)\n" -" -b|--rateSend traffic at specified rate (pps/B/kB/MB/GB/kbit/Mbit/Gbit/KiB/MiB/GiB)\n" -" -S|--ring-size Manually set mmap size (KiB/MiB/GiB)\n" -" -E|--seedManually set srand(3) seed\n" -" -u|--user Drop privileges and change to userid\n" -" -g|--groupDrop privileges and change to groupid\n" -" -H|--prio-high Make this high priority process\n" -" -A|--no-sock-mem Don't tune core socket memory\n" -" -Q|--notouch-irq Do not touch IRQ CPU affinity of NIC\n" -" -q|--qdisc-pathEnable qdisc kernel path (default off since 3.14)\n" -" -V|--verbose Be more verbose\n" -" -C|--no-cpu-stats Do not print CPU time statistics on exit\n" -" -v|--version Show version and exit\n" -" -e|--example Show built-in packet config example\n" -" -h|--help Guess what?!\n\n" +" -i|-c|--in|--conf Packet configuration file/stdin\n" +" -o|-d|--out|--dev Networking device or configuration file i
[netsniff-ng] [PATCH 0/3] trafgen: Add dump of proto headers into *.cfg format
Added trafgen_dump.c module which dumps headers from packet in .cfg format. Packet is dumped if -o .cfg was specified, it might be useful to specify *.pcap file as input and convert it into .cfg file to edit proto fields in human readable format. To make it possible several main changes were added: 1) packet id is embedded into struct packet.id, and it is updated on each realloc_packet() 2) Added new struct proto_hdr.get_next_proto callback to make possible apply fields of next header. 3) Added new dev_io ops for writting packets into .cfg file, to re-use common dev_io mechsnism for packets dumping. 4) Changed dev_io ops read/write to specify struct packet * instead of buf & count. 5) Updated trafgen_proto.c to obtain packet from the header if possible to do not depend on last packet, which is not right way to get related packet. Before dump the default ETH_PROTO fields are applied as first header and then next proto_hdr is identified via .get_next_proto(...) callback. Meanwhile only eth, arp, vlan, ip4, udp, & tcp protos can be dissected into *.cfg format. Vadim Kochan (3): trafgen: Get packet from proto_hdr if possible trafgen: dev_io: Change read/write to specify struct packet * trafgen: Dump proto headers in *.cfg format trafgen.8| 4 +- trafgen.c| 79 +++-- trafgen/Makefile | 1 + trafgen_conf.h | 4 +- trafgen_dev.c| 78 + trafgen_dev.h| 12 +-- trafgen_dump.c | 256 +++ trafgen_dump.h | 8 ++ trafgen_l2.c | 33 +++ trafgen_l3.c | 25 +- trafgen_l4.c | 4 +- trafgen_parser.y | 11 ++- trafgen_proto.c | 79 +++-- trafgen_proto.h | 10 +++ 14 files changed, 517 insertions(+), 87 deletions(-) create mode 100644 trafgen_dump.c create mode 100644 trafgen_dump.h -- 2.9.3 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH 1/3] trafgen: Get packet from proto_hdr if possible
Replace using current_packet() by new proto_hdr_packet(hdr) function to obtain packet directly from header. This is more generic and flexible way, because it guarantees that packet really belongs to the header, which in case in current_packet() is not right because it means getting of last allocated packet. Signed-off-by: Vadim Kochan --- trafgen_l3.c| 4 ++-- trafgen_l4.c| 4 ++-- trafgen_proto.c | 10 -- trafgen_proto.h | 3 +++ 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/trafgen_l3.c b/trafgen_l3.c index 7199b89..48790e5 100644 --- a/trafgen_l3.c +++ b/trafgen_l3.c @@ -81,7 +81,7 @@ static void ipv4_csum_update(struct proto_hdr *hdr) static void ipv4_packet_finish(struct proto_hdr *hdr) { - struct packet *pkt = current_packet(); + struct packet *pkt = proto_hdr_packet(hdr); uint16_t total_len; total_len = pkt->len - hdr->pkt_offset; @@ -166,7 +166,7 @@ static void ipv6_field_changed(struct proto_field *field) static void ipv6_packet_finish(struct proto_hdr *hdr) { - struct packet *pkt = current_packet(); + struct packet *pkt = proto_hdr_packet(hdr); uint16_t total_len = pkt->len - hdr->pkt_offset - IPV6_HDR_LEN; proto_hdr_field_set_default_be16(hdr, IP6_LEN, total_len); diff --git a/trafgen_l4.c b/trafgen_l4.c index 198d622..c596d21 100644 --- a/trafgen_l4.c +++ b/trafgen_l4.c @@ -71,7 +71,7 @@ static void udp_csum_update(struct proto_hdr *hdr) static void udp_packet_finish(struct proto_hdr *hdr) { - struct packet *pkt = current_packet(); + struct packet *pkt = proto_hdr_packet(hdr); uint16_t total_len; total_len = pkt->len - hdr->pkt_offset; @@ -142,7 +142,7 @@ static void tcp_field_changed(struct proto_field *field) static void tcp_csum_update(struct proto_hdr *hdr) { struct proto_hdr *lower = proto_lower_header(hdr); - struct packet *pkt = current_packet(); + struct packet *pkt = proto_hdr_packet(hdr); uint16_t total_len; uint16_t csum; diff --git a/trafgen_proto.c b/trafgen_proto.c index c2cbffb..1d978e3 100644 --- a/trafgen_proto.c +++ b/trafgen_proto.c @@ -30,6 +30,11 @@ static struct ctx ctx; static const struct proto_ops *registered_ops[__PROTO_MAX]; +struct packet *proto_hdr_packet(struct proto_hdr *hdr) +{ + return packet_get(hdr->pkt_id); +} + struct proto_hdr *proto_lower_header(struct proto_hdr *hdr) { struct packet *pkt = packet_get(hdr->pkt_id); @@ -266,12 +271,13 @@ void proto_hdr_move_sub_header(struct proto_hdr *hdr, struct proto_hdr *from, struct proto_hdr *proto_lower_default_add(struct proto_hdr *upper, enum proto_id pid) { + struct packet *pkt = proto_hdr_packet(upper); + size_t headers_count = pkt->headers_count; struct proto_hdr *current; - size_t headers_count = current_packet()->headers_count; const struct proto_ops *ops; if (headers_count > 0) { - current = current_packet()->headers[headers_count - 1]; + current = pkt->headers[headers_count - 1]; ops = current->ops; if (ops->layer >= proto_ops_by_id(pid)->layer) diff --git a/trafgen_proto.h b/trafgen_proto.h index d3da963..36b8f2b 100644 --- a/trafgen_proto.h +++ b/trafgen_proto.h @@ -7,6 +7,8 @@ #include "trafgen_dev.h" +struct packet; + enum proto_id { PROTO_NONE = 0, PROTO_ETH, @@ -104,6 +106,7 @@ extern void proto_header_finish(struct proto_hdr *hdr); extern void proto_packet_finish(void); extern void proto_packet_update(uint32_t idx); +extern struct packet *proto_hdr_packet(struct proto_hdr *hdr); extern struct proto_hdr *proto_hdr_push_sub_header(struct proto_hdr *hdr, int id); extern void proto_hdr_move_sub_header(struct proto_hdr *hdr, struct proto_hdr *from, struct proto_hdr *to); -- 2.9.3 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH 2/3] trafgen: dev_io: Change read/write to specify struct packet *
Refactor dev_io_ops read & write to specify struct packet *, it may simplify a bit a caller logic. And it allow to keep required members within one struct packet object. Signed-off-by: Vadim Kochan --- trafgen.c| 25 - trafgen_conf.h | 2 +- trafgen_dev.c| 48 +--- trafgen_dev.h| 12 +++- trafgen_parser.y | 6 -- 5 files changed, 49 insertions(+), 44 deletions(-) diff --git a/trafgen.c b/trafgen.c index 207b680..97ac046 100644 --- a/trafgen.c +++ b/trafgen.c @@ -684,7 +684,7 @@ static void xmit_slowpath_or_die(struct ctx *ctx, unsigned int cpu, unsigned lon while (likely(sigint == 0 && num > 0 && plen > 0)) { packet_apply_dyn_elements(i); retry: - ret = dev_io_write(ctx->dev_out, packets[i].payload, packets[i].len); + ret = dev_io_write(ctx->dev_out, &packets[i]); if (unlikely(ret < 0)) { if (errno == ENOBUFS) { sched_yield(); @@ -937,27 +937,10 @@ static void xmit_packet_precheck(struct ctx *ctx, unsigned int cpu) static void pcap_load_packets(struct dev_io *dev) { - struct timespec tstamp; - size_t buf_len; - uint8_t *buf; - int pkt_len; + struct packet *pkt; - buf_len = round_up(1024 * 1024, RUNTIME_PAGE_SIZE); - buf = xmalloc_aligned(buf_len, CO_CACHE_LINE_SIZE); - - while ((pkt_len = dev_io_read(dev, buf, buf_len, &tstamp)) > 0) { - struct packet *pkt; - - realloc_packet(); - - pkt = current_packet(); - pkt->len = pkt_len; - pkt->payload = xzmalloc(pkt_len); - memcpy(pkt->payload, buf, pkt_len); - memcpy(&pkt->tstamp, &tstamp, sizeof(tstamp)); - } - - free(buf); + while ((pkt = dev_io_read(dev)) != 0) + /* nothing to do */; } static void main_loop(struct ctx *ctx, char *confname, bool slow, diff --git a/trafgen_conf.h b/trafgen_conf.h index 2af830d..7e922fe 100644 --- a/trafgen_conf.h +++ b/trafgen_conf.h @@ -80,6 +80,6 @@ extern void set_fill(uint8_t val, size_t len); extern struct packet *current_packet(void); extern uint32_t current_packet_id(void); extern struct packet *packet_get(uint32_t id); -extern void realloc_packet(void); +extern struct packet *realloc_packet(void); #endif /* TRAFGEN_CONF */ diff --git a/trafgen_dev.c b/trafgen_dev.c index d7f1cd5..d613cce 100644 --- a/trafgen_dev.c +++ b/trafgen_dev.c @@ -19,6 +19,7 @@ #include "mac80211.h" #include "linktype.h" #include "trafgen_dev.h" +#include "trafgen_conf.h" static int dev_pcap_open(struct dev_io *dev, const char *name, enum dev_io_mode_t mode) { @@ -36,6 +37,8 @@ static int dev_pcap_open(struct dev_io *dev, const char *name, enum dev_io_mode_ } dev->pcap_mode = PCAP_MODE_RD; + dev->buf_len = round_up(1024 * 1024, RUNTIME_PAGE_SIZE); + dev->buf = xmalloc_aligned(dev->buf_len, CO_CACHE_LINE_SIZE); } else if (mode & DEV_IO_OUT) { if (!strncmp("-", name, strlen("-"))) { dev->fd = dup_or_die(fileno(stdout)); @@ -69,26 +72,35 @@ static int dev_pcap_open(struct dev_io *dev, const char *name, enum dev_io_mode_ return 0; } -static int dev_pcap_read(struct dev_io *dev, uint8_t *buf, size_t len, -struct timespec *tstamp) +static struct packet *dev_pcap_read(struct dev_io *dev) { + size_t len = dev->buf_len; + uint8_t *buf = dev->buf; pcap_pkthdr_t phdr; + struct packet *pkt; size_t pkt_len; if (dev->pcap_ops->read_pcap(dev->fd, &phdr, dev->pcap_magic, buf, len) <= 0) - return -1; + return NULL; pkt_len = pcap_get_length(&phdr, dev->pcap_magic); if (!pkt_len) - return -1; + return NULL; - pcap_get_tstamp(&phdr, dev->pcap_magic, tstamp); + pkt = realloc_packet(); - return pkt_len; + pkt->len = pkt_len; + pkt->payload = xzmalloc(pkt_len); + memcpy(pkt->payload, buf, pkt_len); + pcap_get_tstamp(&phdr, dev->pcap_magic, &pkt->tstamp); + + return pkt; } -static int dev_pcap_write(struct dev_io *dev, const uint8_t *buf, size_t len) +static int dev_pcap_write(struct dev_io *dev, const struct packet *pkt) { + uint8_t *buf = pkt->payload; + size_t len = pkt->len; struct timeval time; pcap_pkthdr_t phdr; int ret; @@ -130,8 +142,13 @@ static int dev_pcap_write(struct dev_io *dev, const uint8_t *buf, size_t len) static void dev_pcap_close(struct dev_io *dev) { -
[netsniff-ng] [PATCH v2 3/3] trafgen: Dump proto headers in *.cfg format
Added trafgen_dump.c module which dumps headers from packet in .cfg format. Packet is dumped if -o .cfg was specified, it might be useful to specify *.pcap file as input and convert it into .cfg file to edit proto fields in human readable format. To make it possible several main changes were added: 1) packet id is embedded into struct packet.id, and it is updated on each realloc_packet() 2) Added new struct proto_hdr.get_next_proto callback to make possible apply fields of next header. 3) Added new dev_io ops for writting packets into .cfg file, to re-use common dev_io mechsnism for packets dumping. Before dump the default ETH_PROTO fields are applied as first header and then next proto_hdr is identified via .get_next_proto(...) callback. Meanwhile only eth, arp, vlan, ip4, udp, & tcp protos can be dissected into *.cfg format. Signed-off-by: Vadim Kochan --- trafgen.8| 4 +- trafgen.c| 54 ++-- trafgen/Makefile | 1 + trafgen_conf.h | 2 + trafgen_dev.c| 36 +++- trafgen_dev.h| 4 +- trafgen_dump.c | 258 +++ trafgen_dump.h | 8 ++ trafgen_l2.c | 33 +++ trafgen_l3.c | 21 - trafgen_parser.y | 5 ++ trafgen_proto.c | 69 +-- trafgen_proto.h | 7 ++ 13 files changed, 460 insertions(+), 42 deletions(-) create mode 100644 trafgen_dump.c create mode 100644 trafgen_dump.h diff --git a/trafgen.8 b/trafgen.8 index 67aaaf9..f720043 100644 --- a/trafgen.8 +++ b/trafgen.8 @@ -74,9 +74,9 @@ It is also possible to specify PCAP file with .pcap extension via -i,--in option by default packets will be sent at rate considering timestamp from PCAP file which might be reset via -b/-t options. .PP -.SS -o , -d , --out , --dev +.SS -o , -d , --out , --dev Defines the outgoing networking device such as eth0, wlan0 and others or -a pcap file. +a *.pcap or *.cfg file. Pcap and configuration files are identified by extension. .PP .SS -p, --cpp Pass the packet configuration to the C preprocessor before reading it into diff --git a/trafgen.c b/trafgen.c index 97ac046..9b54399 100644 --- a/trafgen.c +++ b/trafgen.c @@ -185,31 +185,31 @@ static void __noreturn help(void) puts("http://www.netsniff-ng.org\n\n"; "Usage: trafgen [options] [packet]\n" "Options:\n" -" -i|-c|--in|--conf Packet configuration file/stdin\n" -" -o|-d|--out|--dev Networking device i.e., eth0\n" -" -p|--cpp Run packet config through C preprocessor\n" -" -D|--defineAdd macro/define for C preprocessor\n" -" -J|--jumbo-support Support 64KB super jumbo frames (def: 2048B)\n" -" -R|--rfraw Inject raw 802.11 frames\n" -" -s|--smoke-test Probe if machine survived fuzz-tested packet\n" -" -n|--num Number of packets until exit (def: 0)\n" -" -r|--rand Randomize packet selection (def: round robin)\n" -" -P|--cpusSpecify number of forks(<= CPUs) (def: #CPUs)\n" -" -t|--gap Set approx. interpacket gap (s/ms/us/ns, def: us)\n" -" -b|--rateSend traffic at specified rate (pps/B/kB/MB/GB/kbit/Mbit/Gbit/KiB/MiB/GiB)\n" -" -S|--ring-size Manually set mmap size (KiB/MiB/GiB)\n" -" -E|--seedManually set srand(3) seed\n" -" -u|--user Drop privileges and change to userid\n" -" -g|--groupDrop privileges and change to groupid\n" -" -H|--prio-high Make this high priority process\n" -" -A|--no-sock-mem Don't tune core socket memory\n" -" -Q|--notouch-irq Do not touch IRQ CPU affinity of NIC\n" -" -q|--qdisc-pathEnable qdisc kernel path (default off since 3.14)\n" -" -V|--verbose Be more verbose\n" -" -C|--no-cpu-stats Do not print CPU time statistics on exit\n" -" -v|--version Show version and exit\n" -" -e|--example Show built-in packet config example\n" -" -h|--help Guess what?!\n\n" +" -i|-c|--in|--conf Packet configuration file/stdin\n" +" -o|-d|--out|--dev Networking device or configuration file i
[netsniff-ng] [PATCH v2 0/3] trafgen: Add dump of proto headers into *.cfg format
Added trafgen_dump.c module which dumps headers from packet in .cfg format. Packet is dumped if -o .cfg was specified, it might be useful to specify *.pcap file as input and convert it into .cfg file to edit proto fields in human readable format. To make it possible several main changes were added: 1) packet id is embedded into struct packet.id, and it is updated on each realloc_packet() 2) Added new struct proto_hdr.get_next_proto callback to make possible apply fields of next header. 3) Added new dev_io ops for writting packets into .cfg file, to re-use common dev_io mechsnism for packets dumping. 4) Changed dev_io ops read/write to specify struct packet * instead of buf & count. 5) Updated trafgen_proto.c to obtain packet from the header if possible to do not depend on last packet, which is not right way to get related packet. Before dump the default ETH_PROTO fields are applied as first header and then next proto_hdr is identified via .get_next_proto(...) callback. Meanwhile only eth, arp, vlan, ip4, udp, & tcp protos can be dissected into *.cfg format. v2: 1) Missed local patch Vadim Kochan (3): trafgen: Get packet from proto_hdr if possible trafgen: dev_io: Change read/write to specify struct packet * trafgen: Dump proto headers in *.cfg format trafgen.8| 4 +- trafgen.c| 79 +++-- trafgen/Makefile | 1 + trafgen_conf.h | 4 +- trafgen_dev.c| 78 + trafgen_dev.h| 12 +-- trafgen_dump.c | 258 +++ trafgen_dump.h | 8 ++ trafgen_l2.c | 33 +++ trafgen_l3.c | 25 +- trafgen_l4.c | 4 +- trafgen_parser.y | 11 ++- trafgen_proto.c | 79 +++-- trafgen_proto.h | 10 +++ 14 files changed, 519 insertions(+), 87 deletions(-) create mode 100644 trafgen_dump.c create mode 100644 trafgen_dump.h -- 2.9.3 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH v2 2/3] trafgen: dev_io: Change read/write to specify struct packet *
Refactor dev_io_ops read & write to specify struct packet *, it may simplify a bit a caller logic. And it allow to keep required members within one struct packet object. Signed-off-by: Vadim Kochan --- trafgen.c| 25 - trafgen_conf.h | 2 +- trafgen_dev.c| 48 +--- trafgen_dev.h| 12 +++- trafgen_parser.y | 6 -- 5 files changed, 49 insertions(+), 44 deletions(-) diff --git a/trafgen.c b/trafgen.c index 207b680..97ac046 100644 --- a/trafgen.c +++ b/trafgen.c @@ -684,7 +684,7 @@ static void xmit_slowpath_or_die(struct ctx *ctx, unsigned int cpu, unsigned lon while (likely(sigint == 0 && num > 0 && plen > 0)) { packet_apply_dyn_elements(i); retry: - ret = dev_io_write(ctx->dev_out, packets[i].payload, packets[i].len); + ret = dev_io_write(ctx->dev_out, &packets[i]); if (unlikely(ret < 0)) { if (errno == ENOBUFS) { sched_yield(); @@ -937,27 +937,10 @@ static void xmit_packet_precheck(struct ctx *ctx, unsigned int cpu) static void pcap_load_packets(struct dev_io *dev) { - struct timespec tstamp; - size_t buf_len; - uint8_t *buf; - int pkt_len; + struct packet *pkt; - buf_len = round_up(1024 * 1024, RUNTIME_PAGE_SIZE); - buf = xmalloc_aligned(buf_len, CO_CACHE_LINE_SIZE); - - while ((pkt_len = dev_io_read(dev, buf, buf_len, &tstamp)) > 0) { - struct packet *pkt; - - realloc_packet(); - - pkt = current_packet(); - pkt->len = pkt_len; - pkt->payload = xzmalloc(pkt_len); - memcpy(pkt->payload, buf, pkt_len); - memcpy(&pkt->tstamp, &tstamp, sizeof(tstamp)); - } - - free(buf); + while ((pkt = dev_io_read(dev)) != 0) + /* nothing to do */; } static void main_loop(struct ctx *ctx, char *confname, bool slow, diff --git a/trafgen_conf.h b/trafgen_conf.h index 2af830d..7e922fe 100644 --- a/trafgen_conf.h +++ b/trafgen_conf.h @@ -80,6 +80,6 @@ extern void set_fill(uint8_t val, size_t len); extern struct packet *current_packet(void); extern uint32_t current_packet_id(void); extern struct packet *packet_get(uint32_t id); -extern void realloc_packet(void); +extern struct packet *realloc_packet(void); #endif /* TRAFGEN_CONF */ diff --git a/trafgen_dev.c b/trafgen_dev.c index d7f1cd5..d613cce 100644 --- a/trafgen_dev.c +++ b/trafgen_dev.c @@ -19,6 +19,7 @@ #include "mac80211.h" #include "linktype.h" #include "trafgen_dev.h" +#include "trafgen_conf.h" static int dev_pcap_open(struct dev_io *dev, const char *name, enum dev_io_mode_t mode) { @@ -36,6 +37,8 @@ static int dev_pcap_open(struct dev_io *dev, const char *name, enum dev_io_mode_ } dev->pcap_mode = PCAP_MODE_RD; + dev->buf_len = round_up(1024 * 1024, RUNTIME_PAGE_SIZE); + dev->buf = xmalloc_aligned(dev->buf_len, CO_CACHE_LINE_SIZE); } else if (mode & DEV_IO_OUT) { if (!strncmp("-", name, strlen("-"))) { dev->fd = dup_or_die(fileno(stdout)); @@ -69,26 +72,35 @@ static int dev_pcap_open(struct dev_io *dev, const char *name, enum dev_io_mode_ return 0; } -static int dev_pcap_read(struct dev_io *dev, uint8_t *buf, size_t len, -struct timespec *tstamp) +static struct packet *dev_pcap_read(struct dev_io *dev) { + size_t len = dev->buf_len; + uint8_t *buf = dev->buf; pcap_pkthdr_t phdr; + struct packet *pkt; size_t pkt_len; if (dev->pcap_ops->read_pcap(dev->fd, &phdr, dev->pcap_magic, buf, len) <= 0) - return -1; + return NULL; pkt_len = pcap_get_length(&phdr, dev->pcap_magic); if (!pkt_len) - return -1; + return NULL; - pcap_get_tstamp(&phdr, dev->pcap_magic, tstamp); + pkt = realloc_packet(); - return pkt_len; + pkt->len = pkt_len; + pkt->payload = xzmalloc(pkt_len); + memcpy(pkt->payload, buf, pkt_len); + pcap_get_tstamp(&phdr, dev->pcap_magic, &pkt->tstamp); + + return pkt; } -static int dev_pcap_write(struct dev_io *dev, const uint8_t *buf, size_t len) +static int dev_pcap_write(struct dev_io *dev, const struct packet *pkt) { + uint8_t *buf = pkt->payload; + size_t len = pkt->len; struct timeval time; pcap_pkthdr_t phdr; int ret; @@ -130,8 +142,13 @@ static int dev_pcap_write(struct dev_io *dev, const uint8_t *buf, size_t len) static void dev_pcap_close(struct dev_io *dev) { -
[netsniff-ng] [PATCH v2 1/3] trafgen: Get packet from proto_hdr if possible
Replace using current_packet() by new proto_hdr_packet(hdr) function to obtain packet directly from header. This is more generic and flexible way, because it guarantees that packet really belongs to the header, which in case in current_packet() is not right because it means getting of last allocated packet. Signed-off-by: Vadim Kochan --- trafgen_l3.c| 4 ++-- trafgen_l4.c| 4 ++-- trafgen_proto.c | 10 -- trafgen_proto.h | 3 +++ 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/trafgen_l3.c b/trafgen_l3.c index 7199b89..48790e5 100644 --- a/trafgen_l3.c +++ b/trafgen_l3.c @@ -81,7 +81,7 @@ static void ipv4_csum_update(struct proto_hdr *hdr) static void ipv4_packet_finish(struct proto_hdr *hdr) { - struct packet *pkt = current_packet(); + struct packet *pkt = proto_hdr_packet(hdr); uint16_t total_len; total_len = pkt->len - hdr->pkt_offset; @@ -166,7 +166,7 @@ static void ipv6_field_changed(struct proto_field *field) static void ipv6_packet_finish(struct proto_hdr *hdr) { - struct packet *pkt = current_packet(); + struct packet *pkt = proto_hdr_packet(hdr); uint16_t total_len = pkt->len - hdr->pkt_offset - IPV6_HDR_LEN; proto_hdr_field_set_default_be16(hdr, IP6_LEN, total_len); diff --git a/trafgen_l4.c b/trafgen_l4.c index 198d622..c596d21 100644 --- a/trafgen_l4.c +++ b/trafgen_l4.c @@ -71,7 +71,7 @@ static void udp_csum_update(struct proto_hdr *hdr) static void udp_packet_finish(struct proto_hdr *hdr) { - struct packet *pkt = current_packet(); + struct packet *pkt = proto_hdr_packet(hdr); uint16_t total_len; total_len = pkt->len - hdr->pkt_offset; @@ -142,7 +142,7 @@ static void tcp_field_changed(struct proto_field *field) static void tcp_csum_update(struct proto_hdr *hdr) { struct proto_hdr *lower = proto_lower_header(hdr); - struct packet *pkt = current_packet(); + struct packet *pkt = proto_hdr_packet(hdr); uint16_t total_len; uint16_t csum; diff --git a/trafgen_proto.c b/trafgen_proto.c index c2cbffb..1d978e3 100644 --- a/trafgen_proto.c +++ b/trafgen_proto.c @@ -30,6 +30,11 @@ static struct ctx ctx; static const struct proto_ops *registered_ops[__PROTO_MAX]; +struct packet *proto_hdr_packet(struct proto_hdr *hdr) +{ + return packet_get(hdr->pkt_id); +} + struct proto_hdr *proto_lower_header(struct proto_hdr *hdr) { struct packet *pkt = packet_get(hdr->pkt_id); @@ -266,12 +271,13 @@ void proto_hdr_move_sub_header(struct proto_hdr *hdr, struct proto_hdr *from, struct proto_hdr *proto_lower_default_add(struct proto_hdr *upper, enum proto_id pid) { + struct packet *pkt = proto_hdr_packet(upper); + size_t headers_count = pkt->headers_count; struct proto_hdr *current; - size_t headers_count = current_packet()->headers_count; const struct proto_ops *ops; if (headers_count > 0) { - current = current_packet()->headers[headers_count - 1]; + current = pkt->headers[headers_count - 1]; ops = current->ops; if (ops->layer >= proto_ops_by_id(pid)->layer) diff --git a/trafgen_proto.h b/trafgen_proto.h index d3da963..36b8f2b 100644 --- a/trafgen_proto.h +++ b/trafgen_proto.h @@ -7,6 +7,8 @@ #include "trafgen_dev.h" +struct packet; + enum proto_id { PROTO_NONE = 0, PROTO_ETH, @@ -104,6 +106,7 @@ extern void proto_header_finish(struct proto_hdr *hdr); extern void proto_packet_finish(void); extern void proto_packet_update(uint32_t idx); +extern struct packet *proto_hdr_packet(struct proto_hdr *hdr); extern struct proto_hdr *proto_hdr_push_sub_header(struct proto_hdr *hdr, int id); extern void proto_hdr_move_sub_header(struct proto_hdr *hdr, struct proto_hdr *from, struct proto_hdr *to); -- 2.9.3 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] Re: [PATCH] trafgen: fix packet socket initialization with multiple CPUs
Thanks Paolo! Shame on me, I did not test it properly :( On Wed, Sep 13, 2017 at 6:54 PM, Paolo Abeni wrote: > The commit 78c13b71e196 ("trafgen: Allow to generate packets > to output pcap file") introduced a regression when output is > a network device and multiple CPU are in use: the packet > socket is created before fork() and thus the socket is shared > among all the processes: all of them except the first will > fail while setting the tx_ring. > > Fix it splitting the io open() helper in a create() op, > called before forking, and the open() op called by each process. > > Fixes: 78c13b71e196 ("trafgen: Allow to generate packets to output pcap > file") > Signed-off-by: Paolo Abeni > --- > trafgen.c | 6 -- > trafgen_dev.c | 21 + > trafgen_dev.h | 4 +++- > 3 files changed, 20 insertions(+), 11 deletions(-) > > diff --git a/trafgen.c b/trafgen.c > index 9b54399..9c5a9a6 100644 > --- a/trafgen.c > +++ b/trafgen.c > @@ -977,6 +977,7 @@ static void main_loop(struct ctx *ctx, char *confname, > bool slow, > fflush(stdout); > } > > + dev_io_open(ctx->dev_out); > if (dev_io_is_netdev(ctx->dev_out) && ctx->qdisc_path == false) > set_sock_qdisc_bypass(dev_io_fd_get(ctx->dev_out), > ctx->verbose); > > @@ -1266,12 +1267,13 @@ int main(int argc, char **argv) > xlockme(); > > if (ctx.pcap_in) { > - ctx.dev_in = dev_io_open(ctx.pcap_in, DEV_IO_IN); > + ctx.dev_in = dev_io_create(ctx.pcap_in, DEV_IO_IN); > if (!ctx.dev_in) > panic("Failed to open input device\n"); > + dev_io_open(ctx.dev_in); > } > > - ctx.dev_out = dev_io_open(ctx.device, DEV_IO_OUT); > + ctx.dev_out = dev_io_create(ctx.device, DEV_IO_OUT); > if (!ctx.dev_out) > panic("Failed to open output device\n"); > > diff --git a/trafgen_dev.c b/trafgen_dev.c > index f65442f..489da98 100644 > --- a/trafgen_dev.c > +++ b/trafgen_dev.c > @@ -242,10 +242,11 @@ static const struct dev_io_ops dev_cfg_ops = { > .close = dev_cfg_close, > }; > > -struct dev_io *dev_io_open(const char *name, enum dev_io_mode_t mode) > +struct dev_io *dev_io_create(const char *name, enum dev_io_mode_t mode) > { > struct dev_io *dev = xzmalloc(sizeof(struct dev_io)); > > + dev->mode = mode; > if (strstr(name, ".pcap")) { > dev->name = xstrdup(name); > dev->ops = &dev_pcap_ops; > @@ -260,16 +261,20 @@ struct dev_io *dev_io_open(const char *name, enum > dev_io_mode_t mode) > return NULL; > } > > - if (dev->ops->open) { > - if (dev->ops->open(dev, name, mode)) { > - xfree(dev); > - return NULL; > - } > - } > - > return dev; > }; > > +extern void dev_io_open(struct dev_io *dev) > +{ > + bug_on(!dev); > + bug_on(!dev->ops); > + > + if (dev->ops->open) > + if (dev->ops->open(dev, dev->name, dev->mode)) > + panic("Cannot open io %s mode %d\n", dev->name, > + dev->mode); > +} > + > int dev_io_write(struct dev_io *dev, struct packet *pkt) > { > bug_on(!dev); > diff --git a/trafgen_dev.h b/trafgen_dev.h > index 80086d7..bcb88f3 100644 > --- a/trafgen_dev.h > +++ b/trafgen_dev.h > @@ -24,6 +24,7 @@ struct dev_io { > uint32_t pcap_magic; > bool is_initialized; > enum pcap_mode pcap_mode; > + enum dev_io_mode_t mode; > size_t buf_len; > uint8_t *buf; > > @@ -39,7 +40,8 @@ struct dev_io_ops { > void(*close) (struct dev_io *dev); > }; > > -extern struct dev_io *dev_io_open(const char *name, enum dev_io_mode_t > mode); > +extern struct dev_io *dev_io_create(const char *name, enum dev_io_mode_t > mode); > +extern void dev_io_open(struct dev_io *dev); > extern int dev_io_write(struct dev_io *dev, struct packet *pkt); > extern struct packet *dev_io_read(struct dev_io *dev); > extern int dev_io_ifindex_get(struct dev_io *dev); > -- > 2.13.5 > > -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] Re: Cannot get /GeoIP.dat.gz from mirrors!
