| blob | 3a7df08d8fa8b6066bb18e2978e179c19daf7008 |
1 netsniff-ng, release 0.5.6:
2 ///////////////////////////
4 Date: 29.03.2012
5 Obsoletes: 0.5.5 and previous
7 We are pleased to announce the immediate and free availability of netsniff-ng
8 in version 0.5.6! This is a major release with lots of new features. If you
9 are using netsniff-ng 0.5.5, we highly recommend upgrading!
11 So 18 months with late-night spare time hacking have passed. Promised, the next
12 timespan will be shorter. There are still a lot of things to be done in future
13 as our projects file suggests, so keep in mind that the version number 0.5.6
14 indicates that this is not a mature product yet.
16 No Linux kernel patch is required to make usage of the zero-copy facilities in
17 the kernel. And, when we speak of zero-copy, we mean that network packets are
18 not copied between user space and kernel space. Internally, we are using the
19 built-in RX_RING and TX_RING functionality, especially in netsniff-ng and
20 trafgen. And yes, you don't need to have PF_RING for that [1]! Netsniff-ng
21 users have reported performance numbers to us that indicate that the packet
22 per second performance has no significant differences. Own measurements agree
23 to that. So out of the box, RX_RING and TX_RING is the fastest you can get.
25 Please find documentation about the individual tools in the Documentation/
26 folder. The netsniff-ng toolkit is purely non-profit and provided in the hope,
27 that it is found useful.
29 [1] e.g. http://www.spinics.net/lists/netfilter-devel/msg20212.html
31 Obtaining the sources:
33 - Via Git:
34 - git clone git://github.com/gnumaniacs/netsniff-ng.git
35 - git checkout 0.5.6
36 - Via HTTP:
37 - wget http://pub.netsniff-ng.org/netsniff-ng/netsniff-ng-0.5.6.tar.gz
39 Highlights:
41 - We have thrown away the old netsniff-ng 0.5.5 code and have rewritten
42 netsniff-ng from scratch. It has even grown into a toolkit. Thus, next to
43 netsniff-ng, the tools trafgen, bpfc, ifpps, flowtop, curvetun and ashunt
44 are available:
46 - netsniff-ng: a zero-copy protocol analyzer and traffic capturing utility.
47 It can record and also replay pcap files with different file I/O techniques
48 such as memory mapped I/O or scatter gather I/O. netsniff-ng supports packet
49 filtering with Berkeley Packet Filters. The dissector has also been improved
50 with further IPv6 functionality.
52 - trafgen: is a zero-copy network packet generator. It uses the Linux' TX_RING
53 for high-speed transmissions, but also has a slower transmission mode where
54 inter-departure gaps are possible. Packets can be easily defined in a
55 text-based configuration file that is passed to trafgen. Note that
56 netsniff-ng also has a possibility of transforming pcap files into txf files
57 for usage with trafgen.
59 - bpfc: a Berkeley Packet Filter compiler that speaks Steven McCanne and
60 Van Jacobson's filter language that is defined in "The BSD packet filter:
61 a new architecture for user-level packet capture", from Proceedings of the
62 USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference
63 Proceedings. It also supports undocumented Linux kernel extensions. We think
64 it is useful to also have the possibility to experiment with filters on a
65 lower level that gives you _full control_ over filtering and haven't found
66 an implementation of that language yet. The output of bpfc can be used in
67 netsniff-ng.
69 - ifpps: For measurement purposes, we have implemented a tool called ifpps,
70 which periodically provides top-like networking and system statistics from
71 the kernel. ifpps gathers its data directly from procfs files and does not
72 apply any user space monitoring libraries such as libpcap which is used in
73 tools like iptraf, for instance. Hence, no statistical distortion will come
74 up on high packet loads. ifpps presents what i.e. the network driver
75 calculates in kernel space.
77 - flowtop: flowtop is a top-like connection tracking tool that can run on an
78 end host or router. It is able to present TCP or UDP flows that have been
79 collected by the kernel space netfilter framework. Next to reverse DNS data,
80 connection states and ports, geographical information about the connection
81 end points are supplied. If flowtop runs on an end host, it is able to
82 detect the corresponding user space application of a particular flow. For
83 instance, it will output 'chromium-browser' with its process id, if you
84 surf the web from this machine with (guess what?!) chromium.
