Skip to content

Commit

Permalink
proper promisc mode for interfaces
Browse files Browse the repository at this point in the history
  • Loading branch information
@mosajjal
mosajjal committed Mar 12, 2022
1 parent 7c7afff commit 380e2ee
Show file tree
Hide file tree
Showing 6 changed files with 35 additions and 16 deletions.
2 changes: 1 addition & 1 deletion autobuild.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ dockercomposetemplate=$(cat <<EOF
timeout: 10s
retries: 3
grafana:
image: grafana/grafana:8.3.3
image: grafana/grafana:8.4.3
restart: always
ports:
- "3000:3000"
Expand Down
30 changes: 24 additions & 6 deletions capture/afpacket_linux.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ package capture

import (
"os"
"syscall"
"time"

log "github.com/sirupsen/logrus"
Expand Down Expand Up @@ -32,11 +33,14 @@ func (h *afpacketHandle) LinkType() layers.LinkType {

func (h *afpacketHandle) SetBPFFilter(filter string, snaplen int) (err error) {
pcapBPF := TcpdumpToPcapgoBpf(filter)
log.Infof("Filter: %s", filter)
err = h.TPacket.SetBPF(pcapBPF)
if err != nil {
// nil means the binary is compiled w/o bpf support
if pcapBPF != nil {
log.Infof("Filter: %s", filter)
err = h.TPacket.SetBPF(pcapBPF)
if err != nil {
log.Fatal(err)
if err != nil {
log.Fatal(err)
}
}
}
return err
Expand Down Expand Up @@ -67,12 +71,21 @@ func afpacketComputeSize(targetSizeMb uint, snaplen uint, pageSize uint) (
return frameSize, blockSize, numBlocks, nil
}

func (config CaptureConfig) setPromiscuous() error {
var err error
if !config.NoPromiscuous {
// TODO: replace with x/net/bpf or pcap
err = syscall.SetLsfPromisc(config.DevName, !config.NoPromiscuous)
log.Infof("Promiscuous mode: %v", !config.NoPromiscuous)
}
return err
}

func (config CaptureConfig) initializeLiveAFpacket(devName, filter string) *afpacketHandle {
// Open device
// var tPacket *afpacket.TPacket
var err error
handle := &afpacketHandle{}

frameSize, blockSize, numBlocks, err := afpacketComputeSize(
config.AfpacketBuffersizeMb,
65536,
Expand All @@ -91,8 +104,13 @@ func (config CaptureConfig) initializeLiveAFpacket(devName, filter string) *afpa
if err != nil {
log.Fatal(err)
}

handle.SetBPFFilter(filter, 1024)

// set up promisc mode. first we need to get the fd for the interface we just opened. using a hacky mode
// v := reflect.ValueOf(handle.TPacket)
// fd := v.FieldByName("fd").Int()
config.setPromiscuous()

log.Infof("Opened: %s", devName)
return handle
}
Expand Down
1 change: 1 addition & 0 deletions capture/capture.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ type CaptureConfig struct {
UseAfpacket bool `long:"useAfpacket" env:"DNSMONSTER_USEAFPACKET" description:"Use AFPacket for live captures. Supported on Linux 3.0+ only"`
NoEthernetframe bool `long:"noEtherframe" env:"DNSMONSTER_NOETHERFRAME" description:"The PCAP capture does not contain ethernet frames"`
Dedup bool `long:"dedup" env:"DNSMONSTER_DEDUP" description:"Deduplicate incoming packets, Only supported with --devName and --pcapFile. Experimental "`
NoPromiscuous bool `long:"noPromiscuous" env:"DNSMONSTER_NOPROMISCUOUS" description:"Do not put the interface in promiscuous mode"`
processingChannel chan *rawPacketBytes
ip4Defrgger chan ipv4ToDefrag
ip6Defrgger chan ipv6FragmentInfo
Expand Down
3 changes: 1 addition & 2 deletions capture/compilebpf_nolibpcap.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ import (
)

func TcpdumpToPcapgoBpf(filter string) []bpf.RawInstruction {
returnByteCodes := []bpf.RawInstruction{}
log.Warnf("dnsmonster has been compiled without libpcap support. BPF filters are not supported.")
return returnByteCodes
return nil
}
12 changes: 8 additions & 4 deletions capture/livecap_linux.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,17 +16,21 @@ type livePcapHandle struct {
func initializeLivePcap(devName, filter string) *livePcapHandle {
// Open device
handle, err := pcapgo.NewEthernetHandle(devName)
handle.SetPromiscuous(!GlobalCaptureConfig.NoPromiscuous)
// handle, err := pcap.OpenLive(devName, 65536, true, pcap.BlockForever)
if err != nil {
log.Fatal(err)
}

// Set Filter
log.Infof("Using Device: %s", devName)
log.Infof("Filter: %s", filter)
err = handle.SetBPF(TcpdumpToPcapgoBpf(filter))
if err != nil {
log.Fatal(err)
bpf := TcpdumpToPcapgoBpf(filter)
if bpf != nil {
log.Infof("Filter: %s", filter)
err = handle.SetBPF(bpf)
if err != nil {
log.Fatal(err)
}
}
h := livePcapHandle{handle}
return &h
Expand Down
3 changes: 0 additions & 3 deletions capture/packet.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,9 +81,6 @@ func (config CaptureConfig) inputHandlerWorker(p chan *rawPacketBytes) {
timestamp = time.Now()
}
parser.DecodeLayers(packet.bytes, &foundLayerTypes)
// for _, layer := range foundLayerTypes {
// log.Warnf("found %#+v layer", layer.String()) //todo:remove
// }
// first parse the ip layer, so we can find fragmented packets
for _, layerType := range foundLayerTypes {
switch layerType {
Expand Down

0 comments on commit 380e2ee

Please sign in to comment.