Hi Lupe, Which version do you use ? Regards, Vadim Kochan On Wed, Nov 22, 2017 at 8:43 PM, Lupe Villalpando < lupe.villalpa...@yardi.com> wrote: > this is the command i am running > > astraceroute -i eth0 -N -S -H netsniff-ng.org > > > -- > *From:* Lupe Villalpando > *Sent:* Wednesday, November 22, 2017 10:40:52 AM > *To:* netsniff-ng@googlegroups.com > *Subject:* Cannot get /GeoIP.dat.gz from mirrors! > > > Hello I am trying to use this astraceroute for my script, but when i run > it from the command line I get this error : > > > > Cannot get /GeoIP.dat.gz from mirrors! > > -- > You received this message because you are subscribed to the Google Groups > "netsniff-ng" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to netsniff-ng+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] Re: [ANNOUNCE] Preparing for netsniff-ng release v0.6.4
Hi All, I just noticed there some bug reports, I will look on them on weekend, I assume it is better to wait with release unless isues will be fixed ? Regards, Vadim On Fri, Dec 8, 2017 at 6:57 PM, @mandarg wrote: > On Friday, October 20, 2017 at 9:29:28 AM UTC-4, Tobias Klauser wrote: > > The final release is planned in two > > weeks time. Afterwards the tree is open again for new features and more > > experimental changes. > > Is there an estimated date for when the release will be tagged? Asking > since I'm debating whether to separately pull some patches into my packaged > version, or just wait for the tagged release. > > > Thanks and regards, > Mandar > > -- > You received this message because you are subscribed to the Google Groups > "netsniff-ng" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to netsniff-ng+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] Re: [ANNOUNCE] Preparing for netsniff-ng release v0.6.4
Hi Tobias, Looks like its data-race issue, can't reproduce it yet, *BUT*, looking into the code it looks like I missed to remove flow entry from the proc_entry->flows list while flow entry is removing & freeing from the global list, plz give me few more days for testing & fixing if its possible. Regards, Vadim Kochan On Thu, Dec 14, 2017 at 2:47 PM, Tobias Klauser wrote: > On 2017-12-11 at 09:08:15 +0100, Tobias Klauser > wrote: > > On 2017-12-08 at 18:30:24 +0100, Vadim Kochan wrote: > > > Hi All, > > > > > > I just noticed there some bug reports, I will look on them on weekend, > I > > > assume it is better > > > to wait with release unless isues will be fixed ? > > > > Yes, in particular https://github.com/netsniff-ng/netsniff-ng/issues/183 > > worries me a bit. Would be nice to get it fixed before the release. If > > we're not able to find a fix within 2-3 days, I'd say we could still do > > a release with the current state (as the bug already seems to be present > > in 0.6.3 anyway) and do another release once we find a fix. > > > > Thanks for looking into this! > > Vadim, any progress? If not, I'd mention this as a known issue in the > release notes for now and still go forward with the release (we can > still do a point release if we find a fix for it soon). > > As for the release, I'd like to pull in PR 184 [1] which fixes an > obvious bug. > > [1] https://github.com/netsniff-ng/netsniff-ng/pull/184 > > Tobias > -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] flowtop: Use RCU flow deletion from process entry
Use cds_list_del_rcu for safer deletion flow from the process flow list to prevent possible use-after-free by UI thread when it is refreshing the processes. It may fix the #183 issue. Signed-off-by: Vadim Kochan --- flowtop.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flowtop.c b/flowtop.c index 0a3c514..8b69d65 100644 --- a/flowtop.c +++ b/flowtop.c @@ -477,7 +477,7 @@ static int flow_list_del_entry(struct flow_list *fl, const struct nf_conntrack * n = flow_list_find_id(fl, nfct_get_attr_u32(ct, ATTR_ID)); if (n) { if (n->proc) { - cds_list_del(&n->proc_head); + cds_list_del_rcu(&n->proc_head); n->proc->flows_count--; } -- 2.14.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] Re: Trafgen: Warning: Out of Memory
Hi Chandra, Sorry for the late response ! Would you please provide commands which did you use ? Thanks! On Tue, Dec 5, 2017 at 1:26 PM, wrote: > while running trafgen commands , i am getting segmentation fault (cpre > dump). > > can someone please guide me to move further ? > > Thanks, > Chandra > > -- > You received this message because you are subscribed to the Google Groups > "netsniff-ng" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to netsniff-ng+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] flowtop: Fix use-after-free on filter reload
There is missing logic which removes flown entry from related proc's entry while destroying global flows list on filter reloading, hence add common __flow_list_del_entry which handles this logic for both cases - when ct destroyed or filter changed. This is a 2nd fix for issue #183. Signed-off-by: Vadim Kochan --- flowtop.c | 30 -- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/flowtop.c b/flowtop.c index 8b69d65..7de4d11 100644 --- a/flowtop.c +++ b/flowtop.c @@ -470,20 +470,24 @@ static struct flow_entry *flow_list_find_id(struct flow_list *fl, uint32_t id) return NULL; } +static void __flow_list_del_entry(struct flow_list *fl, struct flow_entry *n) +{ + if (n->proc) { + cds_list_del_rcu(&n->proc_head); + n->proc->flows_count--; + } + + cds_list_del_rcu(&n->entry); + call_rcu(&n->rcu, flow_entry_xfree_rcu); +} + static int flow_list_del_entry(struct flow_list *fl, const struct nf_conntrack *ct) { struct flow_entry *n; n = flow_list_find_id(fl, nfct_get_attr_u32(ct, ATTR_ID)); - if (n) { - if (n->proc) { - cds_list_del_rcu(&n->proc_head); - n->proc->flows_count--; - } - - cds_list_del_rcu(&n->entry); - call_rcu(&n->rcu, flow_entry_xfree_rcu); - } + if (n) + __flow_list_del_entry(fl, n); return NFCT_CB_CONTINUE; } @@ -492,10 +496,8 @@ static void flow_list_destroy(struct flow_list *fl) { struct flow_entry *n, *tmp; - cds_list_for_each_entry_safe(n, tmp, &fl->head, entry) { - cds_list_del_rcu(&n->entry); - call_rcu(&n->rcu, flow_entry_xfree_rcu); - } + cds_list_for_each_entry_safe(n, tmp, &fl->head, entry) + __flow_list_del_entry(fl, n); } static void proc_list_init(struct proc_list *proc_list) @@ -562,7 +564,7 @@ static void flow_entry_find_process(struct flow_entry *n) p->stat.bytes_dst += n->stat.bytes_dst; p->flows_count++; - cds_list_add(&n->proc_head, &p->flows); + cds_list_add_rcu(&n->proc_head, &p->flows); n->proc = p; } -- 2.14.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] Re: [PATCH] flowtop: Fix use-after-free on filter reload
Thats really strange, because before this patch I really easy triggered the issue, but now I cant. On Tue, Dec 19, 2017 at 11:12 AM, Tobias Klauser wrote: > On 2017-12-18 at 23:38:18 +0100, Vadim Kochan wrote: > > There is missing logic which removes flown entry from > > related proc's entry while destroying global flows list on > > filter reloading, hence add common __flow_list_del_entry which > > handles this logic for both cases - when ct destroyed or filter > > changed. > > > > This is a 2nd fix for issue #183. > > Thanks for the patch. While it is certainly correct, it unfortunately > still doesn't fix #183 properly. I can still trigger a segfault by > repeatedly enabling/disabling TCP, UDP and ICMP flows ('T', 'U' or 'I' > key). > -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] Re: [PATCH] flowtop: Fix use-after-free on filter reload
May it possible that you tried flowtop compiled without the fix ? On Tue, Dec 19, 2017 at 12:18 PM, Vadim Kochan wrote: > Thats really strange, because before this patch I really easy triggered > the issue, but > now I cant. > > On Tue, Dec 19, 2017 at 11:12 AM, Tobias Klauser > wrote: > >> On 2017-12-18 at 23:38:18 +0100, Vadim Kochan wrote: >> > There is missing logic which removes flown entry from >> > related proc's entry while destroying global flows list on >> > filter reloading, hence add common __flow_list_del_entry which >> > handles this logic for both cases - when ct destroyed or filter >> > changed. >> > >> > This is a 2nd fix for issue #183. >> >> Thanks for the patch. While it is certainly correct, it unfortunately >> still doesn't fix #183 properly. I can still trigger a segfault by >> repeatedly enabling/disabling TCP, UDP and ICMP flows ('T', 'U' or 'I' >> key). >> > > -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] Re: [PATCH] flowtop: Fix use-after-free on filter reload
On Tue, Dec 19, 2017 at 12:30 PM, Tobias Klauser wrote: > On 2017-12-19 at 11:24:40 +0100, Vadim Kochan wrote: > > May it possible that you tried flowtop compiled without the fix ? > > No, I made sure to have the patch applied and recompiled flowtop. I can > still quite reliably reproduce the issue and flowtop sometimes even > segfaults on startup before displaying anything. > > > On Tue, Dec 19, 2017 at 12:18 PM, Vadim Kochan > wrote: > > > > > Thats really strange, because before this patch I really easy triggered > > > the issue, but > > > now I cant. > > > > > > On Tue, Dec 19, 2017 at 11:12 AM, Tobias Klauser > > > wrote: > > > > > >> On 2017-12-18 at 23:38:18 +0100, Vadim Kochan > wrote: > > >> > There is missing logic which removes flown entry from > > >> > related proc's entry while destroying global flows list on > > >> > filter reloading, hence add common __flow_list_del_entry which > > >> > handles this logic for both cases - when ct destroyed or filter > > >> > changed. > > >> > > > >> > This is a 2nd fix for issue #183. > > >> > > >> Thanks for the patch. While it is certainly correct, it unfortunately > > >> still doesn't fix #183 properly. I can still trigger a segfault by > > >> repeatedly enabling/disabling TCP, UDP and ICMP flows ('T', 'U' or 'I' > > >> key). > > >> > > > > > > > Hi Tobias, Looks like https://github.com/netsniff-ng/netsniff-ng/issues/183 is not reproducible, do you still see issues with flowtop ? Regards, Vadim Kochan -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] Trafgen & mz
On Fri, Apr 13, 2018 at 8:51 AM, jack scholte wrote: > > Hi all, > > Great tools but about: > > Trafgen, with -b Option i.e. 100 Mbps results in microbursts. Thus a lot > of packets with a very small intergap (us) and than some msec nothing. > While testing a shaping policy, the queue couldn’t handle the microbursts. > Fortunate I was able to use the intergap Option instead of bit rate. > > Mausezahn: I was not able to use -a with the -b -A -B Option. Also a L3 > dsfield would-be Nice. > > Best regards > > Jack > > -- > You received this message because you are subscribed to the Google Groups > "netsniff-ng" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to netsniff-ng+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > Hi Jack! Thank you for suggestions and report! Regarding trafgen -b option you mean that is would be better if the packets delay was better normalized regarding the rate ? Regards, Vadim Kochan -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] Re: about trafgen configuration file dinc question
Hi, On Wednesday, July 3, 2019 at 9:51:18 AM UTC+3, 刘伟灿 wrote: > > hi,i'm from china. > > In my trafgen configuration file, i want to add runtime counter(8 > bytes).dinc only support 1 byte. > > what can i do for this? > > thanks&best regrads! > > Weican Liu > > > Looks like it needs to be implemented. Regards, Vadim Kochan -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/netsniff-ng/e04a3ca0-36bf-4873-94f0-c0ebe183bac5%40googlegroups.com.
[netsniff-ng] [PATCH] sock: Add cause message in case of error
From: Vadim Kochan Date: Sat, 10 Jan 2015 00:35:10 +0200 Added error messages which caused the error state of the socket functions, so it makes message like: $ ./netsniff-ng/netsniff-ng -i wlp3s0 Creation of PF socket failed: Operation not permitted more understandable. Signed-off-by: Vadim Kochan --- sock.c | 18 +- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/sock.c b/sock.c index 6c973ed..fbf50d8 100644 --- a/sock.c +++ b/sock.c @@ -19,7 +19,7 @@ int af_socket(int af) sock = socket(af, SOCK_DGRAM, 0); if (unlikely(sock < 0)) - panic("Creation AF socket failed!\n"); + panic("Creation AF socket failed: %s\n", strerror(errno)); return sock; } @@ -28,7 +28,7 @@ int pf_socket(void) { int sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); if (unlikely(sock < 0)) - panic("Creation of PF socket failed!\n"); + panic("Creation of PF socket failed: %s\n", strerror(errno)); return sock; } @@ -37,7 +37,7 @@ int pf_tx_socket(void) { int sock = socket(PF_PACKET, SOCK_RAW, 0); if (unlikely(sock < 0)) - panic("Creation of PF TX socket failed!\n"); + panic("Creation of PF TX socket failed: %s\n", strerror(errno)); return sock; } @@ -67,14 +67,14 @@ void set_sock_prio(int fd, int prio) ret = setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &val, sizeof(val)); if (unlikely(ret)) - panic("Cannot set socket priority!\n"); + panic("Cannot set socket priority: %s\n", strerror(errno)); } void set_nonblocking(int fd) { int ret = fcntl(fd, F_SETFL, fcntl(fd, F_GETFD, 0) | O_NONBLOCK); if (unlikely(ret < 0)) - panic("Cannot fcntl!\n"); + panic("Cannot fcntl: %s\n", strerror(errno)); } int set_nonblocking_sloppy(int fd) @@ -88,7 +88,7 @@ void set_socket_keepalive(int fd) ret = setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)); if (unlikely(ret)) - panic("Cannot set TCP keepalive!\n"); + panic("Cannot set TCP keepalive: %s\n", strerror(errno)); } void set_tcp_nodelay(int fd) @@ -97,7 +97,7 @@ void set_tcp_nodelay(int fd) ret = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &one, sizeof(one)); if (unlikely(ret)) - panic("Cannot set TCP nodelay!\n"); + panic("Cannot set TCP nodelay: %s\n", strerror(errno)); } int set_ipv6_only(int fd) @@ -112,7 +112,7 @@ int set_reuseaddr(int fd) ret = setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)); if (unlikely(ret < 0)) - panic("Cannot reuse addr!\n"); + panic("Cannot reuse addr: %s\n", strerror(errno)); return 0; } @@ -123,7 +123,7 @@ void set_mtu_disc_dont(int fd) ret = setsockopt(fd, SOL_IP, IP_MTU_DISCOVER, &mtu, sizeof(mtu)); if (unlikely(ret)) - panic("Cannot set MTU discovery options!\n"); + panic("Cannot set MTU discovery options: %s\n", strerror(errno)); } enum { -- 2.1.3 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] gitignore: Add compiled executables
From: Vadim Kochan Add following files to ignore list: astraceroute/astraceroute bpfc/bpfc curvetun/curvetun curvetun/abiname flowtop/flowtop ifpps/ifpps mausezahn/mausezahn netsniff-ng/netsniff-ng trafgen/trafgen Signed-off-by: Vadim Kochan --- .gitignore | 11 +++ 1 file changed, 11 insertions(+) diff --git a/.gitignore b/.gitignore index c9599d7..115e4dc 100644 --- a/.gitignore +++ b/.gitignore @@ -23,6 +23,17 @@ *.la *.a +# Compiled executables +astraceroute/astraceroute +bpfc/bpfc +curvetun/curvetun +curvetun/abiname +flowtop/flowtop +ifpps/ifpps +mausezahn/mausezahn +netsniff-ng/netsniff-ng +trafgen/trafgen + # cscope/ctags index files cscope* tags -- 2.1.3 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] netsniff: Allow filter input pcap file to output pcap
From: Vadim Kochan It might be useful to filter out interesting traffic from input pcap to output pcap file which will contain only filtered packets: $ netsniff-ng -i input.pcap -o output.pcap ip src 192.168.1.198 Now it is possible by specifying output pcap file with ".pcap" extension, otherwise the trafgen file will be generated as by default. Signed-off-by: Vadim Kochan --- netsniff-ng.8 | 5 +++-- netsniff-ng.c | 23 +-- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/netsniff-ng.8 b/netsniff-ng.8 index b6f129a..0884959 100644 --- a/netsniff-ng.8 +++ b/netsniff-ng.8 @@ -78,8 +78,9 @@ file that should not have the default pcap type (0xa1b2c3d4), the additional option \[lq]\-T\[rq] must be provided. If a directory is given, then, instead of a single pcap file, multiple pcap files are generated with rotation based on maximum file size or a given interval (\[lq]\-F\[rq] option). A trafgen configuration -file can currently only be specified if the input device is a pcap file. If -stdout is given as a device, then a trafgen configuration will be written to +file can currently only be specified if the input device is a pcap file. To +specify output device as pcap file the output file name must contain ".pcap" extension. +If stdout is given as a device, then a trafgen configuration will be written to stdout if the input device is a pcap file, or a pcap file if the input device is a networking device. .PP diff --git a/netsniff-ng.c b/netsniff-ng.c index 477c81d..e73c1a8 100644 --- a/netsniff-ng.c +++ b/netsniff-ng.c @@ -528,6 +528,8 @@ static void read_pcap(struct ctx *ctx) struct sock_fprog bpf_ops; struct frame_map fm; struct timeval start, end, diff; + bool is_out_pcap = ctx->device_out && strstr(ctx->device_out, ".pcap"); + const struct pcap_file_ops *pcap_out_ops = pcap_ops[PCAP_OPS_RW]; bug_on(!__pcap_io); @@ -537,7 +539,8 @@ static void read_pcap(struct ctx *ctx) if (ctx->pcap == PCAP_OPS_MM) ctx->pcap = PCAP_OPS_SG; } else { - fd = open_or_die(ctx->device_in, O_RDONLY | O_LARGEFILE | O_NOATIME); + fd = open_or_die(ctx->device_in, O_RDONLY | O_LARGEFILE | + O_NOATIME); } if (__pcap_io->init_once_pcap) @@ -574,6 +577,13 @@ static void read_pcap(struct ctx *ctx) } } + if (is_out_pcap) { + int rc = pcap_out_ops->push_fhdr_pcap(fdo, ctx->magic, + ctx->link_type); + if (rc) + panic("Error writing pcap header!\n"); + } + drop_privileges(ctx->enforce, ctx->uid, ctx->gid); printf("Running! Hang up with ^C!\n\n"); @@ -612,8 +622,16 @@ static void read_pcap(struct ctx *ctx) dissector_entry_point(out, fm.tp_h.tp_snaplen, ctx->link_type, ctx->print_mode); - if (ctx->device_out) + if (is_out_pcap) { + int pcap_len = pcap_get_length(&phdr, ctx->magic); + int wlen = pcap_out_ops->write_pcap(fdo, &phdr, + ctx->magic, out, pcap_len); + + if (unlikely(wlen != (int)pcap_get_total_length(&phdr, ctx->magic))) + panic("Write error to pcap!\n"); + } else if (ctx->device_out) { translate_pcap_to_txf(fdo, out, fm.tp_h.tp_snaplen); + } if (frame_count_max != 0) { if (ctx->tx_packets >= frame_count_max) { @@ -1132,6 +1150,7 @@ static void __noreturn help(void) " netsniff-ng --in wlan0 --rfraw --out dump.pcap --silent --bind-cpu 0\n" " netsniff-ng --in dump.pcap --mmap --out eth0 -k1000 --silent --bind-cpu 0\n" " netsniff-ng --in dump.pcap --out dump.cfg --silent --bind-cpu 0\n" +" netsniff-ng --in dump.pcap --out dump2.pcap --silent tcp\n" " netsniff-ng --in eth0 --out eth1 --silent --bind-cpu 0 -J --type host\n" " netsniff-ng --in eth1 --out /opt/probe/ -s -m --interval 100MiB -b 0\n" " netsniff-ng --in vlan0 --out dump.pcap -c -u `id -u bob` -g `id -g bob`\n" -- 2.1.3 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] geoip: Fix update failing
From: Vadim Kochan I have no enough arguments for this fix but it fixes the failing of geoip updating. Seems "shutdown(..)" closes socket too early. So shutdown(...) is removed and added "Connection: close" http header which says http server to close connection after response will be sent. Signed-off-by: Vadim Kochan --- geoip.c | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/geoip.c b/geoip.c index 0d5a4ed..7f4f718 100644 --- a/geoip.c +++ b/geoip.c @@ -162,6 +162,9 @@ static int geoip_get_database(const char *host, int which) size_t lenl = strlen("Content-Length: "); size_t lent = strlen("HTTP/1.1 200 OK"); size_t lenc = strlen("\r\n\r\n"); + char *http_req_fmt = "GET %s%s HTTP/1.1\n" +"Connection: close\n" +"Host: %s\r\n\r\n"; again: found = good = 0; @@ -172,7 +175,7 @@ again: if (sock < 0) return -EIO; - slprintf(raw, sizeof(raw), "GET %s%s HTTP/1.1\nHost: %s\r\n\r\n", + slprintf(raw, sizeof(raw), http_req_fmt, retry ? files[which].possible_prefix : "", files[which].remote, host); @@ -182,8 +185,6 @@ again: return -EIO; } - shutdown(sock, SHUT_WR); - slprintf(zfile, sizeof(zfile), "%s.gz", files[which].local); fd = open_or_die_m(zfile, O_WRONLY | O_CREAT | O_TRUNC, DEFFILEMODE); @@ -238,7 +239,7 @@ again: ptr = raw; len = ret; - } while(ret > 0); + } while (ret > 0); printf("\n"); -- 2.1.3 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] which code style use for mz?
