1 netsniff-ng, release 0.5.6:
2 ///////////////////////////
6 We are pleased to announce the immediate and free availability of netsniff-ng
7 in version 0.5.6! This is a major release with lots of new features. If you
8 are using netsniff-ng 0.5.5, we highly recommend upgrading!
10 So 18 months with late-night spare time hacking have passed. Promised, the next
11 timespan will be shorter. There are still a lot of things to be done in future
12 as our projects file suggests, so keep in mind that the version number 0.5.6
13 indicates that this is not a mature product yet.
15 No Linux kernel patch is required to make usage of the zero-copy facilities in
16 the kernel. And, when we speak of zero-copy, we mean that network packets are
17 not copied between user space and kernel space. Internally, we are using the
18 built-in RX_RING and TX_RING functionality, especially in netsniff-ng and
19 trafgen. And yes, you don't need to have PF_RING for that [1]! Netsniff-ng
20 users have reported performance numbers to us that indicate that the packet
21 per second performance has no significant differences. Own measurements agree
22 to that. So out of the box, RX_RING and TX_RING is the fastest you can get.
24 Please find documentation about the individual tools in the Documentation/
25 folder. The netsniff-ng toolkit is purely non-profit and provided in the hope,
26 that it is found useful.
28 [1] e.g. http://www.spinics.net/lists/netfilter-devel/msg20212.html
30 Obtaining the sources:
33 - git clone git://github.com/gnumaniacs/netsniff-ng.git
36 - wget http://pub.netsniff-ng.org/netsniff-ng/netsniff-ng-0.5.6.tar.gz
40 - We have thrown away the old netsniff-ng 0.5.5 code and have rewritten
41 netsniff-ng from scratch. It has even grown into a toolkit. Thus, next to
42 netsniff-ng, the tools trafgen, bpfc, ifpps, flowtop, curvetun and ashunt
45 - netsniff-ng: a zero-copy protocol analyzer and traffic capturing utility.
46 It can record and also replay pcap files with different file I/O techniques
47 such as memory mapped I/O or scatter gather I/O. netsniff-ng supports packet
48 filtering with Berkeley Packet Filters. The dissector has also been improved
49 with further IPv6 functionality.
51 - trafgen: is a zero-copy network packet generator. It uses the Linux' TX_RING
52 for high-speed transmissions, but also has a slower transmission mode where
53 inter-departure gaps are possible. Packets can be easily defined in a
54 text-based configuration file that is passed to trafgen. Note that
55 netsniff-ng also has a possibility of transforming pcap files into txf files
56 for usage with trafgen.
58 - bpfc: a Berkeley Packet Filter compiler that speaks Steven McCanne and
59 Van Jacobson's filter language that is defined in "The BSD packet filter:
60 a new architecture for user-level packet capture", from Proceedings of the
61 USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference
62 Proceedings. It also supports undocumented Linux kernel extensions. We think
63 it is useful to also have the possibility to experiment with filters on a
64 lower level that gives you _full control_ over filtering and haven't found
65 an implementation of that language yet. The output of bpfc can be used in
68 - ifpps: For measurement purposes, we have implemented a tool called ifpps,
69 which periodically provides top-like networking and system statistics from
70 the kernel. ifpps gathers its data directly from procfs files and does not
71 apply any user space monitoring libraries such as libpcap which is used in
72 tools like iptraf, for instance. Hence, no statistical distortion will come
73 up on high packet loads. ifpps presents what i.e. the network driver
74 calculates in kernel space.
76 - flowtop: flowtop is a top-like connection tracking tool that can run on an
77 end host or router. It is able to present TCP or UDP flows that have been
78 collected by the kernel space netfilter framework. Next to reverse DNS data,
79 connection states and ports, geographical information about the connection
80 end points are supplied. If flowtop runs on an end host, it is able to
81 detect the corresponding user space application of a particular flow. For
82 instance, it will output 'chromium-browser' with its process id, if you
83 surf the web from this machine with (guess what?!) chromium.
85 - curvetun: curvetun is a lightweight, high-speed ECDH multiuser IP tunnel
86 for Linux that is based on epoll(2). curvetun uses the Linux TUN/TAP
87 interface and supports {IPv4,IPv6} over {IPv4,IPv6} with UDP or TCP as
88 carrier protocols. As key management, public-key cryptography based on
89 elliptic curves are being used and packets are encrypted by a symmetric
90 stream cipher (Salsa20) and authenticated by a MAC (Poly1305), where
91 session keys have previously been computed with the ECDH key agreement
92 protocol (Curve25519). Cryptography is based on Daniel J. Bernsteins
93 Networking and Cryptography library (NaCl). We also provide a small script
94 for generating a user-pubkey text configuration file for curvetun servers
95 with information supplied from LDAP.
