2 * netsniff-ng - the packet sniffing beast
3 * By Daniel Borkmann <daniel@netsniff-ng.org>
4 * Copyright 2009, 2010 Daniel Borkmann.
5 * Copyright 2009, 2010 Emmanuel Roullit.
6 * Copyright 2010 Marek Polacek.
7 * Subject to the GPL, version 2.
21 #include <arpa/inet.h>
29 #include <sys/socket.h>
30 #include <sys/ioctl.h>
31 #include <sys/resource.h>
32 #include <sys/epoll.h>
33 #include <sys/syscall.h>
34 #include <asm/unistd.h>
37 #include <linux/socket.h>
38 #include <linux/types.h>
40 #include <linux/if_ether.h>
41 #include <linux/if_packet.h>
42 #include <linux/sockios.h>
43 #include <netinet/tcp.h>
44 #include <netinet/udp.h>
52 #define IOPRIO_CLASS_SHIFT 13
62 ioprio_who_process
= 1,
67 static const char *const to_prio
[] = {
68 "none", "realtime", "best-effort", "idle",
71 static const char *const sock_mem
[] = {
72 "/proc/sys/net/core/rmem_max",
73 "/proc/sys/net/core/rmem_default",
74 "/proc/sys/net/core/wmem_max",
75 "/proc/sys/net/core/wmem_default",
82 if (unlikely(af
!= AF_INET
&& af
!= AF_INET6
)) {
83 whine("Wrong AF socket type! Falling back to AF_INET\n");
87 sock
= socket(af
, SOCK_DGRAM
, 0);
88 if (unlikely(sock
< 0))
89 panic("Creation AF socket failed!\n");
96 int sock
= socket(PF_PACKET
, SOCK_RAW
, htons(ETH_P_ALL
));
97 if (unlikely(sock
< 0))
98 panic("Creation of PF socket failed!\n");
103 void set_sock_prio(int fd
, int prio
)
106 setsockopt(fd
, SOL_SOCKET
, SO_PRIORITY
, &val
, sizeof(val
));
109 void set_udp_cork(int fd
)
112 setsockopt(fd
, IPPROTO_UDP
, UDP_CORK
, &state
, sizeof(state
));
115 void set_udp_uncork(int fd
)
118 setsockopt(fd
, IPPROTO_UDP
, UDP_CORK
, &state
, sizeof(state
));
121 void set_tcp_cork(int fd
)
124 setsockopt(fd
, IPPROTO_TCP
, TCP_CORK
, &state
, sizeof(state
));
127 void set_tcp_uncork(int fd
)
130 setsockopt(fd
, IPPROTO_TCP
, TCP_CORK
, &state
, sizeof(state
));
133 void set_sock_cork(int fd
, int udp
)
141 void set_sock_uncork(int fd
, int udp
)
149 int set_nonblocking(int fd
)
151 int ret
= fcntl(fd
, F_SETFL
, fcntl(fd
, F_GETFD
, 0) | O_NONBLOCK
);
152 if (unlikely(ret
< 0))
153 panic("Cannot fcntl!\n");
158 int set_nonblocking_sloppy(int fd
)
160 return fcntl(fd
, F_SETFL
, fcntl(fd
, F_GETFD
, 0) | O_NONBLOCK
);
163 void set_socket_keepalive(int fd
)
166 setsockopt(fd
, SOL_SOCKET
, SO_KEEPALIVE
, &one
, sizeof(one
));
169 void set_tcp_nodelay(int fd
)
172 setsockopt(fd
, IPPROTO_TCP
, TCP_NODELAY
, &one
, sizeof(one
));
175 int set_ipv6_only(int fd
)
178 return setsockopt(fd
, IPPROTO_IPV6
, IPV6_V6ONLY
, &one
, sizeof(one
));
181 int set_reuseaddr(int fd
)
185 ret
= setsockopt(fd
, SOL_SOCKET
, SO_REUSEADDR
, &one
, sizeof (one
));
186 if (unlikely(ret
< 0))
187 panic("Cannot reuse addr!\n");
192 void set_mtu_disc_dont(int fd
)
194 int mtu
= IP_PMTUDISC_DONT
;
195 setsockopt(fd
, SOL_IP
, IP_MTU_DISCOVER
, &mtu
, sizeof(mtu
));
198 void set_epoll_descriptor(int fd_epoll
, int action
, int fd_toadd
, int events
)
201 struct epoll_event ev
;
203 memset(&ev
, 0, sizeof(ev
));
205 ev
.data
.fd