Hi All, I am trying to make some changes to mz and mz has the really (for me) specific code style, so which code style should I use ? I suppose it should be kernel style coding ? Thanks, -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] mz: Dont bind to dev if help was specified
Fixed warnings: Warning: [lookupdev.c get_dev_params()] Cannot open socket! when specify help for packet type: # mz -t tcp help Also fixes delayed output of the same command if user is root. Signed-off-by: Vadim Kochan --- staging/mausezahn.c | 18 -- 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/staging/mausezahn.c b/staging/mausezahn.c index f5b470f..83ce424 100644 --- a/staging/mausezahn.c +++ b/staging/mausezahn.c @@ -357,6 +357,7 @@ int getopts (int argc, char *argv[]) char *packet_type=NULL, *mops_type=NULL; char *dum; unsigned char *dum1, *dum2; + bool do_help = false; libnet_t *l; char err_buf[LIBNET_ERRBUF_SIZE]; @@ -575,12 +576,17 @@ int getopts (int argc, char *argv[]) } else { /// arg_string given => no device has been specified -- let's find one! strncpy (tx.arg_string, argv[optind], MAX_PAYLOAD_SIZE); - if (lookupdev()) { // no device found - if (verbose) fprintf(stderr, " mz: no active interfaces found!\n"); - strcpy(tx.device, "lo"); + do_help = !!getarg(tx.arg_string,"help", NULL); + if (!do_help) { + if (lookupdev()) { + /* no device found */ + if (verbose) + fprintf(stderr, " mz: no active interfaces found!\n"); + strcpy(tx.device, "lo"); + } + if (verbose) + fprintf(stderr," mz: device not given, will use %s\n",tx.device); } - if (verbose) - fprintf(stderr," mz: device not given, will use %s\n",tx.device); } break; case 2: // both device and arg_string given @@ -610,7 +616,7 @@ int getopts (int argc, char *argv[]) // Get own device MAC address: // Don't open context if only a help text is requested - if (getarg(tx.arg_string,"help", NULL)!=1) { + if (!do_help && getarg(tx.arg_string,"help", NULL) !=1) { l = libnet_init (LIBNET_LINK_ADV, tx.device, err_buf ); if (l == NULL) { fprintf(stderr, " mz/getopts: libnet_init() failed (%s)", err_buf); -- 2.2.2 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] mz: Allow to print packet types by '-t help'
From: Vadim Kochan Changed to print packet types by '-t help' earlier bofore mz will try to identify link device to bind. Signed-off-by: Vadim Kochan --- mausezahn.8 | 2 +- staging/mausezahn.c | 138 ++-- 2 files changed, 71 insertions(+), 69 deletions(-) diff --git a/mausezahn.8 b/mausezahn.8 index 24e829e..d6b7065 100644 --- a/mausezahn.8 +++ b/mausezahn.8 @@ -126,7 +126,7 @@ corresponding IP address automatically. Use specified destination IP address (default is broadcast i.e. 255.255.255.255). As with the source address (see above) you can also specify a range or a DNS name. .PP -.SS -t +.SS -t Create the specified packet type using the built-in packet builder. Currently, supported packet types are: ''arp'', ''bpdu'', ''ip'', ''udp'', ''tcp'', ''rtp'', and ''dns''. Currently, there is also limited support for ''icmp''. Type diff --git a/staging/mausezahn.c b/staging/mausezahn.c index 83ce424..b8b0012 100644 --- a/staging/mausezahn.c +++ b/staging/mausezahn.c @@ -108,48 +108,48 @@ static void help(void) puts("http://www.netsniff-ng.org\n\n"; "Usage: mausezahn [options] [interface] ||\n" "Options:\n" -" -x Interactive mode with telnet CLI, default port: 25542\n" -" -l Listen address to bind to when in interactive mode, default: 0.0.0.0\n" -" -4 IPv4 mode (default)\n" -" -6 IPv6 mode\n" -" -cSend packet count times, default:1, infinite:0\n" -" -dApply delay between transmissions. The delay value can be\n" -" specified in usec (default, no additional unit needed), or in\n" -" msec (e.g. 100m or 100msec), or in seconds (e.g. 100s or 100sec)\n" -" -r Multiplies the specified delay with a random value\n" -" -p Pad the raw frame to specified length (using random bytes)\n" -" -a Use specified source mac address, no matter what has\n" -" been specified with other arguments; keywords see below,\n" -" Default is own interface\n" -" -b Same with destination mac address; keywords:\n" -" rand Use a random MAC address\n" -" bcUse a broadcast MAC address\n" -" own Use own interface MAC address (default for source MAC)\n" -" stp Use IEEE 802.1d STP multicast address\n" -" cisco Use Cisco multicast address as used for CDP, VTP, or PVST+\n" -" -AUse specified source IP address (default is own interface IP)\n" -" -BSend packet to specified destination IP or domain name\n" -" -PUse the specified ASCII payload\n" -" -f Read the ASCII payload from a file\n" -" -F Read the hexadecimal payload from a file\n" -" -Q <[CoS:]vlan> Specify 802.1Q VLAN tag and optional Class of Service, you can\n" -" specify multiple 802.1Q VLAN tags (QinQ...) by separating them\n" -" via a comma or a period (e.g. '5:10,20,2:30')\n" -" -t Specify packet type for autobuild (you don't need to care for\n" -" encapsulations in lower layers, most packet types allow/require\n" -" additional packet-specific arguments in an ;\n" -" Currently supported types: arp, bpdu, cdp, ip, icmp, udp, tcp,\n" -" dns, rtp, syslog, lldp and more;\n" -" For context-help use 'help' as !\n" -" -T Specify packet type for server mode, currently only rtp is supported;\n" -" Enter -T help or -T rtp help for further information\n" -" -M Insert a MPLS label, enter '-M help' for a syntax description\n" -" -V|VV|...Verbose and more verbose mode\n" -&
[netsniff-ng] Re: [PATCH] mz: Allow to print packet types by '-t help'
On Mon, Feb 23, 2015 at 02:11:57PM +0200, Vadim Kochan wrote: > From: Vadim Kochan > > Changed to print packet types by '-t help' earlier > bofore mz will try to identify link device to bind. > > Signed-off-by: Vadim Kochan > --- Hi, Just pinging about this patch in case if it was missed, sorry for the flood:) Actually this is minor fix, I am just waiting if it will applied or not as I have another one which have conflicted peace of code. Thanks, -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] mz: Add igmp v1/v2 packet type crafting support
From: Vadim Kochan Signed-off-by: Vadim Kochan --- staging/layer3.c| 20 +-- staging/layer4.c| 101 staging/mausezahn.c | 28 +-- staging/mz.h| 38 ++-- 4 files changed, 155 insertions(+), 32 deletions(-) diff --git a/staging/layer3.c b/staging/layer3.c index 3eca55d..e217e43 100644 --- a/staging/layer3.c +++ b/staging/layer3.c @@ -154,17 +154,14 @@ libnet_ptag_t create_ip_packet (libnet_t *l) tx.ip_frag = 0; // Flags and Offset !!! tx.ip_sum = 0; // default: automatically calculate checksum tx.ip_tos = 0; - tx.ip_ttl = 255; - // temporary variables unsigned int dummy; size_t len; char *s; - T = tx.packet_mode; // >0 means automatic L2 creation - + if ( (getarg(tx.arg_string,"help", NULL)==1) && (mode==IP) ) { if (mz_port) @@ -284,13 +281,14 @@ libnet_ptag_t create_ip_packet (libnet_t *l) { tx.ip_frag |= 0x8000; } - - - if (getarg(tx.arg_string,"ttl", argval)==1) - { - tx.ip_ttl = (u_int8_t) str2int(argval); - } - + + if (getarg(tx.arg_string, "ttl", argval) == 1) + { + tx.ip_ttl = (u_int8_t)str2int(argval); + } else if (tx.ip_ttl == 0) { + tx.ip_ttl = 255; + } + if (getarg(tx.arg_string,"proto", argval)==1) { tx.ip_proto = (u_int8_t) str2int(argval); diff --git a/staging/layer4.c b/staging/layer4.c index a4431a1..167f084 100644 --- a/staging/layer4.c +++ b/staging/layer4.c @@ -136,7 +136,32 @@ "| Of course all Ethernet fields can also be accessed.\n"\ "|\n" +#define MZ_IGMP_HELP \ + "| IGMP type: Send raw IGMP packets.\n" \ + "|\n" \ + "| Parameters Values Explanation \n" \ + "| -- ---\n" \ + "| v,ver 1-2 version\n" \ + "| t,type packet type:\n" \ +"| q,qry,query- memberhsip query\n" \ +"| j,join - join group\n" \ +"| l,lv,leave - leave group\n" \ +"| resp_time max response time (v2 only)\n" \ +"| igmp_sumchecksum (optional)\n" \ + "| g,group group ipv4 address\n" \ + "\n" +int print_packet_help(char *help) +{ + if (mz_port) { + cli_print(gcli, "%s", help); + } else { + fprintf(stderr,"\n" MAUSEZAHN_VERSION "\n%s", help); + exit(0); + } + + return -1; +} // Note: If another function specified tx.udp_payload then it must also // set tx.udp_payload_s AND tx.udp_len = tx.udp_payload_s + 8 @@ -884,3 +909,79 @@ libnet_ptag_t create_tcp_packet (libnet_t *l) return t; } + +libnet_ptag_t create_igmp_packet(libnet_t *l) +{ + libnet_ptag_t t; + char argval[MAX_PAYLOAD_SIZE]; + int ver = 2; + uint8_t type = IGMP_MEMBERSHIP_QUERY; + uint8_t resp_time = 10; + uint16_t sum = 0; + uint32_t group = 0; + + if ((getarg(tx.arg_string, "help", NULL) == 1) && (mode == IGMP)) + return print_packet_help(MZ_IGMP_HELP); + + if (getarg(tx.arg_string, "ver", argval) == 1 || + getarg(tx.arg_string, "v", argval) == 1) { + + ver = str2int(argval); + if (ver == 1) + resp_time = 0; + } + + if (getarg(tx.arg_string, "type", argval) == 1 || + getarg(tx.arg_string, "t", argval) == 1) { + + if (strcmp("j", argval) == 0 || strcmp("join", argval) == 0) { + + if (ver == 1) + type = IGMP_V1_MEMBERSHIP_REPORT; + else if (ver == 2) + type = IGMP_V2_MEMBERSHIP_REPORT; + + } else if (strcmp("l", argval) == 0 || strcmp("lv", argval) == 0 || + strcmp("leave", argval) == 0) { + + type = IGMP_LEAVE_GROUP; + } + } + + if (getarg(tx.arg_string, "resp_time", argval) == 1) + resp_time = (uint8_t)str
[netsniff-ng] [PATCH] flowtop: Don't init screen until collector is not ready
From: Vadim Kochan In case if main thread already initialized screen but then collector called panic, the process exits but console stays with the same colored screen and shifted shell prompt. Fixed by adding conditional variable locking. Signed-off-by: Vadim Kochan --- flowtop.c | 9 + locking.h | 31 +++ 2 files changed, 40 insertions(+) diff --git a/flowtop.c b/flowtop.c index 2db5772..33a110c 100644 --- a/flowtop.c +++ b/flowtop.c @@ -80,6 +80,7 @@ struct flow_list { static volatile sig_atomic_t sigint = 0; static int what = INCLUDE_IPV4 | INCLUDE_IPV6 | INCLUDE_TCP, show_src = 0; static struct flow_list flow_list; +static struct condlock collector_ready; static const char *short_options = "vhTUsDIS46u"; static const struct option long_options[] = { @@ -978,6 +979,8 @@ static void presenter(void) int skip_lines = 0; WINDOW *screen; + condlock_wait(&collector_ready); + lookup_init_ports(PORTS_TCP); lookup_init_ports(PORTS_UDP); screen = screen_init(false); @@ -1104,6 +1107,8 @@ static void *collector(void *null __maybe_unused) nfct_filter_destroy(filter); flow_list_init(&flow_list); + condlock_signal(&collector_ready); + rcu_register_thread(); while (!sigint && ret >= 0) @@ -1179,12 +1184,16 @@ int main(int argc, char **argv) init_geoip(1); + condlock_init(&collector_ready); + ret = pthread_create(&tid, NULL, collector, NULL); if (ret < 0) panic("Cannot create phthread!\n"); presenter(); + condlock_destroy(&collector_ready); + destroy_geoip(); return 0; diff --git a/locking.h b/locking.h index 51034b3..cb57a9d 100644 --- a/locking.h +++ b/locking.h @@ -15,6 +15,11 @@ struct rwlock { pthread_rwlock_t lock; }; +struct condlock { + pthread_mutex_t lock; + pthread_cond_t cond; +}; + static inline int spinlock_init(struct spinlock *l) { return -pthread_spin_init(&l->lock, 0); @@ -86,4 +91,30 @@ static inline void rwlock_unlock(struct rwlock *l) pthread_rwlock_unlock(&l->lock); } +static inline void condlock_init(struct condlock *c) +{ + pthread_mutex_init(&c->lock, NULL); + pthread_cond_init(&c->cond, NULL); +} + +static inline void condlock_signal(struct condlock *c) +{ + pthread_mutex_lock(&c->lock); + pthread_cond_signal(&c->cond); + pthread_mutex_unlock(&c->lock); +} + +static inline void condlock_wait(struct condlock *c) +{ + pthread_mutex_lock(&c->lock); + pthread_cond_wait(&c->cond, &c->lock); + pthread_mutex_unlock(&c->lock); +} + +static inline void condlock_destroy(struct condlock *c) +{ + pthread_mutex_destroy(&c->lock); + pthread_cond_destroy(&c->cond); +} + #endif /* LOCKING_H */ -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] flowtop: Print error cause if errno is set when panic
From: Vadim Kochan Signed-off-by: Vadim Kochan --- flowtop.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/flowtop.c b/flowtop.c index 33a110c..e7a1bfa 100644 --- a/flowtop.c +++ b/flowtop.c @@ -448,7 +448,7 @@ static void walk_processes(struct flow_entry *n) dir = opendir("/proc"); if (!dir) - panic("Cannot open /proc!\n"); + panic("Cannot open /proc: %s\n", strerror(errno)); while ((ent = readdir(dir))) { const char *name = ent->d_name; @@ -1063,18 +1063,18 @@ static void *collector(void *null __maybe_unused) NF_NETLINK_CONNTRACK_UPDATE | NF_NETLINK_CONNTRACK_DESTROY); if (!handle) - panic("Cannot create a nfct handle!\n"); + panic("Cannot create a nfct handle: %s\n", strerror(errno)); collector_flush(handle, AF_INET); collector_flush(handle, AF_INET6); filter = nfct_filter_create(); if (!filter) - panic("Cannot create a nfct filter!\n"); + panic("Cannot create a nfct filter: %s\n", strerror(errno)); ret = nfct_filter_attach(nfct_fd(handle), filter); if (ret < 0) - panic("Cannot attach filter to handle!\n"); + panic("Cannot attach filter to handle: %s\n", strerror(errno)); if (what & INCLUDE_UDP) { nfct_filter_add_attr_u32(filter, NFCT_FILTER_L4PROTO, IPPROTO_UDP); @@ -1101,7 +1101,7 @@ static void *collector(void *null __maybe_unused) ret = nfct_filter_attach(nfct_fd(handle), filter); if (ret < 0) - panic("Cannot attach filter to handle!\n"); + panic("Cannot attach filter to handle: %s\n", strerror(errno)); nfct_callback_register(handle, NFCT_T_ALL, collector_cb, NULL); nfct_filter_destroy(filter); -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] mz cli: Make pcap init funcs thread safer
From: Vadim Kochan mz fails start in cli mode and prints each time different pcap errors: $ mz -x -V fatal flex scanner internal error--end of buffer missed rx_arp: [ERROR] Error calling pcap_compile or simply shutdowns. Sometimes it successfully gets up. Seems some initialization pcap funcs are not thread safer. Fixed by using mutex locking before entering pcap loop. Signed-off-by: Vadim Kochan --- locking.h| 2 ++ staging/mopsrx_arp.c | 21 - 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/locking.h b/locking.h index cb57a9d..2cd8d24 100644 --- a/locking.h +++ b/locking.h @@ -11,6 +11,8 @@ struct mutexlock { pthread_mutex_t lock; }; +#define MUTEXLOCK_INIT() { .lock = PTHREAD_MUTEX_INITIALIZER } + struct rwlock { pthread_rwlock_t lock; }; diff --git a/staging/mopsrx_arp.c b/staging/mopsrx_arp.c index baf8133..b1f1493 100644 --- a/staging/mopsrx_arp.c +++ b/staging/mopsrx_arp.c @@ -19,6 +19,9 @@ #include "mz.h" #include "mops.h" #include "cli.h" +#include "locking.h" + +static struct mutexlock pcap_init_lock = MUTEXLOCK_INIT(); // Starts an ARP RX thread for *every* device in the device_list. // (Except for the loopback interface) @@ -67,6 +70,8 @@ void *rx_arp (void *arg) // FYI, possible filter string is also: // "eth.dst==00:05:4e:51:01:b5 and arp and arp.opcode==2"; + mutexlock_lock(&pcap_init_lock); + p_arp = pcap_open_live (dev->dev, 100, // max num of bytes to read 1, // 1 if promiscuous mode @@ -75,7 +80,7 @@ void *rx_arp (void *arg) if (p_arp == NULL) { fprintf(stderr," rx_arp: [ERROR] %s\n",errbuf); - return NULL; // TODO: Should return pointer to error message or something similar + goto Exit_unlock; } dev->p_arp = p_arp; // also assign pointer to a global which is needed for clean_up @@ -87,20 +92,22 @@ void *rx_arp (void *arg) 0) // netmask == -1) { fprintf(stderr," rx_arp: [ERROR] Error calling pcap_compile\n"); - return NULL; + goto Exit_unlock; } if ( pcap_setfilter(p_arp, &filter) == -1) { fprintf(stderr," rx_arp: [ERROR] Error setting pcap filter\n"); pcap_perror(p_arp, " rx_arp: "); - return NULL; + goto Exit_unlock; } if (pcap_setdirection(p_arp, PCAP_D_IN) == -1) { pcap_perror(p_arp, " rx_arp: "); - return NULL; + goto Exit_unlock; } + mutexlock_unlock(&pcap_init_lock); + again: pcap_loop (p_arp, 1, // number of packets to wait @@ -109,7 +116,11 @@ void *rx_arp (void *arg) goto again; pthread_exit(NULL); // destroy thread - return NULL; + return NULL; + +Exit_unlock: + mutexlock_unlock(&pcap_init_lock); + return NULL; } -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] trafgen seems broken on kernel 3.19
On Mon, Mar 23, 2015 at 11:25:26AM +0100, Lorenzo Pistone wrote: > I was hoping you could give me debugging tips. I checked all I could (dmesg, > echo 1 > rp_filter, strace -f), and I couldn't see anything suspicious. I > have nothing in my iptables or tc, and tso is off.The exact command line is > "strace -f trafgen -c theconfig.cfg -o wlp3s0 -n 10". > > Il 23/03/2015 10:27, Daniel Borkmann ha scritto: > >Hi Lorenzo, > > > >On 03/22/2015 03:13 PM, Lorenzo Pistone wrote: > >>Hi, > >>I'm trying to send UDP packets with zero length withthis simple > >>configuration on trafgen: > >> > >>{ > >> # --- ethernet header --- > >> 0xbe, 0x15, 0x1d, 0x12, 0x1c, 0x57, # mac destination > >> 0xfa, 0x16, 0x3e, 0xa0, 0x5d, 0x18, # mac source > >> const16(0x0800), # protocol > >> # --- ip header --- > >> # ipv4 version (4-bit) + ihl (4-bit), tos > >> 0b01000101, 0, > >> # ipv4 total len > >> const16(28), > >> # id (note: runtime dynamic random) > >> drnd(2), > >> # ipv4 3-bit flags + 13-bit fragment offset > >> # 001 = more fragments > >> 0b0100, 0, > >> 64, # ttl > >> 17, # proto udp > >> # dynamic ip checksum (note: offsets are zero indexed) > >> csumip(14, 33), > >> 92, 222, 69, 15, # source ip > >> 85, 214, 106, 103, # dest ip > >> # --- udp header --- > >> # as this is a fragment the below stuff does not matter too much > >> const16(48054), # src port > >> const16(28785), # dst port > >> const16(8),# udp length > >> # udp checksum can be dyn calc via csumudp(offset ip, offset tcp) > >> # which is csumudp(14, 34), but for udp its allowed to be zero > >> csumudp(14, 34), > >>} > >> > >>I can send these packets on lo, but trafgen fails to send anything on > >>real devices. I used both the TX_RING and sendto method. > >> I've tried with iwlwifi and virtio. mausezahn on the contrary works. I > >checked with strace and there does not seem to be any > >> call that returns an error. > > > >Thanks for the bug report. > > > >Can you provide some more debug information? > > > >How do you invoke trafgen? strace -f? Something suspicious in dmesg? ip > >link? > > > >Cheers, > >Daniel > Thats what I got on 3.18 with the same cfg file: $ trafgen/trafgen -c ~/trafgen.cfg -o wlp3s0 -n 1 4 packets to schedule 168 bytes in total Running! Hang up with ^C! 0 packets outgoing 0 bytes outgoing 0 sec, 0 usec on CPU0 (0 packets) 0 sec, 0 usec on CPU1 (0 packets) 0 sec, 0 usec on CPU2 (0 packets) 0 sec, 0 usec on CPU3 (0 packets) Seems packet was not sent from trafgen ? > -- > You received this message because you are subscribed to the Google Groups > "netsniff-ng" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to netsniff-ng+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] trafgen seems broken on kernel 3.19
On Mon, Mar 23, 2015 at 12:12:54PM +0100, Daniel Borkmann wrote: > On 03/23/2015 11:37 AM, Vadim Kochan wrote: > >On Mon, Mar 23, 2015 at 11:25:26AM +0100, Lorenzo Pistone wrote: > ... > >Thats what I got on 3.18 with the same cfg file: > > > >$ trafgen/trafgen -c ~/trafgen.cfg -o wlp3s0 -n 1 > > 4 packets to schedule > >168 bytes in total > >Running! Hang up with ^C! > > > > > >0 packets outgoing > >0 bytes outgoing > >0 sec, 0 usec on CPU0 (0 packets) > >0 sec, 0 usec on CPU1 (0 packets) > >0 sec, 0 usec on CPU2 (0 packets) > >0 sec, 0 usec on CPU3 (0 packets) > > > >Seems packet was not sent from trafgen ? > > If you increase -n e.g. to 64 or omit -n entirely, does that work? > Looks like a trafgen bug. Yeah, w/o -n my sniffer on the other side was totally stucked:-) so it helped. -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] trafgen seems broken on kernel 3.19
On Mon, Mar 23, 2015 at 01:07:24PM +0200, Vadim Kochan wrote: > On Mon, Mar 23, 2015 at 12:12:54PM +0100, Daniel Borkmann wrote: > > On 03/23/2015 11:37 AM, Vadim Kochan wrote: > > >On Mon, Mar 23, 2015 at 11:25:26AM +0100, Lorenzo Pistone wrote: > > ... > > >Thats what I got on 3.18 with the same cfg file: > > > > > >$ trafgen/trafgen -c ~/trafgen.cfg -o wlp3s0 -n 1 > > > 4 packets to schedule > > >168 bytes in total > > >Running! Hang up with ^C! > > > > > > > > >0 packets outgoing > > >0 bytes outgoing > > >0 sec, 0 usec on CPU0 (0 packets) > > >0 sec, 0 usec on CPU1 (0 packets) > > >0 sec, 0 usec on CPU2 (0 packets) > > >0 sec, 0 usec on CPU3 (0 packets) > > > > > >Seems packet was not sent from trafgen ? > > > > If you increase -n e.g. to 64 or omit -n entirely, does that work? > > Looks like a trafgen bug. > > Yeah, w/o -n my sniffer on the other side was totally stucked:-) so it helped. Meanwhile I see (by printf) that ctx->num is zeroed in xmit_packet_precheck where it is rounded. Regards, -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] trafgen seems broken on kernel 3.19