86 - curvetun: curvetun is a lightweight, high-speed ECDH multiuser IP tunnel
87 for Linux that is based on epoll(2). curvetun uses the Linux TUN/TAP
88 interface and supports {IPv4,IPv6} over {IPv4,IPv6} with UDP or TCP as
89 carrier protocols. As key management, public-key cryptography based on
90 elliptic curves are being used and packets are encrypted by a symmetric
91 stream cipher (Salsa20) and authenticated by a MAC (Poly1305), where
92 session keys have previously been computed with the ECDH key agreement
93 protocol (Curve25519). Cryptography is based on Daniel J. Bernsteins
94 Networking and Cryptography library (NaCl). We also provide a small script
95 for generating a user-pubkey text configuration file for curvetun servers
96 with information supplied from LDAP.
98 - ashunt: is an autonomous system trace route utility. It uses TCP- and also
99 ICMP-based probes to detect intermediate nodes. Next to reverse DNS
100 information that is also gathered by traceroute, information about the
101 autonomous system of that hop is presented. Furthermore, geographical data
102 such as country and city that is connected to a hop is supplied as well as
103 some other data. For experimenting, ashunt gives full control to the TCP/IP
104 header fields to the user. Also, sending a probe with a specified ASCII
105 cleartext payload is possible.
107 Summary:
109 - 18 months timespan
110 - Git commits excluding merges since 0.5.5:
112 1107 Daniel Borkmann
113 126 Emmanuel Roullit
115 Plus further contributions by:
117 Markus Amend
118 Ronald W. Henderson
119 James S. Binder
120 Markus Kötter
122 Plus distribution maintenance by:
124 Kartik Mistry
125 Jiří Skála
126 Can Celasun
127 Michael Weber
128 Corrado Franco
129 Pascal Bleser
130 Guillaume Rousse
131 Michael Prokop
132 Ronald W. Henderson
133 Fabian Affolter
135 Reporting bugs:
137 - E-mail to <bugs@netsniff-ng.org>
138 - Online bug tracker: http://bugs.netsniff-ng.org/
140 Detailed file changes:
142 .gitattributes | 3 +
143 .gitignore | 2 -
144 .mailmap | 14 +
145 CHANGELOG | 2137 ----
146 CODING | 831 --
147 COPYING | 10 +
148 CREDITS | 113 -
149 Documentation/Ashunt | 86 +
150 Documentation/Bpfc | 236 +
151 Documentation/ChangeLog | 79 +
152 Documentation/CodingStyle | 831 ++
153 Documentation/Curvetun | 236 +
154 Documentation/Flowtop | 74 +
155 Documentation/Ifpps | 90 +
156 Documentation/Manpages | 2 +
157 Documentation/Netsniff-ng | 99 +
158 Documentation/Performance | 286 +
159 Documentation/SubmittingPatches | 121 +
160 Documentation/Trafgen | 129 +
161 Documentation/logo.png | Bin 0 -> 12215 bytes
162 Documentation/logo.txt | 3 +
163 HACKING | 67 -
164 INSTALL | 100 +-
165 MAINTAINER | 100 +
166 MIRRORS | 9 +
167 PROJECTS | 204 +
168 README | 151 +-
169 REPORTING-BUGS | 8 +
170 THANKS | 55 +
171 TODO | 12 -
172 VERSION | 2 +-
173 contrib/art/logo.png | Bin 0 -> 12215 bytes
174 contrib/art/logo_only.png | Bin 0 -> 3928 bytes
175 contrib/art/netsniff_Tshirt.jpg | Bin 0 -> 1351501 bytes
176 contrib/art/netsniff_logo.ai | 4168 ++++++
177 contrib/art/netsniff_logo2.svg | 156 +
