diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7557288 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/netsniff-ng-0.5.8-a225505.tar.gz diff --git a/.netsniff-ng.metadata b/.netsniff-ng.metadata new file mode 100644 index 0000000..12f74dc --- /dev/null +++ b/.netsniff-ng.metadata @@ -0,0 +1 @@ +4ac8f918343b4e5bd45d751a6be7bb5abdb7c0e6 SOURCES/netsniff-ng-0.5.8-a225505.tar.gz diff --git a/SOURCES/0001-netsniff-ng-add-packet-fanout-support.patch b/SOURCES/0001-netsniff-ng-add-packet-fanout-support.patch new file mode 100644 index 0000000..aff2345 --- /dev/null +++ b/SOURCES/0001-netsniff-ng-add-packet-fanout-support.patch @@ -0,0 +1,224 @@ +From 7d821344b6c147a55849e6f8e3652c412b08c80a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Micha=C5=82=20Purzy=C5=84ski?= +Date: Tue, 21 Apr 2015 11:12:44 +0200 +Subject: [PATCH 1/4] netsniff-ng: add packet fanout support +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Upstream commit: f00d4d54f28c0374cc57e6ca07dd648d7684c69c + +-- + +netsniff-ng: add packet fanout support + +This work adds packet fanout support to netsniff-ng. Multiple netsniff-ng +instances can join the same fanout group with a particular id in order to +improve scaling. + +Based on different fanout disciplines, e.g. distribute to fanout member +by packet hash, round-robin, by arrival cpu, by random, by socket rollover +(if one members socket queue is full, switch to next one, etc), by hardware +queue mapping, traffic can be distributed to one of the fanout members. + +Moreover, we also allow the user to specify additional aux arguments, e.g. +whether to defrag incoming traffic for the fanout group or not, and whether +to roll over a socket in case other disciplines than socket rollover have +been used. All that is configurable via command line option. + +Signed-off-by: Michał Purzyński +[ dbkm made some bigger changes to get this upstream ready ] +Signed-off-by: Daniel Borkmann +--- + netsniff-ng.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++--- + ring_rx.c | 16 ++++++++++++++++ + ring_rx.h | 34 ++++++++++++++++++++++++++++++++++ + 3 files changed, 97 insertions(+), 3 deletions(-) + +diff --git a/netsniff-ng.c b/netsniff-ng.c +index 0d9046c..b238979 100644 +--- a/netsniff-ng.c ++++ b/netsniff-ng.c +@@ -57,14 +57,18 @@ struct ctx { + int cpu, rfraw, dump, print_mode, dump_dir, packet_type, verbose; + unsigned long kpull, dump_interval, reserve_size, tx_bytes, tx_packets; + bool randomize, promiscuous, enforce, jumbo, dump_bpf; +- enum pcap_ops_groups pcap; enum dump_mode dump_mode; +- uid_t uid; gid_t gid; uint32_t link_type, magic; ++ enum pcap_ops_groups pcap; ++ enum dump_mode dump_mode; ++ uid_t uid; ++ gid_t gid; ++ uint32_t link_type, magic; ++ uint32_t fanout_group, fanout_type; + }; + + static volatile sig_atomic_t sigint = 0; + static volatile bool next_dump = false; + +-static const char *short_options = "d:i:o:rf:MJt:S:k:n:b:HQmcsqXlvhF:RGAP:Vu:g:T:DBU"; ++static const char *short_options = "d:i:o:rf:MJt:S:k:n:b:HQmcsqXlvhF:RGAP:Vu:g:T:DBUC:K:L:"; + static const struct option long_options[] = { + {"dev", required_argument, NULL, 'd'}, + {"in", required_argument, NULL, 'i'}, +@@ -80,6 +84,9 @@ static const struct option long_options[] = { + {"user", required_argument, NULL, 'u'}, + {"group", required_argument, NULL, 'g'}, + {"magic", required_argument, NULL, 'T'}, ++ {"fanout-group", required_argument, NULL, 'C'}, ++ {"fanout-type", required_argument, NULL, 'K'}, ++ {"fanout-opts", required_argument, NULL, 'L'}, + {"rand", no_argument, NULL, 'r'}, + {"rfraw", no_argument, NULL, 'R'}, + {"mmap", no_argument, NULL, 'm'}, +@@ -382,6 +389,7 @@ static void receive_to_xmit(struct ctx *ctx) + mmap_rx_ring(rx_sock, &rx_ring); + alloc_rx_ring_frames(rx_sock, &rx_ring); + bind_rx_ring(rx_sock, &rx_ring, ifindex_in); ++ join_fanout_group(rx_sock, ctx->fanout_group, ctx->fanout_type); + prepare_polling(rx_sock, &rx_poll); + + set_packet_loss_discard(tx_sock); +@@ -924,6 +932,7 @@ static void recv_only_or_dump(struct ctx *ctx) + mmap_rx_ring(sock, &rx_ring); + alloc_rx_ring_frames(sock, &rx_ring); + bind_rx_ring(sock, &rx_ring, ifindex); ++ join_fanout_group(sock, ctx->fanout_group, ctx->fanout_type); + + prepare_polling(sock, &rx_poll); + dissector_init_all(ctx->print_mode); +@@ -1021,12 +1030,15 @@ static void recv_only_or_dump(struct ctx *ctx) + static void init_ctx(struct ctx *ctx) + { + memset(ctx, 0, sizeof(*ctx)); ++ + ctx->uid = getuid(); + ctx->uid = getgid(); + + ctx->cpu = -1; + ctx->packet_type = -1; + ++ ctx->fanout_type = PACKET_FANOUT_ROLLOVER; ++ + ctx->magic = ORIGINAL_TCPDUMP_MAGIC; + ctx->print_mode = PRINT_NORM; + ctx->pcap = PCAP_OPS_SG; +@@ -1055,6 +1067,9 @@ static void __noreturn help(void) + "Options:\n" + " -i|-d|--dev|--in Input source as netdev, pcap or pcap stdin\n" + " -o|--out Output sink as netdev, pcap, directory, trafgen, or stdout\n" ++ " -C|--fanout-group Join packet fanout group\n" ++ " -K|--fanout-type Apply fanout discipline: hash|lb|cpu|rnd|roll|qm\n" ++ " -L|--fanout-opts Additional fanout options: defrag|roll\n" + " -f|--filter Use BPF filter file from bpfc or tcpdump-like expression\n" + " -t|--type Filter for: host|broadcast|multicast|others|outgoing\n" + " -F|--interval Dump interval if -o is a dir: KiB/MiB/GiB/s/sec/min/hrs\n" +@@ -1180,6 +1195,35 @@ int main(int argc, char **argv) + ctx.gid = strtoul(optarg, NULL, 0); + ctx.enforce = true; + break; ++ case 'C': ++ ctx.fanout_group = strtoul(optarg, NULL, 0); ++ if (ctx.fanout_group == 0) ++ panic("Non-zero fanout group id required!\n"); ++ break; ++ case 'K': ++ if (!strncmp(optarg, "hash", strlen("hash"))) ++ ctx.fanout_type = PACKET_FANOUT_HASH; ++ else if (!strncmp(optarg, "lb", strlen("lb"))) ++ ctx.fanout_type = PACKET_FANOUT_LB; ++ else if (!strncmp(optarg, "cpu", strlen("cpu"))) ++ ctx.fanout_type = PACKET_FANOUT_CPU; ++ else if (!strncmp(optarg, "rnd", strlen("rnd"))) ++ ctx.fanout_type = PACKET_FANOUT_RND; ++ else if (!strncmp(optarg, "roll", strlen("roll"))) ++ ctx.fanout_type = PACKET_FANOUT_ROLLOVER; ++ else if (!strncmp(optarg, "qm", strlen("qm"))) ++ ctx.fanout_type = PACKET_FANOUT_QM; ++ else ++ panic("Unkown fanout type!\n"); ++ break; ++ case 'L': ++ if (!strncmp(optarg, "defrag", strlen("defrag"))) ++ ctx.fanout_type |= PACKET_FANOUT_FLAG_DEFRAG; ++ else if (!strncmp(optarg, "roll", strlen("roll"))) ++ ctx.fanout_type |= PACKET_FANOUT_FLAG_ROLLOVER; ++ else ++ panic("Unkown fanout option!