On Mon, Mar 23, 2015 at 02:03:54PM +0200, Vadim Kochan wrote: > On Mon, Mar 23, 2015 at 01:07:24PM +0200, Vadim Kochan wrote: > > On Mon, Mar 23, 2015 at 12:12:54PM +0100, Daniel Borkmann wrote: > > > On 03/23/2015 11:37 AM, Vadim Kochan wrote: > > > >On Mon, Mar 23, 2015 at 11:25:26AM +0100, Lorenzo Pistone wrote: > > > ... > > > >Thats what I got on 3.18 with the same cfg file: > > > > > > > >$ trafgen/trafgen -c ~/trafgen.cfg -o wlp3s0 -n 1 > > > > 4 packets to schedule > > > >168 bytes in total > > > >Running! Hang up with ^C! > > > > > > > > > > > >0 packets outgoing > > > >0 bytes outgoing > > > >0 sec, 0 usec on CPU0 (0 packets) > > > >0 sec, 0 usec on CPU1 (0 packets) > > > >0 sec, 0 usec on CPU2 (0 packets) > > > >0 sec, 0 usec on CPU3 (0 packets) > > > > > > > >Seems packet was not sent from trafgen ? > > > > > > If you increase -n e.g. to 64 or omit -n entirely, does that work? > > > Looks like a trafgen bug. > > > > Yeah, w/o -n my sniffer on the other side was totally stucked:-) so it > > helped. > > Meanwhile I see (by printf) that ctx->num is zeroed in xmit_packet_precheck > where it is rounded. > > Regards, My understanding is that it works in slow path because in slow path we use 1 cpu, but in fast path the numbers of packets is multiplied by number of cpus in xmit_packet_precheck(...): plen_total = __wait_and_sum_others(ctx, cpu); which in my case plen_total is 4 when I specified -n 1 and then it is rounded to 0 - plen=1 plen_total=4 orig=1: ctx->num = (unsigned long) round((1.0 * plen / plen_total) * orig); -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [RFC] trafgen: Alloc cpus regarding to number of packets
From: Vadim Kochan Trafgen uses all the online cpus even if number of packets specified by -n is less than numbers of selected cpus. Such behaviour leads to issues: - trafgen re-calculates number of packets per cpu which leads to rounding it to 0 then no packets will be sent. - trafgen might send more packets than specified by -n because of using all the online cpus. Fixed by calculation the minimum number of cpus for generation number of packets specified by -n. Signed-off-by: Vadim Kochan --- cpus.h| 7 +++ trafgen.c | 3 +++ 2 files changed, 10 insertions(+) diff --git a/cpus.h b/cpus.h index 0626726..be33884 100644 --- a/cpus.h +++ b/cpus.h @@ -25,4 +25,11 @@ static inline unsigned int get_number_cpus_online(void) return ret; } +static inline unsigned int alloc_cpus_by_n_pkts(int npkts) +{ + unsigned int cpus = get_number_cpus_online(); + + return min_t(unsigned int, ((double)npkts / cpus) * cpus, cpus); +} + #endif /* CPUS_H */ diff --git a/trafgen.c b/trafgen.c index 9151b5d..5403d47 100644 --- a/trafgen.c +++ b/trafgen.c @@ -1038,6 +1038,9 @@ int main(int argc, char **argv) } } + if (ctx.num && ctx.num < ctx.cpus && ctx.cpus > 1) + ctx.cpus = alloc_cpus_by_n_pkts(ctx.num); + if (argc < 5) help(); if (ctx.device == NULL) -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] Re: [PATCH] mz cli: Make pcap init funcs thread safer
On Sun, Mar 22, 2015 at 01:48:50PM +0200, Vadim Kochan wrote: > From: Vadim Kochan > > mz fails start in cli mode and prints each time different pcap errors: > > $ mz -x -V > fatal flex scanner internal error--end of buffer missed > rx_arp: [ERROR] Error calling pcap_compile > > or simply shutdowns. Sometimes it successfully gets up. > Seems some initialization pcap funcs are not thread safer. > > Fixed by using mutex locking before entering pcap loop. > > Signed-off-by: Vadim Kochan > --- > locking.h| 2 ++ > staging/mopsrx_arp.c | 21 - > 2 files changed, 18 insertions(+), 5 deletions(-) > > Hi, Just pinging if it was missed. Thanks, Vadim Kochan -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] Re: [RFC] trafgen: Alloc cpus regarding to number of packets
On Mon, Mar 30, 2015 at 02:00:25PM +0200, Tobias Klauser wrote: > On 2015-03-24 at 12:20:39 +0100, Vadim Kochan wrote: > > From: Vadim Kochan > > > > Trafgen uses all the online cpus even if number of packets specified > > by -n is less than numbers of selected cpus. > > Such behaviour leads to issues: > > > > - trafgen re-calculates number of packets per cpu which > > leads to rounding it to 0 then no packets will be sent. > > > > - trafgen might send more packets than specified by -n because > > of using all the online cpus. > > Good catch! > > > Fixed by calculation the minimum number of cpus for generation > > number of packets specified by -n. > > > > Signed-off-by: Vadim Kochan > > --- > > cpus.h| 7 +++ > > trafgen.c | 3 +++ > > 2 files changed, 10 insertions(+) > > > > diff --git a/cpus.h b/cpus.h > > index 0626726..be33884 100644 > > --- a/cpus.h > > +++ b/cpus.h > > @@ -25,4 +25,11 @@ static inline unsigned int get_number_cpus_online(void) > > return ret; > > } > > > > +static inline unsigned int alloc_cpus_by_n_pkts(int npkts) > > +{ > > + unsigned int cpus = get_number_cpus_online(); > > + > > + return min_t(unsigned int, ((double)npkts / cpus) * cpus, cpus); > > Why the divide & multiply? Wouldn't min_t(unsigned int, npkt, cpus) be > enough? > > +} > > + > > #endif /* CPUS_H */ > > diff --git a/trafgen.c b/trafgen.c > > index 9151b5d..5403d47 100644 > > --- a/trafgen.c > > +++ b/trafgen.c > > @@ -1038,6 +1038,9 @@ int main(int argc, char **argv) > > } > > } > > > > + if (ctx.num && ctx.num < ctx.cpus && ctx.cpus > 1) > > + ctx.cpus = alloc_cpus_by_n_pkts(ctx.num); > > I'd rather just inline the min_t here instead of having an own function. > Maybe put a short comment outlining the two issue you mention in the > patch description. > > Thanks a lot! > Tobias > > + > > if (argc < 5) > > help(); > > if (ctx.device == NULL) > > -- > > 2.3.1 > > I will follow all your suggestions and I'll re-send a new patch. Thanks, -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] trafgen: Alloc cpus according to specified number of packets
From: Vadim Kochan Trafgen uses all the online cpus even if number of packets specified by -n is less than numbers of selected cpus. Such behaviour leads to issues: - trafgen re-calculates number of packets per cpu which leads to rounding it to 0 then no packets will be sent. - trafgen might send more packets than specified by -n because of using all the online cpus. Fixed by calculation the minimum number of cpus for generation number of packets specified by -n. Signed-off-by: Vadim Kochan --- trafgen.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/trafgen.c b/trafgen.c index 9151b5d..f2d2ffe 100644 --- a/trafgen.c +++ b/trafgen.c @@ -1038,6 +1038,9 @@ int main(int argc, char **argv) } } + if (ctx.num) + ctx.cpus = min_t(unsigned int, ctx.num, ctx.cpus); + if (argc < 5) help(); if (ctx.device == NULL) -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] Re: [PATCH] trafgen: Alloc cpus according to specified number of packets
On Tue, Mar 31, 2015 at 05:28:11PM +0200, Tobias Klauser wrote: > On 2015-03-31 at 11:29:58 +0200, Vadim Kochan wrote: > > From: Vadim Kochan > > > > Trafgen uses all the online cpus even if number of packets specified > > by -n is less than numbers of selected cpus. > > Such behaviour leads to issues: > > > > - trafgen re-calculates number of packets per cpu which > > leads to rounding it to 0 then no packets will be sent. > > > > - trafgen might send more packets than specified by -n because > > of using all the online cpus. > > > > Fixed by calculation the minimum number of cpus for generation > > number of packets specified by -n. > > > > Signed-off-by: Vadim Kochan > > Applied with some minor modifications. Thanks! > > -- > You received this message because you are subscribed to the Google Groups > "netsniff-ng" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to netsniff-ng+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. Yeah, I see you added comment, I remember you asked for this in the previous RFC, but really I could not come up with a good explanation as my English is not so good :-) -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] netsniff: Fix process name when sniff nlmon device
From: Vadim Kochan While sniffing nlmon device the procness name can be printed with non-letter characters because readlink does not put line ending '\0' Signed-off-by: Vadim Kochan --- proto_nlmsg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proto_nlmsg.c b/proto_nlmsg.c index 3471094..157ea58 100644 --- a/proto_nlmsg.c +++ b/proto_nlmsg.c @@ -18,7 +18,7 @@ static void nlmsg(struct pkt_buff *pkt) struct nlmsghdr *hdr = (struct nlmsghdr *) pkt_pull(pkt, sizeof(*hdr)); char type[32]; char flags[128]; - char procname[1024]; + char procname[1024] = {}; if (hdr == NULL) return; -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] mac80211: Check existing of generated monX device
From: Vadim Kochan Fixed case when netsniff fails if there is already existing monX device while generating. Signed-off-by: Vadim Kochan --- dev.c | 15 --- dev.h | 1 + mac80211.c | 4 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/dev.c b/dev.c index b3249e6..45659a8 100644 --- a/dev.c +++ b/dev.c @@ -13,7 +13,7 @@ #include "link.h" #include "built_in.h" -int device_ifindex(const char *ifname) +int device_ifindex_get(const char *ifname) { int ret, sock, index; struct ifreq ifr; @@ -27,8 +27,8 @@ int device_ifindex(const char *ifname) strlcpy(ifr.ifr_name, ifname, IFNAMSIZ); ret = ioctl(sock, SIOCGIFINDEX, &ifr); - if (unlikely(ret)) - panic("Cannot get ifindex from device!\n"); + if (ret) + return -1; index = ifr.ifr_ifindex; close(sock); @@ -36,6 +36,15 @@ int device_ifindex(const char *ifname) return index; } +int device_ifindex(const char *ifname) +{ + int index = device_ifindex_get(ifname); + if (unlikely(index <= 0)) + panic("Cannot get ifindex from device!\n"); + + return index; +} + int device_type(const char *ifname) { int ret, sock, type; diff --git a/dev.h b/dev.h index 2d5f056..adb1c43 100644 --- a/dev.h +++ b/dev.h @@ -7,6 +7,7 @@ extern size_t device_mtu(const char *ifname); extern int device_address(const char *ifname, int af, struct sockaddr_storage *ss); extern int device_ifindex(const char *ifname); +extern int device_ifindex_get(const char *ifname); extern int device_type(const char *ifname); extern short device_get_flags(const char *ifname); extern void device_set_flags(const char *ifname, const short flags); diff --git a/mac80211.c b/mac80211.c index c089574..09f15b7 100644 --- a/mac80211.c +++ b/mac80211.c @@ -226,6 +226,10 @@ void enter_rfmon_mac80211(const char *device, char **mondev) char mondevice[32]; slprintf(mondevice, sizeof(mondevice), "mon%u", n); + + if (device_ifindex_get(mondevice) > 0) + continue; + ret = nl80211_add_mon_if(&nlstate, device, mondevice); if (ret == 0) { *mondev = xstrdup(mondevice); -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] netsniff: Del rfmon mac80211 dev in case of panic
From: Vadim Kochan netsniff does not delete created rfmon device in case of panic (for example - bad pcap filter expression), so added ability to add callback func when panic will be happen and delete rfmon device. Signed-off-by: Vadim Kochan --- astraceroute/Makefile | 1 + bpfc/Makefile | 1 + curvetun/Makefile | 1 + die.c | 31 +++ die.h | 5 + flowtop/Makefile | 1 + ifpps/Makefile| 1 + mausezahn/Makefile| 2 ++ netsniff-ng.c | 26 +- netsniff-ng/Makefile | 1 + trafgen/Makefile | 1 + 11 files changed, 62 insertions(+), 9 deletions(-) create mode 100644 die.c diff --git a/astraceroute/Makefile b/astraceroute/Makefile index 6fd0b17..2e80a11 100644 --- a/astraceroute/Makefile +++ b/astraceroute/Makefile @@ -16,6 +16,7 @@ astraceroute-objs = xmalloc.o \ link.o \ dev.o \ ring.o \ + die.o \ astraceroute.o ifeq ($(CONFIG_GEOIP), 1) diff --git a/bpfc/Makefile b/bpfc/Makefile index 5c8b8c9..b8a3787 100644 --- a/bpfc/Makefile +++ b/bpfc/Makefile @@ -5,6 +5,7 @@ bpfc-objs = xmalloc.o \ bpf.o \ bpf_lexer.yy.o \ bpf_parser.tab.o \ + die.o \ bpfc.o bpfc-lex = bpf_lexer.yy.o diff --git a/curvetun/Makefile b/curvetun/Makefile index eeebd11..d9ae339 100644 --- a/curvetun/Makefile +++ b/curvetun/Makefile @@ -22,6 +22,7 @@ curvetun-objs = xmalloc.o \ ioexact.o \ ioops.o \ cpusched.o \ + die.o \ curvetun_mgmt_servers.o \ curvetun_mgmt_users.o \ curvetun_server.o \ diff --git a/die.c b/die.c new file mode 100644 index 000..d3c8e60 --- /dev/null +++ b/die.c @@ -0,0 +1,31 @@ +/* + * Subject to the GPL, version 2. + */ + +#include "xmalloc.h" + +struct panic_func { + void *arg; + void (*on_panic)(void *arg); + struct panic_func *next; +}; + +static struct panic_func *panic_funcs; + +void panic_func_add(void (*on_panic)(void *arg), void *arg) +{ + struct panic_func *handler = xmallocz(sizeof(*panic_funcs)); + + handler->arg= arg; + handler->on_panic = on_panic; + handler->next = panic_funcs; + panic_funcs = handler; +}; + +void call_on_panic_funcs(void) +{ + struct panic_func *it = panic_funcs; + + for (; it; it = it->next) + it->on_panic(it->arg); +} diff --git a/die.h b/die.h index 919f3ae..0d709d0 100644 --- a/die.h +++ b/die.h @@ -12,6 +12,9 @@ #include "built_in.h" +extern void panic_func_add(void (*on_panic)(void *arg), void *arg); +extern void call_on_panic_funcs(void); + static inline void panic(const char *format, ...) __check_format_printf(1, 2); static inline void syslog_panic(const char *format, ...) __check_format_printf(1, 2); @@ -20,11 +23,13 @@ static inline void syslog_maybe(bool cond, int priority, static inline void __noreturn __die_hard(void) { + call_on_panic_funcs(); exit(EXIT_FAILURE); } static inline void __noreturn __die_harder(void) { + call_on_panic_funcs(); _exit(EXIT_FAILURE); } diff --git a/flowtop/Makefile b/flowtop/Makefile index 85acb43..41865c7 100644 --- a/flowtop/Makefile +++ b/flowtop/Makefile @@ -21,6 +21,7 @@ flowtop-objs =xmalloc.o \ lookup.o \ tprintf.o \ screen.o \ + die.o \ flowtop.o ifeq ($(CONFIG_GEOIP), 1) diff --git a/ifpps/Makefile b/ifpps/Makefile index 4d1a9b6..1625ea9 100644 --- a/ifpps/Makefile +++ b/ifpps/Makefile @@ -10,6 +10,7 @@ ifpps-objs = xmalloc.o \ dev.o \ sig.o \ screen.o \ + die.o \ ifpps.o ifpps-eflags = $(shell pkg-config --cflags ncurses 2> /dev/null) diff --git a/mausezahn/Makefile b/mausezahn/Makefile index 7943738..08918b5 100644 --- a/mausezahn/Makefile +++ b/mausezahn/Makefile @@ -6,6 +6,8 @@ mausezahn-libs =-lcli \ -lm mausezahn-objs = str.o \ + die.o \ + xmalloc.o \ staging/layer1.o \ staging/layer2.o \ staging/layer3.o \ diff --git a/netsniff-ng.c b/netsniff-ng.c index dfb99bb..2afd67d 100644 --- a/netsniff-ng.c +++ b/netsniff-ng.c @@ -177,6 +177,20 @@ static inline bool dump_to_pcap(struct ctx *ctx) return ctx->dump; } +static void on_panic_del_rfmon(void *arg) +{ + leave_rfmon_mac80211((char *)arg); +} + +static inline void setup_rfmon_mac80211_dev(struct ctx *ctx, char **rfmon_dev) +{ + ctx->de
[netsniff-ng] [PATCH] netsniff: Dump basic radiotap header info
From: Vadim Kochan Signed-off-by: Vadim Kochan --- proto_80211_mac_hdr.c | 9 + str.c | 8 str.h | 1 + 3 files changed, 18 insertions(+) diff --git a/proto_80211_mac_hdr.c b/proto_80211_mac_hdr.c index 9bd6ee1..41ce265 100644 --- a/proto_80211_mac_hdr.c +++ b/proto_80211_mac_hdr.c @@ -23,6 +23,7 @@ #include "pkt_buff.h" #include "oui.h" #include "linktype.h" +#include "str.h" #defineTU 0.001024 @@ -3151,10 +3152,18 @@ static void ieee80211(struct pkt_buff *pkt) if (pkt->link_type == LINKTYPE_IEEE802_11_RADIOTAP) { struct ieee80211_radiotap_header *rtap; + char flags_bits_str[33] = {0}; rtap = (struct ieee80211_radiotap_header *)pkt_pull(pkt, sizeof(*rtap)); + tprintf(" [ Radiotap "); + tprintf("Version (%u), ", rtap->version); + tprintf("Length (%u), ", le16_to_cpu(rtap->len)); + tprintf("Flags (0x%x -> %sb) ]\n", le32_to_cpu(rtap->present), + bits_to_str(le32_to_cpu(rtap->present), 32, + &flags_bits_str[0])); + pkt_pull(pkt, le16_to_cpu(rtap->len) - sizeof(*rtap)); } diff --git a/str.c b/str.c index 7a5cb49..0579f76 100644 --- a/str.c +++ b/str.c @@ -86,3 +86,11 @@ char *strtrim_right(char *p, char c) return p; } + +char *bits_to_str(int val, int len, char *str) +{ + for (; val && len; --len, val >>= 1) + str[len] = val % 2 ? '1' : '0'; + + return &str[len + 1]; +} diff --git a/str.h b/str.h index 7b8916c..4603e93 100644 --- a/str.h +++ b/str.h @@ -8,5 +8,6 @@ extern int slprintf(char *dst, size_t size, const char *fmt, ...) __check_forma extern int slprintf_nocheck(char *dst, size_t size, const char *fmt, ...); extern char *strtrim_right(char *p, char c); extern noinline void *xmemset(void *s, int c, size_t n); +extern char *bits_to_str(int val, int bits_len, char *str); #endif /* STR_H */ -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] [PATCH] mac80211: Check existing of generated monX device
On Tue, Apr 21, 2015 at 12:30:07PM +0200, Daniel Borkmann wrote: > Hi Vadim, > > On 04/17/2015 09:04 PM, Vadim Kochan wrote: > >From: Vadim Kochan > > > >Fixed case when netsniff fails if there is already existing monX device > >while generating. > > > >Signed-off-by: Vadim Kochan > ... > >+int device_ifindex(const char *ifname) > >+{ > >+int index = device_ifindex_get(ifname); > >+if (unlikely(index <= 0)) > > This test should be < 0 only as ifindex 0 would mean to > capture on "any" device. > > So starting netsniff-ng w/o any arguments would not work > anymore otherwise, fix up: > > > https://github.com/netsniff-ng/netsniff-ng/commit/42ca7e42aa76ee52499ae82370d11d044e811f35 > > >+panic("Cannot get ifindex from device!\n"); > >+ > >+return index; > >+} > > Cheers, > Daniel Fuf, thank you! And sorry for this BUG! -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] Re: [PATCH] netsniff: Dump basic radiotap header info
On Tue, Apr 21, 2015 at 03:24:33PM +0200, Tobias Klauser wrote: > On 2015-04-20 at 13:51:40 +0200, Vadim Kochan wrote: > > From: Vadim Kochan > > Please always add a short description, even if it's restating what > subject already says. I added one for this. > > Also please note that the tool is called netsniff-ng, not netsniff ;-) > > > Signed-off-by: Vadim Kochan > > Applied without printing of the binary representation of flags. IMO the > hex representation is enough and we don't print it anywhere else. Hope > that is OK. > > Thanks! OK, I understand, thank you! -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] iosched: Print error cause if setting io prio failed
From: Vadim Kochan Add error cause message when ioprio_setpid fails. Signed-off-by: Vadim Kochan --- iosched.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iosched.c b/iosched.c index 7417973..ff82126 100644 --- a/iosched.c +++ b/iosched.c @@ -47,7 +47,7 @@ static void ioprio_setpid(pid_t pid, int ioprio, int ioclass) int ret = ioprio_set(ioprio_who_process, pid, ioprio | ioclass << IOPRIO_CLASS_SHIFT); if (ret < 0) - panic("Failed to set io prio for pid!\n"); + panic("Failed to set io prio for pid: %s\n", strerror(errno)); } void ioprio_print(void) -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] netsniff-ng: Seems typo in getting current group id
From: Vadim Kochan Changed to use ctx->gid when call getgid() on init_ctx. Signed-off-by: Vadim Kochan --- netsniff-ng.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netsniff-ng.c b/netsniff-ng.c index c0d70c8..4ad8b19 100644 --- a/netsniff-ng.c +++ b/netsniff-ng.c @@ -1096,7 +1096,7 @@ static void init_ctx(struct ctx *ctx) memset(ctx, 0, sizeof(*ctx)); ctx->uid = getuid(); - ctx->uid = getgid(); + ctx->gid = getgid(); ctx->cpu = -1; ctx->packet_type = -1; -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] netsniff-ng: Do we need to set IO prio when do only read from pcap ?
Hi, It is not possible to just read pcap by netsniff-ng if user permissions does not allow to set processes IO prio, so it is really needed to do it just for print pcap file ? Thanks, Vadim Kochan -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] netsniff-ng: Do we need to set IO prio when do only read from pcap ?
On Wed, Apr 22, 2015 at 05:02:52PM +0200, Daniel Borkmann wrote: > On 04/22/2015 05:00 PM, Vadim Kochan wrote: > >Hi, > > > >It is not possible to just read pcap by netsniff-ng if user permissions > >does not allow to set processes IO prio, so it is really needed to do it > >just for print pcap file ? > > Thanks for the report Vadim! > > No, it's not a requirement. Do you mind sending a patch? > > Thanks, > Daniel > > -- > You received this message because you are subscribed to the Google Groups > "netsniff-ng" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to netsniff-ng+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. Sure, I will try to fix it, really I dont have a fix yet. The issue goes from pcap ops in init one function, where IO prio is set, the first think which came up in my mind is to have separate pcap ops for read only where set IO prio will be not called ... but I am not sure if it is correct. Regards, Vadim Kochan -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] netsniff-ng: Do we need to set IO prio when do only read from pcap ?