97 - ashunt: is an autonomous system trace route utility. It uses TCP- and also
98 ICMP-based probes to detect intermediate nodes. Next to reverse DNS
99 information that is also gathered by traceroute, information about the
100 autonomous system of that hop is presented. Furthermore, geographical data
101 such as country and city that is connected to a hop is supplied as well as
102 some other data. For experimenting, ashunt gives full control to the TCP/IP
103 header fields to the user. Also, sending a probe with a specified ASCII
104 cleartext payload is possible.
109 - Git commits excluding merges since 0.5.5:
114 Plus further contributions by:
121 Plus distribution maintenance by:
136 - E-mail to <bugs@netsniff-ng.org>
137 - Online bug tracker: http://bugs.netsniff-ng.org/
139 Detailed file changes:
144 CHANGELOG | 2137 ----
148 Documentation/Ashunt | 86 +
149 Documentation/Bpfc | 236 +
150 Documentation/ChangeLog | 79 +
151 Documentation/CodingStyle | 831 ++
152 Documentation/Curvetun | 236 +
153 Documentation/Flowtop | 74 +
154 Documentation/Ifpps | 90 +
155 Documentation/Manpages | 2 +
156 Documentation/Netsniff-ng | 99 +
157 Documentation/Performance | 286 +
158 Documentation/SubmittingPatches | 121 +
159 Documentation/Trafgen | 129 +
160 Documentation/logo.png | Bin 0 -> 12215 bytes
161 Documentation/logo.txt | 3 +
172 contrib/art/logo.png | Bin 0 -> 12215 bytes
173 contrib/art/logo_only.png | Bin 0 -> 3928 bytes
174 contrib/art/netsniff_Tshirt.jpg | Bin 0 -> 1351501 bytes
175 contrib/art/netsniff_logo.ai | 4168 ++++++
176 contrib/art/netsniff_logo2.svg | 156 +
177 contrib/art/netsniff_logo2_paths.pdf | Bin 0 -> 17198 bytes
178 contrib/art/netsniff_logo2_paths.svg | 278 +
179 contrib/art/netsniff_logo2_paths_white.pdf | Bin 0 -> 17203 bytes
180 contrib/art/netsniff_logo3.svg | 143 +
181 contrib/art/netsniff_logo3_paths.pdf | Bin 0 -> 8764 bytes
182 contrib/art/netsniff_logo3_paths.svg | 181 +
183 contrib/art/netsniff_logo3_paths_white.pdf | Bin 0 -> 8769 bytes
184 contrib/art/qr_netsniff_ng2_black_corner.pdf | 1462 +++
185 contrib/art/qr_netsniff_ng2_black_corner.svg | 121 +
186 contrib/art/qr_netsniff_ng_black_corner.eps | 1527 +++
187 contrib/html/bpf.pdf | Bin 0 -> 135803 bytes
188 contrib/html/faq.html | 516 +
189 contrib/html/img/debian.png | Bin 0 -> 2761 bytes
190 contrib/html/img/logo.png | Bin 0 -> 3928 bytes
191 contrib/html/img/logo2.png | Bin 0 -> 7349 bytes
192 contrib/html/img/no_epatent.png | Bin 0 -> 2267 bytes
193 contrib/html/img/osmc.jpg | Bin 0 -> 120430 bytes
194 contrib/html/img/qdn.png | Bin 0 -> 1908 bytes
195 contrib/html/img/tiny-logo.png | Bin 0 -> 449 bytes
196 contrib/html/img/vim.png | Bin 0 -> 3109 bytes
197 contrib/html/img/vt100.gif | Bin 0 -> 409 bytes
198 contrib/html/index.html | 230 +
199 .../Sending_and_receiving_zero-copy_networking.png | Bin 0 -> 6787 bytes
200 .../Sending_and_receiving_zero-copy_networking.txt | 3527 +++++
201 contrib/html/pub/netsniff-ng/MD5SUMS | 5 +
202 contrib/html/pub/netsniff-ng/SHA256SUMS | 5 +
203 .../pub/netsniff-ng/netsniff-ng-0.5.3.0.tar.gz | Bin 0 -> 21469 bytes
204 .../pub/netsniff-ng/netsniff-ng-0.5.4.0.tar.gz | Bin 0 -> 137012 bytes
205 .../pub/netsniff-ng/netsniff-ng-0.5.4.1.tar.gz | Bin 0 -> 137477 bytes