\n"); ++ break; + case 't': + if (!strncmp(optarg, "host", strlen("host"))) + ctx.packet_type = PACKET_HOST; +diff --git a/ring_rx.c b/ring_rx.c +index 3c701da..24a8c6d 100644 +--- a/ring_rx.c ++++ b/ring_rx.c +@@ -131,6 +131,22 @@ void bind_rx_ring(int sock, struct ring *ring, int ifindex) + bind_ring_generic(sock, ring, ifindex); + } + ++void join_fanout_group(int sock, uint32_t fanout_group, uint32_t fanout_type) ++{ ++ uint32_t fanout_opt = 0; ++ int ret; ++ ++ if (fanout_group == 0) ++ return; ++ ++ fanout_opt = (fanout_group & 0xffff) | (fanout_type << 16); ++ ++ ret = setsockopt(sock, SOL_PACKET, PACKET_FANOUT, &fanout_opt, ++ sizeof(fanout_opt)); ++ if (ret < 0) ++ panic("Cannot set fanout ring mode!\n"); ++} ++ + void sock_rx_net_stats(int sock, unsigned long seen) + { + int ret; +diff --git a/ring_rx.h b/ring_rx.h +index 8bf439b..256984d 100644 +--- a/ring_rx.h ++++ b/ring_rx.h +@@ -41,4 +41,38 @@ static inline void kernel_may_pull_from_rx_block(struct block_desc *pbd) + pbd->h1.block_status = TP_STATUS_KERNEL; + } + ++/* Fanout types. */ ++ ++#ifndef PACKET_FANOUT_HASH ++# define PACKET_FANOUT_HASH 0 ++#endif ++ ++#ifndef PACKET_FANOUT_LB ++# define PACKET_FANOUT_LB 1 ++#endif ++ ++#ifndef PACKET_FANOUT_CPU ++# define PACKET_FANOUT_CPU 2 ++#endif ++ ++#ifndef PACKET_FANOUT_ROLLOVER ++# define PACKET_FANOUT_ROLLOVER 3 ++#endif ++ ++#ifndef PACKET_FANOUT_RND ++# define PACKET_FANOUT_RND 4 ++#endif ++ ++#ifndef PACKET_FANOUT_QM ++# define PACKET_FANOUT_QM 5 ++#endif ++ ++#ifndef PACKET_FANOUT_FLAG_ROLLOVER ++# define PACKET_FANOUT_FLAG_ROLLOVER 0x1000 ++#endif ++ ++#ifndef PACKET_FANOUT_FLAG_DEFRAG ++# define PACKET_FANOUT_FLAG_DEFRAG 0x8000 ++#endif ++ + #endif /* RX_RING_H */ +-- +2.5.5 + diff --git a/SOURCES/0002-doc-authors-add-Michal-as-contributor.patch b/SOURCES/0002-doc-authors-add-Michal-as-contributor.patch new file mode 100644 index 0000000..aaa44d6 --- /dev/null +++ b/SOURCES/0002-doc-authors-add-Michal-as-contributor.patch @@ -0,0 +1,34 @@ +From fa861e84f386948e0c07f8cde4c392c3317c3e0e Mon Sep 17 00:00:00 2001 +From: Daniel Borkmann +Date: Tue, 21 Apr 2015 12:04:13 +0200 +Subject: [PATCH 2/4] doc: authors: add Michal as contributor + +Upstream commit: 264ef01ddd743c8832fcc142b460fc13dc749138 + +-- + +doc: authors: add Michal as contributor + +Add Michal for commit f00d4d54f28 ("netsniff-ng: add packet fanout +support"). + +Signed-off-by: Daniel Borkmann +--- + AUTHORS | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/AUTHORS b/AUTHORS +index 5175c83..48086cc 100644 +--- a/AUTHORS ++++ b/AUTHORS +@@ -32,6 +32,7 @@ Minor contributors (<= 30 commits): + * Stefan Seering + * Jon Schipp + * Sibir Chakraborty ++ * Michał Purzyński + + Special thanks to some of our sponsors: + +-- +2.5.5 + diff --git a/SOURCES/0003-man-netsniff-ng-document-fanout-options.patch b/SOURCES/0003-man-netsniff-ng-document-fanout-options.patch new file mode 100644 index 0000000..b530582 --- /dev/null +++ b/SOURCES/0003-man-netsniff-ng-document-fanout-options.patch @@ -0,0 +1,58 @@ +From 39dc303ae890f22f7c603d4de3f46e0b934f8674 Mon Sep 17 00:00:00 2001 +From: Daniel Borkmann +Date: Wed, 22 Apr 2015 22:11:50 +0200 +Subject: [PATCH 3/4] man: netsniff-ng: document fanout options + +Upstream commit: a6d81446c350218e36e53716ff277886069794b9 + +-- + +man: netsniff-ng: document fanout options + +Properly document the new knobs for doing packet socket's fanout, i.e. +that is, --fanout-group/--fanout-type/--fanout-opts. + +Signed-off-by: Daniel Borkmann +--- + netsniff-ng.8 | 25 +++++++++++++++++++++++++ + 1 file changed, 25 insertions(+) + +diff --git a/netsniff-ng.8 b/netsniff-ng.8 +index 5915595..3d97f0d 100644 +--- a/netsniff-ng.8 ++++ b/netsniff-ng.8 +@@ -84,6 +84,31 @@ stdout is given as a device, then a trafgen configuration will be written to + stdout if the input device is a pcap file, or a pcap file if the input device + is a networking device. + .PP ++.SS -C , --fanout-group ++If multiple netsniff-ng instances are being started that all have the same packet ++fanout group id, then the ingress network traffic being captured is being ++distributed/load-balanced among these group participants. This gives a much better ++scaling than running multiple netsniff-ng processes without a fanout group parameter ++in parallel, but only with a BPF filter attached as a packet would otherwise need ++to be delivered to all such capturing processes, instead of only once to such a ++fanout member. Naturally, each fanout member can have its own BPF filters attached. ++.PP ++.SS -K , --fanout-type ++This parameter specifies the fanout discipline, in other words, how the captured ++network traffic is dispatched to the fanout group members. Options are to distribute ++traffic by the packet hash (\[lq]hash\[rq]), in a round-robin manner (\[lq]lb\[rq]), ++by CPU the packet arrived on (\[lq]cpu\[rq]), by random (\[lq]rnd\[rq]), by rolling ++over sockets (\[lq]roll\[rq]) which means if one socket's queue is full, we move on ++to the next one, or by NIC hardware queue mapping (\[lq]qm\[rq]). ++.PP ++.SS -L , --fanout-opts ++Defines some auxillary fanout options to be used in addition to a given fanout type. ++These options apply to any fanout type. In case of \[lq]defrag\[rq], the kernel is ++being told to defragment packets before delivering to user space, and \[lq]roll\[rq] ++provides the same roll-over option as the \[lq]roll\[rq] fanout type, so that on any ++different fanout type being used (e.g. \[lq]qm\[rq]) the socket may temporarily roll ++over to the next fanout group member in case the original one's queue is full. ++.PP + .SS -f, --filter + Specifies to not dump all traffic, but to filter the network packet haystack. + As a filter, either a bpfc(8) compiled file can be passed as a parameter or +-- +2.5.5 + diff --git a/SOURCES/0004-netsniff-ng-add-example-for-fanout-into-man-page.patch b/SOURCES/0004-netsniff-ng-add-example-for-fanout-into-man-page.patch new file mode 100644 index 0000000..05fcbe1 --- /dev/null +++ b/SOURCES/0004-netsniff-ng-add-example-for-fanout-into-man-page.patch @@ -0,0 +1,52 @@ +From 65797f43b430cf9aaa3da446e96e73f913231f1f Mon Sep 17 00:00:00 2001 +From: Daniel Borkmann +Date: Wed, 27 May 2015 12:36:03 +0200 +Subject: [PATCH 4/4] netsniff-ng: add example for fanout into man page + +Upstream commit: d0677020ce89fc087925467480d75428df52dc95 + +-- + +netsniff-ng: add example for fanout into man page + +Add an example, so users can easily adapt and move on from that. + +Signed-off-by: Daniel Borkmann +--- + netsniff-ng.8 | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/netsniff-ng.8 b/netsniff-ng.8 +index 3d97f0d..fe8947d 100644 +--- a/netsniff-ng.8 ++++ b/netsniff-ng.8 +@@ -311,7 +311,7 @@ filter HTTP traffic. Super jumbo frame support is automatically enabled and + only print human readable packet data to the terminal, and also be more + verbose during setup phase. Moreover, dump a BPF disassembly of http.bpf. + .PP +-.SS netsniff-ng --in dump.pcap --out dump.cfg --silent ++.SS netsniff-ng --in dump.pcap --out dump.cfg --silent + Convert the