On Wed, Apr 22, 2015 at 05:37:42PM +0200, Daniel Borkmann wrote: > On 04/22/2015 05:09 PM, Vadim Kochan wrote: > ... > >Sure, I will try to fix it, really I dont have a fix yet. The issue goes > >from pcap ops in init one function, where IO prio is set, the first > >think which came up in my mind is to have separate pcap ops for read > >only where set IO prio will be not called ... but I am not sure if it is > >correct. > > I think we have two options: > > 1) Don't panic on error, but perhaps just throw a warning to the user >instead in case of insufficient permissions. > > 2) Change init_once_pcap() into void (*init_once_pcap)(bool enforce_prio); >and push down the enforcement into the various functions, and inside >read_pcap(), you'd set __pcap_io->init_once_pcap(false). And in case >the enforcement is not set, we just move on silently. > > Perhaps 2nd option is cleaner? Sure 2nd looks OK, but still what about this pcap_rw.c: ? const struct pcap_file_ops pcap_rw_ops = { .init_once_pcap = pcap_rw_init_once, .pull_fhdr_pcap = pcap_generic_pull_fhdr, .push_fhdr_pcap = pcap_generic_push_fhdr, .read_pcap = pcap_rw_read, .write_pcap = pcap_rw_write, .fsync_pcap = pcap_rw_fsync, }; New ops goes right after: const struct pcap_file_ops pcap_ro_ops = { .pull_fhdr_pcap = pcap_generic_pull_fhdr, .read_pcap = pcap_rw_read, }; Also it requires to use new pcap ops index in pcap_io.h: static const struct pcap_file_ops *pcap_ops[] __maybe_unused = { [PCAP_OPS_RW] = &pcap_rw_ops, [PCAP_OPS_RO] = &pcap_ro_ops, [PCAP_OPS_SG] = &pcap_sg_ops, [PCAP_OPS_MM] = &pcap_mm_ops, }; -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] netsniff-ng: Dont set IO prio when reading pcap file
From: Vadim Kochan It allows to read pcap file for users who have no permissions to set process IO prio. Signed-off-by: Vadim Kochan --- netsniff-ng.c | 6 +++--- pcap_io.h | 2 +- pcap_mm.c | 5 +++-- pcap_rw.c | 5 +++-- pcap_sg.c | 5 +++-- 5 files changed, 13 insertions(+), 10 deletions(-) diff --git a/netsniff-ng.c b/netsniff-ng.c index c0d70c8..139bef9 100644 --- a/netsniff-ng.c +++ b/netsniff-ng.c @@ -228,7 +228,7 @@ static void pcap_to_xmit(struct ctx *ctx) } if (__pcap_io->init_once_pcap) - __pcap_io->init_once_pcap(); + __pcap_io->init_once_pcap(true); ret = __pcap_io->pull_fhdr_pcap(fd, &ctx->magic, &ctx->link_type); if (ret) @@ -567,7 +567,7 @@ static void read_pcap(struct ctx *ctx) } if (__pcap_io->init_once_pcap) - __pcap_io->init_once_pcap(); + __pcap_io->init_once_pcap(false); ret = __pcap_io->pull_fhdr_pcap(fd, &ctx->magic, &ctx->link_type); if (ret) @@ -963,7 +963,7 @@ static void recv_only_or_dump(struct ctx *ctx) ifflags = device_enter_promiscuous_mode(ctx->device_in); if (dump_to_pcap(ctx) && __pcap_io->init_once_pcap) - __pcap_io->init_once_pcap(); + __pcap_io->init_once_pcap(true); drop_privileges(ctx->enforce, ctx->uid, ctx->gid); diff --git a/pcap_io.h b/pcap_io.h index c3fc951..35faa51 100644 --- a/pcap_io.h +++ b/pcap_io.h @@ -122,7 +122,7 @@ enum pcap_mode { }; struct pcap_file_ops { - void (*init_once_pcap)(void); + void (*init_once_pcap)(bool enforce_prio); int (*pull_fhdr_pcap)(int fd, uint32_t *magic, uint32_t *linktype); int (*push_fhdr_pcap)(int fd, uint32_t magic, uint32_t linktype); int (*prepare_access_pcap)(int fd, enum pcap_mode mode, bool jumbo); diff --git a/pcap_mm.c b/pcap_mm.c index 5b3cfcb..f7b248e 100644 --- a/pcap_mm.c +++ b/pcap_mm.c @@ -148,9 +148,10 @@ static void __pcap_mm_prepare_access_rd(int fd) ptr_va_curr = ptr_va_start + sizeof(struct pcap_filehdr); } -static void pcap_mm_init_once(void) +static void pcap_mm_init_once(bool enforce_prio) { - set_ioprio_be(); + if (enforce_prio) + set_ioprio_be(); } static int pcap_mm_prepare_access(int fd, enum pcap_mode mode, bool jumbo) diff --git a/pcap_rw.c b/pcap_rw.c index 5a739da..b6be922 100644 --- a/pcap_rw.c +++ b/pcap_rw.c @@ -57,9 +57,10 @@ static ssize_t pcap_rw_read(int fd, pcap_pkthdr_t *phdr, enum pcap_type type, return hdrsize + hdrlen; } -static void pcap_rw_init_once(void) +static void pcap_rw_init_once(bool enforce_prio) { - set_ioprio_rt(); + if (enforce_prio) + set_ioprio_rt(); } static void pcap_rw_fsync(int fd) diff --git a/pcap_sg.c b/pcap_sg.c index 9d07656..80c2c5d 100644 --- a/pcap_sg.c +++ b/pcap_sg.c @@ -145,9 +145,10 @@ static void pcap_sg_fsync(int fd) fdatasync(fd); } -static void pcap_sg_init_once(void) +static void pcap_sg_init_once(bool enforce_prio) { - set_ioprio_rt(); + if (enforce_prio) + set_ioprio_rt(); } static int pcap_sg_prepare_access(int fd, enum pcap_mode mode, bool jumbo) -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] netsniff-ng: Do we need to set IO prio when do only read from pcap ?
On Wed, Apr 22, 2015 at 05:37:42PM +0200, Daniel Borkmann wrote: > On 04/22/2015 05:09 PM, Vadim Kochan wrote: > ... > >Sure, I will try to fix it, really I dont have a fix yet. The issue goes > >from pcap ops in init one function, where IO prio is set, the first > >think which came up in my mind is to have separate pcap ops for read > >only where set IO prio will be not called ... but I am not sure if it is > >correct. > > I think we have two options: > > 1) Don't panic on error, but perhaps just throw a warning to the user >instead in case of insufficient permissions. > > 2) Change init_once_pcap() into void (*init_once_pcap)(bool enforce_prio); >and push down the enforcement into the various functions, and inside >read_pcap(), you'd set __pcap_io->init_once_pcap(false). And in case >the enforcement is not set, we just move on silently. > > Perhaps 2nd option is cleaner? OK, I 've send a fix but it needs also to be applied the patch with a title: [PATCH] netsniff-ng: Seems typo in getting current group id https://groups.google.com/forum/?hl=en#!topic/netsniff-ng/7vKdK3FesSU Because of initializing wrong ctx->gid the user could not change the group because of the permissions when reading pcap file. Regards, -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] netsniff-ng: mac80211: Better print layout for "HT Capabilities" element ?
ed (21, Len (110)): Failed to dissect Subtype ] Regards, Vadim Kochan -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] netsniff-ng: mac80211: Better print layout for "HT Capabilities" element ?
On Thu, Apr 23, 2015 at 12:05:55AM +0200, Daniel Borkmann wrote: > On 04/22/2015 11:50 PM, Vadim Kochan wrote: > ... > >I think that "HT Capabilities" element info should be showed in more > >structured view so > >it will be more readable what do you think ? > > > >Does someone have a better option ? > > Yes, I'm fine with that. > > -- > You received this message because you are subscribed to the Google Groups > "netsniff-ng" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to netsniff-ng+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. OK, I have some working output example: [ Radiotap Version (0), Length (26), Flags (0x482f) ] [ 802.11 Frame Control (0x0040)] [ Proto Version (0), Type (0, Management), Duration (0), Destination (ff:ff:ff:ff:ff:ff) Source (9c:4e:36:a5:38:98) => (Intel Corporate:a5:38:98) BSSID (ff:ff:ff:ff:ff:ff) Fragmentnr. (0), Seqnr. (1980). Subtype (4, Probe Request) ] [ Subtype Probe Request: Info Elements: SSID (0, Len (8)): blizzard Supp. Rates (1, Len (8)): 1 2 5.5 11 6 9 12 18 Ext Support Rates (50, Len(4)): 24 36 48 54 HT Capabilities (45, Len(26)): Info: LDCP Cod Cap (0) Supp Ch Width Set (0) SM Pwr Save(0) HT-Greenfield (1) Short GI for 20/40 MHz (1/0) Tx/Rx STBC (0/1) HT-Delayed Block Ack (0) Max A-MSDU Len (1) DSSS/CCK Mode in 40 MHz (0) Res (0x0) Forty MHz Intol (0) L-SIG TXOP Protection Supp (0) A-MPDU Params: Max Len Exp (0) Min Start Spacing (2) Res (0x7) Supp MCS Set: Rx MCS Bitmask (0x) Res (0x0) Rx High Supp Data Rate (0) Res (0x0) Tx MCS Set Def (0) Tx Rx MCS Set Not Eq (0) Tx Max Number Spat Str Supp (0) Tx Uneq Mod Supp (0) Res (0x0) Ext Cap: PCO (0) PCO Trans Time (0) Res (0x0) MCS Feedb (0) +HTC Supp (0) RD Resp (0) Res (0x0) Transm Beamf: Impl Transm Beamf Rec Cap (0) Rec/Transm Stagg Sound Cap (0/0) Rec/Trans NDP Cap (0/0) Impl Transm Beamf Cap (0) Cal (0) Expl CSI Transm Beamf Cap (0) Expl Noncmpr/Compr Steering Cap (0/0) Expl Trans Beamf CSI Feedb (0) Expl Noncmpr/Cmpr Feedb Cap (0/0) Min Grpg (0) CSI Num Beamf Ant Supp (0) Noncmpr/Cmpr Steering Nr Beamf Ant Supp (0/0) CSI Max Nr Rows Beamf Supp (0) Ch Estim Cap (0) Res (0x0) ASEL: Ant Select Cap (0) Expl CSI Feedb Based Transm ASEL Cap (0) Ant Indic Feedb Based Transm ASEL Cap (0) Expl CSI Feedb Cap (0) Ant Indic Feedb Cap (0) Rec ASEL Cap (0) Transm Sound PPDUs Cap (0) Res (0x0) Reserved (21, Len (110)): Failed to dissect Subtype ] May be it would be good to add '(' and ')' around information elements to visually separate them ? [ Subtype Probe Request: Info Elements: (SSID (0, Len (8)): blizzard), (Supp. Rates (1, Len (8)): 1 2 5.5 11 6 9 12 18), (Ext Support Rates (50, Len(4)): 24 36 48 54),
[netsniff-ng] [PATCH] netsniff-ng mac80211: Print "HT Capabilities" more structurd
From: Vadim Kochan Now it looks like: [ Subtype Beacon: Timestamp 0x74c5c180, Beacon Interval (0.102400s), Capabilities (0x431 <-> ESS; Privacy; Short Preamble; Short Slot Time;) Parameters: SSID (0, Len (6)): D07F82 Supp. Rates (1, Len (8)): 1(B) 2(B) 5.5(B) 11(B) 6(B) 9 12(B) 18 DSSS Param Set (3, Len(1)): Current Channel: 1 TIM (5, Len(4)): DTIM Count: 0, DTIM Period: 3, Bitmap Control: 0, Partial Virtual Bitmap: 0x00 Country (7, Len(6)): Country String: US First Ch Nr: 1, Nr of Ch: 11, Max Transmit Pwr Lvl: 30 ERP (42, Len(1)): Non ERP Present (0), Use Protection (0), Barker Preamble Mode (0), Reserved (0x0) Ext Support Rates (50, Len(4)): 24 36 48 54 HT Capabilities (45, Len(26)): Info: LDCP Cod Cap (1) Supp Ch Width Set (1) SM Pwr Save(3) HT-Greenfield (0) Short GI for 20/40 MHz (1/1) Tx/Rx STBC (0/0) HT-Delayed Block Ack (0) Max A-MSDU Len (0) DSSS/CCK Mode in 40 MHz (1) Res (0x0) Forty MHz Intol (0) L-SIG TXOP Protection Supp (0) A-MPDU Params: Max Len Exp (0) Min Start Spacing (3) Res (0x3) Supp MCS Set: Rx MCS Bitmask (0x) Res (0x0) Rx High Supp Data Rate (0) Res (0x0) Tx MCS Set Def (0) Tx Rx MCS Set Not Eq (0) Tx Max Number Spat Str Supp (0) Tx Uneq Mod Supp (0) Res (0x0) Ext Cap: PCO (0) PCO Trans Time (0) Res (0x0) MCS Feedb (0) +HTC Supp (0) RD Resp (0) Res (0x0) Transm Beamf: Impl Transm Beamf Rec Cap (0) Rec/Transm Stagg Sound Cap (0/0) Rec/Trans NDP Cap (0/0) Impl Transm Beamf Cap (0) Cal (0) Expl CSI Transm Beamf Cap (0) Expl Noncmpr/Compr Steering Cap (0/0) Expl Trans Beamf CSI Feedb (0) Expl Noncmpr/Cmpr Feedb Cap (0/0) Min Grpg (0) CSI Num Beamf Ant Supp (0) Noncmpr/Cmpr Steering Nr Beamf Ant Supp (0/0) CSI Max Nr Rows Beamf Supp (0) Ch Estim Cap (0) Res (0x0) ASEL: Ant Select Cap (0) Expl CSI Feedb Based Transm ASEL Cap (0) Ant Indic Feedb Based Transm ASEL Cap (0) Expl CSI Feedb Cap (0) Ant Indic Feedb Cap (0) Rec ASEL Cap (0) Transm Sound PPDUs Cap (0) Res (0x0) Failed to dissect Subtype ] Signed-off-by: Vadim Kochan --- proto_80211_mac_hdr.c | 175 ++ 1 file changed, 107 insertions(+), 68 deletions(-) diff --git a/proto_80211_mac_hdr.c b/proto_80211_mac_hdr.c index 199c4e7..e37397c 100644 --- a/proto_80211_mac_hdr.c +++ b/proto_80211_mac_hdr.c @@ -883,7 +883,7 @@ static int8_t inf_reserved(struct pkt_buff *pkt, u8 *id) if (reserved == NULL) return 0; - tprintf("Reserved (%u, Len (%u)): ", *id, reserved->len); + tprintf(" Reserved (%u, Len (%u)): ", *id, reserved->len); data = pkt_pull(pkt, reserved->len); if (data == NULL) @@ -2578,68 +2578,101 @@ static int8_t inf_ht_cap(struct pkt_buff *pkt, u8 *id) beam_cap = le32_to_cpu(ht_cap->beam_cap); ext_cap = le16_to_cpu(ht_cap->ext_cap); - tprintf(" HT Capabilities (%u, Len(%u
[netsniff-ng] [PATCH] netsniff-ng: Show packet number
From: Vadim Kochan < ? 100 1429707903s.33856000ns (#1) [ Radiotap Version (0), Length (26), Flags (0x482f) ] [ 802.11 Frame Control (0x0040)] [ Proto Version (0), Type (0, Management), Duration (0), Destination (ff:ff:ff:ff:ff:ff) Source (00:23:14:da:1c:fc) => (Intel Corporate:da:1c:fc) BSSID (ff:ff:ff:ff:ff:ff) Fragmentnr. (0), Seqnr. (1733). Subtype (4, Probe Request) ] [ Subtype Probe Request: Failed to dissect Subtype ] [ Chr ...$2.0H`l-.r."}.. ] [ Hex 00 00 01 08 02 04 0b 16 0c 12 18 24 32 04 30 48 60 6c 2d 1a 72 09 17 ff ff 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 7d 89 bb ] Signed-off-by: Vadim Kochan --- dissector.h | 22 ++ netsniff-ng.c | 16 +++- 2 files changed, 25 insertions(+), 13 deletions(-) diff --git a/dissector.h b/dissector.h index fc20eda..4234090 100644 --- a/dissector.h +++ b/dissector.h @@ -51,7 +51,7 @@ static inline const char *__show_ts_source(uint32_t status) static inline void __show_frame_hdr(uint8_t *packet, size_t len, int linktype, struct sockaddr_ll *s_ll, void *raw_hdr, - int mode, bool v3) + int mode, bool v3, unsigned long *count) { char tmp[IFNAMSIZ]; union tpacket_uhdr hdr; @@ -73,34 +73,40 @@ static inline void __show_frame_hdr(uint8_t *packet, size_t len, int linktype, pkttype = hdr->nlmsg_pid == 0 ? PACKET_KERNEL : PACKET_USER; } + if (count) + *count += 1; + hdr.raw = raw_hdr; switch (mode) { case PRINT_LESS: - tprintf("%s %s %u", + tprintf("%s %s %u (#%lu) ", packet_types[pkttype] ? : "?", if_indextoname(s_ll->sll_ifindex, tmp) ? : "?", - tpacket_uhdr(hdr, tp_len, v3)); + tpacket_uhdr(hdr, tp_len, v3), *count); break; default: - tprintf("%s %s %u %us.%uns %s\n", + tprintf("%s %s %u %us.%uns %s (#%lu)\n", packet_types[pkttype] ? : "?", if_indextoname(s_ll->sll_ifindex, tmp) ? : "?", tpacket_uhdr(hdr, tp_len, v3), tpacket_uhdr(hdr, tp_sec, v3), tpacket_uhdr(hdr, tp_nsec, v3), - v3 ? "" : __show_ts_source(hdr.h2->tp_status)); + v3 ? "" : __show_ts_source(hdr.h2->tp_status), *count); break; } } static inline void show_frame_hdr(uint8_t *packet, size_t len, int linktype, - struct frame_map *hdr, int mode) + struct frame_map *hdr, int mode, + unsigned long *count) { - __show_frame_hdr(packet, len, linktype, &hdr->s_ll, &hdr->tp_h, mode, false); + __show_frame_hdr(packet, len, linktype, &hdr->s_ll, &hdr->tp_h, mode, + false, count); } extern void dissector_init_all(int fnttype); -extern void dissector_entry_point(uint8_t *packet, size_t len, int linktype, int mode); +extern void dissector_entry_point(uint8_t *packet, size_t len, int linktype, int + mode); extern void dissector_cleanup_all(void); extern int dissector_set_print_type(void *ptr, int type); diff --git a/netsniff-ng.c b/netsniff-ng.c index ee9dc38..2094a3f 100644 --- a/netsniff-ng.c +++ b/netsniff-ng.c @@ -64,6 +64,7 @@ struct ctx { gid_t gid; uint32_t link_type, magic; uint32_t fanout_group, fanout_type; + unsigned long pkts_showed; }; static volatile sig_atomic_t sigint = 0; @@ -308,7 +309,8 @@ static void pcap_to_xmit(struct ctx *ctx) ctx->tx_packets++; show_frame_hdr(out, hdr->tp_h.tp_snaplen, - ctx->link_type, hdr, ctx->print_mode); + ctx->link_type, hdr, ctx->print_mode, + &ctx->pkts_showed); dissector_entry_point(out, hdr->tp_h.tp_snaplen, ctx->link_type, ctx->print_mode); @@ -457,7 +459,8 @@ static void receive_to_xmit(struct ctx *ctx) } show_frame_hdr(in, hdr_in->tp_h.tp_snaplen, - ctx->link_type, hdr_in, ctx->print_mode); + ctx->link_type, hdr_in, ctx->print_mode, + &ctx->pkts_showed); dissector_e
[netsniff-ng] [PATCH] netsniff-ng nlmsg: Print netlink protocol name
From: Vadim Kochan nlmsg proto handler can't identify Netlink protocol from nlmsghdr, so sockaddr_ll can be used to get it. Also renamed [proto -> handler] member in pkt_buff struct, which is more understandable. Example: >U nlmon0 4756 1429891435s.14505747ns [ NLMSG Proto 0 (RTNETLINK), Len 1160, Type 0x0010 (0x10), Flags 0x0002 (MULTI), Seq-Nr 1429891436, PID 31613 ] Signed-off-by: Vadim Kochan --- dissector.c | 18 ++ dissector.h | 3 ++- netsniff-ng.c | 14 +- pkt_buff.h| 19 ++- proto_nlmsg.c | 34 ++ 5 files changed, 65 insertions(+), 23 deletions(-) diff --git a/dissector.c b/dissector.c index 7c8ba39..5f60a11 100644 --- a/dissector.c +++ b/dissector.c @@ -42,25 +42,26 @@ int dissector_set_print_type(void *ptr, int type) static void dissector_main(struct pkt_buff *pkt, struct protocol *start, struct protocol *end) { - struct protocol *proto; + struct protocol *handler; if (!start) return; - for (pkt->proto = start; pkt->proto; ) { - if (unlikely(!pkt->proto->process)) + for (pkt->handler = start; pkt->handler; ) { + if (unlikely(!pkt->handler->process)) break; - proto = pkt->proto; - pkt->proto = NULL; - proto->process(pkt); + handler = pkt->handler; + pkt->handler= NULL; + handler->process(pkt); } if (end && likely(end->process)) end->process(pkt); } -void dissector_entry_point(uint8_t *packet, size_t len, int linktype, int mode) +void dissector_entry_point(uint8_t *packet, size_t len, int linktype, int mode, + uint16_t proto) { struct protocol *proto_start, *proto_end; struct pkt_buff *pkt; @@ -69,7 +70,8 @@ void dissector_entry_point(uint8_t *packet, size_t len, int linktype, int mode) return; pkt = pkt_alloc(packet, len); - pkt->link_type = linktype; + pkt->link_type = linktype; + pkt->proto = proto; switch (linktype) { case LINKTYPE_EN10MB: diff --git a/dissector.h b/dissector.h index fc20eda..b2fb6b9 100644 --- a/dissector.h +++ b/dissector.h @@ -100,7 +100,8 @@ static inline void show_frame_hdr(uint8_t *packet, size_t len, int linktype, } extern void dissector_init_all(int fnttype); -extern void dissector_entry_point(uint8_t *packet, size_t len, int linktype, int mode); +extern void dissector_entry_point(uint8_t *packet, size_t len, int linktype, + int mode, uint16_t proto); extern void dissector_cleanup_all(void); extern int dissector_set_print_type(void *ptr, int type); diff --git a/netsniff-ng.c b/netsniff-ng.c index ee9dc38..a239b8b 100644 --- a/netsniff-ng.c +++ b/netsniff-ng.c @@ -311,7 +311,8 @@ static void pcap_to_xmit(struct ctx *ctx) ctx->link_type, hdr, ctx->print_mode); dissector_entry_point(out, hdr->tp_h.tp_snaplen, - ctx->link_type, ctx->print_mode); + ctx->link_type, ctx->print_mode, + hdr->s_ll.sll_protocol); kernel_may_pull_from_tx(&hdr->tp_h); @@ -460,7 +461,8 @@ static void receive_to_xmit(struct ctx *ctx) ctx->link_type, hdr_in, ctx->print_mode); dissector_entry_point(in, hdr_in->tp_h.tp_snaplen, - ctx->link_type, ctx->print_mode); + ctx->link_type, ctx->print_mode, + hdr_in->s_ll.sll_protocol); if (frame_count_max != 0) { if (frame_count >= frame_count_max) { @@ -643,7 +645,8 @@ static void read_pcap(struct ctx *ctx) ctx->print_mode); dissector_entry_point(out, fm.tp_h.tp_snaplen, - ctx->link_type, ctx->print_mode); + ctx->link_type, ctx->print_mode, + fm.s_ll.sll_protocol); if (is_out_pcap) { size_t pcap_len = pcap_get_length(&phdr, ctx->magic); @@ -897,7 +900,7 @@ static void walk_t3_block(struct block_desc *pbd, struct ctx *ctx, hdr, ctx->print_mode, true); dissector_entry_point(packet, hdr->tp_snaplen, ctx->link_type, - ctx->print_mode); +
[netsniff-ng] Re: [PATCH] netsniff-ng: Show packet number
On Thu, Apr 23, 2015 at 02:24:16PM +0300, Vadim Kochan wrote: > static inline void __show_frame_hdr(uint8_t *packet, size_t len, int > linktype, > struct sockaddr_ll *s_ll, void *raw_hdr, > - int mode, bool v3) > + int mode, bool v3, unsigned long *count) > { > char tmp[IFNAMSIZ]; > union tpacket_uhdr hdr; > @@ -73,34 +73,40 @@ static inline void __show_frame_hdr(uint8_t *packet, > size_t len, int linktype, > pkttype = hdr->nlmsg_pid == 0 ? PACKET_KERNEL : PACKET_USER; > } > > + if (count) > + *count += 1; > + > hdr.raw = raw_hdr; > switch (mode) { > case PRINT_LESS: > - tprintf("%s %s %u", > + tprintf("%s %s %u (#%lu) ", > packet_types[pkttype] ? : "?", > if_indextoname(s_ll->sll_ifindex, tmp) ? : "?", > - tpacket_uhdr(hdr, tp_len, v3)); > + tpacket_uhdr(hdr, tp_len, v3), *count); > break; > default: > - tprintf("%s %s %u %us.%uns %s\n", > + tprintf("%s %s %u %us.%uns %s (#%lu)\n", > packet_types[pkttype] ? : "?", > if_indextoname(s_ll->sll_ifindex, tmp) ? : "?", > tpacket_uhdr(hdr, tp_len, v3), > tpacket_uhdr(hdr, tp_sec, v3), > tpacket_uhdr(hdr, tp_nsec, v3), > - v3 ? "" : __show_ts_source(hdr.h2->tp_status)); > + v3 ? "" : __show_ts_source(hdr.h2->tp_status), *count); > break; > } > } I just realized that count will be dereferenced even if it was passed as NULL so if you agree with the feature I can re-send v2 ... Regards, -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] Re: [PATCH] netsniff-ng: Show packet number
> > Why pass the count as as pointer in the first place? I'd rather pass it > by value and do the increment at the calling site (even if it means a > bit of code duplication). I will re-work this, thanks. -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] netsniff-ng nlmsg: Print type for NETLINK_ROUTE