= fd_toadd
;
207 ret
= epoll_ctl(fd_epoll
, action
, fd_toadd
, &ev
);
209 panic("Cannot add socket for epoll!\n");
212 int set_epoll_descriptor2(int fd_epoll
, int action
, int fd_toadd
, int events
)
214 struct epoll_event ev
;
216 memset(&ev
, 0, sizeof(ev
));
218 ev
.data
.fd
= fd_toadd
;
220 return epoll_ctl(fd_epoll
, action
, fd_toadd
, &ev
);
223 u32
wireless_bitrate(const char *ifname
)
225 int sock
, ret
, rate_in_mbit
;
228 sock
= af_socket(AF_INET
);
230 memset(&iwr
, 0, sizeof(iwr
));
231 strlcpy(iwr
.ifr_name
, ifname
, IFNAMSIZ
);
233 ret
= ioctl(sock
, SIOCGIWRATE
, &iwr
);
235 rate_in_mbit
= iwr
.u
.bitrate
.value
/ 1000000;
244 int adjust_dbm_level(int in_dbm
, int dbm_val
)
249 return dbm_val
- 0x100;
252 int get_system_socket_mem(int which
)
256 const char *file
= sock_mem
[which
];
259 fd
= open(file
, O_RDONLY
);
263 ret
= read(fd
, buff
, sizeof(buff
));
271 void set_system_socket_mem(int which
, int val
)
274 const char *file
= sock_mem
[which
];
278 fd
= open(file
, O_WRONLY
);
282 memset(buff
, 0, sizeof(buff
));
283 slprintf(buff
, sizeof(buff
), "%d", val
);
285 ret
= write(fd
, buff
, strlen(buff
));
291 int wireless_sigqual(const char *ifname
, struct iw_statistics
*stats
)
296 sock
= af_socket(AF_INET
);
298 memset(&iwr
, 0, sizeof(iwr
));
299 strlcpy(iwr
.ifr_name
, ifname
, IFNAMSIZ
);
301 iwr
.u
.data
.pointer
= (caddr_t
) stats
;
302 iwr
.u
.data
.length
= sizeof(*stats
);
303 iwr
.u
.data
.flags
= 1;
305 ret
= ioctl(sock
, SIOCGIWSTATS
, &iwr
);
312 int wireless_rangemax_sigqual(const char *ifname
)
314 int ret
, sock
, sigqual
;
316 struct iw_range iwrange
;
318 sock
= af_socket(AF_INET
);
320 memset(&iwrange
, 0, sizeof(iwrange
));
322 memset(&iwr
, 0, sizeof(iwr
));
323 strlcpy(iwr
.ifr_name
, ifname
, IFNAMSIZ
);
325 iwr
.u
.data
.pointer
= (caddr_t
) &iwrange
;
326 iwr
.u
.data
.length
= sizeof(iwrange
);
327 iwr
.u
.data
.flags
= 0;
329 ret
= ioctl(sock
, SIOCGIWRANGE
, &iwr
);
331 sigqual
= iwrange
.max_qual
.qual
;
340 u32
ethtool_bitrate(const char *ifname
)
342 int ret
, sock
, bitrate
;
344 struct ethtool_cmd ecmd
;
346 sock
= af_socket(AF_INET
);
348 memset(&ecmd
, 0, sizeof(ecmd
));
350 memset(&ifr
, 0, sizeof(ifr
));
351 strlcpy(ifr
.ifr_name
, ifname
, IFNAMSIZ
);
353 ecmd
.cmd
= ETHTOOL_GSET
;
354 ifr
.ifr_data
= (char *) &ecmd
;
356 ret
= ioctl(sock
, SIOCETHTOOL
, &ifr
);
362 switch (ecmd
.speed
) {
368 bitrate
= ecmd
.speed
;
380 int ethtool_link(const char *ifname
)
384 struct ethtool_value ecmd
;
386 sock
= af_socket(AF_INET
);
388 memset(&ecmd
, 0, sizeof(ecmd
));
390 memset(&ifr
, 0, sizeof(ifr
));
391 strlcpy(ifr
.ifr_name
, ifname
, IFNAMSIZ
);
393 ecmd
.cmd
= ETHTOOL_GLINK
;
394 ifr
.ifr_data
= (char *) &ecmd
;
396 ret
= ioctl(sock
, SIOCETHTOOL
, &ifr
);
406 int ethtool_drvinf(const char *ifname
, struct ethtool_drvinfo
*drvinf
)
411 sock
= af_socket(AF_INET
);
413 memset(drvinf
, 0, sizeof(*drvinf
));
415 memset(&ifr
, 0, sizeof(ifr
));
416 strlcpy(ifr
.ifr_name
, ifname
, IFNAMSIZ
);
418 drvinf
->cmd