pcap file dump.pcap into a trafgen(8) configuration file dump.cfg. + Do not print pcap contents to the terminal. + .PP +@@ -340,6 +340,17 @@ setup and teardown). netsniff-ng can then make use of the nlmon device as + an input device. In this example a pcap file with netlink traffic is being + recorded. + .PP ++.SS netsniff-ng --fanout-group 1 --fanout-type cpu --fanout-opts defrag --bind-cpu 0 --notouch-irq --silent --in em1 --out /var/cap/cpu0/ --interval 120sec ++.SS netsniff-ng --fanout-group 1 --fanout-type cpu --fanout-opts defrag --bind-cpu 1 --notouch-irq --silent --in em1 --out /var/cap/cpu1/ --interval 120sec ++Starts two netsniff-ng fanout instances. Both are assigned into the same fanout ++group membership and traffic is splitted among them by incoming cpu. Furthermore, ++the kernel is supposed to defragment possible incoming fragments. First instance ++is assigned to CPU 0 and the second one to CPU 1, IRQ bindings are not altered as ++they might have been adapted to this scenario by the user a-priori, and traffic ++is captured on interface em1, and written out in 120 second intervals as pcap ++files into /var/cap/cpu0/. Tools like mergecap(1) will be able to merge the cpu0/1 ++split back together if needed. ++.PP + .SH CONFIG FILES + .PP + Files under /etc/netsniff-ng/ can be modified to extend netsniff-ng's +-- +2.5.5 + diff --git a/SOURCES/0005-netsniff-ng-Fix-compiler-warning-introduced-by-fanou.patch b/SOURCES/0005-netsniff-ng-Fix-compiler-warning-introduced-by-fanou.patch new file mode 100644 index 0000000..782c00f --- /dev/null +++ b/SOURCES/0005-netsniff-ng-Fix-compiler-warning-introduced-by-fanou.patch @@ -0,0 +1,27 @@ +From efc924c81f1bd05ec82729500b3b66c068aa0952 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Tue, 31 May 2016 13:23:14 -0400 +Subject: [PATCH] netsniff-ng: Fix compiler warning introduced by fanout + backport + +Signed-off-by: Eric Garver +--- + ring_rx.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/ring_rx.h b/ring_rx.h +index 256984d2a06a..17912fd2b0e9 100644 +--- a/ring_rx.h ++++ b/ring_rx.h +@@ -19,6 +19,8 @@ extern void alloc_rx_ring_frames(int sock, struct ring *ring); + extern void bind_rx_ring(int sock, struct ring *ring, int ifindex); + extern void setup_rx_ring_layout(int sock, struct ring *ring, + unsigned int size, bool jumbo_support, bool v3); ++extern void join_fanout_group(int sock, uint32_t fanout_group, ++ uint32_t fanout_type); + extern void sock_rx_net_stats(int sock, unsigned long seen); + + static inline int user_may_pull_from_rx(struct tpacket2_hdr *hdr) +-- +2.5.5 + diff --git a/SOURCES/0006-netsniff-ng-Skip-duplicated-packets-on-loopback-device.patch b/SOURCES/0006-netsniff-ng-Skip-duplicated-packets-on-loopback-device.patch new file mode 100644 index 0000000..b3e3611 --- /dev/null +++ b/SOURCES/0006-netsniff-ng-Skip-duplicated-packets-on-loopback-device.patch @@ -0,0 +1,81 @@ +From 02c7610c3543e9190539efe944e1c90c3ebb5623 Mon Sep 17 00:00:00 2001 +Message-Id: <02c7610c3543e9190539efe944e1c90c3ebb5623.1469118440.git.pabeni@redhat.com> +From: Paolo Abeni +Date: Thu, 21 Jul 2016 18:25:49 +0200 +Subject: [PATCH] netsniff-ng: Skip duplicated packets on loopback device + +Upstream commit: 81f8c546d90b7615e0e6a6777445b10b4263d598 +--- + netsniff-ng.c | 28 +++++++++++++++++++++------- + 1 file changed, 21 insertions(+), 7 deletions(-) + +diff --git a/netsniff-ng.c