Despite this value not being exported publicly, the truth is that
tcpdump and wireshark nowadays avoid processing any file with snaplen
bigger than this value:
"tcpdump: pcap_loop: invalid packet capture length 861244, bigger than
snaplen of 262144"
It also fails to set snaplen to values bigger than that:
"tcpdump -s 262145" --> "tcpdump: invalid snaplen 262145"
pcapfix also warns about wrong packet length if bigger than same value
(defined as PCAP_MAX_SNAPLEN there).
MAXIMUM_SPANPLEN is defined in tcpdump's netdissect.h and libpcap's
pcap-int.h. It is also defined as WTAP_MAX_PACKET_SIZE in
wireshark/wiretap/wtap.h (this one being the only publicly available).
Change-Id: Ib7449d5aba9da342c150704ebd0e1f09e7f7276c
The '.' is illegal character in counter names, as they are exported
via CTRL interface, where '.' has a special meaning that cannot be
used by strings comprising the variable name.
Change-Id: Icec5338d3242137980fa05d2c7ae2db940afb542
According to pcap.h, type bpf_u_int32 can be 32 bits on some systems,
so better cast explicitly to size_t to make sure always correct size is
used by log function.
Fixes warning:
osmo-pcap/src/osmo_client_network.c:175:4: warning: format ‘%zu’ expects argument of type ‘size_t’, but argument 7 has type ‘bpf_u_int32’ {aka ‘unsigned int’} [-Wformat=]
"Capture len too big %zu\n", in_hdr->caplen);
^~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~
Change-Id: I98654da143218d3e57da4e57781252eb3d3f3d5b
Fixes following compilation warning:
osmo-pcap/src/osmo_client_vty.c:511:2: warning: ‘install_default’ is deprecated: Now happens implicitly with install_node() [-Wdeprecated-declarations]
Depends: libosmocore I5021c64a787b63314e0f2f1cba0b8fc7bff4f09b
Change-Id: I943f68dbafd7906313ad9e59f4adb289ae23cdec
This allows the user to change the configuration between either using
a) the classic OsmoPCAP protocol (over TCP with or without TLS)
which is used when you want to talk to an osmo-pcap-server
b) the (new) IPIP encapsulation, which will simply take the IP
packet (without Ethernet or pcap header) and transmit it inside IPIP
to the specified server IP address. This is useful for gettin
real-time streaming into wireshark.
Change-Id: I8056fc163ac2f15adcb964d867dd5e51df4e4710
We can simplify the code even further by using the osmo_fd version
of osmo_sock_init2() called osmo_sock_init2_ofd(), which takes care
of filling the osmo_fd.fd member and registering the socket in the
select loop.
Change-Id: Ibf1480e7dee287db77a19bb9f0254edddf7706ab
A related function for "create a socket, bind it locally and connect
remotely" has meanwhile been introduced in libosmocore, so the local
implementation can go.
Change-Id: Ieda77ad8b3f7b89faa09882c0037562ce4d0fc89
This naming is more in line with what all the other osmocom programs are
doing (e.g. osmo-pcu, osmo-bts-sysmo, osmo-bsc, ...). We don't
generally use osmo_ anywhere else, so I suggest to change it for more
uniformity.
Change-Id: If1e3ce76f93266e0f01c801204769432b571fdb1
osmo-pcap for historical reasons uses the same port numbers as
OsmoPCU and OsmoBTS. This leads to problems when wanting to run related
software together on one system. Let's break the historical assumptions
and start with non-overlapping port numbers that are allocated/assigned
from https://osmocom.org/projects/cellular-infrastructure/wiki/Port_Numbers
Change-Id: I638ac0534517931d0987ce9f72f5db4f5b6c16b7
src_result is only valid "if (src)", so we cannot unconditionally
free it:
(gdb) bt
host=0x52 <error: Cannot access memory at address 0x52>, src=0x0)
at /usr/src/debug/osmo-pcap/0.0.6+gitrAUTOINC+4776b2972e-r1d/git/src/osmo_client_network.c:165
Change-Id: I3b6778d9110583ecb1daec59ef2c86465d5818b9
Modify the osmo_sock_init (code clone to be integrated upstream)
to allow binding to a specific source ip and source port. Allow
the source ip to be configured but allow the kernel to pick a
random port for us.
This is necessary for systems with multiple interfaces where the
default route is not necessarily the right one to connect to the
pcap server.
Change-Id: I84e728b0752213d28f970fcbbfd6565c441ccfeb
When not running as root the opening might fail and then we would
crash when sending the link information. Do not crash. This could
have crashed before the re-factoring but due the async connect it
seems more likely we hit it now.
Change-Id: I26a10c401a9a8998acc50a4bd4432d2ac7fceaeb
With the VTY a user can write connect, connect, connect and this
would lead to leaking fds. Always close the connection.
Change-Id: Iab94dc2fd28496bf5fd8ceb5611f9e6505ccae1b
Allow to configure multiple servers and connect. Introduce a new VTY
node to allow multiple servers. Add an explicit connect. Do not put
the main connection into the same list but assume it exists.
Change-Id: I9448ad4a005dd7c7eb1c615d03e57d6cb058ae4d
If we want to have multiple servers we should not block when trying to
connect to one of them. Enable non blocking mode and handle the fd
specially until it is connected. E.g. on failed connect the read will
become readable but fail, otherwise it becomes writable.
Clear the write queue to make sure that the link data is sent first.
We might be able to introduce a osmo_wqueue_prepend.
Change-Id: Iae2bc264d15aa8598beefc194e3b8c4ebe87320a
Take out various fields into a new connection class. We will have the
option to connect to multiple servers.
Change-Id: I820176d133fbdb0240a16eb4e1a6d505e5c080c6
Add TLS support to the client and server. What is known working is
support of anonymous mode with generated DH params. Mildly tested
by hand over localhost.
Make the priority configurable, load DH params, allow to specify
certificates or anonymous operations.
Change-Id: I8ec3c0f8e1ee2089e1b7dacd9de842260930032f
Add simple vty command to enable tls per client or not. We still
need a lot more tls commands for the server.
Change-Id: I583b7d5c999ed01c135882895fb2a8f04739ad00
Using tls priority of NORMAL:+ANON-ECDH:+ANON-DH already allows a
client to connect to a server and protect the data using tls.
Generate the dh params on load (and do that for the client right
now as well) but that will go away soon.
Change-Id: Ifa2ad24c0a631573c259a3bf94b91a946ad9ec9d
In preparation of TLS let's not call close_connection from
within the dispatch but return an error and then close the
connection from the outside.
Change-Id: I607fed0191907cfbc8887d749c88f7f4ffb87166
We are only reading from the socket and never write but the osmo_tls
code is integrated with it. We will never write and the queue size is
set to 0. Simplify the read_cb.
Change-Id: I32335b1f7b7ed06b92c6222516c185301ce13781
Use GNUtls because it is GPL compatible and instead of mbedTLS seems
to have a working non-blocking I/O integration. GNUtls has various
issues that could not be resolved easily:
* Pick spdy as sub protocol
* gmt_time not randomized
* private key loaded to RAM (but not verified)
This is the beginning and not the end. Client support might need more
work with actual tls verification. Maybe more manual x509 cert
verification is needed and maybe client certs don't work at all. I try
to ignore renegotiation as I threw away the key.
Reload x509 creds and keys as they might have changed from one
connection to another.
Change-Id: I9128e14084da1fc2705f858393f98b8133996172