= ETHTOOL_GDRVINFO
;
419 ifr
.ifr_data
= (char *) drvinf
;
421 ret
= ioctl(sock
, SIOCETHTOOL
, &ifr
);
428 u32
device_bitrate(const char *ifname
)
430 u32 speed_c
, speed_w
;
432 speed_c
= ethtool_bitrate(ifname
);
433 speed_w
= wireless_bitrate(ifname
);
435 return (speed_c
== 0 ? speed_w
: speed_c
);
438 int device_ifindex(const char *ifname
)
440 int ret
, sock
, index
;
443 if (!strncmp("any", ifname
, strlen("any")))
446 sock
= af_socket(AF_INET
);
448 memset(&ifr
, 0, sizeof(ifr
));
449 strlcpy(ifr
.ifr_name
, ifname
, IFNAMSIZ
);
451 ret
= ioctl(sock
, SIOCGIFINDEX
, &ifr
);
453 index
= ifr
.ifr_ifindex
;
462 static int __device_address6(const char *ifname
, struct sockaddr_storage
*ss
)
464 int ret
, family
, found
= -EINVAL
;
465 struct ifaddrs
*ifaddr
, *ifa
;
467 ret
= getifaddrs(&ifaddr
);
469 panic("Cannot get device addresses for IPv6!\n");
471 for (ifa
= ifaddr
; ifa
!= NULL
; ifa
= ifa
->ifa_next
) {
472 family
= ifa
->ifa_addr
->sa_family
;
473 if (family
!= AF_INET6
)
475 if (strcmp(ifa
->ifa_name
, ifname
))
478 memcpy(ss
, ifa
->ifa_addr
, sizeof(*ss
));
487 int device_address(const char *ifname
, int af
, struct sockaddr_storage
*ss
)
494 if (!strncmp("any", ifname
, strlen("any")))
497 return __device_address6(ifname
, ss
);
499 sock
= af_socket(af
);
501 memset(&ifr
, 0, sizeof(ifr
));
502 strlcpy(ifr
.ifr_name
, ifname
, IFNAMSIZ
);
504 ifr
.ifr_addr
.sa_family
= af
;
506 ret
= ioctl(sock
, SIOCGIFADDR
, &ifr
);
508 memcpy(ss
, &ifr
.ifr_addr
, sizeof(ifr
.ifr_addr
));
515 int device_mtu(const char *ifname
)
520 sock
= af_socket(AF_INET
);
522 memset(&ifr
, 0, sizeof(ifr
));
523 strlcpy(ifr
.ifr_name
, ifname
, IFNAMSIZ
);
525 ret
= ioctl(sock
, SIOCGIFMTU
, &ifr
);
536 short device_get_flags(const char *ifname
)
538 /* Really, it's short! Look at struct ifreq */
543 sock
= af_socket(AF_INET
);
545 memset(&ifr
, 0, sizeof(ifr
));
546 strlcpy(ifr
.ifr_name
, ifname
, IFNAMSIZ
);
548 ret
= ioctl(sock
, SIOCGIFFLAGS
, &ifr
);
550 flags
= ifr
.ifr_flags
;
559 void device_set_flags(const char *ifname
, const short flags
)
564 sock
= af_socket(AF_INET
);
566 memset(&ifr
, 0, sizeof(ifr
));
567 strlcpy(ifr
.ifr_name
, ifname
, IFNAMSIZ
);
569 ifr
.ifr_flags
= flags
;
571 ret
= ioctl(sock
, SIOCSIFFLAGS
, &ifr
);
573 panic("Cannot set NIC flags!\n");
578 /* XXX: also probe ethtool driver name if it fails */
579 int device_irq_number(const char *ifname
)
582 * Since fetching IRQ numbers from SIOCGIFMAP is deprecated and not
583 * supported anymore, we need to grab them from procfs
591 if (!strncmp("lo", ifname
, strlen("lo")))
594 fp
= fopen("/proc/interrupts", "r");
596 whine("Cannot open /proc/interrupts!\n");
600 memset(buff
, 0, sizeof(buff
));
601 while (fgets(buff
, sizeof(buff
), fp
) != NULL
) {
602 buff
[sizeof(buff
) - 1] = 0;
604 if (strstr(buff
, ifname
) == NULL
)
608 while (*buffp
!= ':')
613 memset(buff
, 0, sizeof(buff
));
621 * Try sysfs as fallback. Probably wireless devices will be found
622 * here. We return silently if it fails ...