b/netsniff-ng.c +index b238979..75b5ca0 100644 +--- a/netsniff-ng.c ++++ b/netsniff-ng.c +@@ -54,7 +54,8 @@ enum dump_mode { + + struct ctx { + char *device_in, *device_out, *device_trans, *filter, *prefix; +- int cpu, rfraw, dump, print_mode, dump_dir, packet_type, verbose; ++ int cpu, rfraw, dump, print_mode, dump_dir, packet_type, verbose, ++ lo_ifindex; + unsigned long kpull, dump_interval, reserve_size, tx_bytes, tx_packets; + bool randomize, promiscuous, enforce, jumbo, dump_bpf; + enum pcap_ops_groups pcap; +@@ -346,6 +347,18 @@ static void pcap_to_xmit(struct ctx *ctx) + printf("\r%12lu sec, %lu usec in total\n", diff.tv_sec, diff.tv_usec); + } + ++static inline bool skip_packet(struct ctx *ctx, struct sockaddr_ll *sll) ++{ ++ if (ctx->packet_type != -1) ++ return ctx->packet_type != sll->sll_pkttype; ++ ++ /* when receving from the loopback device, each packet is seen twice, ++ * so drop the outgoing ones to avoid duplicates ++ */ ++ return (sll->sll_ifindex == ctx->lo_ifindex) && ++ (sll->sll_pkttype == PACKET_OUTGOING); ++} ++ + static void receive_to_xmit(struct ctx *ctx) + { + short ifflags = 0; +@@ -424,9 +437,8 @@ static void receive_to_xmit(struct ctx *ctx) + + frame_count++; + +- if (ctx->packet_type != -1) +- if (ctx->packet_type != hdr_in->s_ll.sll_pkttype) +- goto next; ++ if (skip_packet(ctx, &hdr_in->s_ll)) ++ goto next; + + hdr_out = tx_ring.frames[it_out].iov_base; + out = ((uint8_t *) hdr_out) + TPACKET2_HDRLEN - sizeof(struct sockaddr_ll); +@@ -835,9 +847,8 @@ static void walk_t3_block(struct block_desc *pbd, struct ctx *ctx, + __label__ next; + packet = ((uint8_t *) hdr + hdr->tp_mac); + +- if (ctx->packet_type != -1) +- if (ctx->packet_type != sll->sll_pkttype) +- goto next; ++ if (skip_packet(ctx, sll)) ++ goto next; + + (*frame_count)++; + +@@ -1414,6 +1425,9 @@ int main(int argc, char **argv) + if (!ctx.device_in) + ctx.device_in = xstrdup("any"); + ++ if (!strcmp(ctx.device_in, "any") || !strcmp(ctx.device_in, "lo")) ++ ctx.lo_ifindex = device_ifindex("lo"); ++ + register_signal(SIGINT, signal_handler); + register_signal(SIGHUP, signal_handler); + +-- +1.8.3.1 + diff --git a/SOURCES/0007-netsniff-ng-Account-skipped-packets-as-seen-and-drop.patch b/SOURCES/0007-netsniff-ng-Account-skipped-packets-as-seen-and-drop.patch new file mode 100644 index 0000000..1b7a9d4 --- /dev/null +++ b/SOURCES/0007-netsniff-ng-Account-skipped-packets-as-seen-and-drop.patch @@ -0,0 +1,119 @@ +From f5bf1c56b98126c4f09aabf8e4c17900a43795ea Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Tue, 2 Aug 2016 15:32:00 -0400 +Subject: [PATCH] netsniff-ng: Account skipped packets as 'seen' and 'dropped' + +Similar to upstream da6e1d1108ad ("netsniff-ng: Account skipped packets +as 'seen' and 'dropped'") + +Signed-off-by: Eric Garver +--- + netsniff-ng.c | 13 ++++++++----- + ring_rx.c | 6 ++++-- + ring_rx.h | 2 +- + 3 files changed, 13 insertions(+), 8 deletions(-) + +diff --git a/netsniff-ng.c b/netsniff-ng.c +index 75b5ca0f7444..302a52fbc0f4 100644 +--- a/netsniff-ng.c ++++ b/netsniff-ng.c +@@ -500,7 +500,7 @@ static void receive_to_xmit(struct ctx *ctx) + + timer_purge(); + +- sock_rx_net_stats(rx_sock, 0); ++ sock_rx_net_stats(rx_sock, 0, 0); + + bpf_release(&bpf_ops); + +@@ -832,7 +832,7 @@ static void print_pcap_file_stats(int sock, struct ctx *ctx) + } + + static void walk_t3_block(struct block_desc *pbd, struct