From: Vadim Kochan Print nlmsg type name for rtnetlink messages Signed-off-by: Vadim Kochan --- proto_nlmsg.c | 84 +-- 1 file changed, 82 insertions(+), 2 deletions(-) diff --git a/proto_nlmsg.c b/proto_nlmsg.c index b219867..c5ef9d5 100644 --- a/proto_nlmsg.c +++ b/proto_nlmsg.c @@ -47,6 +47,86 @@ static const char *nl_proto2str(uint16_t proto) } } +static char * rtnl_types2str[RTM_MAX] = { + [RTM_NEWLINK] = "NEW LINK", + [RTM_DELLINK] = "DEL LINK", + [RTM_GETLINK] = "GET LINK", + [RTM_SETLINK] = "SET LINK", + + [RTM_NEWADDR] = "NEW ADDR", + [RTM_DELADDR] = "DEL ADDR", + [RTM_GETADDR] = "GET ADDR", + + [RTM_NEWROUTE] = "NEW ROUTE", + [RTM_DELROUTE] = "DEL ROUTE", + [RTM_GETROUTE] = "GET ROUTE", + + [RTM_NEWNEIGH] = "NEW NEIGH", + [RTM_DELNEIGH] = "DEL NEIGH", + [RTM_GETNEIGH] = "GET NEIGH", + + [RTM_NEWRULE] = "NEW RULE", + [RTM_DELRULE] = "DEL RULE", + [RTM_GETRULE] = "GET RULE", + + [RTM_NEWQDISC] = "NEW QDISC", + [RTM_DELQDISC] = "DEL QDISC", + [RTM_GETQDISC] = "GET QDISC", + + [RTM_NEWTCLASS] = "NEW TCLASS", + [RTM_DELTCLASS] = "DEL TCLASS", + [RTM_GETTCLASS] = "GET TCLASS", + + [RTM_NEWTFILTER] = "NEW TFILTER", + [RTM_DELTFILTER] = "DEL TFILTER", + [RTM_GETTFILTER] = "GET TFILTER", + + [RTM_NEWACTION] = "NEW ACTION", + [RTM_DELACTION] = "DEL ACTION", + [RTM_GETACTION] = "GET ACTION", + + [RTM_NEWPREFIX] = "NEW PREFIX", + + [RTM_GETMULTICAST] = "GET MULTICAST", + + [RTM_GETANYCAST] = "GET ANYCAST", + + [RTM_NEWNEIGHTBL] = "NEW NEIGHTBL", + [RTM_GETNEIGHTBL] = "GET NEIGHTBL", + [RTM_SETNEIGHTBL] = "SET NEIGHTBL", + + [RTM_NEWNDUSEROPT] = "NEW NDUSEROPT", + + [RTM_NEWADDRLABEL] = "NEW ADDRLABEL", + [RTM_DELADDRLABEL] = "DEL ADDRLABEL", + [RTM_GETADDRLABEL] = "GET ADDRLABEL", + + [RTM_GETDCB] = "GET DCB", + [RTM_SETDCB] = "SET DCB", + + [RTM_NEWNETCONF] = "NEW NETCONF", + [RTM_GETNETCONF] = "GET NETCONF", + + [RTM_NEWMDB] = "NEW MDB", + [RTM_DELMDB] = "DEL MDB", + [RTM_GETMDB] = "GET MDB", +}; + +static char *nl_msgtype2str(uint16_t proto, uint16_t type, char *buf, int len) +{ + char *name = NULL; + + if (proto == NETLINK_ROUTE && type < RTM_MAX) + name = rtnl_types2str[type]; + + if (name) { + strncpy(buf, name, len); + return buf; + } + + return nl_nlmsgtype2str(type, buf, len); +} + static void nlmsg(struct pkt_buff *pkt) { struct nlmsghdr *hdr = (struct nlmsghdr *) pkt_pull(pkt, sizeof(*hdr)); @@ -82,8 +162,8 @@ static void nlmsg(struct pkt_buff *pkt) tprintf("Len %u, ", hdr->nlmsg_len); tprintf("Type 0x%.4x (%s%s%s), ", hdr->nlmsg_type, colorize_start(bold), - nl_nlmsgtype2str(hdr->nlmsg_type, type, sizeof(type)), - colorize_end()); + nl_msgtype2str(ntohs(pkt->proto), hdr->nlmsg_type, type, + sizeof(type)), colorize_end()); tprintf("Flags 0x%.4x (%s%s%s), ", hdr->nlmsg_flags, colorize_start(bold), nl_nlmsg_flags2str(hdr->nlmsg_flags, flags, sizeof(flags)), -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] netsniff-ng mac80211: Print probe request IEs info
From: Vadim Kochan As probe request frame consist only with IE params so just do a similar print of these params as it was done for beacon. Also using mgmt_{func}_dissect naming for mgmt frame dissectors. Signed-off-by: Vadim Kochan --- proto_80211_mac_hdr.c | 16 +--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/proto_80211_mac_hdr.c b/proto_80211_mac_hdr.c index e37397c..d1a36b5 100644 --- a/proto_80211_mac_hdr.c +++ b/proto_80211_mac_hdr.c @@ -2961,7 +2961,7 @@ static void print_inf_elements(struct pkt_buff *pkt) } /* Management Dissectors */ -static int8_t beacon(struct pkt_buff *pkt) +static int8_t mgmt_beacon_dissect(struct pkt_buff *pkt) { struct ieee80211_mgmt_beacon *beacon; @@ -2984,6 +2984,16 @@ static int8_t beacon(struct pkt_buff *pkt) return 1; } +static int8_t mgmt_probe_request_dissect(struct pkt_buff *pkt) +{ + print_inf_elements(pkt); + + if (pkt_len(pkt)) + return 0; + + return 1; +} + static int8_t mgmt_unimplemented(struct pkt_buff *pkt __maybe_unused) { return 0; @@ -3069,13 +3079,13 @@ static const char *mgt_sub(u8 subtype, struct pkt_buff *pkt, *get_content = mgmt_unimplemented; return "Reassociation Response"; case 0x4: - *get_content = mgmt_unimplemented; + *get_content = mgmt_probe_request_dissect; return "Probe Request"; case 0x5: *get_content = mgmt_unimplemented; return "Probe Response"; case 0x8: - *get_content = beacon; + *get_content = mgmt_beacon_dissect; return "Beacon"; case 0x9: *get_content = mgmt_unimplemented; -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH v2] netsniff-ng: Show packet number
From: Vadim Kochan > wlp3s0 107 1430159373s.693002029ns (#5) [ Eth MAC (6c:88:14:ac:51:e4 => 10:fe:ed:90:22:12), Proto (0x0800, IPv4) ] Signed-off-by: Vadim Kochan --- dissector.h | 18 +++--- netsniff-ng.c | 13 - 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/dissector.h b/dissector.h index d749205..4942ece 100644 --- a/dissector.h +++ b/dissector.h @@ -51,7 +51,7 @@ static inline const char *__show_ts_source(uint32_t status) static inline void __show_frame_hdr(uint8_t *packet, size_t len, int linktype, struct sockaddr_ll *s_ll, void *raw_hdr, - int mode, bool v3) + int mode, bool v3, unsigned long count) { char tmp[IFNAMSIZ]; union tpacket_uhdr hdr; @@ -76,27 +76,31 @@ static inline void __show_frame_hdr(uint8_t *packet, size_t len, int linktype, hdr.raw = raw_hdr; switch (mode) { case PRINT_LESS: - tprintf("%s %s %u", + tprintf("%s %s %u (#%lu) ", packet_types[pkttype] ? : "?", if_indextoname(s_ll->sll_ifindex, tmp) ? : "?", - tpacket_uhdr(hdr, tp_len, v3)); + tpacket_uhdr(hdr, tp_len, v3), + count); break; default: - tprintf("%s %s %u %us.%uns %s\n", + tprintf("%s %s %u %us.%uns %s (#%lu)\n", packet_types[pkttype] ? : "?", if_indextoname(s_ll->sll_ifindex, tmp) ? : "?", tpacket_uhdr(hdr, tp_len, v3), tpacket_uhdr(hdr, tp_sec, v3), tpacket_uhdr(hdr, tp_nsec, v3), - v3 ? "" : __show_ts_source(hdr.h2->tp_status)); + v3 ? "" : __show_ts_source(hdr.h2->tp_status), + count); break; } } static inline void show_frame_hdr(uint8_t *packet, size_t len, int linktype, - struct frame_map *hdr, int mode) + struct frame_map *hdr, int mode, + unsigned long count) { - __show_frame_hdr(packet, len, linktype, &hdr->s_ll, &hdr->tp_h, mode, false); + __show_frame_hdr(packet, len, linktype, &hdr->s_ll, &hdr->tp_h, mode, + false, count); } extern void dissector_init_all(int fnttype); diff --git a/netsniff-ng.c b/netsniff-ng.c index f447864..bd2a743 100644 --- a/netsniff-ng.c +++ b/netsniff-ng.c @@ -311,7 +311,8 @@ static void pcap_to_xmit(struct ctx *ctx) ctx->tx_packets++; show_frame_hdr(out, hdr->tp_h.tp_snaplen, - ctx->link_type, hdr, ctx->print_mode); + ctx->link_type, hdr, ctx->print_mode, + ctx->tx_packets); dissector_entry_point(out, hdr->tp_h.tp_snaplen, ctx->link_type, ctx->print_mode, @@ -461,7 +462,8 @@ static void receive_to_xmit(struct ctx *ctx) } show_frame_hdr(in, hdr_in->tp_h.tp_snaplen, - ctx->link_type, hdr_in, ctx->print_mode); + ctx->link_type, hdr_in, ctx->print_mode, + frame_count); dissector_entry_point(in, hdr_in->tp_h.tp_snaplen, ctx->link_type, ctx->print_mode, @@ -645,7 +647,7 @@ static void read_pcap(struct ctx *ctx) ctx->tx_packets++; show_frame_hdr(out, fm.tp_h.tp_snaplen, ctx->link_type, &fm, - ctx->print_mode); + ctx->print_mode, ctx->tx_packets); dissector_entry_point(out, fm.tp_h.tp_snaplen, ctx->link_type, ctx->print_mode, @@ -913,7 +915,7 @@ static void walk_t3_block(struct block_desc *pbd, struct ctx *ctx, } __show_frame_hdr(packet, hdr->tp_snaplen, ctx->link_type, sll, -hdr, ctx->print_mode, true); +hdr, ctx->print_mode, true, *frame_count); dissector_entry_point(packet, hdr->tp_snaplen, ctx->link_type, ctx->print_mode, sll->sll_protocol); @@ -1047,7 +1049,8 @@ static void recv_only_or_dump(struct ctx *ctx)
[netsniff-ng] Re: [PATCH] netsniff-ng nlmsg: Print type for NETLINK_ROUTE
On Mon, Apr 27, 2015 at 04:29:40PM +0300, Vadim Kochan wrote: > From: Vadim Kochan > > Print nlmsg type name for rtnetlink messages > > Signed-off-by: Vadim Kochan > --- > proto_nlmsg.c | 84 > +-- > 1 file changed, 82 insertions(+), 2 deletions(-) > > diff --git a/proto_nlmsg.c b/proto_nlmsg.c > index b219867..c5ef9d5 100644 > --- a/proto_nlmsg.c > +++ b/proto_nlmsg.c > @@ -47,6 +47,86 @@ static const char *nl_proto2str(uint16_t proto) > } > } > > +static char * rtnl_types2str[RTM_MAX] = { > + [RTM_NEWLINK] = "NEW LINK", > + [RTM_DELLINK] = "DEL LINK", > + [RTM_GETLINK] = "GET LINK", > + [RTM_SETLINK] = "SET LINK", > + > + [RTM_NEWADDR] = "NEW ADDR", > + [RTM_DELADDR] = "DEL ADDR", > + [RTM_GETADDR] = "GET ADDR", > + > + [RTM_NEWROUTE] = "NEW ROUTE", > + [RTM_DELROUTE] = "DEL ROUTE", > + [RTM_GETROUTE] = "GET ROUTE", > + > + [RTM_NEWNEIGH] = "NEW NEIGH", > + [RTM_DELNEIGH] = "DEL NEIGH", > + [RTM_GETNEIGH] = "GET NEIGH", > + > + [RTM_NEWRULE] = "NEW RULE", > + [RTM_DELRULE] = "DEL RULE", > + [RTM_GETRULE] = "GET RULE", > + > + [RTM_NEWQDISC] = "NEW QDISC", > + [RTM_DELQDISC] = "DEL QDISC", > + [RTM_GETQDISC] = "GET QDISC", > + > + [RTM_NEWTCLASS] = "NEW TCLASS", > + [RTM_DELTCLASS] = "DEL TCLASS", > + [RTM_GETTCLASS] = "GET TCLASS", > + > + [RTM_NEWTFILTER] = "NEW TFILTER", > + [RTM_DELTFILTER] = "DEL TFILTER", > + [RTM_GETTFILTER] = "GET TFILTER", > + > + [RTM_NEWACTION] = "NEW ACTION", > + [RTM_DELACTION] = "DEL ACTION", > + [RTM_GETACTION] = "GET ACTION", > + > + [RTM_NEWPREFIX] = "NEW PREFIX", > + > + [RTM_GETMULTICAST] = "GET MULTICAST", > + > + [RTM_GETANYCAST] = "GET ANYCAST", > + > + [RTM_NEWNEIGHTBL] = "NEW NEIGHTBL", > + [RTM_GETNEIGHTBL] = "GET NEIGHTBL", > + [RTM_SETNEIGHTBL] = "SET NEIGHTBL", > + > + [RTM_NEWNDUSEROPT] = "NEW NDUSEROPT", > + > + [RTM_NEWADDRLABEL] = "NEW ADDRLABEL", > + [RTM_DELADDRLABEL] = "DEL ADDRLABEL", > + [RTM_GETADDRLABEL] = "GET ADDRLABEL", > + > + [RTM_GETDCB] = "GET DCB", > + [RTM_SETDCB] = "SET DCB", > + > + [RTM_NEWNETCONF] = "NEW NETCONF", > + [RTM_GETNETCONF] = "GET NETCONF", > + > + [RTM_NEWMDB] = "NEW MDB", > + [RTM_DELMDB] = "DEL MDB", > + [RTM_GETMDB] = "GET MDB", > +}; > + > +static char *nl_msgtype2str(uint16_t proto, uint16_t type, char *buf, int > len) > +{ > + char *name = NULL; > + > + if (proto == NETLINK_ROUTE && type < RTM_MAX) > + name = rtnl_types2str[type]; > + > + if (name) { > + strncpy(buf, name, len); > + return buf; > + } > + > + return nl_nlmsgtype2str(type, buf, len); > +} > + > static void nlmsg(struct pkt_buff *pkt) > { > struct nlmsghdr *hdr = (struct nlmsghdr *) pkt_pull(pkt, sizeof(*hdr)); > @@ -82,8 +162,8 @@ static void nlmsg(struct pkt_buff *pkt) > tprintf("Len %u, ", hdr->nlmsg_len); > tprintf("Type 0x%.4x (%s%s%s), ", hdr->nlmsg_type, > colorize_start(bold), > - nl_nlmsgtype2str(hdr->nlmsg_type, type, sizeof(type)), > - colorize_end()); > + nl_msgtype2str(ntohs(pkt->proto), hdr->nlmsg_type, type, > + sizeof(type)), colorize_end()); > tprintf("Flags 0x%.4x (%s%s%s), ", hdr->nlmsg_flags, > colorize_start(bold), > nl_nlmsg_flags2str(hdr->nlmsg_flags, flags, sizeof(flags)), > -- > 2.3.1 > Hi Tibias, I can re-work this considering your last changes related to proto_nlmsg.c Regards, -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] Re: [PATCH] netsniff-ng nlmsg: Print type for NETLINK_ROUTE
On Tue, Apr 28, 2015 at 01:27:19PM +0300, Vadim Kochan wrote: > On Mon, Apr 27, 2015 at 04:29:40PM +0300, Vadim Kochan wrote: > > From: Vadim Kochan > > > > Print nlmsg type name for rtnetlink messages > > > > Signed-off-by: Vadim Kochan > > --- > > proto_nlmsg.c | 84 > > +-- > > 1 file changed, 82 insertions(+), 2 deletions(-) > > > > diff --git a/proto_nlmsg.c b/proto_nlmsg.c > > index b219867..c5ef9d5 100644 > > --- a/proto_nlmsg.c > > +++ b/proto_nlmsg.c > > @@ -47,6 +47,86 @@ static const char *nl_proto2str(uint16_t proto) > > } > > } > > > > +static char * rtnl_types2str[RTM_MAX] = { > > + [RTM_NEWLINK] = "NEW LINK", > > + [RTM_DELLINK] = "DEL LINK", > > + [RTM_GETLINK] = "GET LINK", > > + [RTM_SETLINK] = "SET LINK", > > + > > + [RTM_NEWADDR] = "NEW ADDR", > > + [RTM_DELADDR] = "DEL ADDR", > > + [RTM_GETADDR] = "GET ADDR", > > + > > + [RTM_NEWROUTE] = "NEW ROUTE", > > + [RTM_DELROUTE] = "DEL ROUTE", > > + [RTM_GETROUTE] = "GET ROUTE", > > + > > + [RTM_NEWNEIGH] = "NEW NEIGH", > > + [RTM_DELNEIGH] = "DEL NEIGH", > > + [RTM_GETNEIGH] = "GET NEIGH", > > + > > + [RTM_NEWRULE] = "NEW RULE", > > + [RTM_DELRULE] = "DEL RULE", > > + [RTM_GETRULE] = "GET RULE", > > + > > + [RTM_NEWQDISC] = "NEW QDISC", > > + [RTM_DELQDISC] = "DEL QDISC", > > + [RTM_GETQDISC] = "GET QDISC", > > + > > + [RTM_NEWTCLASS] = "NEW TCLASS", > > + [RTM_DELTCLASS] = "DEL TCLASS", > > + [RTM_GETTCLASS] = "GET TCLASS", > > + > > + [RTM_NEWTFILTER] = "NEW TFILTER", > > + [RTM_DELTFILTER] = "DEL TFILTER", > > + [RTM_GETTFILTER] = "GET TFILTER", > > + > > + [RTM_NEWACTION] = "NEW ACTION", > > + [RTM_DELACTION] = "DEL ACTION", > > + [RTM_GETACTION] = "GET ACTION", > > + > > + [RTM_NEWPREFIX] = "NEW PREFIX", > > + > > + [RTM_GETMULTICAST] = "GET MULTICAST", > > + > > + [RTM_GETANYCAST] = "GET ANYCAST", > > + > > + [RTM_NEWNEIGHTBL] = "NEW NEIGHTBL", > > + [RTM_GETNEIGHTBL] = "GET NEIGHTBL", > > + [RTM_SETNEIGHTBL] = "SET NEIGHTBL", > > + > > + [RTM_NEWNDUSEROPT] = "NEW NDUSEROPT", > > + > > + [RTM_NEWADDRLABEL] = "NEW ADDRLABEL", > > + [RTM_DELADDRLABEL] = "DEL ADDRLABEL", > > + [RTM_GETADDRLABEL] = "GET ADDRLABEL", > > + > > + [RTM_GETDCB] = "GET DCB", > > + [RTM_SETDCB] = "SET DCB", > > + > > + [RTM_NEWNETCONF] = "NEW NETCONF", > > + [RTM_GETNETCONF] = "GET NETCONF", > > + > > + [RTM_NEWMDB] = "NEW MDB", > > + [RTM_DELMDB] = "DEL MDB", > > + [RTM_GETMDB] = "GET MDB", > > +}; > > + > > +static char *nl_msgtype2str(uint16_t proto, uint16_t type, char *buf, int > > len) > > +{ > > + char *name = NULL; > > + > > + if (proto == NETLINK_ROUTE && type < RTM_MAX) > > + name = rtnl_types2str[type]; > > + > > + if (name) { > > + strncpy(buf, name, len); > > + return buf; > > + } > > + > > + return nl_nlmsgtype2str(type, buf, len); > > +} > > + > > static void nlmsg(struct pkt_buff *pkt) > > { > > struct nlmsghdr *hdr = (struct nlmsghdr *) pkt_pull(pkt, sizeof(*hdr)); > > @@ -82,8 +162,8 @@ static void nlmsg(struct pkt_buff *pkt) > > tprintf("Len %u, ", hdr->nlmsg_len); > > tprintf("Type 0x%.4x (%s%s%s), ", hdr->nlmsg_type, > > colorize_start(bold), > > - nl_nlmsgtype2str(hdr->nlmsg_type, type, sizeof(type)), > > - colorize_end()); > > + nl_msgtype2str(ntohs(pkt->proto), hdr->nlmsg_type, type, > > + sizeof(type)), colorize_end()); > > tprintf("Flags 0x%.4x (%s%s%s), ", hdr->nlmsg_flags, > > colorize_start(bold), > > nl_nlmsg_flags2str(hdr->nlmsg_flags, flags, sizeof(flags)), > > -- > > 2.3.1 > > > > Hi Tibias, > > I can re-work this considering your last changes related to > proto_nlmsg.c > > Regards, Hi Tobias, sorry for the typo! -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] Re: [PATCH] netsniff-ng nlmsg: Print type for NETLINK_ROUTE
On Mon, Apr 27, 2015 at 04:29:40PM +0300, Vadim Kochan wrote: > From: Vadim Kochan > > Print nlmsg type name for rtnetlink messages > > Signed-off-by: Vadim Kochan > --- > proto_nlmsg.c | 84 > +-- > 1 file changed, 82 insertions(+), 2 deletions(-) > > diff --git a/proto_nlmsg.c b/proto_nlmsg.c > index b219867..c5ef9d5 100644 > --- a/proto_nlmsg.c > +++ b/proto_nlmsg.c > @@ -47,6 +47,86 @@ static const char *nl_proto2str(uint16_t proto) > } > } > > +static char * rtnl_types2str[RTM_MAX] = { > + [RTM_NEWLINK] = "NEW LINK", > + [RTM_DELLINK] = "DEL LINK", > + [RTM_GETLINK] = "GET LINK", > + [RTM_SETLINK] = "SET LINK", > + > + [RTM_NEWADDR] = "NEW ADDR", > + [RTM_DELADDR] = "DEL ADDR", > + [RTM_GETADDR] = "GET ADDR", > + > + [RTM_NEWROUTE] = "NEW ROUTE", > + [RTM_DELROUTE] = "DEL ROUTE", > + [RTM_GETROUTE] = "GET ROUTE", > + > + [RTM_NEWNEIGH] = "NEW NEIGH", > + [RTM_DELNEIGH] = "DEL NEIGH", > + [RTM_GETNEIGH] = "GET NEIGH", > + > + [RTM_NEWRULE] = "NEW RULE", > + [RTM_DELRULE] = "DEL RULE", > + [RTM_GETRULE] = "GET RULE", > + > + [RTM_NEWQDISC] = "NEW QDISC", > + [RTM_DELQDISC] = "DEL QDISC", > + [RTM_GETQDISC] = "GET QDISC", > + > + [RTM_NEWTCLASS] = "NEW TCLASS", > + [RTM_DELTCLASS] = "DEL TCLASS", > + [RTM_GETTCLASS] = "GET TCLASS", > + > + [RTM_NEWTFILTER] = "NEW TFILTER", > + [RTM_DELTFILTER] = "DEL TFILTER", > + [RTM_GETTFILTER] = "GET TFILTER", > + > + [RTM_NEWACTION] = "NEW ACTION", > + [RTM_DELACTION] = "DEL ACTION", > + [RTM_GETACTION] = "GET ACTION", > + > + [RTM_NEWPREFIX] = "NEW PREFIX", > + > + [RTM_GETMULTICAST] = "GET MULTICAST", > + > + [RTM_GETANYCAST] = "GET ANYCAST", > + > + [RTM_NEWNEIGHTBL] = "NEW NEIGHTBL", > + [RTM_GETNEIGHTBL] = "GET NEIGHTBL", > + [RTM_SETNEIGHTBL] = "SET NEIGHTBL", > + > + [RTM_NEWNDUSEROPT] = "NEW NDUSEROPT", > + > + [RTM_NEWADDRLABEL] = "NEW ADDRLABEL", > + [RTM_DELADDRLABEL] = "DEL ADDRLABEL", > + [RTM_GETADDRLABEL] = "GET ADDRLABEL", > + > + [RTM_GETDCB] = "GET DCB", > + [RTM_SETDCB] = "SET DCB", > + > + [RTM_NEWNETCONF] = "NEW NETCONF", > + [RTM_GETNETCONF] = "GET NETCONF", > + > + [RTM_NEWMDB] = "NEW MDB", > + [RTM_DELMDB] = "DEL MDB", > + [RTM_GETMDB] = "GET MDB", > +}; > + > +static char *nl_msgtype2str(uint16_t proto, uint16_t type, char *buf, int > len) > +{ > + char *name = NULL; > + > + if (proto == NETLINK_ROUTE && type < RTM_MAX) > + name = rtnl_types2str[type]; > + > + if (name) { > + strncpy(buf, name, len); > + return buf; > + } > + > + return nl_nlmsgtype2str(type, buf, len); > +} > + > static void nlmsg(struct pkt_buff *pkt) > { > struct nlmsghdr *hdr = (struct nlmsghdr *) pkt_pull(pkt, sizeof(*hdr)); > @@ -82,8 +162,8 @@ static void nlmsg(struct pkt_buff *pkt) > tprintf("Len %u, ", hdr->nlmsg_len); > tprintf("Type 0x%.4x (%s%s%s), ", hdr->nlmsg_type, > colorize_start(bold), > - nl_nlmsgtype2str(hdr->nlmsg_type, type, sizeof(type)), > - colorize_end()); > + nl_msgtype2str(ntohs(pkt->proto), hdr->nlmsg_type, type, > + sizeof(type)), colorize_end()); > tprintf("Flags 0x%.4x (%s%s%s), ", hdr->nlmsg_flags, > colorize_start(bold), > nl_nlmsg_flags2str(hdr->nlmsg_flags, flags, sizeof(flags)), > -- > 2.3.1 > Ok, I will re-work this one to v2 with func renaming & make NETLINK_ROUTE type names more understandable. Sorry for the noise. Regards, -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] netsniff-ng mac80211: Print IE prefix before param
From: Vadim Kochan Print 'IE:' prefix before each mgmt IE parameter which should be more readable and it allows easy identify next element while the listing the big one: Also removed 1 TAB in "HT Capabilities" fields. P mon0 288 1430230360s.696547150ns [ Radiotap Version (0), Length (26), Flags (0x482f) ] [ 802.11 Frame Control (0x0080)] [ Proto Version (0), Type (0, Management), Duration (0), Destination (ff:ff:ff:ff:ff:ff) Source (00:00:00:00:01:13) => (XEROX CORPORATION:00:01:13) BSSID (00:00:00:00:01:13) => (XEROX CORPORATION:00:01:13) Fragmentnr. (0), Seqnr. (2844). Subtype (8, Beacon) ] [ Subtype Beacon: Timestamp 0x21ac5c5c, Beacon Interval (0.102400s) ment;) IE: SSID (0, Len (6)): 000114 IE: Supp. Rates (1, Len (8)): 1(B) 2(B) 5.5(B) 11(B) 18 24(B) 4 22 IE: DSSS Param Set (3, Len(1)): Current Channel: 1 IE: TIM (5, Len(4)): DTIM Count: 0, DTIM Period: 1 IE: ERP (42, Len(1)): Non ERP Present (0), Use Protection (0) IE: Reserved (47, Len (1)): Data 0x00 IE:Failed to dissect Subtype ] Yeah ... 'IE:' is also printed before 'Failed to dissect Subtype', which just indicates that rest IE params were not identified. Signed-off-by: Vadim Kochan --- proto_80211_mac_hdr.c | 133 +- 1 file changed, 67 insertions(+), 66 deletions(-) diff --git a/proto_80211_mac_hdr.c b/proto_80211_mac_hdr.c index e37397c..31082d4 100644 --- a/proto_80211_mac_hdr.c +++ b/proto_80211_mac_hdr.c @@ -2582,97 +2582,97 @@ static int8_t inf_ht_cap(struct pkt_buff *pkt, u8 *id) if (len_neq_error(ht_cap->len, 26)) return 0; - tprintf("\t\t\t Info:\n"); - tprintf("\t\t\t\t LDCP Cod Cap (%u)\n", ht_cap->ldpc); - tprintf("\t\t\t\t Supp Ch Width Set (%u)\n", ht_cap->supp_width); - tprintf("\t\t\t\t SM Pwr Save(%u)\n", ht_cap->sm_pwr); - tprintf("\t\t\t\t HT-Greenfield (%u)\n", ht_cap->ht_green); - tprintf("\t\t\t\t Short GI for 20/40 MHz (%u/%u)\n", ht_cap->gi_20mhz, + tprintf("\t\t Info:\n"); + tprintf("\t\t\t LDCP Cod Cap (%u)\n", ht_cap->ldpc); + tprintf("\t\t\t Supp Ch Width Set (%u)\n", ht_cap->supp_width); + tprintf("\t\t\t SM Pwr Save(%u)\n", ht_cap->sm_pwr); + tprintf("\t\t\t HT-Greenfield (%u)\n", ht_cap->ht_green); + tprintf("\t\t\t Short GI for 20/40 MHz (%u/%u)\n", ht_cap->gi_20mhz, ht_cap->gi_40mhz); - tprintf("\t\t\t\t Tx/Rx STBC (%u/%u)\n", ht_cap->tx_stbc, + tprintf("\t\t\t Tx/Rx STBC (%u/%u)\n", ht_cap->tx_stbc, ht_cap->rx_stbc); - tprintf("\t\t\t\t HT-Delayed Block Ack (%u)\n", ht_cap->ht_ack); - tprintf("\t\t\t\t Max A-MSDU Len (%u)\n", ht_cap->max_msdu_length); - tprintf("\t\t\t\t DSSS/CCK Mode in 40 MHz (%u)\n", + tprintf("\t\t\t HT-Delayed Block Ack (%u)\n", ht_cap->ht_ack); + tprintf("\t\t\t Max A-MSDU Len (%u)\n", ht_cap->max_msdu_length); + tprintf("\t\t\t DSSS/CCK Mode in 40 MHz (%u)\n", ht_cap->dsss_ck_mode); - tprintf("\t\t\t\t Res (0x%x)\n", ht_cap->res); - tprintf("\t\t\t\t Forty MHz Intol (%u)\n", ht_cap->forty_int); - tprintf("\t\t\t\t L-SIG TXOP Protection Supp (%u)\n", + tprintf("\t\t\t Res (0x%x)\n", ht_cap->res); + tprintf("\t\t\t Forty MHz Intol (%u)\n", ht_cap->forty_int); + tprintf("\t\t\t L-SIG TXOP Protection Supp (%u)\n", ht_cap->prot_supp); - tprintf("\t\t\t A-MPDU Params:\n"); - tprintf("\t\t\t\t Max Len Exp (%u)\n", ht_cap->param >> 6); - tprintf("\t\t\t\t Min Start Spacing (%u)\n", + tprintf("\t\t A-MPDU Params:\n"); + tprintf("\t\t\t Max Len Exp (%u)\n", ht_cap->param >> 6); + tprintf("\t\t\t Min Start Spacing (%u)\n", (ht_cap->param >> 3) & 0x7); - tprintf("\t\t\t\t Res (0x%x)\n", ht_cap->param & 0x07); + tprintf("\t\t\t Res (0x%x)\n", ht_cap->param & 0x07); - tprintf("\t\t\t Supp MCS Set:\n"); - tprintf("\t\t\t\t Rx MCS Bitmask (0x%x%x%x%x%x%x%x%x%x%x)\n", + tprintf("\t\t Supp MCS Set:\n"); + tprintf("\t\t\t Rx MCS Bitmask (0x%x%x%x%x%x%x%x%x%x%x)\n", ht_cap->bitmask1, ht_cap->bitmask2, ht_cap->bitmask3, ht_cap->bitmask4, ht_cap->bitmask5, ht_cap->bitmask6,
[netsniff-ng] [PATCH v2] netsniff-ng nlmsg: Print type for NETLINK_ROUTE