178 contrib/art/netsniff_logo2_paths.pdf | Bin 0 -> 17198 bytes
179 contrib/art/netsniff_logo2_paths.svg | 278 +
180 contrib/art/netsniff_logo2_paths_white.pdf | Bin 0 -> 17203 bytes
181 contrib/art/netsniff_logo3.svg | 143 +
182 contrib/art/netsniff_logo3_paths.pdf | Bin 0 -> 8764 bytes
183 contrib/art/netsniff_logo3_paths.svg | 181 +
184 contrib/art/netsniff_logo3_paths_white.pdf | Bin 0 -> 8769 bytes
185 contrib/art/qr_netsniff_ng2_black_corner.pdf | 1462 +++
186 contrib/art/qr_netsniff_ng2_black_corner.svg | 121 +
187 contrib/art/qr_netsniff_ng_black_corner.eps | 1527 +++
188 contrib/html/bpf.pdf | Bin 0 -> 135803 bytes
189 contrib/html/faq.html | 516 +
190 contrib/html/img/debian.png | Bin 0 -> 2761 bytes
191 contrib/html/img/logo.png | Bin 0 -> 3928 bytes
192 contrib/html/img/logo2.png | Bin 0 -> 7349 bytes
193 contrib/html/img/no_epatent.png | Bin 0 -> 2267 bytes
194 contrib/html/img/osmc.jpg | Bin 0 -> 120430 bytes
195 contrib/html/img/qdn.png | Bin 0 -> 1908 bytes
196 contrib/html/img/tiny-logo.png | Bin 0 -> 449 bytes
197 contrib/html/img/vim.png | Bin 0 -> 3109 bytes
198 contrib/html/img/vt100.gif | Bin 0 -> 409 bytes
199 contrib/html/index.html | 230 +
200 .../Sending_and_receiving_zero-copy_networking.png | Bin 0 -> 6787 bytes
201 .../Sending_and_receiving_zero-copy_networking.txt | 3527 +++++
202 contrib/html/pub/netsniff-ng/MD5SUMS | 5 +
203 contrib/html/pub/netsniff-ng/SHA256SUMS | 5 +
204 .../pub/netsniff-ng/netsniff-ng-0.5.3.0.tar.gz | Bin 0 -> 21469 bytes
205 .../pub/netsniff-ng/netsniff-ng-0.5.4.0.tar.gz | Bin 0 -> 137012 bytes
206 .../pub/netsniff-ng/netsniff-ng-0.5.4.1.tar.gz | Bin 0 -> 137477 bytes
207 .../pub/netsniff-ng/netsniff-ng-0.5.4.2.tar.gz | Bin 0 -> 141979 bytes
208 .../pub/netsniff-ng/netsniff-ng-0.5.5.0.tar.gz | Bin 0 -> 265313 bytes
209 contrib/html/style.css | 149 +
210 contrib/nacl/nacl-20110221.tar.bz2 | Bin 0 -> 163415 bytes
211 netsniff-ng.8 | 692 -
212 scripts/bpf.vim | 45 +
213 scripts/curvetun-ldap | 98 +
214 scripts/geoip-database-update | 42 +
215 src/.gitattributes | 3 +
216 src/CMakeLists.txt | 77 +
217 src/Makefile | 69 -
218 src/ashunt.c | 1116 ++
219 src/ashunt/.gitignore | 5 +
220 src/ashunt/CMakeLists.txt | 29 +
221 src/aslookup.c | 184 +
222 src/aslookup.h | 24 +
223 src/bootstrap.c | 549 -
224 src/bpf.c | 327 +-
225 src/bpf.h | 144 +
226 src/bpf_lexer.l | 110 +
227 src/bpf_parser.y | 542 +
228 src/bpfc.c | 186 +
229 src/bpfc/.gitignore | 5 +
230 src/bpfc/CMakeLists.txt | 25 +
231 src/built_in.h | 82 +
232 src/cmake/modules/CheckBPFAttach.cmake | 39 +
233 src/cmake/modules/CheckPFPacket.cmake | 67 +
234 src/cmake/modules/CheckStrictAlign.cmake | 95 +
235 src/cmake/modules/CheckTxRing.cmake | 67 +
236 src/cmake/modules/FindLibGeoIP.cmake | 52 +
237 src/cmake/modules/FindLibNaCl.cmake | 25 +
238 src/cmake/modules/FindLibNetFilterConnTrack.cmake | 44 +
239 src/cmake/modules/FindLibURCU.cmake | 44 +
240 src/cmake/modules/Pod2Man.cmake | 59 +
241 src/conf/ether.conf | 290 +
242 src/conf/oui.conf |13351 +++++++++++++++++++
243 src/conf/tcp.conf | 1100 ++
244 src/conf/udp.conf | 1056 ++
245 src/conf/whois.conf | 1 +
