-
Notifications
You must be signed in to change notification settings - Fork 829
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix sniffer #7973
Fix sniffer #7973
Conversation
Assigning back to @bandi13. Failing one of the sniffer tests |
} | ||
else { | ||
/* packet doesn't contain minimum ip/tcp header */ | ||
continue; | ||
} | ||
int ptype = pcap_datalink(pcap); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Avoid mixed-declaration. Move int ptype
up. Also please add comment documenting what Linux SLL is and what the 2 bytes are.
cd14a7b
to
71d37bf
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ask discussed yesterday. Works now with "any" interface, but not with "lo".
e5ba8b3
to
aab5752
Compare
retest this please |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Otherwise PR looks awesome!
src/sniffer.c
Outdated
for (i = 0; i < chainSz; i++) | ||
for (i = 0; i < chainSz; i++) length += chain[i].iov_len; | ||
|
||
tmpPacket = (byte*)XMALLOC(length, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if there is a better dynamic type like DYNAMIC_TYPE_SNIFFER_PB_BUFFER
that could be used or maybe even a new DYNAMIC_TYPE_SNIFFER_CHAIN_BUFFER
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please squash this PR. Thanks @bandi13
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you update the comment: "Please run directly from wolfSSL root dir".... It is no longer true.
Enter the port to scan [default: 11111, '0' for all]:
Enter the server key [default: ../../certs/statickeys/ecc-secp256r1.pem,../../certs/statickeys/dh-ffdhe2048.pem,../../certs/statickeys/x25519.pem]:
Enter alternate SNI [default: none]:
Failed loading private key ../../certs/statickeys/ecc-secp256r1.pem: ret -1
Please run directly from wolfSSL root dir
Failed loading private key ../../certs/statickeys/dh-ffdhe2048.pem: ret -1
Please run directly from wolfSSL root dir
Failed loading private key ../../certs/statickeys/x25519.pem: ret -1
Please run directly from wolfSSL root dir
davidgarske@Davids-MacBook-Pro-2 wolfssl % pwd
/Users/davidgarske/GitHub/wolfssl
Detect reading of packet errors --enable-all and --enable-sniffer exposed this issue Don't need variable Rework argument parsing Need a way to allow arguments to be supplied more granularly. Partucilarly, I needed a "-tracefile" argument without requiring the use of a PCAP file Fix error prints to STDERR Fix setting of port filtering Fix 80 char limit Not actually a bad packet when there are no more packets Fix strcat size Allow the sniffer to print the trace to STDOUT Fix indexing Take out superfluous error which is handled later Set default port to 11111 Single return point Combine chain to one contiguous memory block Fix return Add in error handling for XMALLOC Add in debugging output when --enable-debug It makes no sense to allocate a ton of small buffers to process chains Ultimately, the code is slower because of the several small memcpy instead of a single large contiguous memcpy Pass in a device name Fix unused variable Fix cast Addressing PR comments Add new flags to --help
Done, and squashed. |
Description
Using Linux, there is a 'linux cooked capture' layer that is added on, and the packets seem to contain two extra bytes.
Also reworked the argument handling to be able to individually add in arguments without needing to pass in a PCAP file. Now we can sniff live packets and set filters. Additionally, we can now define the output of the trace file.
Testing
Able to read packet capture when using 'any' interface