From: Vadim Kochan Print nlmsg type name for rtnetlink messages Signed-off-by: Vadim Kochan --- proto_nlmsg.c | 84 +-- 1 file changed, 82 insertions(+), 2 deletions(-) diff --git a/proto_nlmsg.c b/proto_nlmsg.c index 51b303f..1e34056 100644 --- a/proto_nlmsg.c +++ b/proto_nlmsg.c @@ -47,6 +47,86 @@ static const char *nlmsg_family2str(uint16_t family) } } +static char * rtnl_types2str[RTM_MAX] = { + [RTM_NEWLINK] = "new link", + [RTM_DELLINK] = "del link", + [RTM_GETLINK] = "get link", + [RTM_SETLINK] = "set link", + + [RTM_NEWADDR] = "new address", + [RTM_DELADDR] = "del address", + [RTM_GETADDR] = "get address", + + [RTM_NEWROUTE] = "new route", + [RTM_DELROUTE] = "del route", + [RTM_GETROUTE] = "get route", + + [RTM_NEWNEIGH] = "new neighbour", + [RTM_DELNEIGH] = "del neighbour", + [RTM_GETNEIGH] = "get neighbour", + + [RTM_NEWRULE] = "new rule", + [RTM_DELRULE] = "del rule", + [RTM_GETRULE] = "get rule", + + [RTM_NEWQDISC] = "new tc qdisc", + [RTM_DELQDISC] = "del tc qdisc", + [RTM_GETQDISC] = "get tc qdisc", + + [RTM_NEWTCLASS] = "new tc class", + [RTM_DELTCLASS] = "del tc class", + [RTM_GETTCLASS] = "get tc class", + + [RTM_NEWTFILTER] = "new tc filter", + [RTM_DELTFILTER] = "del tc filter", + [RTM_GETTFILTER] = "get tc filter", + + [RTM_NEWACTION] = "new tc action", + [RTM_DELACTION] = "del tc action", + [RTM_GETACTION] = "get tc action", + + [RTM_NEWPREFIX] = "new prefix", + + [RTM_GETMULTICAST] = "get multicast address", + + [RTM_GETANYCAST] = "get anycast address", + + [RTM_NEWNEIGHTBL] = "new neighbour tabel", + [RTM_GETNEIGHTBL] = "get neighbour tabel", + [RTM_SETNEIGHTBL] = "set neighbour tabel", + + [RTM_NEWNDUSEROPT] = "new ndisc user option", + + [RTM_NEWADDRLABEL] = "new address label", + [RTM_DELADDRLABEL] = "del address label", + [RTM_GETADDRLABEL] = "get address label", + + [RTM_GETDCB] = "get data-center-bridge", + [RTM_SETDCB] = "set data-center-bridge", + + [RTM_NEWNETCONF] = "new netconf", + [RTM_GETNETCONF] = "get netconf", + + [RTM_NEWMDB] = "new bridge mdb", + [RTM_DELMDB] = "del bridge mdb", + [RTM_GETMDB] = "get bridge mdb", +}; + +static char *nlmsg_type2str(uint16_t proto, uint16_t type, char *buf, int len) +{ + char *name = NULL; + + if (proto == NETLINK_ROUTE && type < RTM_MAX) + name = rtnl_types2str[type]; + + if (name) { + strncpy(buf, name, len); + return buf; + } + + return nl_nlmsgtype2str(type, buf, len); +} + static void nlmsg(struct pkt_buff *pkt) { struct nlmsghdr *hdr = (struct nlmsghdr *) pkt_pull(pkt, sizeof(*hdr)); @@ -82,8 +162,8 @@ static void nlmsg(struct pkt_buff *pkt) tprintf("Len %u, ", hdr->nlmsg_len); tprintf("Type 0x%.4x (%s%s%s), ", hdr->nlmsg_type, colorize_start(bold), - nl_nlmsgtype2str(hdr->nlmsg_type, type, sizeof(type)), - colorize_end()); + nlmsg_type2str(ntohs(pkt->proto), hdr->nlmsg_type, type, + sizeof(type)), colorize_end()); tprintf("Flags 0x%.4x (%s%s%s), ", hdr->nlmsg_flags, colorize_start(bold), nl_nlmsg_flags2str(hdr->nlmsg_flags, flags, sizeof(flags)), -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] netsniff-ng: Fix capturing extra packets from other dev
From: Vadim Kochan It might be related to the issue #73 noticed by Jon Schipp where he pointed that netsniff-ng captures some extra packets. I observed this issue when I captured few Ethernet frames from wireless device while I was sniffing Netlink monitor device (!!!), especially under high load traffic (HD Video). It can be easy grepped: sudo netsniff-ng/netsniff-ng -i nlmon0 --less | grep where is the active high traffic device. Interesting observation was that issue appeared only in the beginning of the sniffing, and after some investigation I came up to the conclusion that issue might be caused when netsniff-ng creates RX ring through the setsockopt where Linux registers device hook for any device (we did not bind yet socket to the specified device), and I assumed that before binding to the specified device Linux can caught for us some packets from the other devices until netsniff-ng will bind socket to the specified device. So fixed (I can't reproduce this anymore) by moving device binding before attaching RX ring to the socket, in this case setsockopt consider the bound device. Signed-off-by: Vadim Kochan --- ring_rx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ring_rx.c b/ring_rx.c index 32d3f6d..56685e0 100644 --- a/ring_rx.c +++ b/ring_rx.c @@ -231,10 +231,10 @@ void ring_rx_setup(struct ring *ring, int sock, size_t size, int ifindex, { fmemset(ring, 0, sizeof(*ring)); setup_rx_ring_layout(sock, ring, size, jumbo_support, v3); + bind_ring_generic(sock, ring, ifindex, false); create_rx_ring(sock, ring, verbose); mmap_ring_generic(sock, ring); alloc_rx_ring_frames(sock, ring); - bind_ring_generic(sock, ring, ifindex, false); join_fanout_group(sock, fanout_group, fanout_type); prepare_polling(sock, poll); } -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] netsniff-ng: Fix capturing extra packets from other dev
From: Vadim Kochan It might be related to the issue #73 noticed by Jon Schipp where he pointed that netsniff-ng captures some extra packets. I observed this issue when I captured few Ethernet frames from wireless device while I was sniffing Netlink monitor device (!!!), especially under high load traffic (HD Video). It can be easy grepped: sudo netsniff-ng/netsniff-ng -i nlmon0 --less | grep where is the active high traffic device. Interesting observation was that issue appeared only in the beginning of the sniffing, and after some investigation I came up to the conclusion that issue might be caused when netsniff-ng creates RX ring through the setsockopt where Linux registers device hook for any device (we did not bind yet socket to the specified device), and I assumed that before binding to the specified device Linux can caught for us some packets from the other devices until netsniff-ng will bind socket to the specified device. So fixed (I can't reproduce this anymore) by moving device binding before attaching RX ring to the socket, in this case setsockopt consider the bound device. Signed-off-by: Vadim Kochan --- ring_rx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ring_rx.c b/ring_rx.c index 32d3f6d..56685e0 100644 --- a/ring_rx.c +++ b/ring_rx.c @@ -231,10 +231,10 @@ void ring_rx_setup(struct ring *ring, int sock, size_t size, int ifindex, { fmemset(ring, 0, sizeof(*ring)); setup_rx_ring_layout(sock, ring, size, jumbo_support, v3); + bind_ring_generic(sock, ring, ifindex, false); create_rx_ring(sock, ring, verbose); mmap_ring_generic(sock, ring); alloc_rx_ring_frames(sock, ring); - bind_ring_generic(sock, ring, ifindex, false); join_fanout_group(sock, fanout_group, fanout_type); prepare_polling(sock, poll); } -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] multiple instances of netsniff-ng with AF_PACKET hash fanout
On Thu, Apr 30, 2015 at 05:42:41PM +0200, Daniel Borkmann wrote: > Hi Ivan, > > On 04/30/2015 05:28 PM, arse...@gmail.com wrote: > >Hi all, > > > >I have been using netsniff-ng for some time now and am very excited about > >packet fanout feature. > > Cool, great to hear! :) > > >Have one AF_PACKET hash fanout functionality related question if somebody > >has time to comment : > > > >how can I get 3 or more netsniff-ng instances in one fanout-group output > >into 1 single PCAP file ? > > You below command-line invocation looks good to me. Letting all processes > write into one single pcap file at one, I'm afraid, won't work. There are > various reasons, i.e. it would corrupt the pcap file as there's no > synchronization between the processes to write a single packet atomically > into the pcap. > > You also wouldn't want to do that. ;) Because assume if such a possibility > would exist, then the bottleneck becomes easily the write to disc on that > single file. > > You rather want to have parallelism all the way to the hardware in the best > case. If you need to merge file, there could f.e. be a background process > grabbing individual pcap files and merge them based on the time-stamps into > a single one, e.g. mergecap: > > https://www.wireshark.org/docs/wsug_html_chunked/AppToolsmergecap.html > > Hope that helps, > > Thanks, > Daniel > > >So far, I have tried to start 3 instances with : > > > >sudo nohup /usr/local/sbin/netsniff-ng --fanout-group 1 --fanout-type hash > >--mmap --ring-size 256MiB --bind-cpu 18 --silent --in eth5 --out > >/mnt/sdb1/netcapture/ --prefix "eth5." --interval 60sec & > >sudo nohup /usr/local/sbin/netsniff-ng --fanout-group 1 --fanout-type hash > >--mmap --ring-size 256MiB --bind-cpu 20 --silent --in eth5 --out > >/mnt/sdb1/netcapture/ --prefix "eth5." --interval 60sec & > >sudo nohup /usr/local/sbin/netsniff-ng --fanout-group 1 --fanout-type hash > >--mmap --ring-size 256MiB --bind-cpu 22 --silent --in eth5 --out > >/mnt/sdb1/netcapture/ --prefix "eth5." --interval 60sec & > > > >However, since interval isn't exactly 60 seconds, after 1-2 days I end up > >with separate output files, like : > > > >-rw-r--r-- 1 root root 135M Apr 30 14:44 > >/mnt/sdb1/netcapture/eth5.1430405040.pcap > >-rw-r--r-- 1 root root 125M Apr 30 14:44 > >/mnt/sdb1/netcapture/eth5.1430405041.pcap > >$ tcpslice /mnt/sdb1/netcapture/eth5.1430404980.pcap -t > >/mnt/sdb1/netcapture/eth5.1430404980.pcap 2015y04m30d14h43m00s733651u > > 2015y04m30d14h44m00s742344u > >$ tcpslice /mnt/sdb1/netcapture/eth5.1430404981.pcap -t > >/mnt/sdb1/netcapture/eth5.1430404981.pcap 2015y04m30d14h43m01s118241u > > 2015y04m30d14h44m01s138441u > > > >Am I doing something wrong the way I start instances, is there different way > >to start 3 instances to write into single output pcap file ? > > > >Also, I was wondering if there are any plans to make command line ability to > >start multiple instances using something like one command line with > >--bind-cpu 18,20,22 and one --out file, which would trigger 3 netsniff-ng > >instances while output goes into single output pcap file ? ( > >SolarCapture/SolarFlare uses that approach with multiple capture cores and > >one writeout core ) > > > >Let me know if you need more details. > > > >Best Regards > > > >Ivan > > > > -- > You received this message because you are subscribed to the Google Groups > "netsniff-ng" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to netsniff-ng+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. Hi, What about if netsniff-ng can fork children so each children will use separate output file in specified directory and at the end after all children done then the main netsniff-ng will merge these files into one, and remove the files which were generated by children... Just thoughts ... Regards, Vadim Kochan -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] multiple instances of netsniff-ng with AF_PACKET hash fanout
On Thu, Apr 30, 2015 at 11:19:01AM -0700, arse...@gmail.com wrote: > Hi Michal, > > agree on 1-3. Number varies depending how many cores are available. > DCA is also used. And they use kernel bypass too :) > But they no longer offer free solar_capture tool either :( > > I was wondering about Vadim's suggestion : > > "What about if netsniff-ng can fork children so each children will use > separate output file in specified directory and at the end after all > children done then the main netsniff-ng will merge these files into one, and > remove the files which were generated by children... " > > Would this be possible but by keeping files in RAM rather than in directory > before main netsniff-ng would merge them into single final file ? > > Alternative could be me creating RAM disk for temp files. I guess that should > work too although it adds complexity of separate scripts I would have to run > to merge files into one main 1-minute capture file. > > Regards > > Ivan > > -- > You received this message because you are subscribed to the Google Groups > "netsniff-ng" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to netsniff-ng+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. Hi, As I understand that main issue is that you want constantly sniffing into files and then at some time you want to glue them together in the single one ? If that is correct, I was thinking what about to make able netsniff-ng to output to another subdir after some 'time' or 'capture size' criteria will be reached, for example, you specify to netsniff-ng some output dir 'pcap_eth0' where it creates subdir named by timestamp (for example) and each instance of netsniff-ng starts capture, and after some capture size is reached or time interval then netsniff-ng creates another subdir and switches there, then you can you probably can collect the captured files from these subdirectories ... well I hope my explanation is basically clear ... sorry if you did not understand my poor English:) Regards, Vadim Kochan -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH v3] netsniff-ng nlmsg: Print type for NETLINK_ROUTE
From: Vadim Kochan Print nlmsg type name for rtnetlink messages Signed-off-by: Vadim Kochan --- proto_nlmsg.c | 89 +-- 1 file changed, 87 insertions(+), 2 deletions(-) diff --git a/proto_nlmsg.c b/proto_nlmsg.c index 51b303f..f84759a 100644 --- a/proto_nlmsg.c +++ b/proto_nlmsg.c @@ -47,6 +47,91 @@ static const char *nlmsg_family2str(uint16_t family) } } +static char *rtnl_type2str(uint16_t type) +{ + switch (type) { + case RTM_NEWLINK: return "new link"; + case RTM_DELLINK: return "del link"; + case RTM_GETLINK: return "get link"; + case RTM_SETLINK: return "set link"; + + case RTM_NEWADDR: return "new addr"; + case RTM_DELADDR: return "del addr"; + case RTM_GETADDR: return "get addr"; + + case RTM_NEWROUTE: return "new route"; + case RTM_DELROUTE: return "del route"; + case RTM_GETROUTE: return "get route"; + + case RTM_NEWNEIGH: return "new neigh"; + case RTM_DELNEIGH: return "del neigh"; + case RTM_GETNEIGH: return "get neigh"; + + case RTM_NEWRULE: return "new rule"; + case RTM_DELRULE: return "del rule"; + case RTM_GETRULE: return "get rule"; + + case RTM_NEWQDISC: return "new tc qdisc"; + case RTM_DELQDISC: return "del tc qdisc"; + case RTM_GETQDISC: return "get tc qdisc"; + + case RTM_NEWTCLASS: return "new tc class"; + case RTM_DELTCLASS: return "del tc class"; + case RTM_GETTCLASS: return "get tc class"; + + case RTM_NEWTFILTER: return "new tc filter"; + case RTM_DELTFILTER: return "del tc filter"; + case RTM_GETTFILTER: return "get tc filter"; + + case RTM_NEWACTION: return "new tc action"; + case RTM_DELACTION: return "del tc action"; + case RTM_GETACTION: return "get tc action"; + + case RTM_NEWPREFIX: return "new prefix"; + + case RTM_GETMULTICAST: return "get multicast addr"; + + case RTM_GETANYCAST: return "get anycast addr"; + + case RTM_NEWNEIGHTBL: return "new neigh table"; + case RTM_GETNEIGHTBL: return "get neigh table"; + case RTM_SETNEIGHTBL: return "set neigh table"; + + case RTM_NEWNDUSEROPT: return "new ndisc user option"; + + case RTM_NEWADDRLABEL: return "new addr label"; + case RTM_DELADDRLABEL: return "del addr label"; + case RTM_GETADDRLABEL: return "get addr label"; + + case RTM_GETDCB: return "get data-center-bridge"; + case RTM_SETDCB: return "set data-center-bridge"; + + case RTM_NEWNETCONF: return "new netconf"; + case RTM_GETNETCONF: return "get netconf"; + + case RTM_NEWMDB: return "new bridge mdb"; + case RTM_DELMDB: return "del bridge mdb"; + case RTM_GETMDB: return "get bridge mdb"; + } + + return NULL; +}; + +static char *nlmsg_type2str(uint16_t proto, uint16_t type, char *buf, int len) +{ + char *name = NULL; + + if (proto == NETLINK_ROUTE && type < RTM_MAX) + name = rtnl_type2str(type); + + if (name) { + strncpy(buf, name, len); + return buf; + } + + return nl_nlmsgtype2str(type, buf, len); +} + static void nlmsg(struct pkt_buff *pkt) { struct nlmsghdr *hdr = (struct nlmsghdr *) pkt_pull(pkt, sizeof(*hdr)); @@ -82,8 +167,8 @@ static void nlmsg(struct pkt_buff *pkt) tprintf("Len %u, ", hdr->nlmsg_len); tprintf("Type 0x%.4x (%s%s%s), ", hdr->nlmsg_type, colorize_start(bold), - nl_nlmsgtype2str(hdr->nlmsg_type, type, sizeof(type)), - colorize_end()); + nlmsg_type2str(ntohs(pkt->proto), hdr->nlmsg_type, type, + sizeof(type)), colorize_end()); tprintf("Flags 0x%.4x (%s%s%s), ", hdr->nlmsg_flags, colorize_start(bold), nl_nlmsg_flags2str(hdr->nlmsg_flags, flags, sizeof(flags)), -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] [PATCH] netsniff-ng: Fix capturing extra packets from other dev
On Sat, May 02, 2015 at 07:00:53PM +0200, Tobias Klauser wrote: > On 2015-04-29 at 21:18:24 +0200, Vadim Kochan wrote: > > From: Vadim Kochan > > > > It might be related to the issue #73 noticed by > > > > Jon Schipp > > > > where he pointed that netsniff-ng captures some extra packets. > > > > I observed this issue when I captured few Ethernet frames from > > wireless device while I was sniffing Netlink monitor device (!!!), > > especially under high load traffic (HD Video). > > > > It can be easy grepped: > > > > sudo netsniff-ng/netsniff-ng -i nlmon0 --less | grep > > > > where is the active high traffic device. > > > > Interesting observation was that issue appeared only in the beginning of > > the sniffing, and after some investigation I came up to the conclusion > > that issue might be caused when netsniff-ng creates RX ring through the > > setsockopt where Linux registers device hook for any device (we did not > > bind yet socket to the specified device), and I assumed that before > > binding to the specified device Linux can caught for us some packets > > from the other devices until netsniff-ng will bind socket to the > > specified device. > > > > So fixed (I can't reproduce this anymore) by moving device binding > > before attaching RX ring to the socket, in this case setsockopt consider > > the bound device. > > > > Signed-off-by: Vadim Kochan > > --- > > ring_rx.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/ring_rx.c b/ring_rx.c > > index 32d3f6d..56685e0 100644 > > --- a/ring_rx.c > > +++ b/ring_rx.c > > @@ -231,10 +231,10 @@ void ring_rx_setup(struct ring *ring, int sock, > > size_t size, int ifindex, > > { > > fmemset(ring, 0, sizeof(*ring)); > > setup_rx_ring_layout(sock, ring, size, jumbo_support, v3); > > + bind_ring_generic(sock, ring, ifindex, false); > > create_rx_ring(sock, ring, verbose); > > mmap_ring_generic(sock, ring); > > alloc_rx_ring_frames(sock, ring); > > - bind_ring_generic(sock, ring, ifindex, false); > > join_fanout_group(sock, fanout_group, fanout_type); > > prepare_polling(sock, poll); > > Shouldn't mmap_ring_generic and alloc_rx_ring_frames be done before > bind_ring_generic? How about moving create_rx_ring down instead of > moving bind_ring_generic up? > > Daniel can probably comment better on how exactly the order should be > and what the interdependecies are... Any comments? My understanding is, that bind-ing in this case is just re-registering packet hook to the specified device. What would be a difference if after pf_alloc socket already has a default packet hook which is bound to all devices and any protocol ? Sure, Daniel's comments would great to have here :-) -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] trafgen: Del rfmon mac80211 device on panic
From: Vadim Kochan Fixed case when rfmon mac80211 created device remains after trafgen failed (for ex. - incorrect cfg file), so just delete it when panic occured. Also made panic handlers invoking per process and only once. Signed-off-by: Vadim Kochan --- die.c | 27 ++- trafgen.c | 6 ++ 2 files changed, 24 insertions(+), 9 deletions(-) diff --git a/die.c b/die.c index 4c0014d..523107e 100644 --- a/die.c +++ b/die.c @@ -4,28 +4,37 @@ #include "xmalloc.h" -struct panic_func { +struct panic_handler { void *arg; + pid_t pid; + bool is_enabled; void (*on_panic)(void *arg); - struct panic_func *next; + struct panic_handler *next; }; -static struct panic_func *panic_funcs; +static struct panic_handler *panic_handlers; void panic_func_add(void (*on_panic)(void *arg), void *arg) { - struct panic_func *handler = xmallocz(sizeof(*handler)); + struct panic_handler *handler = xmallocz(sizeof(*handler)); handler->arg= arg; + handler->pid= getpid(); + handler->is_enabled = true; handler->on_panic = on_panic; - handler->next = panic_funcs; - panic_funcs = handler; + handler->next = panic_handlers; + panic_handlers = handler; }; void call_on_panic_funcs(void) { - struct panic_func *it; + struct panic_handler *it; + pid_t pid = getpid(); - for (it = panic_funcs; it; it = it->next) - it->on_panic(it->arg); + for (it = panic_handlers; it; it = it->next) { + if (it->pid == pid && it->is_enabled) { + it->is_enabled = false; + it->on_panic(it->arg); + } + } } diff --git a/trafgen.c b/trafgen.c index deef1f2..4a9fde5 100644 --- a/trafgen.c +++ b/trafgen.c @@ -852,6 +852,11 @@ static unsigned int generate_srand_seed(void) return _seed; } +static void on_panic_del_rfmon(void *arg) +{ + leave_rfmon_mac80211(arg); +} + int main(int argc, char **argv) { bool slow = false, invoke_cpp = false, reseed = true, cpustats = true; @@ -1067,6 +1072,7 @@ int main(int argc, char **argv) xfree(ctx.device); enter_rfmon_mac80211(ctx.device_trans, &ctx.device); + panic_func_add(on_panic_del_rfmon, ctx.device); sleep(0); } -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] netsniff-ng mac80211: Print probe response frame
From: Vadim Kochan As Probe Response frame is very similar to Beacon (except some IEs which are identified dynamically) so lets just use the same func to dissect it. Signed-off-by: Vadim Kochan --- proto_80211_mac_hdr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/proto_80211_mac_hdr.c b/proto_80211_mac_hdr.c index c7d4c28..1a4f7cc 100644 --- a/proto_80211_mac_hdr.c +++ b/proto_80211_mac_hdr.c @@ -3083,7 +3083,8 @@ static const char *mgt_sub(u8 subtype, struct pkt_buff *pkt, *get_content = mgmt_probe_request_dissect; return "Probe Request"; case 0x5: - *get_content = mgmt_unimplemented; + /* Probe Response is very similar to Beacon except some IEs */ + *get_content = mgmt_beacon_dissect; return "Probe Response"; case 0x8: *get_content = mgmt_beacon_dissect; -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] die: Rename panic func -> panic handler