246 src/config.c | 311 -
247 src/cpusched.c | 160 +
248 src/cpusched.h | 18 +
249 src/csum.h | 164 +
250 src/ct_client.c | 439 +
251 src/ct_server.c | 822 ++
252 src/cursor.c | 88 -
253 src/curve.c | 294 +
254 src/curve.h | 231 +
255 src/curvetun.c | 768 ++
256 src/curvetun.h | 44 +
257 src/curvetun/.gitignore | 5 +
258 src/curvetun/CMakeLists.txt | 36 +
259 src/curvetun/abiname.c | 46 +
260 src/curvetun/build_nacl.sh | 77 +
261 src/curvetun/nacl_path.sh | 51 +
262 src/definitions.mk | 54 -
263 src/die.h | 52 +
264 src/dissector.c | 110 +
265 src/dissector.h | 39 +
266 src/dissector_eth.c | 342 +
267 src/dissector_eth.h | 41 +
268 src/dump.c | 79 -
269 src/examples/bpfc/all_traffic.bpf | 1 +
270 src/examples/bpfc/arp.bpf | 4 +
271 src/examples/bpfc/atalk.bpf | 9 +
272 src/examples/bpfc/broadcast.bpf | 6 +
273 src/examples/bpfc/ftp.bpf | 15 +
274 src/examples/bpfc/http.bpf | 15 +
275 src/examples/bpfc/icmp.bpf | 6 +
276 src/examples/bpfc/icq.bpf | 15 +
277 src/examples/bpfc/imap.bpf | 17 +
278 src/examples/bpfc/ip_broadcast.bpf | 8 +
279 src/examples/bpfc/ip_multicast.bpf | 6 +
280 src/examples/bpfc/multicast.bpf | 4 +
281 src/examples/bpfc/not_ip.bpf | 5 +
282 src/examples/bpfc/not_ssh.bpf | 24 +
283 src/examples/bpfc/pop3.bpf | 15 +
284 src/examples/bpfc/rarp.bpf | 4 +
285 src/examples/bpfc/rsync.bpf | 15 +
286 src/examples/bpfc/skype_pre.bpf | 13 +
287 src/examples/bpfc/smtp.bpf | 15 +
288 src/examples/bpfc/ssh.bpf | 15 +
289 src/examples/bpfc/vlan1000.bpf | 7 +
290 src/examples/trafgen/trafgen.txf | 48 +
291 src/examples/trafgen/trafgen2.txf | 18 +
292 src/flowtop.c | 1002 ++
293 src/flowtop/.gitignore | 5 +
294 src/flowtop/CMakeLists.txt | 35 +
295 src/hash.c | 515 +-
296 src/hash.h | 87 +
297 src/ifpps.c | 894 ++
298 src/ifpps/.gitignore | 5 +
299 src/ifpps/CMakeLists.txt | 22 +
300 src/include/bootstrap.h | 31 -
301 src/include/bpf.h | 31 -
302 src/include/config.h | 83 -
303 src/include/cursor.h | 43 -
304 src/include/dump.h | 30 -
305 src/include/ether_types.h | 330 -
306 src/include/hash.h | 84 -
307 src/include/macros.h | 160 -
308 src/include/misc.h | 56 -
309 src/include/netdev.h | 81 -
310 src/include/nsignal.h | 234 -
311 src/include/oui.h |13420 --------------------
312 src/include/packet.h | 125 -
313 src/include/pcap.h | 93 -
314 src/include/ports_tcp.h | 1134 --
315 src/include/ports_udp.h | 1089 --
316 src/include/print.h | 60 -
317 src/include/protocols/arp.h | 134 -
318 src/include/protocols/csum.h | 157 -
319 src/include/protocols/ethernet.h | 89 -
320 src/include/protocols/icmp.h | 88 -
321 src/include/protocols/ip.h | 128 -
322 src/include/protocols/ipv6.h | 129 -
323 src/include/protocols/layers_2.h | 27 -
324 src/include/protocols/layers_3.h | 26 -
325 src/include/protocols/layers_4.h | 27 -
326 src/include/protocols/layers_all.h | 27 -
327 src/include/protocols/tcp.h | 174 -
328 src/include/protocols/udp.h | 138 -
329 src/include/protocols/vlan.h | 85 -
330 src/include/read.h | 28 -
331 src/include/replay.h | 33 -
332 src/include/rx_ring.h | 72 -
333 src/include/rxtx_common.h | 78 -
334 src/include/strlcpy.h | 25 -