624 slprintf(sysname
, sizeof(sysname
), "/sys/class/net/%s/device/irq",
627 fp
= fopen(sysname
, "r");
631 memset(buff
, 0, sizeof(buff
));
632 if(fgets(buff
, sizeof(buff
), fp
) != NULL
) {
633 buff
[sizeof(buff
) - 1] = 0;
642 void device_reset_irq_affinity(int irq
)
647 slprintf(cmd
, sizeof(cmd
),
648 "cat /proc/irq/default_smp_affinity >/proc/irq/%d/smp_affinity", irq
);
652 panic("Cannot execute system(2)!\n");
655 int device_bind_irq_to_cpu(int irq
, int cpu
)
662 /* Note: first CPU begins with CPU 0 */
663 if (irq
< 0 || cpu
< 0)
666 memset(file
, 0, sizeof(file
));
667 memset(buff
, 0, sizeof(buff
));
669 /* smp_affinity starts counting with CPU 1, 2, ... */
671 sprintf(file
, "/proc/irq/%d/smp_affinity", irq
);
673 fp
= fopen(file
, "w");
675 whine("Cannot open file %s!\n", file
);
679 sprintf(buff
, "%d", cpu
);
680 ret
= fwrite(buff
, sizeof(buff
), 1, fp
);
683 return (ret
> 0 ? 0 : ret
);
686 void sock_print_net_stats(int sock
, unsigned long skipped
)
689 struct tpacket_stats kstats
;
691 socklen_t slen
= sizeof(kstats
);
693 memset(&kstats
, 0, sizeof(kstats
));
695 ret
= getsockopt(sock
, SOL_PACKET
, PACKET_STATISTICS
, &kstats
, &slen
);
697 uint64_t packets
= kstats
.tp_packets
;
698 uint64_t drops
= kstats
.tp_drops
;
700 printf("\r%12ld packets incoming\n", packets
);
701 printf("\r%12ld packets passed filter\n",
702 packets
- drops
- skipped
);
703 printf("\r%12ld packets failed filter (out of space)\n",
705 if (kstats
.tp_packets
> 0)
706 printf("\r%12.4f%\% packet droprate\n",
707 1.f
* drops
/ packets
* 100.f
);
711 void register_signal(int signal
, void (*handler
)(int))
714 struct sigaction saction
;
716 sigfillset(&block_mask
);
718 saction
.sa_handler
= handler
;
719 saction
.sa_mask
= block_mask
;
720 saction
.sa_flags
= SA_RESTART
;
721 sigaction(signal
, &saction
, NULL
);
724 void register_signal_f(int signal
, void (*handler
)(int), int flags
)
727 struct sigaction saction
;
729 sigfillset(&block_mask
);
731 saction
.sa_handler
= handler
;
732 saction
.sa_mask
= block_mask
;
733 saction
.sa_flags
= flags
;
734 sigaction(signal
, &saction
, NULL
);
737 int get_tty_size(void)
740 struct ttysize ts
= {0};
741 return (ioctl(0, TIOCGSIZE
, &ts
) == 0 ?
742 ts
.ts_cols
: DEFAULT_TTY_SIZE
);
743 #elif defined(TIOCGWINSZ)
745 return (ioctl(0, TIOCGWINSZ
, &ts
) == 0 ?