From: Vadim Kochan Rename xxx_panic_func(s) to xxx_panic_handler(s) which is more understandable than 'func'. Signed-off-by: Vadim Kochan --- die.c | 4 ++-- die.h | 8 netsniff-ng.c | 2 +- trafgen.c | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/die.c b/die.c index 523107e..4e525f9 100644 --- a/die.c +++ b/die.c @@ -14,7 +14,7 @@ struct panic_handler { static struct panic_handler *panic_handlers; -void panic_func_add(void (*on_panic)(void *arg), void *arg) +void panic_handler_add(void (*on_panic)(void *arg), void *arg) { struct panic_handler *handler = xmallocz(sizeof(*handler)); @@ -26,7 +26,7 @@ void panic_func_add(void (*on_panic)(void *arg), void *arg) panic_handlers = handler; }; -void call_on_panic_funcs(void) +void call_panic_handlers(void) { struct panic_handler *it; pid_t pid = getpid(); diff --git a/die.h b/die.h index 0d709d0..0ca9e86 100644 --- a/die.h +++ b/die.h @@ -12,8 +12,8 @@ #include "built_in.h" -extern void panic_func_add(void (*on_panic)(void *arg), void *arg); -extern void call_on_panic_funcs(void); +extern void panic_handler_add(void (*on_panic)(void *arg), void *arg); +extern void call_panic_handlers(void); static inline void panic(const char *format, ...) __check_format_printf(1, 2); static inline void syslog_panic(const char *format, @@ -23,13 +23,13 @@ static inline void syslog_maybe(bool cond, int priority, static inline void __noreturn __die_hard(void) { - call_on_panic_funcs(); + call_panic_handlers(); exit(EXIT_FAILURE); } static inline void __noreturn __die_harder(void) { - call_on_panic_funcs(); + call_panic_handlers(); _exit(EXIT_FAILURE); } diff --git a/netsniff-ng.c b/netsniff-ng.c index 9655c59..dfab81a 100644 --- a/netsniff-ng.c +++ b/netsniff-ng.c @@ -198,7 +198,7 @@ static inline void setup_rfmon_mac80211_dev(struct ctx *ctx, char **rfmon_dev) xfree(*rfmon_dev); enter_rfmon_mac80211(ctx->device_trans, rfmon_dev); - panic_func_add(on_panic_del_rfmon, *rfmon_dev); + panic_handler_add(on_panic_del_rfmon, *rfmon_dev); } static void pcap_to_xmit(struct ctx *ctx) diff --git a/trafgen.c b/trafgen.c index 4a9fde5..f981eaf 100644 --- a/trafgen.c +++ b/trafgen.c @@ -1072,7 +1072,7 @@ int main(int argc, char **argv) xfree(ctx.device); enter_rfmon_mac80211(ctx.device_trans, &ctx.device); - panic_func_add(on_panic_del_rfmon, ctx.device); + panic_handler_add(on_panic_del_rfmon, ctx.device); sleep(0); } -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] Re: [PATCH] die: Rename panic func -> panic handler
On Mon, May 04, 2015 at 11:11:21AM +0300, Vadim Kochan wrote: > From: Vadim Kochan > > Rename xxx_panic_func(s) to xxx_panic_handler(s) > which is more understandable than 'func'. > > Signed-off-by: Vadim Kochan > --- > die.c | 4 ++-- > die.h | 8 > netsniff-ng.c | 2 +- > trafgen.c | 2 +- > 4 files changed, 8 insertions(+), 8 deletions(-) > > diff --git a/die.c b/die.c > index 523107e..4e525f9 100644 > --- a/die.c > +++ b/die.c > @@ -14,7 +14,7 @@ struct panic_handler { > > static struct panic_handler *panic_handlers; > > -void panic_func_add(void (*on_panic)(void *arg), void *arg) > +void panic_handler_add(void (*on_panic)(void *arg), void *arg) > { > struct panic_handler *handler = xmallocz(sizeof(*handler)); > > @@ -26,7 +26,7 @@ void panic_func_add(void (*on_panic)(void *arg), void *arg) > panic_handlers = handler; > }; > > -void call_on_panic_funcs(void) > +void call_panic_handlers(void) > { > struct panic_handler *it; > pid_t pid = getpid(); > diff --git a/die.h b/die.h > index 0d709d0..0ca9e86 100644 > --- a/die.h > +++ b/die.h > @@ -12,8 +12,8 @@ > > #include "built_in.h" > > -extern void panic_func_add(void (*on_panic)(void *arg), void *arg); > -extern void call_on_panic_funcs(void); > +extern void panic_handler_add(void (*on_panic)(void *arg), void *arg); > +extern void call_panic_handlers(void); > > static inline void panic(const char *format, ...) __check_format_printf(1, > 2); > static inline void syslog_panic(const char *format, > @@ -23,13 +23,13 @@ static inline void syslog_maybe(bool cond, int priority, > > static inline void __noreturn __die_hard(void) > { > - call_on_panic_funcs(); > + call_panic_handlers(); > exit(EXIT_FAILURE); > } > > static inline void __noreturn __die_harder(void) > { > - call_on_panic_funcs(); > + call_panic_handlers(); > _exit(EXIT_FAILURE); > } > > diff --git a/netsniff-ng.c b/netsniff-ng.c > index 9655c59..dfab81a 100644 > --- a/netsniff-ng.c > +++ b/netsniff-ng.c > @@ -198,7 +198,7 @@ static inline void setup_rfmon_mac80211_dev(struct ctx > *ctx, char **rfmon_dev) > xfree(*rfmon_dev); > > enter_rfmon_mac80211(ctx->device_trans, rfmon_dev); > - panic_func_add(on_panic_del_rfmon, *rfmon_dev); > + panic_handler_add(on_panic_del_rfmon, *rfmon_dev); > } > > static void pcap_to_xmit(struct ctx *ctx) > diff --git a/trafgen.c b/trafgen.c > index 4a9fde5..f981eaf 100644 > --- a/trafgen.c > +++ b/trafgen.c > @@ -1072,7 +1072,7 @@ int main(int argc, char **argv) > xfree(ctx.device); > > enter_rfmon_mac80211(ctx.device_trans, &ctx.device); > - panic_func_add(on_panic_del_rfmon, ctx.device); > + panic_handler_add(on_panic_del_rfmon, ctx.device); > sleep(0); > } > > -- > 2.3.1 > 'make clean && make' is needed after these changes ... -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] netsniff-ng nlmsg: Print more fields in less mode
From: Vadim Kochan Print similar header fields in less mode as it is done in full mode. Signed-off-by: Vadim Kochan --- proto_nlmsg.c | 30 +- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/proto_nlmsg.c b/proto_nlmsg.c index e8706a2..6d24fef 100644 --- a/proto_nlmsg.c +++ b/proto_nlmsg.c @@ -133,16 +133,12 @@ static char *nlmsg_type2str(uint16_t proto, uint16_t type, char *buf, int len) return nl_nlmsgtype2str(type, buf, len); } -static void nlmsg(struct pkt_buff *pkt) +static void nlmsg_print_hdr(uint16_t proto, struct nlmsghdr *hdr) { - struct nlmsghdr *hdr = (struct nlmsghdr *) pkt_pull(pkt, sizeof(*hdr)); char type[32]; char flags[128]; char procname[PATH_MAX]; - if (hdr == NULL) - return; - /* Look up the process name if message is not coming from the kernel. * * Note that the port id is not necessarily equal to the PID of the @@ -162,13 +158,12 @@ static void nlmsg(struct pkt_buff *pkt) } else snprintf(procname, sizeof(procname), "kernel"); - tprintf(" [ NLMSG "); - tprintf("Family %d (%s%s%s), ", ntohs(pkt->proto), colorize_start(bold), - nlmsg_family2str(ntohs(pkt->proto)), colorize_end()); + tprintf("Family %d (%s%s%s), ", ntohs(proto), colorize_start(bold), + nlmsg_family2str(ntohs(proto)), colorize_end()); tprintf("Len %u, ", hdr->nlmsg_len); tprintf("Type 0x%.4x (%s%s%s), ", hdr->nlmsg_type, colorize_start(bold), - nlmsg_type2str(ntohs(pkt->proto), hdr->nlmsg_type, type, + nlmsg_type2str(ntohs(proto), hdr->nlmsg_type, type, sizeof(type)), colorize_end()); tprintf("Flags 0x%.4x (%s%s%s), ", hdr->nlmsg_flags, colorize_start(bold), @@ -179,20 +174,29 @@ static void nlmsg(struct pkt_buff *pkt) if (procname[0]) tprintf(" (%s%s%s)", colorize_start(bold), basename(procname), colorize_end()); +} + +static void nlmsg(struct pkt_buff *pkt) +{ + struct nlmsghdr *hdr = (struct nlmsghdr *) pkt_pull(pkt, sizeof(*hdr)); + + if (hdr == NULL) + return; + + tprintf(" [ NLMSG "); + nlmsg_print_hdr(pkt->proto, hdr); tprintf(" ]\n"); } static void nlmsg_less(struct pkt_buff *pkt) { struct nlmsghdr *hdr = (struct nlmsghdr *) pkt_pull(pkt, sizeof(*hdr)); - char type[32]; if (hdr == NULL) return; - tprintf(" NLMSG %u (%s%s%s)", hdr->nlmsg_type, colorize_start(bold), - nl_nlmsgtype2str(hdr->nlmsg_type, type, sizeof(type)), - colorize_end()); + tprintf(" NLMSG "); + nlmsg_print_hdr(pkt->proto, hdr); } struct protocol nlmsg_ops = { -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] tprintf breaks color terminal sequence
Hi, In less mode (netsniff-ng -i --less) the color ESC terminal sequences can be broken by automatic indentation made in tprintf.c: __tprint_flush which can add spaces or new line within of this sequence. I am trying to fix this, but sending this message in case you may consider this issue before making a next release, or if you can make a fast fix :-) Regards, Vadim Kochan -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] netsniff-ng: Fix color breaking in less mode
From: Vadim Kochan Automatic new line indentation can break terminal ESC color sequence by inserting new line within it. Fixed by considering that color ESC sequence is not closed by 'm' and only after it is closed - print new line with spaces. Signed-off-by: Vadim Kochan --- tprintf.c | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tprintf.c b/tprintf.c index 0ca2375..917b781 100644 --- a/tprintf.c +++ b/tprintf.c @@ -66,6 +66,7 @@ static void __tprintf_flush(void) size_t i; static ssize_t line_count = 0; ssize_t term_len = term_curr_size; + int color_opens = 0; for (i = 0; i < buffer_use; ++i) { if (buffer[i] == '\n') { @@ -73,7 +74,13 @@ static void __tprintf_flush(void) line_count = -1; } - if (line_count == term_len) { + if (buffer[i] == 033) { + if ((i + 1) < buffer_use && buffer[i + 1] == '[') + color_opens++; + } + + if (!color_opens && line_count >= term_len) { + __tprintf_flush_newline(); line_count = term_starting_size; @@ -82,6 +89,9 @@ static void __tprintf_flush(void) i++; } + if (color_opens > 0 && buffer[i] == 'm') + color_opens--; + fputc(buffer[i], stdout); line_count++; } -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] [PATCH] netsniff-ng nlmsg: Print more fields in less mode
On Tue, May 05, 2015 at 11:20:42AM +0200, Tobias Klauser wrote: > On 2015-05-04 at 11:32:33 +0200, Vadim Kochan wrote: > > From: Vadim Kochan > > > > Print similar header fields in less mode as it is done in > > full mode. > > In my opinion it's fine as it is now and I'd like to keep the *_less > outputs as sparse as possible. If the user wants more details they can > still switch to verbose mode. Thus I'm not going to apply this, sorry. OK, I just was thinking that less mode should have at least printed header but not content. But what about to have at least a 'Family' and 'Type' (based on Family) ? Regards, Vadim Kochan -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] [PATCH] netsniff-ng nlmsg: Print more fields in less mode
On Tue, May 05, 2015 at 11:48:55AM +0200, Tobias Klauser wrote: > On 2015-05-05 at 11:43:03 +0200, Vadim Kochan wrote: > > On Tue, May 05, 2015 at 11:20:42AM +0200, Tobias Klauser wrote: > > > On 2015-05-04 at 11:32:33 +0200, Vadim Kochan wrote: > > > > From: Vadim Kochan > > > > > > > > Print similar header fields in less mode as it is done in > > > > full mode. > > > > > > In my opinion it's fine as it is now and I'd like to keep the *_less > > > outputs as sparse as possible. If the user wants more details they can > > > still switch to verbose mode. Thus I'm not going to apply this, sorry. > > > > OK, > > > > I just was thinking that less mode should have at least printed header > > but not content. > > > > But what about to have at least a 'Family' and 'Type' (based on Family) ? > > Yes, that'd make sense. Could you please send an updated patch? > > Thanks! Sure. -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] netsniff-ng nlmsg: Print family & type in less mode
From: Vadim Kochan Print 'Family' and 'Type' (considering family) fields in less mode. Signed-off-by: Vadim Kochan --- proto_nlmsg.c | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/proto_nlmsg.c b/proto_nlmsg.c index e8706a2..c651659 100644 --- a/proto_nlmsg.c +++ b/proto_nlmsg.c @@ -190,9 +190,12 @@ static void nlmsg_less(struct pkt_buff *pkt) if (hdr == NULL) return; - tprintf(" NLMSG %u (%s%s%s)", hdr->nlmsg_type, colorize_start(bold), - nl_nlmsgtype2str(hdr->nlmsg_type, type, sizeof(type)), - colorize_end()); + tprintf(" NLMSG "); + tprintf("Family %d (%s%s%s), ", ntohs(pkt->proto), colorize_start(bold), + nlmsg_family2str(ntohs(pkt->proto)), colorize_end()); + tprintf("Type %u (%s%s%s)", hdr->nlmsg_type, colorize_start(bold), + nlmsg_type2str(ntohs(pkt->proto), hdr->nlmsg_type, type, + sizeof(type)), colorize_end()); } struct protocol nlmsg_ops = { -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] tprintf breaks color terminal sequence
On Tue, May 05, 2015 at 12:10:54PM +0200, Tobias Klauser wrote: > On 2015-05-04 at 19:16:39 +0200, Vadim Kochan wrote: > > Hi, > > > > In less mode (netsniff-ng -i --less) the color ESC terminal > > sequences can be broken by automatic indentation made in > > > > tprintf.c: __tprint_flush > > > > which can add spaces or new line within of this sequence. > > > > I am trying to fix this, but sending this message in case you may consider > > this issue before making a next release, or if you can make a fast fix :-) > > Thanks for your follow up patch, with it applied I could no longer > reproduce the problem > > Speaking of the release: Vadim, do you have any patches queued up which > you think should be part of the release. Otherwise I'd close the tree > for anything except bug fixes and target a release in 1-2 days (I've still > got your bind()/create_ring() patch queued up and am waiting for > feedback from Daniel) > > Thanks for your contributions! I sent a patch with some additions for nlmsg proto in less mode. Not sure if it should be in this release. Meanwhile I do not have a fixes except the one with bind()/create_ring(), but seems Daniel suggested some other way. Regards, Vadim Kochan -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] netsniff-ng: wireshark does not understand pcap file with Netlink frames
Wireshark does not understand netsniff-ng's pcap file with Netlink frames, I assume thats because W-shark expects that each Netlink frame should have additional header on-top described here: http://www.tcpdump.org/linktypes/LINKTYPE_NETLINK.html it shows this is a Netlink type link but can't dissect Netlink frames. Meanwhile I do not have a fix for this yet. Don't know if it is important for this release. Regards, -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] [PATCH] netsniff-ng: Fix capturing extra packets from other dev
On Tue, May 05, 2015 at 04:39:51PM +0200, Daniel Borkmann wrote: > On 05/05/2015 12:10 PM, Daniel Borkmann wrote: > >On 05/05/2015 11:26 AM, Tobias Klauser wrote: > >>On 2015-05-02 at 22:54:50 +0200, Vadim Kochan wrote: > >>>On Sat, May 02, 2015 at 07:00:53PM +0200, Tobias Klauser wrote: > >>>>On 2015-04-29 at 21:18:24 +0200, Vadim Kochan wrote: > >>>>>From: Vadim Kochan > >>>>> > >>>>>It might be related to the issue #73 noticed by > >>>>> > >>>>>Jon Schipp > >>>>> > >>>>>where he pointed that netsniff-ng captures some extra packets. > >>>>> > >>>>>I observed this issue when I captured few Ethernet frames from > >>>>>wireless device while I was sniffing Netlink monitor device (!!!), > >>>>>especially under high load traffic (HD Video). > ... > >The better fix would just be to consolidate pf_socket() and pf_tx_socket() > >and allocate both with socket(PF_PACKET, SOCK_RAW, 0). That way, we > >should also be able to avoid the synchronize_net() barrier (as po->running > >is false at bind time). > > > >If we change pf_socket(), the only thing we need to make sure is that > >all such sockets do a proper bind() call before starting to capture > >packets, so that we don't break anything. > > Vadim, feel free to follow-up on that with a fix based on above suggestion, > as you've already investigated and proposed a first patch. > > Thanks, > Daniel Will play with this today :) When I was investigating this I really tried to use 0 instead of ETH_P_ALL but for some reason I did not catch any packets and dropped this way, and after your explanation I tried again and saw some packets at least. OK I will try what I can do. Thanks, -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] [PATCH] netsniff-ng: Fix capturing extra packets from other dev
On Tue, May 05, 2015 at 04:39:51PM +0200, Daniel Borkmann wrote: > On 05/05/2015 12:10 PM, Daniel Borkmann wrote: > >On 05/05/2015 11:26 AM, Tobias Klauser wrote: > >>On 2015-05-02 at 22:54:50 +0200, Vadim Kochan wrote: > >>>On Sat, May 02, 2015 at 07:00:53PM +0200, Tobias Klauser wrote: > >>>>On 2015-04-29 at 21:18:24 +0200, Vadim Kochan wrote: > >>>>>From: Vadim Kochan > >>>>> > >>>>>It might be related to the issue #73 noticed by > >>>>> > >>>>>Jon Schipp > >>>>> > >>>>>where he pointed that netsniff-ng captures some extra packets. > >>>>> > >>>>>I observed this issue when I captured few Ethernet frames from > >>>>>wireless device while I was sniffing Netlink monitor device (!!!), > >>>>>especially under high load traffic (HD Video). > ... > >The better fix would just be to consolidate pf_socket() and pf_tx_socket() > >and allocate both with socket(PF_PACKET, SOCK_RAW, 0). That way, we > >should also be able to avoid the synchronize_net() barrier (as po->running > >is false at bind time). > > > >If we change pf_socket(), the only thing we need to make sure is that > >all such sockets do a proper bind() call before starting to capture > >packets, so that we don't break anything. > > Vadim, feel free to follow-up on that with a fix based on above suggestion, > as you've already investigated and proposed a first patch. > > Thanks, > Daniel OK, seems this approach fixes the issue, also I checked that all callers of pf_socket uses bind_generic or ring_{rx,tx}_setup which does a bind a socket to a device/proto packet handler: astraceroute.c:893: static int main_trace(struct ctx *ctx)OK netsniff-ng.c:222: static void pcap_to_xmit(struct ctx *ctx) OK netsniff-ng.c:388: receive_to_xmit(struct ctx *ctx) OK netsniff-ng.c:389: receive_to_xmit(struct ctx *ctx) OK netsniff-ng.c:950: recv_only_or_dump(struct ctx *ctx)OK So the fix is simply to use a socket(PF_PACKET, SOCK_RAW, 0) in pf_socket func, as was suggested by Daniel. -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] sock: Fix capturing extra packets from other dev
From: Vadim Kochan Create PF socket with proto=0 which does not setup packet handler and will not capture packets until bind() will be invoked. Also replaced pf_tx_socket by pf_socket as these funcs became the same, as proto arg is set to 0. Suggested-by: Daniel Borkmann Signed-off-by: Vadim Kochan --- sock.c| 11 +-- sock.h| 1 - trafgen.c | 2 +- 3 files changed, 2 insertions(+), 12 deletions(-) diff --git a/sock.c b/sock.c index fbf50d8..7cfa4a0 100644 --- a/sock.c +++ b/sock.c @@ -26,18 +26,9 @@ int af_socket(int af) int pf_socket(void) { - int sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); - if (unlikely(sock < 0)) - panic("Creation of PF socket failed: %s\n", strerror(errno)); - - return sock; -} - -int pf_tx_socket(void) -{ int sock = socket(PF_PACKET, SOCK_RAW, 0); if (unlikely(sock < 0)) - panic("Creation of PF TX socket failed: %s\n", strerror(errno)); + panic("Creation of PF socket failed: %s\n", strerror(errno)); return sock; } diff --git a/sock.h b/sock.h index 0e680ef..50f7102 100644 --- a/sock.h +++ b/sock.h @@ -3,7 +3,6 @@ extern int af_socket(int af); extern int pf_socket(void); -extern int pf_tx_socket(void); extern void set_nonblocking(int fd); extern int set_nonblocking_sloppy(int fd); extern int set_reuseaddr(int fd); diff --git a/trafgen.c b/trafgen.c index f981eaf..53320fe 100644 --- a/trafgen.c +++ b/trafgen.c @@ -822,7 +822,7 @@ static void main_loop(struct ctx *ctx, char *confname, bool slow, fflush(stdout); } - sock = pf_tx_socket(); + sock = pf_socket(); if (ctx->qdisc_path == false) set_sock_qdisc_bypass(sock, ctx->verbose); -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] netsniff-ng: wireshark does not understand pcap file with Netlink frames
On Tue, May 05, 2015 at 01:13:04PM +0200, Daniel Borkmann wrote: > On 05/05/2015 12:59 PM, Vadim Kochan wrote: > >Wireshark does not understand netsniff-ng's pcap file with Netlink > >frames, I assume thats because W-shark expects that each Netlink frame > >should have additional header on-top described here: > > > > http://www.tcpdump.org/linktypes/LINKTYPE_NETLINK.html > > > >it shows this is a Netlink type link but can't dissect Netlink frames. > > > >Meanwhile I do not have a fix for this yet. Don't know if it is important > >for this release. > > Well, tcpdump has that type (nlmon) registered so far, that's more > important. ;) > > Cheers, > Daniel > At least it is possible to identify Netlink family from pcap file by netsniff-ng if to save pcap file in netsniff-ng's pcap format type (magic: 0xa1e2cb12) which stores protocol number ... -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] netsniff-ng: Regular user can't read pcap which was created by root
Hi, If for example captured file was created by sudo then the regular user can't open the file with netsniff-ng w/o sudo, it causes by using O_NOATIME flag when opening a file, I understand that it will increase speed of opening the file, but is it really needed in comparing to do not allow to open the file w/o admin permissions ? Regards, Vadim Kochan -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] netsniff-ng: Do not use O_NOATIME when read pcap
From: Vadim Kochan It fixes the case when user made pcap file in sudo mode but after it should still use sudo to read it because of setting O_NOATIME option requires higher privileges. Signed-off-by: Vadim Kochan --- netsniff-ng.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netsniff-ng.c b/netsniff-ng.c index dfab81a..d426af6 100644 --- a/netsniff-ng.c +++ b/netsniff-ng.c @@ -570,7 +570,7 @@ static void read_pcap(struct ctx *ctx) if (ctx->pcap == PCAP_OPS_MM) ctx->pcap = PCAP_OPS_SG; } else { - fd = open_or_die(ctx->device_in, O_RDONLY | O_LARGEFILE | O_NOATIME); + fd = open_or_die(ctx->device_in, O_RDONLY | O_LARGEFILE); } if (__pcap_io->init_once_pcap) -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.