ctx *ctx, +- int sock, int *fd, unsigned long *frame_count) ++ int sock, int *fd, unsigned long *frame_count, unsigned long *skip_count) + { + uint8_t *packet; + int num_pkts = pbd->h1.num_pkts, i, ret; +@@ -847,8 +847,10 @@ static void walk_t3_block(struct block_desc *pbd, struct ctx *ctx, + __label__ next; + packet = ((uint8_t *) hdr + hdr->tp_mac); + +- if (skip_packet(ctx, sll)) ++ if (skip_packet(ctx, sll)) { ++ (*skip_count)++; + goto next; ++ } + + (*frame_count)++; + +@@ -908,6 +910,7 @@ static void recv_only_or_dump(struct ctx *ctx) + struct timeval start, end, diff; + struct block_desc *pbd; + unsigned long frame_count = 0; ++ unsigned long skip_count = 0; + + sock = pf_socket(); + +@@ -993,7 +996,7 @@ static void recv_only_or_dump(struct ctx *ctx) + while (likely(sigint == 0)) { + while (user_may_pull_from_rx_block((pbd = (void *) + rx_ring.frames[it].iov_base))) { +- walk_t3_block(pbd, ctx, sock, &fd, &frame_count); ++ walk_t3_block(pbd, ctx, sock, &fd, &frame_count, &skip_count); + + kernel_may_pull_from_rx_block(pbd); + it = (it + 1) % rx_ring.layout3.tp_block_nr; +@@ -1009,7 +1012,7 @@ static void recv_only_or_dump(struct ctx *ctx) + timersub(&end, &start, &diff); + + if (!(ctx->dump_dir && ctx->print_mode == PRINT_NONE)) { +- sock_rx_net_stats(sock, frame_count); ++ sock_rx_net_stats(sock, frame_count, skip_count); + + printf("\r%12lu sec, %lu usec in total\n", + diff.tv_sec, diff.tv_usec); +diff --git a/ring_rx.c b/ring_rx.c +index 24a8c6d038e9..95df4bc5def5 100644 +--- a/ring_rx.c ++++ b/ring_rx.c +@@ -147,7 +147,7 @@ void join_fanout_group(int sock, uint32_t fanout_group, uint32_t fanout_type) + panic("Cannot set fanout ring mode!\n"); + } + +-void sock_rx_net_stats(int sock, unsigned long seen) ++void sock_rx_net_stats(int sock, unsigned long seen, unsigned long skip) + { + int ret; + bool v3 = get_sockopt_tpacket(sock) == TPACKET_V3; +@@ -157,11 +157,13 @@ void sock_rx_net_stats(int sock, unsigned long seen) + } stats; + socklen_t slen = v3 ? sizeof(stats.k3) : sizeof(stats.k2); + ++ seen += skip; ++ + memset(&stats, 0, sizeof(stats)); + ret = getsockopt(sock, SOL_PACKET, PACKET_STATISTICS, &stats, &slen); + if (ret > -1) { + uint64_t packets = stats.k3.tp_packets; +- uint64_t drops = stats.k3.tp_drops; ++ uint64_t drops = stats.k3.tp_drops + skip; + + printf("\r%12ld packets incoming (%ld unread on exit)\n", + v3 ? seen : packets, v3 ? packets - seen : 0); +diff --git a/ring_rx.h b/ring_rx.h +index 17912fd2b0e9..77fc64c79267 100644 +--- a/ring_rx.h ++++ b/ring_rx.h +@@ -21,7 +21,7 @@ extern void setup_rx_ring_layout(int sock, struct ring *ring, + unsigned int size, bool jumbo_support, bool v3); + extern void join_fanout_group(int sock, uint32_t fanout_group, + uint32_t fanout_type); +-extern void sock_rx_net_stats(int sock, unsigned long seen); ++extern void sock_rx_net_stats(int sock, unsigned long seen, unsigned long skip); + + static inline int user_may_pull_from_rx(struct tpacket2_hdr *hdr) + { +-- +2.5.5 + diff --git a/SPECS/netsniff-ng.spec b/SPECS/netsniff-ng.spec new file mode 100644 index 0000000..3115c5b --- /dev/null +++ b/SPECS/netsniff-ng.spec @@ -0,0 +1,99 @@ +Name: netsniff-ng +Version: 0.5.8 +Release: 10%{?dist} +Summary: Packet sniffing beast +Group: Applications/Internet +License: GPLv2 +URL: http://netsniff-ng.org/ +Source0: https://github.com/borkmann/netsniff-ng/archive/%{commit}/%{name}-%{version}-%{shortcommit}.tar.gz +BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) +BuildRequires: ncurses-devel libnl3-devel libpcap-devel GeoIP-devel zlib-devel flex bison + +Patch0: 0001-netsniff-ng-add-packet-fanout-support.patch +Patch1: 0002-doc-authors-add-Michal-as-contributor.patch +Patch2: 0003-man-netsniff-ng-document-fanout-options.patch +Patch3: 0004-netsniff-ng-add-example-for-fanout-into-man-page.patch +Patch4: 0005-netsniff-ng-Fix-compiler-warning-introduced-by-fanou.patch +Patch5: 0006-netsniff-ng-Skip-duplicated-packets-on-loopback-device.patch +Patch6: 0007-netsniff-ng-Account-skipped-packets-as-seen-and-drop.patch + +%description +The netsniff-ng toolkit currently consists of the following utilities: + +* netsniff-ng: the zero-copy sniffer, pcap capturer and replayer itself. +* trafgen: a high performance zero-copy network packet generator. +* astraceroute: an autonomous system (AS) and geo-ip trace route utility. +* ifpps: a top-like kernel networking and system statistics tool. +* bpfc: a tiny Berkeley Packet Filter compiler supporting Linux extensions. + +%global commit a225505ea3fd319db87f0828ead3a653f020c4bf +%global shortcommit %(c=%{commit}; echo ${c:0:7}) + +%prep +%setup -qn %{name}-%{commit} +%patch0 -p1 -b .add-packet-fanout-support +%patch1 -p1 -b .add-michal-contrib +%patch2 -p1 -b .document-fanout-options +%patch3 -p1 -b .example-fanout +%patch4 -p1 -b .fanout-compile-warning +%patch5 -p1 -b .skip-loopback-duplicates +%patch6 -p1 -b .account-skipped-packets + +%build +./configure +make DISTRO=1 %{?_smp_mflags} + +%install +make PREFIX="%{buildroot}" install + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%defattr(-, root, root, -) +%doc AUTHORS COPYING README +%{_sbindir}/* +%config(noreplace) %dir %{_sysconfdir}/%{name} +%config(noreplace) %{_sysconfdir}/%{name}/* +%{_mandir}/man8/* + +%changelog +* Tue Aug 02 2016 Eric Garver - 0.5.8-10 +- netsniff-ng: Account skipped packets as 'seen' and 'dropped' + +* Thu Jul 21 2016 Eric Garver - 0.5.8-9 +- netsniff-ng: Skip duplicated packets on loopback device + +* Tue May 31 2016 Eric Garver - 0.5.8-8 +- netsniff-ng: Fix compiler warning introduced by fanout backport + +* Mon May 16 2016 Eric Garver - 0.5.8-7 +- netsniff-ng: add packet fanout support +- doc: authors: add Michal as contributor +- man: netsniff-ng: document fanout options +- netsniff-ng: add example for fanout into man page + +* Fri Jan 24 2014 Daniel Mach - 0.5.8-6 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 0.5.8-5 +- Mass rebuild 2013-12-27 + +* Mon Aug 26 2013 Daniel Borkmann - 0.5.8-4 +- GeoIP was added to RHEL7, so we can make use of that to enable + astraceroute and features in netsniff-ng. +- For this we also need zlib in order to make the updater work. + +* Mon Aug 05 2013 Daniel Borkmann - 0.5.8-3 +- Package Wrangler feedback from Thomas Graf +- Note: %configure does not work with upstream's build system here as CFLAGS + will be overwritten. Changes would need to be proposed to upstream first. + +* Wed Jul 31 2013 Daniel Borkmann - 0.5.8-2 +- Rebased on 0.5.8-rc2 release. + +* Tue Jul 23 2013 Daniel Borkmann - 0.5.8-1 +- Initial netsniff-ng spec file for RHEL, import of 0.5.8-rc1. Note that + RHEL packaging differs significantly from Fedora as we only do a partial + build and have a small fraction of dependencies that are available on + RHEL.