746 ts
.ws_col
: DEFAULT_TTY_SIZE
);
748 return DEFAULT_TTY_SIZE
;
752 short enter_promiscuous_mode(char *ifname
)
756 if (!strncmp("any", ifname
, strlen("any")))
759 ifflags
= device_get_flags(ifname
);
760 device_set_flags(ifname
, ifflags
| IFF_PROMISC
);
765 void leave_promiscuous_mode(char *ifname
, short oldflags
)
767 if (!strncmp("any", ifname
, strlen("any")))
770 device_set_flags(ifname
, oldflags
);
773 int device_up(char *ifname
)
777 if (!strncmp("any", ifname
, strlen("any")))
780 return (device_get_flags(ifname
) & IFF_UP
) == IFF_UP
;
783 int device_running(char *ifname
)
787 if (!strncmp("any", ifname
, strlen("any")))
790 return (device_get_flags(ifname
) & IFF_RUNNING
) == IFF_RUNNING
;
793 int device_up_and_running(char *ifname
)
797 if (!strncmp("any", ifname
, strlen("any")))
800 return (device_get_flags(ifname
) & (IFF_UP
| IFF_RUNNING
)) ==
801 (IFF_UP
| IFF_RUNNING
);
804 int poll_error_maybe_die(int sock
, struct pollfd
*pfd
)
806 if ((pfd
->revents
& (POLLHUP
| POLLRDHUP
| POLLERR
| POLLNVAL
)) == 0)
807 return POLL_NEXT_PKT
;
808 if (pfd
->revents
& (POLLHUP
| POLLRDHUP
))
809 panic("Hangup on socket occured!\n");
810 if (pfd
->revents
& POLLERR
) {
814 if (recv(sock
, &tmp
, sizeof(tmp
), MSG_PEEK
) >= 0)
815 return POLL_NEXT_PKT
;
816 if (errno
== ENETDOWN
)
817 panic("Interface went down!\n");
819 return POLL_MOVE_OUT
;
821 if (pfd
->revents
& POLLNVAL
) {
822 whine("Invalid polling request on socket!\n");
824 return POLL_MOVE_OUT
;
827 return POLL_NEXT_PKT
;
830 static inline char *next_token(char *q
, int sep
)
835 * glibc defines this as a macro and gcc throws a false
836 * positive ``logical ‘&&’ with non-zero constant will
837 * always evaluate as true'' in older versions. See:
838 * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=36513
845 void cpu_affinity(int cpu
)
848 cpu_set_t cpu_bitmask
;
850 CPU_ZERO(&cpu_bitmask
);
851 CPU_SET(cpu
, &cpu_bitmask
);
853 ret
= sched_setaffinity(getpid(), sizeof(cpu_bitmask
),
856 panic("Can't set this cpu affinity!\n");
859 int set_cpu_affinity(char *str
, int inverted
)
863 cpu_set_t cpu_bitmask
;
867 cpus
= get_number_cpus();
869 CPU_ZERO(&cpu_bitmask
);
871 for (i
= 0; inverted
&& i
< cpus
; ++i
)
872 CPU_SET(i
, &cpu_bitmask
);
874 while (p
= q
, q
= next_token(q
, ','), p
) {
875 unsigned int a
; /* Beginning of range */
876 unsigned int b
; /* End of range */
877 unsigned int s
; /* Stride */
880 if (sscanf(p
, "%u", &a
) < 1)
886 c1
= next_token(p
, '-');
887 c2
= next_token(p
, ',');
889 if (c1
!= NULL
&& (c2
== NULL
|| c1
< c2
)) {
890 if (sscanf(c1
, "%u", &b
) < 1)
893 c1
= next_token(c1
, ':');
895 if (c1
!= NULL
&& (c2
== NULL
|| c1
< c2
))
896 if (sscanf(c1
, "%u", &s
) < 1)
905 CPU_CLR(a
, &cpu_bitmask
);
907 CPU_SET(a
, &cpu_bitmask
);
912 ret
= sched_setaffinity(getpid(), sizeof(cpu_bitmask
),
915 panic("Can't set this cpu affinity!\n");
920 int set_proc_prio(int priority
)
923 * setpriority() is clever, even if you put a nice value which
924 * is out of range it corrects it to the closest valid nice value
926 int ret
= setpriority(PRIO_PROCESS