206 .../pub/netsniff-ng/netsniff-ng-0.5.4.2.tar.gz | Bin 0 -> 141979 bytes
207 .../pub/netsniff-ng/netsniff-ng-0.5.5.0.tar.gz | Bin 0 -> 265313 bytes
208 contrib/html/style.css | 149 +
209 contrib/nacl/nacl-20110221.tar.bz2 | Bin 0 -> 163415 bytes
210 netsniff-ng.8 | 692 -
211 scripts/bpf.vim | 45 +
212 scripts/curvetun-ldap | 98 +
213 scripts/geoip-database-update | 42 +
214 src/.gitattributes | 3 +
215 src/CMakeLists.txt | 77 +
217 src/ashunt.c | 1116 ++
218 src/ashunt/.gitignore | 5 +
219 src/ashunt/CMakeLists.txt | 29 +
220 src/aslookup.c | 184 +
221 src/aslookup.h | 24 +
222 src/bootstrap.c | 549 -
225 src/bpf_lexer.l | 110 +
226 src/bpf_parser.y | 542 +
228 src/bpfc/.gitignore | 5 +
229 src/bpfc/CMakeLists.txt | 25 +
230 src/built_in.h | 82 +
231 src/cmake/modules/CheckBPFAttach.cmake | 39 +
232 src/cmake/modules/CheckPFPacket.cmake | 67 +
233 src/cmake/modules/CheckStrictAlign.cmake | 95 +
234 src/cmake/modules/CheckTxRing.cmake | 67 +
235 src/cmake/modules/FindLibGeoIP.cmake | 52 +
236 src/cmake/modules/FindLibNaCl.cmake | 25 +
237 src/cmake/modules/FindLibNetFilterConnTrack.cmake | 44 +
238 src/cmake/modules/FindLibURCU.cmake | 44 +
239 src/cmake/modules/Pod2Man.cmake | 59 +
240 src/conf/ether.conf | 290 +
241 src/conf/oui.conf |13351 +++++++++++++++++++
242 src/conf/tcp.conf | 1100 ++
243 src/conf/udp.conf | 1056 ++
244 src/conf/whois.conf | 1 +
246 src/cpusched.c | 160 +
247 src/cpusched.h | 18 +
249 src/ct_client.c | 439 +
250 src/ct_server.c | 822 ++
254 src/curvetun.c | 768 ++
255 src/curvetun.h | 44 +
256 src/curvetun/.gitignore | 5 +
257 src/curvetun/CMakeLists.txt | 36 +
258 src/curvetun/abiname.c | 46 +
259 src/curvetun/build_nacl.sh | 77 +
260 src/curvetun/nacl_path.sh | 51 +
261 src/definitions.mk | 54 -
263 src/dissector.c | 110 +
264 src/dissector.h | 39 +
265 src/dissector_eth.c | 342 +
266 src/dissector_eth.h | 41 +
268 src/examples/bpfc/all_traffic.bpf | 1 +
269 src/examples/bpfc/arp.bpf | 4 +
270 src/examples/bpfc/atalk.bpf | 9 +
271 src/examples/bpfc/broadcast.bpf | 6 +
272 src/examples/bpfc/ftp.bpf | 15 +
273 src/examples/bpfc/http.bpf | 15 +
274 src/examples/bpfc/icmp.bpf | 6 +
275 src/examples/bpfc/icq.bpf | 15 +
276 src/examples/bpfc/imap.bpf | 17 +
277 src/examples/bpfc/ip_broadcast.bpf | 8 +
278 src/examples/bpfc/ip_multicast.bpf | 6 +
279 src/examples/bpfc/multicast.bpf | 4 +
280 src/examples/bpfc/not_ip.bpf | 5 +
281 src/examples/bpfc/not_ssh.bpf | 24 +
282 src/examples/bpfc/pop3.bpf | 15 +
283 src/examples/bpfc/rarp.bpf | 4 +
284 src/examples/bpfc/rsync.bpf | 15 +
285 src/examples/bpfc/skype_pre.bpf | 13 +
286 src/examples/bpfc/smtp.bpf | 15 +
287 src/examples/bpfc/ssh.bpf | 15 +
288 src/examples/bpfc/vlan1000.bpf | 7 +
289 src/examples/trafgen/trafgen.txf | 48 +
290 src/examples/trafgen/trafgen2.txf | 18 +
291 src/flowtop.c | 1002 ++
292 src/flowtop/.gitignore | 5 +
293 src/flowtop/CMakeLists.txt | 35 +
297 src/ifpps/.gitignore | 5 +
298 src/ifpps/CMakeLists.txt | 22 +
299 src/include/bootstrap.h | 31 -
300 src/include/bpf.h | 31 -
301 src/include/config.h | 83 -
302 src/include/cursor.h | 43 -
303 src/include/dump.h | 30 -
304 src/include/ether_types.h | 330 -
305 src/include/hash.h | 84 -
306 src/include/macros.h | 160 -
307 src/include/misc.h | 56 -
308 src/include/netdev.h | 81 -
309 src/include/nsignal.h | 234 -