335 src/include/system.h | 68 -
336 src/include/ticks.h | 173 -
337 src/include/tx_ring.h | 67 -
338 src/include/types.h | 68 -
339 src/include/version.h | 36 -
340 src/include/xmalloc.h | 46 -
341 src/locking.h | 90 +
342 src/man/netsniff-ng.txt | 574 -
343 src/misc.c | 132 -
344 src/mtrand.c | 163 +
345 src/mtrand.h | 23 +
346 src/netdev.c | 910 --
347 src/netsniff-ng.c | 1282 ++-
348 src/netsniff-ng/.gitignore | 5 +
349 src/netsniff-ng/CMakeLists.txt | 41 +
350 src/opt_memcpy.c | 302 +
351 src/opt_memcpy.h | 81 +
352 src/patricia.c | 333 +
353 src/patricia.h | 52 +
354 src/pcap.c | 28 +
355 src/pcap.h | 170 +
356 src/pcap_mmap.c | 227 +
357 src/pcap_rw.c | 107 +
358 src/pcap_sg.c | 217 +
359 src/print.c | 481 -
360 src/proto_arp.h | 132 +
361 src/proto_esp.h | 67 +
362 src/proto_ethernet.h | 100 +
363 src/proto_hex.h | 76 +
364 src/proto_icmp.h | 71 +
365 src/proto_ip_authentication_hdr.h | 87 +
366 src/proto_ipv4.h | 128 +
367 src/proto_ipv6.h | 118 +
368 src/proto_ipv6_dest_opts.h | 83 +
369 src/proto_ipv6_fragm.h | 82 +
370 src/proto_ipv6_hop_by_hop.h | 83 +
371 src/proto_ipv6_in_ipv4.h | 30 +
372 src/proto_ipv6_mobility_hdr.h | 87 +
373 src/proto_ipv6_no_nxt_hdr.h | 39 +
374 src/proto_ipv6_routing.h | 97 +
375 src/proto_struct.h | 43 +
376 src/proto_tcp.h | 180 +
377 src/proto_udp.h | 110 +
378 src/proto_vlan.h | 81 +
379 src/protos.h | 30 +
380 src/replay.c | 126 -
381 src/ring.h | 139 +
382 src/ring_rx.c | 117 +
383 src/ring_rx.h | 32 +
384 src/ring_tx.c | 126 +
385 src/ring_tx.h | 37 +
386 src/rules/all_traffic.bpf | 21 -
387 src/rules/arp.bpf | 24 -
388 src/rules/atalk.bpf | 29 -
389 src/rules/broadcast.bpf | 26 -
390 src/rules/ftp.bpf | 35 -
391 src/rules/http.bpf | 35 -
392 src/rules/icmp.bpf | 26 -
393 src/rules/icq.bpf | 35 -
394 src/rules/imap.bpf | 37 -
395 src/rules/ip_broadcast.bpf | 28 -
396 src/rules/ip_multicast.bpf | 26 -
397 src/rules/multicast.bpf | 24 -
398 src/rules/not_ip.bpf | 25 -
399 src/rules/not_ssh.bpf | 44 -
400 src/rules/pop3.bpf | 35 -
401 src/rules/rarp.bpf | 24 -
402 src/rules/rsync.bpf | 35 -
403 src/rules/skype_pre.bpf | 33 -
404 src/rules/smtp.bpf | 35 -
405 src/rules/ssh.bpf | 35 -
406 src/rules/vlan1000.bpf | 27 -
407 src/rx_ring.c | 449 -
408 src/servmgmt.c | 285 +
409 src/servmgmt.h | 24 +
410 src/strlcpy.c | 54 -
411 src/stun.c | 235 +
412 src/stun.h | 15 +
413 src/system.c | 291 -
414 src/tprintf.c | 112 +
415 src/tprintf.h | 17 +
416 src/trafgen.c | 933 ++
417 src/trafgen/.gitignore | 5 +
418 src/trafgen/CMakeLists.txt | 19 +
419 src/trie.c | 153 +
420 src/trie.h | 22 +
421 src/tx_ring.c | 347 -
422 src/usermgmt.c | 689 +
423 src/usermgmt.h | 50 +
424 src/xio.c | 127 +
425 src/xio.h | 19 +
426 src/xmalloc.c | 193 +-
427 src/xmalloc.h | 35 +
428 src/xstring.c | 97 +
429 src/xstring.h | 51 +
430 src/xsys.c | 634 +
431 src/xsys.h | 143 +
432 290 files changed, 49579 insertions(+), 28908 deletions(-)
434 ---
435 ,---------------------,
436 < Y U NO LUV PACKETZ? >
437 '---------------------'
438 O
439 o
440 ^__^
441 _______/(oo)
442 /\/( /(_o)
443 | W----|| _
444 || || |~| ~~
445 |~| ~
446 |_| o
447 |#|/
448 _+#+_