, getpid(), priority
);
928 panic("Can't set nice val to %i!\n", priority
);
933 int set_sched_status(int policy
, int priority
)
935 int ret
, min_prio
, max_prio
;
936 struct sched_param sp
;
938 max_prio
= sched_get_priority_max(policy
);
939 min_prio
= sched_get_priority_min(policy
);
941 if (max_prio
== -1 || min_prio
== -1)
942 whine("Cannot determine scheduler prio limits!\n");
943 else if (priority
< min_prio
)
945 else if (priority
> max_prio
)
948 memset(&sp
, 0, sizeof(sp
));
949 sp
.sched_priority
= priority
;
951 ret
= sched_setscheduler(getpid(), policy
, &sp
);
953 whine("Cannot set scheduler policy!\n");
957 ret
= sched_setparam(getpid(), &sp
);
959 whine("Cannot set scheduler prio!\n");
966 static inline int ioprio_set(int which
, int who
, int ioprio
)
968 return syscall(SYS_ioprio_set
, which
, who
, ioprio
);
971 static inline int ioprio_get(int which
, int who
)
973 return syscall(SYS_ioprio_get
, which
, who
);
976 static void ioprio_setpid(pid_t pid
, int ioprio
, int ioclass
)
978 int ret
= ioprio_set(ioprio_who_process
, pid
,
979 ioprio
| ioclass
<< IOPRIO_CLASS_SHIFT
);
981 panic("Failed to set io prio for pid!\n");
984 void ioprio_print(void)
986 int ioprio
= ioprio_get(ioprio_who_process
, getpid());
988 panic("Failed to fetch io prio for pid!\n");
990 int ioclass
= ioprio
>> IOPRIO_CLASS_SHIFT
;
991 if (ioclass
!= ioprio_class_idle
) {
993 printf("%s: prio %d\n", to_prio
[ioclass
], ioprio
);
995 printf("%s\n", to_prio
[ioclass
]);
999 void set_ioprio_rt(void)
1001 ioprio_setpid(getpid(), 4, ioprio_class_rt
);
1004 void set_ioprio_be(void)
1006 ioprio_setpid(getpid(), 4, ioprio_class_be
);
1009 int set_timeout(struct timeval
*timeval
, unsigned int msec
)
1014 timeval
->tv_sec
= 0;
1015 timeval
->tv_usec
= 0;
1018 timeval
->tv_usec
= msec
* 1000;
1022 timeval
->tv_sec
= (long) (msec
/ 1000);
1023 timeval
->tv_usec
= (long) ((msec
- (timeval
->tv_sec
* 1000)) * 1000);
1028 size_t strlcpy(char *dest
, const char *src
, size_t size
)
1030 size_t ret
= strlen(src
);
1033 size_t len
= (ret
>= size
) ? size
- 1 : ret
;
1035 memcpy(dest
, src
, len
);
1042 static inline int vslprintf(char *dst
, size_t size
, const char *fmt
, va_list ap
)
1046 ret
= vsnprintf(dst
, size
, fmt
, ap
);
1047 dst
[size
- 1] = '\0';
1052 int slprintf(char *dst
, size_t size
, const char *fmt
, ...)
1058 ret
= vslprintf(dst
, size
, fmt
, ap
);
1064 int slprintf_nocheck(char *dst
, size_t size
, const char *fmt
, ...)
1070 ret
= vslprintf(dst
, size
, fmt
, ap
);
1076 noinline
void *xmemset(void *s
, int c
, size_t n
)
1081 for (i
= 0; i
< n
; ++i
)
1082 ptr
[i
] = (uint8_t) c
;
1087 char *getuint(char *in
, uint32_t *out
)
1090 char *endptr
= NULL
;
1092 while (*in
&& (isdigit(*in
) || isxdigit(*in
) || *in
== 'x'))
1095 panic("Syntax error!\n");
1099 *out
= strtoul(pt
, &endptr
, 0);
1100 if ((endptr
!= NULL
&& *endptr
!= '\0') || errno
!= 0) {
1101 panic("Syntax error!\n");
1108 char *strtrim_right(register char *p
, register char c
)
1126 char *strtrim_left(register char *p
, register char c
)
1131 while (*p
&& len
--) {