310 src/include/oui.h |13420 --------------------
311 src/include/packet.h | 125 -
312 src/include/pcap.h | 93 -
313 src/include/ports_tcp.h | 1134 --
314 src/include/ports_udp.h | 1089 --
315 src/include/print.h | 60 -
316 src/include/protocols/arp.h | 134 -
317 src/include/protocols/csum.h | 157 -
318 src/include/protocols/ethernet.h | 89 -
319 src/include/protocols/icmp.h | 88 -
320 src/include/protocols/ip.h | 128 -
321 src/include/protocols/ipv6.h | 129 -
322 src/include/protocols/layers_2.h | 27 -
323 src/include/protocols/layers_3.h | 26 -
324 src/include/protocols/layers_4.h | 27 -
325 src/include/protocols/layers_all.h | 27 -
326 src/include/protocols/tcp.h | 174 -
327 src/include/protocols/udp.h | 138 -
328 src/include/protocols/vlan.h | 85 -
329 src/include/read.h | 28 -
330 src/include/replay.h | 33 -
331 src/include/rx_ring.h | 72 -
332 src/include/rxtx_common.h | 78 -
333 src/include/strlcpy.h | 25 -
334 src/include/system.h | 68 -
335 src/include/ticks.h | 173 -
336 src/include/tx_ring.h | 67 -
337 src/include/types.h | 68 -
338 src/include/version.h | 36 -
339 src/include/xmalloc.h | 46 -
341 src/man/netsniff-ng.txt | 574 -
345 src/netdev.c | 910 --
346 src/netsniff-ng.c | 1282 ++-
347 src/netsniff-ng/.gitignore | 5 +
348 src/netsniff-ng/CMakeLists.txt | 41 +
349 src/opt_memcpy.c | 302 +
350 src/opt_memcpy.h | 81 +
351 src/patricia.c | 333 +
352 src/patricia.h | 52 +
355 src/pcap_mmap.c | 227 +
356 src/pcap_rw.c | 107 +
357 src/pcap_sg.c | 217 +
359 src/proto_arp.h | 132 +
360 src/proto_esp.h | 67 +
361 src/proto_ethernet.h | 100 +
362 src/proto_hex.h | 76 +
363 src/proto_icmp.h | 71 +
364 src/proto_ip_authentication_hdr.h | 87 +
365 src/proto_ipv4.h | 128 +
366 src/proto_ipv6.h | 118 +
367 src/proto_ipv6_dest_opts.h | 83 +
368 src/proto_ipv6_fragm.h | 82 +
369 src/proto_ipv6_hop_by_hop.h | 83 +
370 src/proto_ipv6_in_ipv4.h | 30 +
371 src/proto_ipv6_mobility_hdr.h | 87 +
372 src/proto_ipv6_no_nxt_hdr.h | 39 +
373 src/proto_ipv6_routing.h | 97 +
374 src/proto_struct.h | 43 +
375 src/proto_tcp.h | 180 +
376 src/proto_udp.h | 110 +
377 src/proto_vlan.h | 81 +
381 src/ring_rx.c | 117 +
383 src/ring_tx.c | 126 +
385 src/rules/all_traffic.bpf | 21 -
386 src/rules/arp.bpf | 24 -
387 src/rules/atalk.bpf | 29 -
388 src/rules/broadcast.bpf | 26 -
389 src/rules/ftp.bpf | 35 -
390 src/rules/http.bpf | 35 -
391 src/rules/icmp.bpf | 26 -
392 src/rules/icq.bpf | 35 -
393 src/rules/imap.bpf | 37 -
394 src/rules/ip_broadcast.bpf | 28 -
395 src/rules/ip_multicast.bpf | 26 -
396 src/rules/multicast.bpf | 24 -
397 src/rules/not_ip.bpf | 25 -
398 src/rules/not_ssh.bpf | 44 -
399 src/rules/pop3.bpf | 35 -
400 src/rules/rarp.bpf | 24 -
401 src/rules/rsync.bpf | 35 -
402 src/rules/skype_pre.bpf | 33 -
403 src/rules/smtp.bpf | 35 -
404 src/rules/ssh.bpf | 35 -
405 src/rules/vlan1000.bpf | 27 -
406 src/rx_ring.c | 449 -
407 src/servmgmt.c | 285 +
408 src/servmgmt.h | 24 +
413 src/tprintf.c | 112 +
415 src/trafgen.c | 933 ++
416 src/trafgen/.gitignore | 5 +
417 src/trafgen/CMakeLists.txt | 19 +
420 src/tx_ring.c | 347 -
421 src/usermgmt.c | 689 +
422 src/usermgmt.h | 50 +
425 src/xmalloc.c | 193 +-
431 290 files changed, 49579 insertions(+), 28908 deletions(-)
434 ,---------------------,
435 < Y U NO LUV PACKETZ? >
436 '---------------------'